>> Hello everyone. Welcome to theCUBE's coverage of International Women's Day. I'm John Furrier, host of theCUBE been profiling the leaders in the technology world, women in technology from developers to the boardroom, everything in between. We have two great guests promoting in from Malaysia. Nancy Wang is the general manager, also CUBE alumni from AWS Data Protection, and founder and board chair of Advancing Women in Tech, awit.org. And of course Kate Watts who's the executive director of Advancing Women in Tech.org. So it's awit.org. Nancy, Kate, thanks for coming all the way across remotely from Malaysia. >> Of course, we're coming to you as fast as our internet bandwidth will allow us. And you know, I'm just thrilled today that you get to see a whole nother aspect of my life, right? Because typically we talk about AWS, and here we're talking about a topic near and dear to my heart. >> Well, Nancy, I love the fact that you're spending a lot of time taking the empowerment to go out and help the industries and helping with the advancement of women in tech. Kate, the executive director it's a 501C3, it's nonprofit, dedicating to accelerating the careers of women in groups in tech. Can you talk about the organization? >> Yes, I can. So Advancing Women in Tech was founded in 2017 in order to fix some of the pathway problems that we're seeing on the rise to leadership in the industry. And so we specifically focus on supporting mid-level women in technical roles, get into higher positions. We do that in a few different ways through mentorship programs through building technical skills and by connecting people to a supportive community. So you have your peer network and then a vertical sort of relationships to help you navigate the next steps in your career. So to date we've served about 40,000 individuals globally and we're just looking to expand our reach and impact and be able to better support women in the industry. >> Nancy, talk about the creation, the origination story. How'd this all come together? Obviously the momentum, everyone in the industry's been focused on this for a long time. Where did AWIT come from? Advancing Women in Technology, that's the acronym. Advancing Women in Technology.org, where'd it come from? What's the origination story? >> Yeah, so AWIT really originated from this desire that I had, to Kate's point around, well if you look around right and you know, don't take my word for it, right? Look at stats, look at news reports, or just frankly go on your LinkedIn and see how many women in underrepresented groups are in senior technical leadership roles right out in the companies whose names we all know. And so that was my case back in 2016. And so when I first got the idea and back then I was actually at Google, just another large tech company in the valley, right? It was about how do we get more role models, how we get more, for example, women into leadership roles so they can bring up the next generation, right? And so this is actually part of a longer speech that I'm about to give on Wednesday and part of the US State Department speaker program. In fact, that's why Kate and I are here in Malaysia right now is working with over 200 women entrepreneurs from all over in Southeast Asia, including Malaysia Philippines, Vietnam, Borneo, you know, so many countries where having more women entrepreneurs can help raise the GDP right, and that fits within our overall mission of getting more women into top leadership roles in tech. >> You know, I was talking about Teresa Carlson she came on the program as well for this year this next season we're going to do. And she mentioned the decision between the US progress and international. And she's saying as much as it's still bad numbers, it's worse than outside the United States and needs to get better. Can you comment on the global aspect? You brought that up. I think it's super important to highlight that it's just not one area, it's a global evolution. >> Absolutely, so let me start, and I'd love to actually have Kate talk about our current programs and all of the international groups that we're working with. So as Teresa aptly mentioned there is so much work to be done not just outside the US and North Americas where typically tech nonprofits will focus, but rather if you think about the one to end model, right? For example when I was doing the product market fit workshop for the US State Department I had women dialing in from rice fields, right? So let me just pause there for a moment. They were holding their cell phones up near towers near trees just so that they can get a few minutes of time with me to do a workshop and how to accelerate their business. So if you don't call that the desire to propel oneself or accelerate oneself, not sure what is, right. And so it's really that passion that drove me to spend the next week and a half here working with local entrepreneurs working with policy makers so we can take advantage and really leverage that passion that people have, right? To accelerate more business globally. And so that's why, you know Kate will be leading our contingent with the United Nations Women Group, right? That is focused on women's economic empowerment because that's super important, right? One aspect can be sure, getting more directors, you know vice presidents into companies like Google and Amazon. But another is also how do you encourage more women around the world to start businesses, right? To reach economic and freedom independence, right? To overcome some of the maybe social barriers to becoming a leader in their own country. >> Yes, and if I think about our own programs and our model of being very intentional about supporting the learning development and skills of women and members of underrepresented groups we focused very much on providing global access to a number of our programs. For instance, our product management certification on Coursera or engineering management our upcoming women founders accelerator. We provide both access that you can get from anywhere. And then also very intentional programming that connects people into the networks to be able to further their networks and what they've learned through the skills online, so. >> Yeah, and something Kate just told me recently is these courses that Kate's mentioning, right? She was instrumental in working with the American Council on Education and so that our learners can actually get up to six college credits for taking these courses on product management engineering management, on cloud product management. And most recently we had our first organic one of our very first organic testimonials was from a woman's tech bootcamp in Nigeria, right? So if you think about the worldwide impact of these upskilling courses where frankly in the US we might take for granted right around the world as I mentioned, there are women dialing in from rice patties from other, you know, for example, outside the, you know corporate buildings in order to access this content. >> Can you think about the idea of, oh sorry, go ahead. >> Go ahead, no, go ahead Kate. >> I was going to say, if you can't see it, you can't become it. And so we are very intentional about ensuring that we have we're spotlighting the expertise of women and we are broadcasting that everywhere so that anybody coming up can gain the skills and the networks to be able to succeed in this industry. >> We'll make sure we get those links so we can promote them. Obviously we feel the same way getting the word out. I think a couple things I'd like to ask you guys cause I think you hit a great point. One is the economic advantage the numbers prove that diverse teams perform better number one, that's clear. So good point there. But I want to get your thoughts on the entrepreneurial equation. You mentioned founders and startups and there's also different makeups in different countries. It's not like the big corporations sometimes it's smaller business in certain areas the different cultures have different business sizes and business types. How do you guys see that factoring in outside the United States, say the big tech companies? Okay, yeah. The easy lower the access to get in education than stay with them, in other countries is it the same or is it more diverse in terms of business? >> So what really actually got us started with the US State Department was around our work with women founders. And I love for Kate to actually share her experience working with AWS startups in that capacity. But frankly, you know, we looked at the content and the mentor programs that were providing women who wanted to be executives, you know, quickly realize a lot of those same skills such as finding customers, right? Scaling your product and building channels can also apply to women founders, not just executives. And so early supporters of our efforts from firms such as Moderna up in Seattle, Emergence Ventures, Decibel Ventures in, you know, the Bay Area and a few others that we're working with right now. Right, they believed in the mission and really helped us scale out what is now our existing platform and offerings for women founders. >> Those are great firms by the way. And they also are very founder friendly and also understand the global workforce. I mean, that's a whole nother dimension. Okay, what's your reaction to all that? >> Yes, we have been very intentional about taking the product expertise and the learnings of women and in our network, we first worked with AWS startups to support the development of the curriculum for the recent accelerator for women founders that was held last spring. And so we're able to support 25 founders and also brought in the expertise of about 20 or 30 women from Advancing Women in Tech to be able to be the lead instructors and mentors for that. And so we have really realized that with this network and this individual sort of focus on product expertise building strong teams, we can take that information and bring it to folks everywhere. And so there is very much the intentionality of allowing founders allowing individuals to take the lessons and bring it to their individual circumstances and the cultures in which they are operating. But the product sense is a skill that we can support the development of and we're proud to do so. >> That's awesome. Nancy, I want to ask you some never really talk about data storage and AWS cloud greatness and goodness, here's different and you also work full-time at AWS and you're the founder or the chairman of this great organization. How do you balance both and do you get, they're getting behind you on this, Amazon is getting behind you on this. >> Well, as I say it's always easier to negotiate on the way in. But jokes aside, I have to say the leadership has been tremendously supportive. If you think about, for example, my leaders Wayne Duso who's also been on the show multiple times, Bill Vaas who's also been on the show multiple times, you know they're both founders and also operators entrepreneurs at heart. So they understand that it is important, right? For all of us, it's really incumbent on all of us who are in positions to do so, to create a pathway for more people to be in leadership roles for more people to be successful entrepreneurs. So, no, I mean if you just looked at LinkedIn they're always uploading my vote so they reach to more audiences. And frankly they're rooting for us back home in the US while we're in Malaysia this week. >> That's awesome. And I think that's a good culture to have that empowerment and I think that's very healthy. What's next for you guys? What's on the agenda? Take us through the activities. I know that you got a ton of things happening. You got your event out there, which is why you're out there. There's a bunch of other activities. I think you guys call it the Advancing Women in Tech week. >> Yes, this week we are having a week of programming that you can check out at Advancing Women in Tech.org. That is spotlighting the expertise of a number of women in our space. So it is three days of programming Tuesday, Wednesday and Thursday if you are in the US so the seventh through the ninth, but available globally. We are also going to be in New York next week for the event at the UN and are looking to continue to support our mentorship programs and also our work supporting women founders throughout the year. >> All right. I have to ask you guys if you don't mind get a little market data so you can share with us here at theCUBE. What are you hearing this year that's different in the conversation space around the topics, the interests? Obviously I've seen massive amounts of global acceleration around conversations, more video, things like this more stories are scaling, a lot more LinkedIn activity. It just seems like it's a lot different this year. Can you guys share any kind of current trends you're seeing relative to the conversations and topics being discussed across the the community? >> Well, I think from a needle moving perspective, right? I think due to the efforts of wonderful organizations including the Q for spotlighting all of these awesome women, right? Trailblazing women and the nonprofits the government entities that we work with there's definitely more emphasis on creating access and creating pathways. So that's probably one thing that you're seeing is more women, more investors posting about their activities. Number two, from a global trend perspective, right? The rise of women in security. I noticed that on your agenda today, you had Lena Smart who's a good friend of mine chief information security officer at MongoDB, right? She and I are actually quite involved in helping founders especially early stage founders in the security space. And so globally from a pure technical perspective, right? There's right more increasing regulations around data privacy, data sovereignty, right? For example, India's in a few weeks about to get their first data protection regulation there locally. So all of that is giving rise to yet another wave of opportunity and we want women founders uniquely positioned to take advantage of that opportunity. >> I love it. Kate, reaction to that? I mean founders, more pathways it sounds like a neural network, it sounds like AI enabled. >> Yes, and speaking of AI, with the rise of that we are also hearing from many community members the importance of continuing to build their skills upskill learn to be able to keep up with the latest trends. There's a lot of people wondering what does this mean for my own career? And so they're turning to organizations like Advancing Women in Tech to find communities to both learn the latest information, but also build their networks so that they are able to move forward regardless of what the industry does. >> I love the work you guys are doing. It's so impressive. I think the economic angle is new it's more amplified this year. It's always kind of been there and continues to be. What do you guys hope for by next year this time what do you hope to see different from a needle moving perspective, to use your word Nancy, for next year? What's the visual output in your mind? >> I want to see real effort made towards 50-50 representation in all tech leadership roles. And I'd like to see that happen by 2050. >> Kate, anything on your end? >> I love that. I'm going to go a little bit more touchy-feely. I want everybody in our space to understand that the skills that they build and that the networks they have carry with them regardless of wherever they go. And so to be able to really lean in and learn and continue to develop the career that you want to have. So whether that be at a large organization or within your own business, that you've got the potential to move forward on that within you. >> Nancy, Kate, thank you so much for your contribution. I'll give you the final word. Put a plug in for the organization. What are you guys looking for? Any kind of PSA you want to share with the folks watching? >> Absolutely, so if you're in a position to be a mentor, join as a mentor, right? Help elevate and accelerate the next generation of women leaders. If you're an investor help us invest in more women started companies, right? Women founded startups and lastly, if you are women looking to accelerate your career, come join our community. We have resources, we have mentors and who we have investors who are willing to come in on the ground floor and help you accelerate your business. >> Great work. Thank you so much for participating in our International Women's Day 23 program and we'd look to keep this going quarterly. We'll see you next year, next time. Thanks for coming on. Appreciate it. >> Thanks so much John. >> Thank you. >> Okay, women leaders here. >> Nancy: Thanks for having us >> All over the world, coming together for a great celebration but really highlighting the accomplishments, the pathways the investment, the mentoring, everything in between. It's theCUBE. Bring as much as we can. I'm John Furrier, your host. Thanks for watching.

(upbeat music) >> Hello and welcome to theCube's coverage of International Women's Day. I'm John Furrier, your host of "theCUBE." We've got great two remote guests coming into our Palo Alto Studios, some tech athletes, as we say, people that've been in the trenches, years of experience, Lena Smart, CISO at MongoDB, Cube alumni, and Tara Hernandez, VP of Developer Productivity at MongoDB as well. Thanks for coming in to this program and supporting our efforts today. Thanks so much. >> Thanks for having us. >> Yeah, everyone talk about the journey in tech, where it all started. Before we get there, talk about what you guys are doing at MongoDB specifically. MongoDB is kind of gone the next level as a platform. You have your own ecosystem, lot of developers, very technical crowd, but it's changing the business transformation. What do you guys do at Mongo? We'll start with you, Lena. >> So I'm the CISO, so all security goes through me. I like to say, well, I don't like to say, I'm described as the ones throat to choke. So anything to do with security basically starts and ends with me. We do have a fantastic Cloud engineering security team and a product security team, and they don't report directly to me, but obviously we have very close relationships. I like to keep that kind of church and state separate and I know I've spoken about that before. And we just recently set up a physical security team with an amazing gentleman who left the FBI and he came to join us after 26 years for the agency. So, really starting to look at the physical aspects of what we offer as well. >> I interviewed a CISO the other day and she said, "Every day is day zero for me." Kind of goofing on the Amazon Day one thing, but Tara, go ahead. Tara, go ahead. What's your role there, developer productivity? What are you focusing on? >> Sure. Developer productivity is kind of the latest description for things that we've described over the years as, you know, DevOps oriented engineering or platform engineering or build and release engineering development infrastructure. It's all part and parcel, which is how do we actually get our code from developer to customer, you know, and all the mechanics that go into that. It's been something I discovered from my first job way back in the early '90s at Borland. And the art has just evolved enormously ever since, so. >> Yeah, this is a very great conversation both of you guys, right in the middle of all the action and data infrastructures changing, exploding, and involving big time AI and data tsunami and security never stops. Well, let's get into, we'll talk about that later, but let's get into what motivated you guys to pursue a career in tech and what were some of the challenges that you faced along the way? >> I'll go first. The fact of the matter was I intended to be a double major in history and literature when I went off to university, but I was informed that I had to do a math or a science degree or else the university would not be paid for. At the time, UC Santa Cruz had a policy that called Open Access Computing. This is, you know, the late '80s, early '90s. And anybody at the university could get an email account and that was unusual at the time if you were, those of us who remember, you used to have to pay for that CompuServe or AOL or, there's another one, I forget what it was called, but if a student at Santa Cruz could have an email account. And because of that email account, I met people who were computer science majors and I'm like, "Okay, I'll try that." That seems good. And it was a little bit of a struggle for me, a lot I won't lie, but I can't complain with how it ended up. And certainly once I found my niche, which was development infrastructure, I found my true love and I've been doing it for almost 30 years now. >> Awesome. Great story. Can't wait to ask a few questions on that. We'll go back to that late '80s, early '90s. Lena, your journey, how you got into it. >> So slightly different start. I did not go to university. I had to leave school when I was 16, got a job, had to help support my family. Worked a bunch of various jobs till I was about 21 and then computers became more, I think, I wouldn't say they were ubiquitous, but they were certainly out there. And I'd also been saving up every penny I could earn to buy my own computer and bought an Amstrad 1640, 20 meg hard drive. It rocked. And kind of took that apart, put it back together again, and thought that could be money in this. And so basically just teaching myself about computers any job that I got. 'Cause most of my jobs were like clerical work and secretary at that point. But any job that had a computer in front of that, I would make it my business to go find the guy who did computing 'cause it was always a guy. And I would say, you know, I want to learn how these work. Let, you know, show me. And, you know, I would take my lunch hour and after work and anytime I could with these people and they were very kind with their time and I just kept learning, so yep. >> Yeah, those early days remind me of the inflection point we're going through now. This major C change coming. Back then, if you had a computer, you had to kind of be your own internal engineer to fix things. Remember back on the systems revolution, late '80s, Tara, when, you know, your career started, those were major inflection points. Now we're seeing a similar wave right now, security, infrastructure. It feels like it's going to a whole nother level. At Mongo, you guys certainly see this as well, with this AI surge coming in. A lot more action is coming in. And so there's a lot of parallels between these inflection points. How do you guys see this next wave of change? Obviously, the AI stuff's blowing everyone away. Oh, new user interface. It's been called the browser moment, the mobile iPhone moment, kind of for this generation. There's a lot of people out there who are watching that are young in their careers, what's your take on this? How would you talk to those folks around how important this wave is? >> It, you know, it's funny, I've been having this conversation quite a bit recently in part because, you know, to me AI in a lot of ways is very similar to, you know, back in the '90s when we were talking about bringing in the worldwide web to the forefront of the world, right. And we tended to think in terms of all the optimistic benefits that would come of it. You know, free passing of information, availability to anyone, anywhere. You just needed an internet connection, which back then of course meant a modem. >> John: Not everyone had though. >> Exactly. But what we found in the subsequent years is that human beings are what they are and we bring ourselves to whatever platforms that are there, right. And so, you know, as much as it was amazing to have this freely available HTML based internet experience, it also meant that the negatives came to the forefront quite quickly. And there were ramifications of that. And so to me, when I look at AI, we're already seeing the ramifications to that. Yes, are there these amazing, optimistic, wonderful things that can be done? Yes. >> Yeah. >> But we're also human and the bad stuff's going to come out too. And how do we- >> Yeah. >> How do we as an industry, as a community, you know, understand and mitigate those ramifications so that we can benefit more from the positive than the negative. So it is interesting that it comes kind of full circle in really interesting ways. >> Yeah. The underbelly takes place first, gets it in the early adopter mode. Normally industries with, you know, money involved arbitrage, no standards. But we've seen this movie before. Is there hope, Lena, that we can have a more secure environment? >> I would hope so. (Lena laughs) Although depressingly, we've been in this well for 30 years now and we're, at the end of the day, still telling people not to click links on emails. So yeah, that kind of still keeps me awake at night a wee bit. The whole thing about AI, I mean, it's, obviously I am not an expert by any stretch of the imagination in AI. I did read (indistinct) book recently about AI and that was kind of interesting. And I'm just trying to teach myself as much as I can about it to the extent of even buying the "Dummies Guide to AI." Just because, it's actually not a dummies guide. It's actually fairly interesting, but I'm always thinking about it from a security standpoint. So it's kind of my worst nightmare and the best thing that could ever happen in the same dream. You know, you've got this technology where I can ask it a question and you know, it spits out generally a reasonable answer. And my team are working on with Mark Porter our CTO and his team on almost like an incubation of AI link. What would it look like from MongoDB? What's the legal ramifications? 'Cause there will be legal ramifications even though it's the wild, wild west just now, I think. Regulation's going to catch up to us pretty quickly, I would think. >> John: Yeah, yeah. >> And so I think, you know, as long as companies have a seat at the table and governments perhaps don't become too dictatorial over this, then hopefully we'll be in a good place. But we'll see. I think it's a really interest, there's that curse, we're living in interesting times. I think that's where we are. >> It's interesting just to stay on this tech trend for a minute. The standards bodies are different now. Back in the old days there were, you know, IEEE standards, ITF standards. >> Tara: TPC. >> The developers are the new standard. I mean, now you're seeing open source completely different where it was in the '90s to here beginning, that was gen one, some say gen two, but I say gen one, now we're exploding with open source. You have kind of developers setting the standards. If developers like it in droves, it becomes defacto, which then kind of rolls into implementation. >> Yeah, I mean I think if you don't have developer input, and this is why I love working with Tara and her team so much is 'cause they get it. If we don't have input from developers, it's not going to get used. There's going to be ways of of working around it, especially when it comes to security. If they don't, you know, if you're a developer and you're sat at your screen and you don't want to do that particular thing, you're going to find a way around it. You're a smart person. >> Yeah. >> So. >> Developers on the front lines now versus, even back in the '90s, they're like, "Okay, consider the dev's, got a QA team." Everything was Waterfall, now it's Cloud, and developers are on the front lines of everything. Tara, I mean, this is where the standards are being met. What's your reaction to that? >> Well, I think it's outstanding. I mean, you know, like I was at Netscape and part of the crowd that released the browser as open source and we founded mozilla.org, right. And that was, you know, in many ways kind of the birth of the modern open source movement beyond what we used to have, what was basically free software foundation was sort of the only game in town. And I think it is so incredibly valuable. I want to emphasize, you know, and pile onto what Lena was saying, it's not just that the developers are having input on a sort of company by company basis. Open source to me is like a checks and balance, where it allows us as a broader community to be able to agree on and enforce certain standards in order to try and keep the technology platforms as accessible as possible. I think Kubernetes is a great example of that, right. If we didn't have Kubernetes, that would've really changed the nature of how we think about container orchestration. But even before that, Linux, right. Linux allowed us as an industry to end the Unix Wars and as someone who was on the front lines of that as well and having to support 42 different operating systems with our product, you know, that was a huge win. And it allowed us to stop arguing about operating systems and start arguing about software or not arguing, but developing it in positive ways. So with, you know, with Kubernetes, with container orchestration, we all agree, okay, that's just how we're going to orchestrate. Now we can build up this huge ecosystem, everybody gets taken along, right. And now it changes the game for what we're defining as business differentials, right. And so when we talk about crypto, that's a little bit harder, but certainly with AI, right, you know, what are the checks and balances that as an industry and as the developers around this, that we can in, you know, enforce to make sure that no one company or no one body is able to overly control how these things are managed, how it's defined. And I think that is only for the benefit in the industry as a whole, particularly when we think about the only other option is it gets regulated in ways that do not involve the people who actually know the details of what they're talking about. >> Regulated and or thrown away or bankrupt or- >> Driven underground. >> Yeah. >> Which would be even worse actually. >> Yeah, that's a really interesting, the checks and balances. I love that call out. And I was just talking with another interview part of the series around women being represented in the 51% ratio. Software is for everybody. So that we believe that open source movement around the collective intelligence of the participants in the industry and independent of gender, this is going to be the next wave. You're starting to see these videos really have impact because there are a lot more leaders now at the table in companies developing software systems and with AI, the aperture increases for applications. And this is the new dynamic. What's your guys view on this dynamic? How does this go forward in a positive way? Is there a certain trajectory you see? For women in the industry? >> I mean, I think some of the states are trying to, again, from the government angle, some of the states are trying to force women into the boardroom, for example, California, which can be no bad thing, but I don't know, sometimes I feel a bit iffy about all this kind of forced- >> John: Yeah. >> You know, making, I don't even know how to say it properly so you can cut this part of the interview. (John laughs) >> Tara: Well, and I think that they're >> I'll say it's not organic. >> No, and I think they're already pulling it out, right. It's already been challenged so they're in the process- >> Well, this is the open source angle, Tara, you are getting at it. The change agent is open, right? So to me, the history of the proven model is openness drives transparency drives progress. >> No, it's- >> If you believe that to be true, this could have another impact. >> Yeah, it's so interesting, right. Because if you look at McKinsey Consulting or Boston Consulting or some of the other, I'm blocking on all of the names. There has been a decade or more of research that shows that a non homogeneous employee base, be it gender or ethnicity or whatever, generates more revenue, right? There's dollar signs that can be attached to this, but it's not enough for all companies to want to invest in that way. And it's not enough for all, you know, venture firms or investment firms to grant that seed money or do those seed rounds. I think it's getting better very slowly, but socialization is a much harder thing to overcome over time. Particularly, when you're not just talking about one country like the United States in our case, but around the world. You know, tech centers now exist all over the world, including places that even 10 years ago we might not have expected like Nairobi, right. Which I think is amazing, but you have to factor in the cultural implications of that as well, right. So yes, the openness is important and we have, it's important that we have those voices, but I don't think it's a panacea solution, right. It's just one more piece. I think honestly that one of the most important opportunities has been with Cloud computing and Cloud's been around for a while. So why would I say that? It's because if you think about like everybody holds up the Steve Jobs, Steve Wozniak, back in the '70s, or Sergey and Larry for Google, you know, you had to have access to enough credit card limit to go to Fry's and buy your servers and then access to somebody like Susan Wojcicki to borrow the garage or whatever. But there was still a certain amount of upfrontness that you had to be able to commit to, whereas now, and we've, I think, seen a really good evidence of this being able to lease server resources by the second and have development platforms that you can do on your phone. I mean, for a while I think Africa, that the majority of development happened on mobile devices because there wasn't a sufficient supply chain of laptops yet. And that's no longer true now as far as I know. But like the power that that enables for people who would otherwise be underrepresented in our industry instantly opens it up, right? And so to me that's I think probably the biggest opportunity that we've seen from an industry on how to make more availability in underrepresented representation for entrepreneurship. >> Yeah. >> Something like AI, I think that's actually going to take us backwards if we're not careful. >> Yeah. >> Because of we're reinforcing that socialization. >> Well, also the bias. A lot of people commenting on the biases of the large language inherently built in are also problem. Lena, I want you to weigh on this too, because I think the skills question comes up here and I've been advocating that you don't need the pedigree, college pedigree, to get into a certain jobs, you mentioned Cloud computing. I mean, it's been around for you think a long time, but not really, really think about it. The ability to level up, okay, if you're going to join something new and half the jobs in cybersecurity are created in the past year, right? So, you have this what used to be a barrier, your degree, your pedigree, your certification would take years, would be a blocker. Now that's gone. >> Lena: Yeah, it's the opposite. >> That's, in fact, psychology. >> I think so, but the people who I, by and large, who I interview for jobs, they have, I think security people and also I work with our compliance folks and I can't forget them, but let's talk about security just now. I've always found a particular kind of mindset with security folks. We're very curious, not very good at following rules a lot of the time, and we'd love to teach others. I mean, that's one of the big things stem from the start of my career. People were always interested in teaching and I was interested in learning. So it was perfect. And I think also having, you know, strong women leaders at MongoDB allows other underrepresented groups to actually apply to the company 'cause they see that we're kind of talking the talk. And that's been important. I think it's really important. You know, you've got Tara and I on here today. There's obviously other senior women at MongoDB that you can talk to as well. There's a bunch of us. There's not a whole ton of us, but there's a bunch of us. And it's good. It's definitely growing. I've been there for four years now and I've seen a growth in women in senior leadership positions. And I think having that kind of track record of getting really good quality underrepresented candidates to not just interview, but come and join us, it's seen. And it's seen in the industry and people take notice and they're like, "Oh, okay, well if that person's working, you know, if Tara Hernandez is working there, I'm going to apply for that." And that in itself I think can really, you know, reap the rewards. But it's getting started. It's like how do you get your first strong female into that position or your first strong underrepresented person into that position? It's hard. I get it. If it was easy, we would've sold already. >> It's like anything. I want to see people like me, my friends in there. Am I going to be alone? Am I going to be of a group? It's a group psychology. Why wouldn't? So getting it out there is key. Is there skills that you think that people should pay attention to? One's come up as curiosity, learning. What are some of the best practices for folks trying to get into the tech field or that's in the tech field and advancing through? What advice are you guys- >> I mean, yeah, definitely, what I say to my team is within my budget, we try and give every at least one training course a year. And there's so much free stuff out there as well. But, you know, keep learning. And even if it's not right in your wheelhouse, don't pick about it. Don't, you know, take a look at what else could be out there that could interest you and then go for it. You know, what does it take you few minutes each night to read a book on something that might change your entire career? You know, be enthusiastic about the opportunities out there. And there's so many opportunities in security. Just so many. >> Tara, what's your advice for folks out there? Tons of stuff to taste, taste test, try things. >> Absolutely. I mean, I always say, you know, my primary qualifications for people, I'm looking for them to be smart and motivated, right. Because the industry changes so quickly. What we're doing now versus what we did even last year versus five years ago, you know, is completely different though themes are certainly the same. You know, we still have to code and we still have to compile that code or package the code and ship the code so, you know, how well can we adapt to these new things instead of creating floppy disks, which was my first job. Five and a quarters, even. The big ones. >> That's old school, OG. There it is. Well done. >> And now it's, you know, containers, you know, (indistinct) image containers. And so, you know, I've gotten a lot of really great success hiring boot campers, you know, career transitioners. Because they bring a lot experience in addition to the technical skills. I think the most important thing is to experiment and figuring out what do you like, because, you know, maybe you are really into security or maybe you're really into like deep level coding and you want to go back, you know, try to go to school to get a degree where you would actually want that level of learning. Or maybe you're a front end engineer, you want to be full stacked. Like there's so many different things, data science, right. Maybe you want to go learn R right. You know, I think it's like figure out what you like because once you find that, that in turn is going to energize you 'cause you're going to feel motivated. I think the worst thing you could do is try to force yourself to learn something that you really could not care less about. That's just the worst. You're going in handicapped. >> Yeah and there's choices now versus when we were breaking into the business. It was like, okay, you software engineer. They call it software engineering, that's all it was. You were that or you were in sales. Like, you know, some sort of systems engineer or sales and now it's,- >> I had never heard of my job when I was in school, right. I didn't even know it was a possibility. But there's so many different types of technical roles, you know, absolutely. >> It's so exciting. I wish I was young again. >> One of the- >> Me too. (Lena laughs) >> I don't. I like the age I am. So one of the things that I did to kind of harness that curiosity is we've set up a security champions programs. About 120, I guess, volunteers globally. And these are people from all different backgrounds and all genders, diversity groups, underrepresented groups, we feel are now represented within this champions program. And people basically give up about an hour or two of their time each week, with their supervisors permission, and we basically teach them different things about security. And we've now had seven full-time people move from different areas within MongoDB into my team as a result of that program. So, you know, monetarily and time, yeah, saved us both. But also we're showing people that there is a path, you know, if you start off in Tara's team, for example, doing X, you join the champions program, you're like, "You know, I'd really like to get into red teaming. That would be so cool." If it fits, then we make that happen. And that has been really important for me, especially to give, you know, the women in the underrepresented groups within MongoDB just that window into something they might never have seen otherwise. >> That's a great common fit is fit matters. Also that getting access to what you fit is also access to either mentoring or sponsorship or some sort of, at least some navigation. Like what's out there and not being afraid to like, you know, just ask. >> Yeah, we just actually kicked off our big mentor program last week, so I'm the executive sponsor of that. I know Tara is part of it, which is fantastic. >> We'll put a plug in for it. Go ahead. >> Yeah, no, it's amazing. There's, gosh, I don't even know the numbers anymore, but there's a lot of people involved in this and so much so that we've had to set up mentoring groups rather than one-on-one. And I think it was 45% of the mentors are actually male, which is quite incredible for a program called Mentor Her. And then what we want to do in the future is actually create a program called Mentor Them so that it's not, you know, not just on the female and so that we can live other groups represented and, you know, kind of break down those groups a wee bit more and have some more granularity in the offering. >> Tara, talk about mentoring and sponsorship. Open source has been there for a long time. People help each other. It's community-oriented. What's your view of how to work with mentors and sponsors if someone's moving through ranks? >> You know, one of the things that was really interesting, unfortunately, in some of the earliest open source communities is there was a lot of pervasive misogyny to be perfectly honest. >> Yeah. >> And one of the important adaptations that we made as an open source community was the idea, an introduction of code of conducts. And so when I'm talking to women who are thinking about expanding their skills, I encourage them to join open source communities to have opportunity, even if they're not getting paid for it, you know, to develop their skills to work with people to get those code reviews, right. I'm like, "Whatever you join, make sure they have a code of conduct and a good leadership team. It's very important." And there are plenty, right. And then that idea has come into, you know, conferences now. So now conferences have codes of contact, if there are any good, and maybe not all of them, but most of them, right. And the ideas of expanding that idea of intentional healthy culture. >> John: Yeah. >> As a business goal and business differentiator. I mean, I won't lie, when I was recruited to come to MongoDB, the culture that I was able to discern through talking to people, in addition to seeing that there was actually women in senior leadership roles like Lena, like Kayla Nelson, that was a huge win. And so it just builds on momentum. And so now, you know, those of us who are in that are now representing. And so that kind of reinforces, but it's all ties together, right. As the open source world goes, particularly for a company like MongoDB, which has an open source product, you know, and our community builds. You know, it's a good thing to be mindful of for us, how we interact with the community and you know, because that could also become an opportunity for recruiting. >> John: Yeah. >> Right. So we, in addition to people who might become advocates on Mongo's behalf in their own company as a solution for themselves, so. >> You guys had great successful company and great leadership there. I mean, I can't tell you how many times someone's told me "MongoDB doesn't scale. It's going to be dead next year." I mean, I was going back 10 years. It's like, just keeps getting better and better. You guys do a great job. So it's so fun to see the success of developers. Really appreciate you guys coming on the program. Final question, what are you guys excited about to end the segment? We'll give you guys the last word. Lena will start with you and Tara, you can wrap us up. What are you excited about? >> I'm excited to see what this year brings. I think with ChatGPT and its copycats, I think it'll be a very interesting year when it comes to AI and always in the lookout for the authentic deep fakes that we see coming out. So just trying to make people aware that this is a real thing. It's not just pretend. And then of course, our old friend ransomware, let's see where that's going to go. >> John: Yeah. >> And let's see where we get to and just genuine hygiene and housekeeping when it comes to security. >> Excellent. Tara. >> Ah, well for us, you know, we're always constantly trying to up our game from a security perspective in the software development life cycle. But also, you know, what can we do? You know, one interesting application of AI that maybe Google doesn't like to talk about is it is really cool as an addendum to search and you know, how we might incorporate that as far as our learning environment and developer productivity, and how can we enable our developers to be more efficient, productive in their day-to-day work. So, I don't know, there's all kinds of opportunities that we're looking at for how we might improve that process here at MongoDB and then maybe be able to share it with the world. One of the things I love about working at MongoDB is we get to use our own products, right. And so being able to have this interesting document database in order to put information and then maybe apply some sort of AI to get it out again, is something that we may well be looking at, if not this year, then certainly in the coming year. >> Awesome. Lena Smart, the chief information security officer. Tara Hernandez, vice president developer of productivity from MongoDB. Thank you so much for sharing here on International Women's Day. We're going to do this quarterly every year. We're going to do it and then we're going to do quarterly updates. Thank you so much for being part of this program. >> Thank you. >> Thanks for having us. >> Okay, this is theCube's coverage of International Women's Day. I'm John Furrier, your host. Thanks for watching. (upbeat music)

(upbeat music) >> Welcome back everyone to Supercloud 2, live here in Palo Alto, our studio, where we're doing a live stage performance and virtually syndicating out around the world. I'm John Furrier with Dave Vellante, my co-host with the The Cube here. We've got Kit Colbert, the CTO of VM. We're doing a keynote on Cloud Chaos, the evolution of SuperCloud Architecture Kit. Great to see you, thanks for coming on. >> Yeah, thanks for having me back. It's great to be here for Supercloud 2. >> And so we're going to dig into it. We're going to do a Q&A. We're going to let you present. You got some slides. I really want to get this out there, it's really compelling story. Do the presentation and then we'll come back and discuss. Take it away. >> Yeah, well thank you. So, we had a great time at the original Supercloud event, since then, been talking to a lot of customers, and started to better formulate some of the thinking that we talked about last time So, let's jump into it. Just a few quick slides to sort of set the tone here. So, if we go to the the next slide, what that shows is the journey that we see customers on today, going from what we call Cloud First into this phase that many customers are stuck in, called Cloud Chaos, and where they want to get to, and this is the term customers actually use, we didn't make this up, we heard it from customers. This notion of Cloud Smart, right? How do they use cloud more effectively, more intelligently? Now, if you walk through this journey, customers start with Cloud First. They usually select a single cloud that they're going to standardize on, and when they do that, they have to build out a whole bunch of functionality around that cloud. Things you can see there on the screen, disaster recovery, security, how do they monitor it or govern it? Like, these are things that are non-negotiable, you've got to figure it out, and typically what they do is, they leverage solutions that are specific for that cloud, and that's fine when you have just one cloud. But if we build out here, what we see is that most customers are using more than just one, they're actually using multiple, not necessarily 10 or however many on the screen, but this is just as an example. And so what happens is, they have to essentially duplicate or replicate that stack they've built for each different cloud, and they do so in a kind of a siloed manner. This results in the Cloud Chaos term that that we talked about before. And this is where most businesses out there are, they're using two, maybe three public clouds. They've got some stuff on-prem and they've also got some stuff out at the edge. This is apps, data, et cetera. So, this is the situation, this is sort of that Cloud Chaos. So, the question is, how do we move from this phase to Cloud Smart? And this is where the architecture comes in. This is why architecture, I think, is so important. It's really about moving away from these single cloud services that just solve a problem for one cloud, to something we call a Cross-Cloud service. Something that can support a set of functionality across all clouds, and that means not just public clouds, but also private clouds, edge, et cetera, and when you evolve that across the board, what you get is this sort of Supercloud. This notion that we're talking about here, where you combine these cross-cloud services in many different categories. You can see some examples there on the screen. This is not meant to be a complete set of things, but just examples of what can be done. So, this is sort of the transition and transformation that we're talking about here, and I think the architecture piece comes in both for the individual cloud services as well as that Supercloud concept of how all those services come together. >> Great presentation., thanks for sharing. If you could pop back to that slide, on the Cloud Chaos one. I just want to get your thoughts on something there. This is like the layout of the stack. So, this slide here that I'm showing on the screen, that you presented, okay, take us through that complexity. This is the one where I wanted though, that looks like a spaghetti code mix. >> Yes. >> So, do you turn this into a Supercloud stack, right? Is that? >> well, I think it's, it's an evolving state that like, let's take one of these examples, like security. So, instead of implementing security individually in different ways, using different technologies, different tooling for each cloud, what you would do is say, "Hey, I want a single security solution that works across all clouds", right? A concrete example of this would be secure software supply chain. This is probably one of the top ones that I hear when I talk to customers. How do I know that the software I'm building is truly what I expect it to be, and not something that some hacker has gotten into, and polluted with malicious code? And what they do is that, typically today, their teams have gone off and created individual secure software supply chain solutions for each cloud. So, now they could say, "Hey, I can take a single implementation and just have different endpoints." It could go to Google, or AWS, or on-prem, or wherever have you, right? So, that's the sort of architectural evolution that we're talking about. >> You know, one of the things we hear, Dave, you've been on theCUBE all the time, and we, when we talk privately with customers who are asking us like, what's, what's going on? They have the same complaint, "I don't want to build a team, a dev team, for that stack." So, if you go back to that slide again, you'll see that, that illustrates the tech stack for the clouds and the clouds at the bottom. So, the number one complaint we hear, and I want to get your reaction to that, "I don't want to have a team to have to work on that. So, I'm going to pick one and then have a hedge secondary one, as a backup." Here, that's one, that's four, five, eight, ten, ten environments. >> Yeah, I got a lot. >> That's going to be the reality, so, what's the technical answer to that? >> Yeah, well first of all, let me just say, this picture is again not totally representative of reality oftentimes, because while that picture shows a solution for every cloud, oftentimes that's not the case. Oftentimes it's a line of business going off, starting to use a new cloud. They might solve one or two things, but usually not security, usually not some of these other things, right? So, I think from a technical standpoint, where you want to get to is, yes, that sort of common service, with a common operational team behind it, that is trained on that, that can work across clouds. And that's really I think the important evolution here, is that you don't need to replicate these operational teams, one for each cloud. You can actually have them more focused across all those clouds. >> Yeah, in fact, we were commenting on the opening today. Dave and I were talking about the benefits of the cloud. It's heterogeneous, which is a good thing, but it's complex. There's skill gaps and skill required, but at the end of the day, self-service of the cloud, and the elastic nature of it makes it the benefit. So, if you try to create too many common services, you lose the value of the cloud. So, what's the trade off, in your mind right now as customers start to look at okay, identity, maybe I'll have one single sign on, that's an obvious one. Other ones? What are the areas people are looking at from a combination, common set of services? Where do they start? What's the choices? What are some of the trade offs? 'Cause you can't do it everything. >> No, it's a great question. So, that's actually a really good point and as I answer your question, before I answer your question, the important point about that, as you saw here, you know, across cloud services or these set of Cross-Cloud services, the things that comprise the Supercloud, at least in my view, the point is not necessarily to completely abstract the underlying cloud. The point is to give a business optionality and choice, in terms of what it wants to abstract, and I think that gets to your question, is how much do you actually want to abstract from the underlying cloud? Now, what I find, is that typically speaking, cloud choice is driven at least from a developer or app team perspective, by the best of breed services. What higher level application type services do you need? A database or AI, you know, ML systems, for your application, and that's going to drive your choice of the cloud. So oftentimes, businesses I talk to, want to allow those services to shine through, but for other things that are not necessarily highly differentiated and yet are absolutely critical to creating a successful application, those are things that you want to standardize. Again, like things like security, the supply chain piece, cost management, like these things you need to, and you know, things like cogs become really, really important when you start operating at scale. So, those are the things in it that I see people wanting to focus on. >> So, there's a majority model. >> Yes. >> All right, and we heard of earlier from Walmart, who's fairly, you know, advanced, but at the same time their supercloud is pretty immature. So, what are you seeing in terms of supercloud momentum, crosscloud momentum? What's the starting point for customers? >> Yeah, so it's interesting, right, on that that three-tiered journey that I talked about, this Cloud Smart notion is, that is adoption of what you might call a supercloud or architecture, and most folks aren't there yet. Even the really advanced ones, even the really large ones, and I think it's because of the fact that, we as an industry are still figuring this out. We as an industry did not realize this sort of Cloud Chaos state could happen, right? We didn't, I think most folks thought they could standardize on one cloud and that'd be it, but as time has shown, that's simply not the case. As much as one might try to do that, that's not where you end up. So, I think there's two, there's two things here. Number one, for folks that are early in to the cloud, and are in this Cloud Chaos phase, we see the path out through standardization of these cross-cloud services through adoption of this sort of supercloud architecture, but the other thing I think is particularly exciting, 'cause I talked to a number of of businesses who are not yet in the Cloud Chaos phase. They're earlier on in the cloud journey, and I think the opportunity there is that they don't have to go through Cloud Chaos. They can actually skip that whole phase if they adopt this supercloud architecture from the beginning, and I think being thoughtful around that is really the key here. >> It's interesting, 'cause we're going to hear from Ionis Pharmaceuticals later, and they, yes there are multiple clouds, but the multiple clouds are largely separate, and so it's a business unit using that. So, they're not in Cloud Chaos, but they're not tapping the advantages that you could get for best of breed across those business units. So, to your point, they have an opportunity to actually build that architecture or take advantage of those cross-cloud services, prior to reaching cloud chaos. >> Well, I, actually, you know, I'd love to hear from them if, 'cause you say they're not in Cloud Chaos, but are they, I mean oftentimes I find that each BU, each line of business may feel like they're fine, in of themselves. >> Yes, exactly right, yes. >> But when you look at it from an overall company perspective, they're like, okay, things are pretty chaotic here. We don't have standardization, I don't, you know, like, again, security compliance, these things, especially in many regulated industries, become huge problems when you're trying to run applications across multiple clouds, but you don't have any of those company-wide standardizations. >> Well, this is a point. So, they have a big deal with AstraZeneca, who's got this huge ecosystem, they want to start sharing data across those ecosystem, and that's when they will, you know, that Cloud Chaos will, you know, come, come to fore, you would think. I want to get your take on something that Bob Muglia said earlier, which is, he kind of said, "Hey Dave, you guys got to tighten up your definition a little bit." So, he said a supercloud is a platform that provides programmatically consistent services hosted on heterogeneous cloud providers. So, you know, thank you, that was nice and simple. However others in the community, we're going to hear from Dr. Nelu Mihai later, says, no, no, wait a minute, it's got to be an architecture, not a platform. Where do you land on this architecture v. platform thing? >> I look at it as, I dunno if it's, you call it maturity or just kind of a time horizon thing, but for me when I hear the word platform, I typically think of a single vendor. A single vendor provides this platform. That's kind of the beauty of a platform, is that there is a simplicity usually consistency to it. >> They did the architecture. (laughing) >> Yeah, exactly but I mean, well, there's obviously architecture behind it, has to be, but you as a customer don't necessarily need to deal with that. Now, I think one of the opportunities with Supercloud is that it's not going to be, or there is no single vendor that can solve all these problems. It's got to be the industry coming together as a community, inter-operating, working together, and so, that's why, for me, I think about it as an architecture, that there's got to be these sort of, well-defined categories of functionality. There's got to be well-defined interfaces between those categories of functionality to enable modularity, to enable businesses to be able to pick and choose the right sorts of services, and then weave those together into an overall supercloud. >> Okay, so you're not pitching, necessarily the platform, you're saying, hey, we have an architecture that's open. I go back to something that Vittorio said on August 9th, with the first Supercloud, because as well, remember we talked about abstracting, but at the same time giving developers access to those primitives. So he said, and this, I think your answer sort of confirms this. "I want to have my cake eat it too and not gain weight." >> (laughing) Right. Well and I think that's where the platform aspect can eventually come, after we've gotten aligned architecture, you're going to start to naturally see some vendors step up to take on some of the remaining complexity there. So, I do see platforms eventually emerging here, but I think where we have to start as an industry is around aligning, okay, what does this definition mean? What does that architecture look like? How do we enable interoperability? And then we can take the next step. >> Because it depends too, 'cause I would say Snowflake has a platform, and they've just defined the architecture, but we're not talking about infrastructure here, obviously, we're talking about something else. >> Well, I think that the Snowflake talks about, what he talks about, security and data, you're going to start to see the early movement around areas that are very spanning oriented, and I think that's the beginning of the trend and I think there's going to be a lot more, I think on the infrastructure side. And to your point about the platform architecture, that's actually a really good thought exercise because it actually makes you think about what you're designing in the first place, and that's why I want to get your reaction. >> Quote from- >> Well I just have to interrupt since, later on, you're going to hear from near Nir Zuk of Palo Alto Network. He says architecture and security historically, they don't go hand in hand, 'cause it's a big mess. >> It depends if you're whacking the mole or you actually proactively building something. Well Kit, I want to get your reaction from a quote from someone in our community who said about Supercloud, you know, "The Supercloud's great, there are issues around computer science rigors, and customer requirements." So, there's some issues around the science itself as well as not just listen to the customer, 'cause if that's the case, we'd have a better database, a better Oracle, right, so, but there's other, this tech involved, new tech. We need an open architecture with universal data modeling interconnecting among them, connectivity is a part of security, and then, once we get through that gate, figuring out the technical, the data, and the customer requirements, they say "Supercloud should be a loosely coupled platform with open architecture, plug and play, specialized services, ready for optimization, automation that can stand the test of time." What's your reaction to that sentiment? You like it, is that, does that sound good? >> Yeah, no, broadly aligns with my thinking, I think, and what I see from talking with customers as well. I mean, I like the, again, the, you know, listening to customer needs, prioritizing those things, focusing on some of the connective tissue networking, and data and some of these aspects talking about the open architecture, the interoperability, those are all things I think are absolutely critical. And then, yeah, like I think at the end. >> On the computer science side, do you see some science and engineering things that need to be engineered differently? We heard databases are radically going to change and that are inadequate for the new architecture. What are some of the things like that, from a science standpoint? >> Yeah, yeah, yeah. Some of the more academic research type things. >> More tech, or more better tech or is it? >> Yeah, look, absolutely. I mean I think that there's a bunch around, certainly around the data piece, around, you know, there's issues of data gravity, data mobility. How do you want to do that in a way that's performant? There's definitely issues around security as well. Like how do you enable like trust in these environments, there's got to be some sort of hardware rooted trusts, and you know, a whole bunch of various types of aspects there. >> So, a lot of work still be done. >> Yes, I think so. And that's why I look at this as, this is not a one year thing, or you know, it's going to be multi-years, and I think again, it's about all of us in the industry working together to come to an aligned picture of what that looks like. >> So, as the world's moved from private cloud to public cloud and now Cross-cloud services, supercloud, metacloud, whatever you want to call it, how have you sort of changed the way engineering's organized, developers sort of approached the problem? Has it changed and how? >> Yeah, absolutely. So, you know, it's funny, we at VMware, going through the same challenges as our customers and you know, any business, right? We use multiple clouds, we got a big, of course, on-prem footprint. You know, what we're doing is similar to what I see in many other customers, which, you see the evolution of a platform team, and so the platform team is really in charge of trying to develop a lot of these underlying services to allow our lines of business, our product teams, to be able to move as quickly as possible, to focus on the building, while we help with a lot of the operational overheads, right? We maintain security, compliance, all these other things. We also deal with, yeah, just making the developer's life as simple as possible. So, they do need to know some stuff about, you know, each public cloud they're using, those public cloud services, but at the same, time we can abstract a lot of the details they don't need to be in. So, I think this sort of delineation or separation, I should say, between the underlying platform team and the product teams is a very, very common pattern. >> You know, I noticed the four layers you talked about were observability, infrastructure, security and developers, on that slide, the last slide you had at the top, that was kind of the abstraction key areas that you guys at VMware are working? >> Those were just some groupings that we've come up with, but we like to debate them. >> I noticed data's in every one of them. >> Yeah, yep, data is key. >> It's not like, so, back to the data questions that security is called out as a pillar. Observability is just kind of watching everything, but it's all pretty much data driven. Of the four layers that you see, I take that as areas that you can. >> Standardize. >> Consistently rely on to have standard services. >> Yes. >> Which one do you start with? What's the, is there order of operations? >> Well, that's, I mean. >> 'Cause I think infrastructure's number one, but you had observability, you need to know what's going on. >> Yeah, well it really, it's highly dependent. Again, it depends on the business that we talk to and what, I mean, it really goes back to, what are your business priorities, right? And we have some customers who may want to get out of a data center, they want to evacuate the data center, and so what they want is then, consistent infrastructure, so they can just move those applications up to the cloud. They don't want to have to refactor them and we'll do it later, but there's an immediate and sort of urgent problem that they have. Other customers I talk to, you know, security becomes top of mind, or maybe compliance, because they're in a regulated industry. So, those are the sort of services they want to prioritize. So, I would say there is no single right answer, no one size fits all. The point about this architecture is really around the optionality of it, as it allows you as a business to decide what's most important and where you want to prioritize. >> How about the deployment models kit? Do, does a customer have that flexibility from a deployment model standpoint or do I have to, you know, approach it a specific way? Can you address that? >> Yeah, I mean deployment models, you're talking about how they how they consume? >> So, for instance, yeah, running a control plane in the cloud. >> Got it, got it. >> And communicating elsewhere or having a single global instance or instantiating that instance, and? >> So, that's a good point actually, and you know, the white paper that we released back in August, around this sort of concept, the Cross-cloud service. This is some of the stuff we need to figure out as an industry. So, you know when we talk about a Cross-cloud service, we can mean actually any of the things you just talked about. It could be a single instance that runs, let's say in one public cloud, but it supports all of 'em. Or it could be one that's multi-instance and that runs in each of the clouds, and that customers can take dependencies on whichever one, depending on what their use cases are or the, even going further than that, there's a type of Cross-cloud service that could actually be instantiated even in an air gapped or offline environment, and we have many, many businesses, especially heavily regulated ones that have that requirement, so I think, you know. >> Global don't forget global, regions, locales. >> Yeah, there's all sorts of performance latency issues that can be concerned about. So, most services today are the former, there are single sort of instance or set of instances within a single cloud that support multiple clouds, but I think what we're doing and where we're going with, you know, things like what we see with Kubernetes and service meshes and all these things, will better enable folks to hit these different types of cross-cloud service architectures. So, today, you as a customer probably wouldn't have too much choice, but where we're going, you'll see a lot more choice in the future. >> If you had to summarize for folks watching the importance of Supercloud movement, multi-cloud, cross-cloud services, as an industry in flexible, 'cause I'm always riffing on the whole old school network protocol stacks that got disrupted by TCP/IP, that's a little bit dated, we got people on the chat that are like, you know, 20 years old that weren't even born then. So, but this is a, one of those inflection points that's once in a generation inflection point, I'm sure you agree. What scoped the order of magnitude of the change and the opportunity around the marketplace, the business models, the technology, and ultimately benefits the society. >> Yeah. Wow. Getting bigger. >> You have 10 seconds, go. >> I know. Yeah. (laughing) No, look, so I think it is what we're seeing is really the next phase of what you might call cloud, right? This notion of delivering services, the way they've been packaged together, traditionally by the hyperscalers is now being challenged. and what we're seeing is really opening that up to new levels of innovation, and I think that will be huge for businesses because it'll help meet them where they are. Instead of needing to contort the businesses to, you know, make it work with the technology, the technology will support the business and where it's going. Give people more optionality, more flexibility in order to get there, and I think in the end, for us as individuals, it will just make for better experiences, right? You can get better performance, better interactivity, given that devices are so much of what we do, and so much of what we interact with all the time. This sort of flexibility and optionality will fundamentally better for us as individuals in our experiences. >> And we're seeing that with ChatGPT, everyone's talking about, just early days. There'll be more and more of things like that, that are next gen, like obviously like, wow, that's a fall out of your chair moment. >> It'll be the next wave of innovation that's unleashed. >> All right, Kit Colbert, thanks for coming on and sharing and exploring the Supercloud architecture, Cloud Chaos, the Cloud Smart, there's a transition progression happening and it's happening fast. This is the supercloud wave. If you're not on this wave, you'll be driftwood. That's a Pat Gelsinger quote on theCUBE. This is theCUBE Be right back with more Supercloud coverage, here in Palo Alto after this break. (upbeat music) (upbeat music continues)

>> Welcome back to the program. My name is Dave Valante and in this session, we're going to explore one of the more interesting topics of the day. IoT for Smart Factories. And with me are, Todd Edmunds,the Global CTO of Smart Manufacturing Edge and Digital Twins at Dell Technologies. That is such a cool title. (chuckles) I want to be you. And Dr. Aditi Banerjee, who's the Vice President, General Manager for Aerospace Defense and Manufacturing at DXC Technology. Another really cool title. Folks, welcome to the program. Thanks for coming on. >> Thanks Dave. >> Thank you. Great to be here. >> Nice to be here. >> Todd, let's start with you. We hear a lot about Industry 4.0, Smart Factories, IIoT. Can you briefly explain, what is Industry 4.0 all about and why is it important for the manufacturing industry? >> Yeah. Sure, Dave. You know, it's been around for quite a while and it's gone by multiple different names, as you said. Industry 4.0, Smart Manufacturing, Industrial IoT, Smart Factory. But it all really means the same thing, its really applying technology to get more out of the factories and the facilities that you have to do your manufacturing. So, being much more efficient, implementing really good sustainability initiatives. And so, we really look at that by saying, okay, what are we going to do with technology to really accelerate what we've been doing for a long, long time? So it's really not- it's not new. It's been around for a long time. What's new is that manufacturers are looking at this, not as a one-of, two-of individual Use Case point of view but instead they're saying, we really need to look at this holistically, thinking about a strategic investment in how we do this. Not to just enable one or two Use Cases, but enable many many Use Cases across the spectrum. I mean, there's tons of them out there. There's Predictive maintenance and there's OEE, Overall Equipment Effectiveness and there's Computer Vision and all of these things are starting to percolate down to the factory floor, but it needs to be done in a little bit different way and really to really get those outcomes that they're looking for in Smart Factory or Industry 4.0 or however you want to call it. And truly transform, not just throw an Industry 4.0 Use Case out there but to do the digital transformation that's really necessary and to be able to stay relevant for the future. I heard it once said that you have three options. Either you digitally transform and stay relevant for the future or you don't and fade into history. Like, 52% of the companies that used to be on the Fortune 500 since 2000. Right? And so, really that's a key thing and we're seeing that really, really being adopted by manufacturers all across the globe. >> Yeah. So, Aditi, it's like digital transformation is almost synonymous with business transformation. So, is there anything you'd add to what Todd just said? >> Absolutely. Though, I would really add that what really drives Industry 4.0 is the business transformation. What we are able to deliver in terms of improving the manufacturing KPIs and the KPIs for customer satisfaction, right? For example, improving the downtime or decreasing the maintenance cycle of the equipments or improving the quality of products, right? So, I think these are lot of business outcomes that our customers are looking at while using Industry 4.0 and the technologies of Industry 4.0 to deliver these outcomes. >> So, Aditi, I wonder if I could stay with you and maybe this is a bit esoteric but when I first first started researching IoT and Industrial IoT 4.0, et cetera, I felt, well, there could be some disruptions in the ecosystem. I kind of came to the conclusion that large manufacturing firms, Aerospace Defense companies the firms building out critical infrastructure actually had kind of an incumbent advantage and a great opportunity. Of course, then I saw on TV somebody now they're building homes with 3D printers. It like blows your mind. So that's pretty disruptive. But, so- But they got to continue, the incumbents have to continue to invest in the future. They're well-capitalized. They're pretty good businesses, very good businesses but there's a lot of complexities involved in kind of connecting the old house to the new addition that's being built, if you will, or this transformation that we're talking about. So, my question is, how are your customers preparing for this new era? What are the key challenges that they're facing in the the blockers, if you will? >> Yeah, I mean the customers are looking at Industry 4.0 for Greenfield Factories, right? That is where the investments are going directly into building the factories with the new technologies, with the new connectivities, right? For the machines, for example, Industrial IoT having the right type of data platforms to drive computational analytics and outcomes, as well as looking at Edge versus Cloud type of technologies, right? Those are all getting built in the Greenfield Factories. However, for the Install-Based Factories, right? That is where our customers are looking at how do I modernize these factories? How do I connect the existing machine? And that is where some of the challenges come in on the legacy system connectivity that they need to think about. Also, they need to start thinking about cybersecurity and operation technology security because now you are connecting the factories to each other. So, cybersecurity becomes top of mind, right? So, there is definitely investment that is involved. Clients are creating roadmaps for digitizing and modernizing these factories and investments in a very strategic way. So, perhaps they start with the innovation program and then they look at the business case and they scale it up, right? >> Todd, I'm glad you did brought up security, because if you think about the operations technology folks, historically they air-gaped the systems, that's how they created security. That's changed. The business came in and said, 'Hey, we got to connect. We got to make it intelligence.' So, that's got to be a big challenge as well. >> It absolutely is, Dave. And, you know, you can no longer just segment that because really to get all of those efficiencies that we talk about, that IoT and Industrial IoT and Industry 4.0 promise, you have to get data out of the factory but then you got to put data back in the factory. So, no longer is it just firewalling everything is really the answer. So, you really have to have a comprehensive approach to security, but you also have to have a comprehensive approach to the Cloud and what that means. And does it mean a continuum of Cloud all the way down to the Edge, right down to the factory? It absolutely does. Because no one approach has the answer to everything. The more you go to the Cloud the broader the attack surface is. So, what we're seeing is a lot of our customers approaching this from kind of that hybrid right ones run anywhere on the factory floor down to the Edge. And one of the things we're seeing too, is to help distinguish between what is the Edge and bridge that gap between, like, Dave, you talked about IT and OT and also help what Aditi talked about is the Greenfield Plants versus the Brownfield Plants that they call it, that are the legacy ones and modernizing those. It's great to kind of start to delineate what does that mean? Where's the Edge? Where's the IT and the OT? We see that from a couple of different ways. We start to think about really two Edges in a manufacturing floor. We talk about an Industrial Edge that sits... or some people call it a Far Edge or a Thin Edge, sits way down on that plant, consists of industrial hardened devices that do that connectivity. The hard stuff about how do I connect to this obsolete legacy protocol and what do I do with it? And create that next generation of data that has context. And then we see another Edge evolving above that, which is much more of a data and analytics and enterprise grade application layer that sits down in the factory itself; that helps figure out where we're going to run this? Does it connect to the Cloud? Do we run Applications On-Prem? Because a lot of times that On-Prem Application it needs to be done. 'Cause that's the only way that it's going to work because of security requirements, because of latency requirements performance and a lot of times, cost. It's really helpful to build that Multiple-Edge strategy because then you kind of, you consolidate all of those resources, applications, infrastructure, hardware into a centralized location. Makes it much, much easier to really deploy and manage that security. But it also makes it easier to deploy new Applications, new Use Cases and become the foundation for DXC'S expertise and Applications that they deliver to our customers as well. >> Todd, how complex are these projects? I mean, I feel like it's kind of the the digital equivalent of building the Hoover Dam. I mean, its.. so yeah. How long does a typical project take? I know it varies, but what are the critical success factors in terms of delivering business value quickly? >> Yeah, that's a great question in that we're- you know, like I said at the beginning, this is not new. Smart Factory and Industry 4.0 is not new. It's been, it's people have been trying to implement the Holy Grail of Smart Factory for a long time. And what we're seeing is a switch, a little bit of a switch or quite a bit of a switch to where the enterprises and the IT folks are having a much bigger say and they have a lot to offer to be able to help that complexity. So, instead of deploying a computer here and a Gateway there and a Server there, I mean, you go walk into any manufacturing plant and you can see Servers sitting underneath someone's desk or a PC in a closet somewhere running a critical production application. So, we're seeing the enterprise have a much bigger say at the table, much louder voice at the table to say, we've been doing this enterprise all the time. We know how to really consolidate, bring Hyper-Converged Applications, Hyper-Converged Infrastructure to really accelerate these kind of applications. Really accelerate the outcomes that are needed to really drive that Smart Factory and start to bring that same capabilities down into the Mac on the factory floor. That way, if you do it once to make it easier to implement, you can repeat that. You can scale that. You can manage it much easily and you can then bring that all together because you have the security in one centralized location. So, we're seeing manufacturers that first Use Case may be fairly difficult to implement and we got to go down in and see exactly what their problems are. But when the infrastructure is done the correct way when that- Think about how you're going to run that and how are you going to optimize the engineering. Well, let's take that what you've done in that one factory and then set. Let's make that across all the factories including the factory that we're in, then across the globe. That makes it much, much easier. You really do the hard work once and then repeat. Almost like cookie cutter. >> Got it. Thank you. >> Aditi, what about the skillsets available to apply these to these projects? You got to have knowledge of digital, AI, Data, Integration. Is there a talent shortage to get all this stuff done? >> Yeah, I mean, definitely. Lot different types of skillsets are needed from a traditional manufacturing skillset, right? Of course, the basic knowledge of manufacturing is important. But the digital skillsets like IoT, having a skillset in in different Protocols for connecting the machines, right? That experience that comes with it. Data and Analytics, Security, Augmented Virtual Reality Programming. Again, looking at Robotics and the Digital Twin. So, the... It's a lot more connectivity software, data-driven skillsets that are needed to Smart Factory to life at scale. And, you know, lots of firms are recruiting these types of resources with these skill sets to accelerate their Smart Factory implementation, as well as consulting firms like DXC Technology and others. We recruit, we train our talent to provide these services. >> Got it. Aditi, I wonder if we could stay on you. Let's talk about the partnership between DXC and Dell. What are you doing specifically to simplify the move to Industry 4.0 for customers? What solutions are you offering? How are you working together, Dell and DXC to bring these to market? >> Yeah, Dell and DXC have a very strong partnership and we work very closely together to create solutions, to create strategies and how we are going to jointly help our clients, right? So, areas that we have worked closely together is Edge Compute, right? How that impacts the Smart Factory. So, we have worked pretty closely in that area. We're also looked at Vision Technologies. How do we use that at the Edge to improve the quality of products, right? So, we have several areas that we collaborate in and our approaches that we want to bring solutions to our client and as well as help them scale those solutions with the right infrastructure, the right talent and the right level of security. So, we bring a comprehensive solution to our clients. >> So, Todd, last question. Kind of similar but different, you know. Why Dell, DXC, pitch me? What's different about this partnership? Where are you confident that you're going to be to deliver the best value to customers? >> Absolutely. Great question. You know, there's no shortage of Bespoke Solutions that are out there. There's hundreds of people that can come in and do individual Use Cases and do these things and just, and that's where it ends. What Dell and DXC Technology together bring to the table is we do the optimization of the engineering of those previously Bespoke Solutions upfront, together. The power of our scalable enterprise grade structured industry standard infrastructure, as well as our expertise in delivering package solutions that really accelerate with DXC's expertise and reputation as a global trusted advisor. Be able to really scale and repeat those solutions that DXC is so really, really good at. And Dell's infrastructure and our, 30,000 people across the globe that are really, really good at that scalable infrastructure to be able to repeat. And then it really lessens the risk that our customers have and really accelerates those solutions. So it's again, not just one individual solutions it's all of the solutions that not just drive Use Cases but drive outcomes with those solutions. >> Yeah, you're right. The partnership has gone, I mean I first encountered it back in, I think it was 2010. May of 2010. We had guys both on the, I think you were talking about converged infrastructure and I had a customer on, and it was actually the manufacturing customer. It was quite interesting. And back then it was how do we kind of replicate what's coming in the Cloud? And you guys have obviously taken it into the digital world. Really want to thank you for your time today. Great conversation and love to have you back. >> Thank you so much. It was a pleasure speaking with you. I agree. >> All right, keep it right there for more discussions that educate and inspire on "The Cube."

>> If you really want to make an impact to your business, it takes more than just moving your workloads into the cloud. So-called lift and shift is fine to reduce data center footprints and associated costs, but to really drive change, you don't want to simply "pave the cow path," as the saying goes. Rather, you need to think about the operating model, and that requires more comprehensive systems thinking. In other words, how will changes in technology affect business productivity? Or, you know what? Even flip that. What changes in my business process could lower cost, cut elapse times, and accelerate time to market, increase user productivity, and lower operational risks? And what role can technology play in supporting these mandates through modernization, automation, machine intelligence, and business resilience? And that's what we're here to discuss today. Welcome to Driving Business Results with Cloud Transformation, made Possible by Dell and DXC. My name is Dave Vellante, and today we're going to zoom out and explore many aspects of cloud transformation that leading organizations are acting on today. Yeah, sure, we're going to look at optimizing infrastructure, but we'll also dig deeper into cloud considerations, governance, compliance, and security angles, as well as the impact of emerging opportunities around edge and Industry 4.0. Our focus will be on how to remove barriers and help you achieve business outcomes. And to do this, our program features the long-term partnership between Dell and DXC. And we bring to this program six experts in three separate sessions, who are working directly with top organizations in virtually every industry to achieve high impact results. We're going to start with a conversation about cloud, the cloud operating model, and transforming key aspects of your infrastructure. And then we'll look into governance, security, and business resilience. And in our third session, we'll discuss exciting transformations that are occurring in smart manufacturing and facilities innovations. So let's get right into it with our first session. Enjoy the program. (bright music) Hello, and welcome to what is sure to be an insightful conversation about getting business results with cloud transformation. My name is Dave Vellante, and I'm here with James Miller, Chief Technologist for Cloud and Infrastructure Services, and Jay Dowling, Americas Sales Lead for Cloud and Infrastructure Services, both with DXC Technology. Gentlemen, thanks for your time today. Welcome to theCube. >> Great. Thanks for having us. >> Thank you Dave. Appreciate it. >> So let's get right into it. You know, I've talked to a lot of practitioners who've said, "Look, if you really want to drop zeros, like a lot of zeros to the bottom line, you can't just lift and shift." You really got to think about modernizing, the application portfolio. You got to think about your business model, and really think about transforming your business, particularly the operating model. So my first question, Jim, is, What role does the cloud play in modernization? >> Well, there are really three aspects that the, the cloud plays in modernization. You mentioned multiple zeros. One is cost optimization, and that can be achieved through business operations, through environmental, social, and governance. Also being more efficient with your IT investments. But that's not the only aspect. There's also agility and innovation. And that can be achieved through automation and productivity, speed to market for new features and functions, improvements in the customer experience, and the capability to metabolize a great deal more data in your environment, which the end result is an improvement in releasing of new things to the field. And finally, there's resilience. And I'm not really talking about IT resilience, but more of business resilience, to be able, to be able to handle operational risk, improve your securities and controls, deal with some of the talent gap that's in the industry, and also protect your brand reputation. So modernization is really about balancing these three aspects, cost optimization, agility and innovation, and resilience. >> So, so thank you for that. So Jay, I got to ask you, in the current climate, everybody's, you know, concerned, and there's not great visibility on the macro. So, Jim mentioned cost optimization. That seems to be one of the top areas that customers are focused on. The two I hear a lot are consolidating redundant vendors and optimizing cloud costs. So that's, you know, top of mind today. I think everybody really, you know, understands the innovation and, and, and agility piece, at least at a high level, maybe realizing it is different. And then the business resilience piece is really interesting because, you know, prior to the pandemic people, you know, they had a DR strategy, but they realized, "Wow, my business might not be that resilient." So Jay, my question to you is, What are you hearing when you talk to customers? What's the priority today? >> Yeah, the priority is an often overused term of digital transformation. You know, people want to get ready for next generation environments, customer experience, making sure they're improving, you know, how they engage with their clients and what their branding is. And what we find is a lot of clients don't have the underlying infrastructure in place today to get to where they want to get to. So cloud becomes an important element of that. But, you know, with DXC's philosophy, not everything goes to, not everything necessarily needs to go to cloud to be cost optimized, for instance. In many cases, you can run applications, you know, in your own data center, or on-prem, or in other environments, in a hybrid environment, or multi-cloud environment, and, and still be very optimized from a cost spend standpoint and also put yourself in position for modernization and for be able to do the, bring the things to the business that the clients are, you know, that their clients are looking for, like the CMO and the CFO, et cetera. Trying to use IT as a lever to drive business and to drive, you know, business acceleration and drive profitability, frankly. So there's a lot of dependency on infrastructure, but there's a lot of elements to it. And, and we advocate for, you know, there's not a single answer to that. We like to evaluate clients' environments and work with them to get them to an optimal target operating model, you know, so that they can really deliver on what the promises are for their departments. >> So if, let's talk about some of the, the barriers to realizing value in, in a context of modernization. We talked about cost optimization, agility, and, and, and resilience. But there's a business angle, and there's a technical angle here. 'Cause we always talk about people, process, and technology. Technology, oftentimes, CIOs will tell us, "Well, that's the easy part. We'll figured that out," whether it's true or not. But I agree, people and process is sometimes the tough one. So Jay, why don't you start. What do you see as the barriers, particularly from a business standpoint? >> I think people need to let their guard down and be open to the ideas that are, that are out there in the market from, you know, the, the standards that are being built by, you know, best in class models. And, and there's many people that have gone on, you know, cloud journeys and been very successful with it. There's others that have set high expectations with their business leaders that haven't necessarily met the goals that they need to meet or maybe haven't met them as quickly as they promised. So there's a, you know, there's a change management aspect that you'd need to look at with the, you know, with the environments. There's a, you know, there's a skillset set environment that they need to be prepared for. Do they have the people, you know, to deliver with the, you know, with the tools and the skills and the, and the models that that they're putting themselves in place for in the future versus where they are now? There's just a lot of, you know, there's a lot of different elements. It's not just a, "This price is better," or, "This can operate better than one environment over the other." I think we like to try to look at things holistically and make sure that, you know, we're being, you know, as much of a consultative advocate for the client, for where they want to go, what their destiny is, and based on what we've learned with other clients. You know, and we can bring those best practices forward because we've worked, you know, across such a broad spectra of clients versus them being somewhat contained and sometimes can't see outside of their own, you know, their own challenges, if you would. So they need, they need advocacy to help, you know, bring them to the next level. And we like to translate that through, you know, technology advances, which, you know, Jim's really good at doing for us. >> Yeah, Jim, is, is it, is it a, is the big barrier a skills issue, you know, bench strength? Are there other considerations from your perspective? >> Well, we, we've identified a number of factors that inhibit success of, of customers. One is thinking it's only a technology change in moving to cloud when it's much broader than that. There are changes in governance, changes in process that need to take place. The other is evaluating the cloud providers on their current pricing structure and performance. And, and we see pricing and structure changing dramatically every few months between the various cloud providers. And you have to be flexible enough to, to determine which providers you want. And it may not be feasible to just have a single cloud provider in this world. The other thing is a big bang approach to transformation, "I want to move everything, and I want to move it all at once." That's not necessarily the best approach. A well thought out cloud journey and strategy and timing your investments are really important to get at maximizing your business return on the journey to the cloud. And finally, not engaging stakeholders early and continuously. You have to manage expectations in moving to cloud on what business factors will get affected, how you will achieve your cost savings, and, and how you will achieve the business impact over the journey and reporting out on that with very strict metrics to all of the stakeholders. >> You know, mentioned multi-cloud just then. We had, in January 17th, we had our Supercloud 2 event. And Supercloud is basically, it's really multi, what multi-cloud should have been, I, I like to say. So it's this creating a common experience across clouds. And you guys were talking about, you know, there's different governance, there's different security, there's different pricing. So, and, and one of the takeaways from this event in talking to customers and practitioners and technologists is, you can't go it alone. So I wonder if you could talk about your partnership strategy, what do partners bring to the table, and what is, what is DXC's, you know, unique value? >> I'd be happy to lead with that if you'd like. >> Great. >> I, you know, we've got a vast partner ecosystem at DXC, given the size and, and the history of the company. I could use several examples. One of the larger partners in my particular space is Dell Technology, right? They're a great, you know, partner for us across many different areas of the business. It's not just a storage and compute play anymore. They're, they're on the edge. They're, you know, they're, they've got intelligence in their networking devices now. And they've really brought, you know, a lot of value to us as a partner. And, you know, there, there's somebody, you could look at Dell technology as somebody that might, you know, have a victim, you know, effect because of all the hyperscale activity and all the cloud activity. But they've really taken an outstanding attitude with this and say, "Listen, not all things are destined for cloud, or not all things would operate better in a cloud environment." And they like to be part of those discussions to see how they can, you know, how we can bring a multi-cloud environment, you know, both private and public, you know, to clients. And let's look at the applications and the infrastructure and, and what's, you know, what's the best optimal running environment, you know, for us to be able to bring, you know, the greatest value to the business with speed, with security, with, you know. And, you know, the things that they want to keep closest to the business are often things that you want to kind of, you know, keep on your premise or keep in your own data center. So they're, they're an ideal model of somebody that's resourced us well, partners with us well in the market. And, and we continue to grow that relationship day in and day out with those guys. And we really appreciate, you know, their support of our strategy, and, and we like to also compliment their strategy and work, you know, work together hand in hand in front of our clients. >> Yeah, you know, Jim, Matt Baker, who's the head of strategic planning at Dell talks about, "It's not a zero sum game." And I think, you know, you're right, Jay. I think initially people felt like, "Oh wow, it's, it is a zero sum game." But it's clearly not, and this idea of of, whether you call it supercloud or ubercloud or multicloud, clearly Dell is headed in in that direction. And I, you know, look at some of their future projects. There's their narrative. I'm curious from a technology standpoint, Jim, what your role is. Is it to make it all work? Is it to, you know, end to end? I wonder if you could help, you know, us understand that. >> Help us figure this out, Jim, here. (group laughing) >> Glad to expand on that. One of my key roles is developing our product roadmap for DXC offerings. And we do that roadmap in conjunction with our partners where we can leverage the innovation that our partners bring to the table. And we often utilize engineering resources from our partners to help us jointly build those offerings that adapt to changes in the market and also adapt to many of our customers changing needs over time. So my primary role is to look at the market, talk to our customers, and work with our partners to develop a product roadmap for delivering DXC products and services to our clients so that they can get the return on investment on their technology journeys. >> You know, we've been working with these two firms for a while now. Even predates, you know, the, the name DXC and that, that transformation. I'm curious as to what's, how you would respond to, "What's unique?" You know, you hear a lot about partnerships. You guys got a lot of competition. Dell has a lot of competition. What's specifically unique about this combination? >> I think, go ahead, Jim. >> I would say our unique approach, we call it cloud right. And that, that approach is making the right investments, at the right time, and on the right platforms. And our partners play a, play a key role in that. So we, we encourage our customers to not necessarily have a cloud first approach, but a cloud right approach where they place the workloads in the environment that is best suited from a technology perspective, a business perspective, and even a security and governance perspective. And, and the right approach might include mainframe. It might include an on-premises infrastructure. It could include private cloud, public cloud, and SaaS components all integrated together to deliver that value. >> Yeah, Jay, please. >> If you were... >> That is a complicated situation for a lot of customers. Chime in here. (Jay chuckles) >> And now, if you were speaking specifically to Dell here, like they, they also walk the talk, right? They invest in DXC as a partnership. They put people on the ground that their only purpose in life is to help DXC succeed with Dell in, you know, arm in arm in front of clients. And it's not, you know, it's not a winner take all thing at all. It's really a true partnership. They, they, they've brought solution resources. We have an account CTO. We've got executive sponsorship. We do regular QBR meetings. We have regular executive touchpoint meetings. It's really important that you keep a high level of intimacy with the client, with the partners, you know, and, and the, and the GSI community. And I, I've been with several GSIs, and, and this is an exceptional example of true partnership and commitment to success with Dell technology. I'm really extremely impressed on, on the engagement level that we've had there and, you know, continue to show a lot of support, you know, both for them. You know, there's other OEM partners, of course, in the market. There's always going to be other technology solutions for certain clients, but this has been a particularly strong element for us in our partnership and in our go-to-market strategy. >> Well, I think too, just my observation, is a lot of it's about trust. You guys have both earned the trust, the kind of, over the, over the years taking your arrows, you know, of over decades. And, and you know, that just doesn't happen overnight. So guys, I appreciate it. Thanks for your time. It's all about getting cloud right, isn't it? >> That's right. (chuckles) (Dave chuckles) >> Thank you Dave. Appreciate it very much. >> Dave, thank you. >> Jay, Jim, great to have you on. Keep it right there for more action on theCube. Be right back. (upbeat guitar music) (keyboard clicks) Welcome back to the program. My name is Dave Vellante, and in this session we're going to explore one of the more interesting topics of the day. IoT for smart factories and with me are Todd Edmunds, the Global CTO of Smart Manufacturing Edge and Digital Twins at Dell Technologies. That is such a cool title. (Todd chuckles) I want to be you. And Dr. Aditi Banerjee who's the Vice President, General Manager for Aerospace Defense and Manufacturing at DXC Technology. Another really cool title. Folks, welcome to the program. Thanks for coming on. >> Thank you. >> Thanks, Dave. Great to be here. >> Nice to be here. So, Todd, let's start with you. We hear a lot about Industry 4.0, smart factories, IIoT. Can you briefly explain like what is Industry 4.0 all about, and why is it important for the manufacturing industry? >> Yeah, sure, Dave. You know, it's been around for quite a while. And it's got, it's gone by multiple different names, as you said, Industry 4.0, smart manufacturing, industrial IoT, smart factory, but it all really means the same thing. Its really applying technology to get more out of the factories and the facilities that you have to do your manufacturing. So being much more efficient, implementing really good sustainability initiatives. And so we really look at that by saying, "Okay, what are we going to do with technology to really accelerate what we've been doing for a long, long time?" So it's really not, it's not new. It's been around for a long time. What's new is that manufacturers are looking at this not as a one-off, two-off, individual use case point of view. But instead they're saying, "We really need to look at this holistically, thinking about a strategic investment in how we do this, not to just enable one or two use cases, but enable many, many use cases across the spectrum." I mean, there's tons of them out there. There's predictive maintenance, and there's OEE, overall equipment effectiveness, and there's computer vision. And all of these things are starting to percolate down to the factory floor. But it needs to be done in a little bit different way. And, and, and really, to really get those outcomes that they're looking for in smart factory, or Industry 4.0, or however you want to call it, and truly transform. Not just throw an Industry 4.0 use case out there, but to do the digital transformation that's really necessary and to be able to stay relevant for the future. You know, I heard it once said that you have three options. Either you digitally transform and stay relevant for the future, or you don't and fade into history like 52% of the companies that used to be on the Fortune 500 since 2000, right? And so really that's a key thing, and we're seeing that really, really being adopted by manufacturers all across the globe. >> Yeah so, Aditi, that's like digital transformation is almost synonymous with business transformation. So is there anything you'd add to what Todd just said? >> Absolutely. Though, I would really add that what really drives Industry 4.0 is the business transformation, what we are able to deliver in terms of improving the manufacturing KPIs and the KPIs for customer satisfaction, right? For example, improving the downtime, you know, or decreasing the maintenance cycle of the equipments, or improving the quality of products, right? So I think these are a lot of business outcomes that our customers are looking at while using Industry 4.0 and the technologies of Industry 4.0 to deliver these outcomes. >> So Aditi, I wonder if I could stay with you. And maybe this is a bit esoteric. But when I first started researching IoT and, and, and Industrial IoT 4.0, et cetera, I felt, you know, while there could be some disruptions in the ecosystem, I kind of came to the conclusion that large manufacturing firms, aerospace defense companies, the firms building out critical infrastructure, actually had kind of an incumbent advantage in a great opportunity. Of course, then I saw on TV, somebody now they're building homes with 3D printers. Its like, blows your mind. So that's pretty disruptive, but, so, but they got to continue. The incumbents have to continue to invest in the future. They're well capitalized. They're pretty good businesses, very good businesses. But there's a lot of complexities involved in kind of connecting the old house to the new addition that's being built, if you will, or this transformation that we're talking about. So my question is, How are your customers preparing for this new era? What are the key challenges that they're facing and the, the blockers, if you will? >> Yeah, I mean the customers are looking at Industry 4.0 for greenfield factories, right? That is where the investments are going directly into building the factories with the new technologies, with the new connectivities, right, for the machines. For example, industrial IoT, having the right type of data platforms to drive computational analytics and outcomes, as well as looking at edge versus cloud type of technologies, right? Those are all getting built in the greenfield factories. However, for the install-based factories, right, that is where our customers are looking at, "How do I modernize these factories? How do I connect the existing machine?" And that is where some of the challenges come in on, you know, the legacy system connectivity that they need to think about. Also, they need to start thinking about cybersecurity and operation technology security, right, because now you are connecting the factories to each other, right? So cybersecurity becomes top of mind, right? So there is definitely investment that is involved. Clients are creating roadmaps for digitizing and modernizing these factories and investments in a very strategic way, right? So perhaps they start with the innovation program, and then they look at the business case, and they scale it up, right? >> Todd, I'm glad Aditi brought up security. Because if you think about the operations technology, you know, folks, historically, they air gapped, you know, the systems. That's how they created security. That's changed. The business came in and said, "Hey, we got to, we got to connect. We got to make it intelligent." So that's, that's got to be a big challenge as well. >> It, it, it absolutely is Dave. And, and you know, you can no longer just segment that because really, to get all of those efficiencies that we talk about, that IoT and Industrial IoT and Industry 4.0 promise, you have to get data out of the factory. But then you got to put data back in the factory. So no longer is it just firewalling everything is really the answer. So you really have to have a comprehensive approach to security, but you also have to have a comprehensive approach to the cloud and what that means. And does it mean a continuum of cloud all the way down to the edge, right down to the factory? It absolutely does because no one approach has the answer to everything. The more you go to the cloud, the broader the attack surface is. So what we're seeing is a lot of our customers approaching this from a, kind of that, that hybrid, you know, "write once, run anywhere" on the factory floor down to the edge. And one of the things we're seeing, too, is to help distinguish between what is the edge, and that, and, and bridge that gap between, like Dave, you talked about IT and OT. And also help that, what Aditi talked about, is the greenfield plants versus the brownfield plants that they call it, that are the legacy ones and modernizing those. Is, it's great to kind of start to delineate. What does that mean? Where's the edge? Where's the IT and the OT? We see that from a couple of different ways. We start to think about really two edges in a manufacturing floor. We talk about an industrial edge that sits, or some people call it a far edge or a thin edge, sits way down on that plan. It consists of industrial hardened devices that do that connectivity. The hard stuff about, "How do I connect to this obsolete legacy protocol and what do I do with it?" And create that next generation of data that has context. And then we see another edge evolving above that, which is much more of a data and analytics and enterprise grade application layer that sits down in the factory itself that helps figure out where we're going to run this. Does it connect to the cloud? Do we run applications on-prem? Because a lot of times that on-prem application is, is, needs to be done because that's the only way that its going to, it's going to work because of security requirements, because of latency requirements, performance, and a lot of times cost. It's really helpful to build that multiple edge strategy because then you kind of, you consolidate all of those resources, applications, infrastructure, hardware, into a centralized location. Makes it much, much easier to really deploy and manage that security. But it also makes it easier to deploy new applications, new use cases, and become the foundation for DXC's expertise and applications that they deliver to our customers as well. >> Todd, how complex are these projects? I mean, I feel like it's kind of the, the digital equivalent of building the Hoover Dam. I mean, it, it, it's, (chuckles) it, it, so. Yeah, how long does a typical project take? I know it varies, but what, you know, what are the critical success factors in terms of delivering business value quickly? >> Yeah, that's a great question in that, in that we're, you know, like I said at the beginning, we, this is not new. Smart factory and Industry 4.0 is not new. It's been, it's, people have been trying to implement the holy grail of smart factory for a long time. And what we're seeing is a switch, a little bit of a switch, or quite a bit of a switch, to where the enterprise and the IT folks are having a much bigger say and have a lot to offer to be able to help that complexity. So instead of deploying a computer here, and a gateway there, and a server there, I mean, you go walk into any manufacturing plant and you can see servers sitting underneath someone's desk or a, or a PC in a closet somewhere running a critical production application. So we're seeing the enterprise have a much bigger say at the table, much louder voice at the table to say, "We've been doing this at enterprise all the time. We, we know how to really consolidate, bring hyper-converged applications, hyper-converged infrastructure, to really accelerate these kind of applications, really accelerate the outcomes that are needed to really drive that smart factory, and start to bring that same capabilities down into the, on the factory floor." That way, if you do it once to make it easier to implement, you can repeat that. You can scale that. You can manage it much easily. And you can then bring that all together because you have the security in one centralized location. So we're seeing manufacturers, yeah, that first use case may be fairly difficult to implement and we got to go down in and see exactly what their problems are. But when the infrastructure is done the correct way, when that, think about how you're going to run that and how are you going to optimize the engineering. Well, let's take that, what you've done in that one factory, and then set. Let's that, make that across all the factories, including the factory that we're in, but across the globe. That makes it much, much easier. You really do the hard work once and then repeat, almost like a cookie cutter. >> Got it. Thank you. Aditi, what about the skillsets available to apply these, to these projects? You got to have knowledge of digital, AI, data, integration. Is there a talent shortage to get all this stuff done? >> Yeah, I mean definitely, a lot. Different types of skillsets are needed from a traditional manufacturing skillset, right? Of course, the basic knowledge of manufacturing is, is important. But the, the digital skillset sets like, you know, IoT, having a skillset in different protocols for connecting the machines, right, that experience that comes with it, data and analytics, security, augmented virtual reality programming. You know, again, looking at robotics and the digital twin. So you know, it's a lot more connectivity software, data driven skillsets that are needed to smart factory to life at scale. And, you know, lots of firms are, you know, recruiting these types of skill, resources with these skillsets to, you know, accelerate their smart factory implementation, as well as consulting firms like DXC Technology and others. We, we, we recruit. We, we train our talent to, to provide these services. >> Got it. Aditi, I wonder if we could stay on you. Let's talk about the partnership between DXC and Dell. What are you doing specifically to simplify the move to Industry 4.0 for customers? What solutions are you offering? How are you working together, Dell and DXC, to, to bring these to market? >> Yeah, Dell and DXC have a very strong partnership. You know, and we work very closely together to, to create solutions, to create strategies, and how we, we are going to jointly help our clients, right? So areas that we have worked closely together is edge compute, right, how that impacts the smart factory. So we have worked pretty closely in that area. We're also looked at vision technologies, you know. How do we use that at the edge to improve the quality of products, right? So we have several areas that we collaborate in. And our approach is that we, we want to bring solutions to our client, and as well as help them scale those solutions with the right infrastructure, the right talent, and the right level of security. So we bring a comprehensive solution to our clients. >> So, Todd, last question, kind of similar but different. You know, why Dell DXC? Pitch me. What's different about this partnership? You know, where do you, are you confident that, you know, you're going to be, deliver the best value to, to customers? >> Absolutely. Great question. You know, there's no shortage of bespoke solutions that are out there. There's hundreds of people that can come in and do individual use cases and do these things. And just, and, and, and that's, that's where it ends. What Dell and DXC Technology together bring to the table is, we do the optimization, the optimization of the engineering of those previously bespoke solutions upfront, together, right? The power of our scalables, enterprise-grade, structured, you know, industry standard infrastructure, as well as our expertise in delivering package solutions that really accelerate with DXC's expertise and reputation as a global, trusted, trusted advisor. Be able to really scale and repeat those solutions that DXC is so really, really good at. And, and Dell's infrastructure, and our, what, 30,000 people across the globe that are really, really good at that, at that scalable infrastructure, to be able to repeat. And then it really lessens the risk that our customers have and really accelerates those solutions. So it's again, not just one individual solutions, it's all of the solutions that not just drive use cases, but drive outcomes with those solutions. >> Yeah, the, you're right, the partnership has gone, I mean, I first encountered it back in, I think it was 2010, May of 2010, we had you, you guys both on theCube. I think you were talking about converged infrastructure. And I had a customer on, and it was, actually a manufacturing customer, was quite interesting. And back then it was, "How do we kind of replicate what's coming in the cloud?" And, and you guys have obviously taken it into the digital world. Really want to thank you for your time today. Great conversation, and love to have you back. >> Thank you so much. >> Absolutely. >> It was a pleasure speaking with you. >> I agree. >> All right, keep it right there for more discussions that educate and inspire on theCube. (bright music) Welcome back to the program and we're going to dig into the number one topic on the minds of every technology organization. That's cybersecurity. You know, survey data from ETR, our data partner, shows that among CIOs and IT decision makers, cybersecurity continues to rank as the number one technology priority to be addressed in the coming year. That's ahead of even cloud migration and analytics. And with me to discuss this critical topic area are Jim Shook, who's the Global Director of Cybersecurity and Compliance Practice at Dell Technologies, and he's joined by Andrew Gonzalez, who focuses on Cloud and Infrastructure consulting at DXC Technology. Gents, welcome. Good to have you. >> Thanks Dave. Great to be here. >> Thank you. >> Jim, let's start with you. What are you seeing from the front lines in terms of the attack surface, and, and how are customers responding these days? >> It's always up and down and back and forth. The bad actors are smart. They adapt to everything that we do. So we're seeing more and more kind of living off the land. They're not necessarily deploying malware. Makes it harder to find what they're doing. And I think though, Dave, we've, we've adapted, and this whole notion of cyber resilience really helps our customers figure this out. And the idea there goes beyond cybersecurity, it's, "Let's protect as much as possible, so we keep the bad actors out as much as we can. But then, let's have the ability to adapt to and recover to the extent that the bad actors are successful." So we're recognizing that we can't be perfect a hundred percent of the time against a hundred percent of the bad actors. Let's keep out what we can, but then recognize and have that ability to recover when necessary. >> Yeah, thank you. So Andrew, you know, I like what Jim was saying about living off the land, of course, meaning using your own tooling against you, kind of hiding in plain sight, if you will. But, and, and as Jim is saying, you, you can't be perfect. But, so given that, what's your perspective on what good cybersecurity hygiene looks like? >> Yeah, so you have to understand what your crown jewel data looks like, what a good copy of a recoverable asset looks like. When you look at an attack, if it were to occur, right, how you get that copy of data back into production. And not only that, but what that golden image actually entails. So, whether it's networking, storage, some copy of a source code, intellectual property, maybe CMBD data, or an active directory, or DNS dump, right? Understanding what your data actually entails so that you can protect it and that you can build out your recovery plan for it. >> So, and where's that live? Where's that gold copy? You put on a yellow sticky? No, it's got to be, (chuckles) you got to be somewhere safe, right? So you have to think about that chain as well, right? >> Absolutely. Yeah. You, so, a lot of folks have not gone through the exercise of identifying what that golden copy looks like. Everyone has a DR scenario, everyone has a DR strategy, but actually identifying what that golden crown jewel data, let's call it, actually entails is one aspect of it. And then where to put it, how to protect it, how to make it immutable and isolated, that's the other portion of it. >> You know, if I go back to sort of earlier part of last decade, you know, cybersecurity was kind of a checkoff item. And as you got toward the middle part of the decade, and I'd say clearly by 2016, it, security became a boardroom issue. It was on the agenda, you know, every quarter at the board meetings. So compliance is no longer the driver, is, is my point. The driver is business risk, real loss of reputation or data, you know, it's, or money, et cetera. What are the business implications of not having your cyber house in order today? >> They're extreme, Dave. I mean the, you know, the bad actors are good at what they do. These losses by organizations, tens, hundreds of millions into the billions sometimes, plus the reputational damage that's difficult to, to really measure. There haven't been a lot of organizations that have actually been put out of business by an attack, at least not directly on, if they're larger organizations. But that's also on the table, too. So you can't just rely on, "Oh we need to do, you know, A, B and C because our regulators require it." You need to look at what the actual risk is to the business, and then come up with a strategy from there. >> You know, Jim, staying with you, one of the most common targets we hear of attackers is to go after the backup corpus. So how should customers think about protecting themselves from that tactic? >> Well, Dave, you hit on it before, right? Everybody's had the backup and DR strategies for a long time going back to requirements that we had in place for physical disaster or human error. And that's a great starting point for resilience capability. But that's all it is, is a starting point. Because the bad actors will, they also understand that you have those capabilities, and, and they've adapted to that. In every sophisticated attack that we see, the backup is a target. The bad actors want to take it out, or corrupt it, or do something else to that backup so that it's not available to you. That's not to say they're always successful, and it's still a good control to have in place because maybe it will survive. But you have to plan beyond that. So the capabilities that we talk about with resilience, let's harden that backup infrastructure. You've already got it in place. Let's use the capabilities that are there like immutability and other controls to make it more difficult for the bad actors to get to. But then as Andrew said, that gold copy, that critical systems, you need to protect that in something that's more secure, which commonly we, we might say a cyber vault. Although, there's a lot of different capabilities for cyber vaulting, some far better than others, and that's some of the things that we focus on. >> You know, it's interesting, but I've talked to a lot of CIOs about this, is prior to the pandemic, they, you know, had their, as you're pointing out, Jim, they had their DR strategy in place, but they felt like they weren't business resilient. And they realized that when we had the forced march to digital. So Andrew, are there solutions out there to help with this problem? Do you guys have an answer to this? >> Yeah, absolutely. So I'm glad you brought up resiliency. We, we take a position that to be cyber resilient, it includes operational resiliency. It includes understanding at the C level what the implication of an attack means, as we stated, and then, how to recover back into production. When you look at protecting that data, not only do you want to put it into what we call a vault, which is a Dell technology that is an offline immutable copy of your crown jewel data, but also how to recover it in real time. So DXC offers a, I don't want to call it a turnkey solution since we architect these specific to each client needs, right, when we look at what client data entails, their recovery point, objectives, recovery time objectives, what we call quality of the restoration. But when we architect these out, we look at not only how to protect the data, but how to alert and monitor for attacks in real time, how to understand what we should do when a breach is in progress, putting together with our security operations centers, a forensic and recovery plan and a runbook for the client, and then being able to cleanse and remediate so that we can get that data back into production. These are all services that DXC offers in conjunction with the Dell solution to protect, and recover, and keep bad actors out. And if we can't keep them out to ensure that we are back into production in short order. >> You know, this, this discussion we've been having about DR kind of versus resilience, and, and you were just talking about RPO and RTO. I mean, it used to be that a lot of firms wouldn't even test their recovery 'cause it was too risky. Or, you know, maybe they tested it on, you know, July 4th or something like that. But, but it, I'm inferring that's changed. I wonder if we could, you know, double click on recovery? How hard is it to, to, to test that recovery, and, and how quickly are you seeing organizations recover from attacks? >> So it depends, right, on the industry vertical, what kind of data. Again, a financial services client compared to a manufacturing client are going to be two separate conversations. We've seen it as quickly as being able to recover in six hours, in 12 hours. In some instances we have the grace period of a day to a couple of days. We do offer the ability to run scenarios once a quarter where we can stand up in our systems the production data that we are protecting to ensure that we have a good recoverable copy. But it depends on the client. >> I really like the emphasis here, Dave, that you're raising and that Andrew's talking about. It's not on the technology of how the data gets protected. It's focused on the recovery. That's all that we want to do. And so the solution with DXC really focuses on generating that recovery for customers. I think where people get a little bit twisted up on their testing capability is, you have to think about different scenarios. So there are scenarios where the attack might be small. It might be limited to a database or an application. It might be really broadly based like the NotPetya attacks from a few years ago. The regulatory environment, we call those attacks severe but plausible. So you can't necessarily test everything with the infrastructure, but you can test some things with the infrastructure. Others, you might sit around on a tabletop exercise or walk through what that looks like to really get that, that recovery kind of muscle, muscle memory so that people know what to do when those things occur. But the key to it, as Andrew said before, have to focus down, "What are those critical applications? What do we need, what's most important? What has to come back first?" And that really will go a long way towards having the right recovery points and recovery times from a cyber disaster. >> Yeah, makes sense. Understanding the value of that data is going to inform you how to, how to respond and how to prioritize. Andrew, one of the things that we hear a lot on theCube, especially lately, is around, you know, IOT, IIOT, Industry 4.0, the whole OT security piece of it. And the problem being that, you know, traditionally, operations technologies have been air gapped, often by design. But as businesses, increasingly they're driving initiatives like Industry 4.0, and they're connecting these OT systems to IT systems. They're, you know, driving efficiency, preventative maintenance, et cetera. So a lot of data flowing through the pipes, if you will. What are you seeing in terms of the threats to critical infrastructure and how should customers think about addressing these issues? >> Yeah, so bad actors, you know, can come in many forms. We've seen instances of social engineering. We've seen, you know, a USB stick dropped in a warehouse. That data that is flowing through the IoT device is as sensitive now as your core mainframe infrastructure data. So when you look at it from a protection standpoint, conceptually, it's not dissimilar from what we've been been talking about where you want to understand, again, what the most critical data is. Looking at IoT data and applications is no different than your core systems now, right? Depending on what your, your business is, right? So when, when we're looking at protecting these, yes, we want firewalls, yes, we want air gap solutions, yes, we want front end protection, but we're looking at it from a resiliency perspective. Putting that data, understanding what what data entails to put in the vault from an IoT perspective is just as critical as as it is for your core systems. >> Jim, anything you can add to this topic? >> Yeah, I think you hit on the, the key points there. Everything is interconnected. So even in the days where maybe people thought the OT systems weren't online, oftentimes the IT systems are talking to them, or controlling them, SCADA systems, or perhaps supporting them. Think back to the pipeline attack of last year. All the public testimony was that the OT systems didn't get attacked directly. But there was uncertainty around that, and the IT systems hadn't been secured. So that caused the OT systems to have to shut down. It certainly is a different recovery when you're shutting them down on your own versus being attacked, but the outcome was the same that the business couldn't operate. So you really have to take all of those into account. And I think that does go back to exactly what Andrew's saying, understanding your critical business services, and then the applications and data and other components that support those and drive those, and making sure those are protected. You understand them, you have the ability to recover them if necessary. >> So guys, I mean, you made the point. I mean, you're right. The adversary is highly capable. They're motivated 'cause the ROI is so, it's so lucrative. It's like this never ending battle that cybersecurity pros, you know, go through. It really is kind of frontline sort of technical heroes, if you will. And so, but sometimes it just feels daunting. Why are you optimistic about the future of, of cyber from the good guy's perspective? >> I think we're coming at the problem the right way, Dave. So that, that focus, I'm so pleased with the idea that we are planning that the systems aren't going to be hundred percent capable every single time, and let's figure that out, right? That's, that's real world stuff. So just as the bad actors continue to adapt and expand, so do we. And I think the differences there, the common criminals, it's getting harder and harder for them. The more sophisticated ones, they're tough to beat all the time. And of course, you've raised the question of some nation states and other activities. But there's a lot more information sharing. There's a lot more focus from the business side of the house and not just the IT side of the house that we need to figure these things out. >> Yeah, to, to add to that, I think furthering education for the client base is important. You, you brought up a point earlier. It used to be a boardroom conversation due to compliance reasons. Now, as we have been in the market for a while, we continue to mature the offerings. It's further education for not only the business itself, but for the IT systems and how they interconnect, and working together so that these systems can be protected and continue to be evolved and continue to be protected through multiple frameworks as opposed to seeing it as another check the box item that the board has to adhere to. >> All right, guys, we got to go. Thank you so much. Great conversation on a, on a really important topic. Keep up the good work. Appreciate it. >> Thanks Dan. >> Thank you. >> All right, and thank you for watching. Stay tuned for more excellent discussions around the partnership between Dell Technologies and DXC Technology. We're talking about solving real world problems, how this partnership has evolved over time, really meeting the changing enterprise landscape challenges. Keep it right there. (bright music) Okay, we hope you enjoyed the program and learned some things about cloud transformation and modernizing your business that will inspire you to action. Now if you want to learn more, go to the Dell DXC partner page shown here, or click on the URL in the description. Thanks for watching everybody and on behalf of our supporters, Dell and DXC, good luck. And as always, get in touch if we can be of any assistance. (bright music)

>> Welcome back to the program. My name is Dave Vellante and in this session we're going to explore one of the more interesting topics of the day. IoT for smart factories and with me are Todd Edmunds, the global CTO of Smart Manufacturing, Edge and Digital Twins, at Dell Technologies. That is such a cool title. (Todd laughs) I want to be you. And Dr. Aditi Banerjee, who's the Vice President General Manager for Aerospace Defense and Manufacturing at DXC Technology. Another really cool title. Folks, welcome to the program. Thanks for coming on. >> Thanks Dave. >> Thank you. Great to be here. >> Well- >> Nice to be here. >> Todd, let's start with you. We hear a lot about Industry 4.0, smart factories, IIoT. Can you briefly explain, like, what is Industry 4.0 all about and why is it important for the manufacturing industry? >> Yeah, sure Dave. You know, it's been around for quite a while and it's got, it's gone by multiple different names. As you said, Industry 4.0, smart manufacturing, industrial IoT, smart factory. But it all really means the same thing. It's really applying technology to get more out of the factories and the facilities that you have to do your manufacturing. So being much more efficient. Implementing really good sustainability initiatives. And so we really look at that by saying, "Okay, what are we going to do with technology to really accelerate what we've been doing for a long, long time"? So it's really not, it's not new. It's been around for a long time. What's new is that manufacturers are looking at this, not as a one-off, two off individual use case point of view, but instead they're saying, "We really need to look at this holistically, thinking about a strategic investment in how we do this." Not to just enable one or two use cases, but enable many, many use cases across the spectrum. I mean, there's tons of 'em out there. There's predictive maintenance and there's OEE, overall equipment effectiveness, and there's computer vision. And all of these things are starting to percolate down to the factory floor, but it needs to be done in a little bit different way. And really to to really get those outcomes that they're looking for in smart factory, or Industry 4.0, or however you want to call it. And truly transform. Not just throw an Industry 4.0 use case out there, but to do the digital transformation that's really necessary and to be able to stay relevant for the future. You know, I heard it once said that you have three options. Either you digitally transform and stay relevant for the future or you don't and fade into history like 52% of the companies that used to be on the Fortune 500 since 2000, right. And so really that's a key thing and we're seeing that really, really being adopted by manufacturers all across the globe. >> Yeah, so Aditi, that's like digital transformation is almost synonymous with business transformation. So is there anything you'd add to what Todd just said? >> Absolutely, though, I would really add that what really drives Industry 4.0 is the business transformation. What we are able to deliver in terms of improving the manufacturing KPIs and the KPIs for customer satisfaction, right. For example, improving the downtime, you know, or decreasing the maintenance cycle of the equipments or improving the quality of products, right. So I think these are lot of business outcomes that our customers are looking at while using Industry 4.0 and the technologies of Industry 4.0 to deliver these outcomes. >> So Aditi, one, if I could stay with you and maybe this is a bit esoteric, but when I first started researching IoT and Industrial IoT 4.0, et cetera, I felt, you know, while there could be some disruptions in the ecosystem, I kind of came to the conclusion that large manufacturing firms, aerospace defense companies, the firms building out critical infrastructure, actually had kind of an incumbent advantage and a great opportunity. Of course, then I saw on TV, somebody now, they're building homes with 3D printers. It like blows your mind. So that's pretty disruptive. But. So, but they got to continue, the incumbents have to continue to invest in the future. They're well capitalized. They're pretty good businesses. Very good businesses. But there's a lot of complexities involved in kind of connecting the old house to the new addition that's being built, if you will. Or there's transformation that we're talking about. So my question is how are your customers preparing for this new era? What are the key challenges that they're facing in the blockers, if you will? >> Yeah, I mean the customers are looking at Industry 4.0 for greenfield factories, right. That is where the investments are going directly into building the factories with the new technologies with the new connectivities, right, for the machines, for example. Industry IoT, Having the right type of data platforms to drive computational analytics and outcomes, as well as looking at edge versus cloud type of technologies, right. Those are all getting built in the greenfield factories. However, for the install-based factories, right, that is where our customers are looking at how do I modernize, right. These factories. How do I connect the existing machine? And that is where some of the challenges come in on, you know, the legacy system connectivity that they need to think about. Also, they need to start thinking about cybersecurity and operation technology security, right, because now you are connecting the factories to each other, right. So cybersecurity becomes top of mind, right. So there is definitely investment that is involved. Clients are creating roadmaps for digitizing and modernizing these factories and investments in a very strategic way, right. So perhaps they start with the innovation program. And then they look at the business case and they scale it up, right. >> Todd, I'm glad Aditi brought up security because if you think about the operations technology, you know folks, historically they air gapped, you know, the systems. That's how they created security. That's changed. The business came in and said, "Hey, we got to connect. We got to make it intelligent." So that's got to be a big challenge as well. >> It absolutely is Dave. And, you know, you can no longer just segment that because really to get all of those efficiencies that we talk about, that IOT and industrial IoT and Industry 4.0 promise, you have to get data out of the factory but then you got to put data back in the factory. So no longer is it just firewalling everything is really the answer. So you really have to have a comprehensive approach to security, but you also have to have a comprehensive approach to the cloud and what that means. And does it mean a continuum of cloud all the way down to the edge, right down to the factory? It absolutely does because no one approach has the answer to everything. The more you go to the cloud, the broader the attack surface is. So what we're seeing is a lot of our customers approaching this from, kind of, that hybrid, you know, write once, run anywhere on the factory floor down to the edge. And one of things we're seeing too is to help distinguish between what is the edge and that. And bridge that gap between, like Dave, you talked about IT and OT, and also help that what Aditi talked about is the greenfield plants versus the brownfield plants, that they call it, that are the legacy ones and modernizing those, is it's great to kind of start to delineate. What does that mean? Where's the edge? Where's the IT and the OT? We see that from a couple of different ways. We start to think about, really, two edges in a manufacturing floor. We talk about an industrial edge that sits, or some people call it a far edge or a thin edge, sits way down on that plant. Consists of industrial hardened devices that do that connectivity, the hard stuff, about how do I connect to this obsolete legacy protocol and what do I do with it? And create that next generation of data that has context. And then we see another edge evolving above that which is much more of a data and analytics and enterprise grade application layer that sits down in the factory itself that helps figure out where we're going to run this. Is... Does it connect to the cloud? Do we run applications on-prem? Because a lot of times that on-prem application is needs to be done because that's the only way it's going to work. Because of security requirements. Because of latency requirements, performance, and a lot of times, cost. It's really helpful to build that multiple edge strategy because then you consolidate all of those resources, applications, infrastructure, hardware, into a centralized location. Makes it much, much easier to really deploy and manage that security. But it also makes it easier to deploy new applications, new use cases, and become the foundation for DXC's expertise in applications that they deliver to our customers as well. >> Todd, how complex are these projects? I mean, I feel like it's kind of the digital equivalent of building the Hoover Dam. I mean, it... So, yeah, how long does a typical project take? I know it varies, but what, you know, what are the critical success factors in terms of delivering business value quickly? >> Yeah, that's a great question in that we're, you know, like I said at the beginning, this is not new smart factory and Industry 4.0 is not new. It's been... It's people have been trying to implement the holy grail of smart factory for a long time. And what we're seeing is a switch, a little bit of a switch or quite a bit of a switch, to where the enterprise and the IT folks are having a much bigger say and have a lot to offer to be able to help that complexity. So instead of deploying a computer here and a gateway there and a server there. I mean, you go walk into any manufacturing plant and you can see servers sitting underneath someone's desk or a PC in a closet somewhere running a a critical production application. So we're seeing the enterprise have a much bigger say at the table. Much louder voice at the table to say, "We've been doing this enterprise all the time. We know how to really consolidate, bring hyper-converged applications, hyper-converged infrastructure, to really accelerate these kind of applications. Really accelerate the outcomes that are needed to really drive that smart factory." And start to bring that same capabilities down into the Mac on the factory floor. That way, if you do it once to make it easier to implement you can repeat that. You can scale that. You can manage it much easily. And you can then bring that all together because you have the security in one centralized location. So we're seeing manufacturers... Yeah, that first use case may be fairly difficult to implement and we got to go down in and see exactly what their problems are. But when the infrastructure is done the correct way, when that... Think about how you're going to run that and how are you going to optimize the engineering. Well, let's take that what you've done in that one factory and then set. Let's that, make that across all the factories including the factory that we're in, but across the globe. That makes it much, much easier. You really do the hard work once and then repeat almost like a cookie cutter. >> Got it, thank you. Aditi, what about the skillsets available to apply these to these projects? You got to have knowledge of digital, AI, data, integration. Is there a talent shortage to get all this stuff done? >> Yeah, I mean, definitely. Different types of skillsets are needed from a traditional manufacturing skillset, right. Of course, the basic knowledge of manufacturing is important. But the digital skillsets, like, you know, IoT. Having a skillset in different protocols for connecting the machines, right. That experience that comes with it. Data and analytics, security, augmented virtual reality, programming. You know, again, looking at robotics and the digital twin. So, you know, it's a lot more connectivity software data-driven skillsets that are needed to smart factory to life at scale. And, you know, lots of firms are, you know, recruiting these types of resources with these skillsets to, you know, accelerate their smart factory implementation as well as consulting firms like DXC technology and others. We recruit. We train our talent to provide these services. >> Got it. Aditi, I wonder if we could stay on you. Let's talk about the partnership between DXC and Dell. What are you doing specifically to simplify the move to industry 4.0 for customers? What solutions are you offering? How are you working together, Dell and DXC, to bring these to market? >> Yeah, I... Dell and DXC have a very strong partnership, you know, and we work very closely together to create solutions, to create strategies, and how we are going to jointly help our clients, right. So. Areas that we have worked closely together is edge compute, right. How that impacts the smart factory. So we have worked pretty closely in that area. We're also looked at vision technologies, you know. How do we use that at the edge to improve the quality of products, right. So we have several areas that we collaborate in and our approach is that we want to bring solutions to our client and as well as help them scale those solutions with the right infrastructure, the right talent, and the right level of security. So we bring a comprehensive solution to our clients. >> So, Todd, last question. Kind of similar but different. You know, why Dell DXC? Pitch me. What's different about this partnership? You know, where are you confident that, you know, you're going to deliver the best value to customers? >> Absolutely, great question. You know, there's no shortage of bespoke solutions that are out there. There's hundreds of people that can come in and do individual use cases and do these things and just... And that's where it ends. What Dell and DXC Technology together bring to the table is we do the optimization of the engineering of those previously bespoke solutions upfront, together. Right. The power of our scalables, enterprise grade, structured, you know, industry standard infrastructure as well as our expertise in delivering package solutions that really accelerate with DXC's expertise and reputation as a global trusted advisor. Be able to really scale and repeat those solutions that DXC is so really, really good at. And Dell's infrastructure and our, what, 30,000 people across the globe that are really, really good at that scalable infrastructure to be able to repeat. And then it really lessens the risk that our customers have and really accelerates those solutions. So it's, again, not just one individual solutions. It's all of the solutions that not just drive use cases but drive outcomes with those solutions. >> Yeah, you're right. The partnership has gone... I mean, I first encountered it back in, I think, it was 2010, May of 2010. We had you guys both on the queue... I think we were talking about converged infrastructure and I had a customer on, and it was actually manufacturing customer. Was quite interesting. And back then it was how do we kind of replicate what's coming in the cloud? And you guys have obviously taken it into the digital world. Really want to thank you for your time today. Great conversation. And love to have you back. >> Thank you so much. >> Absolutely. >> It was a pleasure speaking with you. >> I agree. >> All right, keep it right there for more discussions that educate and inspire on theCUBE.

(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, otc. A friend of the Cube >>Karala joined us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with you. >>A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many day zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add the gold standard from a data standpoint, and that's given them this competitive advantage to go out and become a platform for a security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Esty win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? Exactly. >>Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking to the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my >>Question. That's the point. >>Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets >>Win. Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their valuable? >>You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development and Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Nice. Era was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. >>Well, and I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Altos made, they've done a good job of integrating their backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data like the, the fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Three. Think about that at that, that >>Make a, that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market cap. >>Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo. >>Right? And that when you look around the show floor, it's not that impressive. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah, >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people at Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR roundtable said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. So, >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate days, nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's it's an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, in The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they're do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you gotta fight fire with fire. And I think that's, that's the path they've, they've headed >>Down and the bad guys are hiding in plain sight, you know? >>Yeah, yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says we're actively consolidating vendors, redundant vendors today. That number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to, to it pros is if you're doing things today that aren't resume building, stop doing them. Right? Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. And so who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah. Yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with proxies as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at c skater throw 'em back at 'em. So I, it's good to see that kind of fight going on between the two. >>Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah. Cisco's interesting. And I, I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to just say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of work there're trying to, to tie to network. >>Right. Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wikibon, lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are you gonna be next? Are you gonna be on vacation? >>There's nothing more fun than mean on the cube, so, right. What's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and do the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We >>Love it. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show and it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>>The Cube presents Ignite 22, brought to you by Palo Alto Networks. >>Welcome back everyone. We're so glad that you're still with us. It's the Cube Live at the MGM Grand. This is our second day of coverage of Palo Alto Networks Ignite. This is takeaways from Ignite 22. Lisa Martin here with two really smart guys, Dave Valante. Dave, we're joined by one of our cube alumni, a friend, a friend of the, we say friend of the Cube. >>Yeah, F otc. A friend of the Cube >>Karala joins us. Guys, it's great to have you here. It's been an exciting show. A lot of cybersecurity is one of my favorite topics to talk about. But I'd love to get some of the big takeaways from both of you. Dave, we'll start with >>You. A breathing room from two weeks ago. Yeah, that was, that was really pleasant. You know, I mean, I know was, yes, you sat in the analyst program, interested in what your takeaways were from there. But, you know, coming into this, we wrote a piece, Palo Alto's Gold Standard, what they need to do to, to keep that, that status. And we hear it a lot about consolidation. That's their big theme now, which is timely, right? Cause people wanna save money, they wanna do more with less. But I'm really interested in hearing zeus's thoughts on how that's playing in the market. How customers, how easy is it to just say, oh, hey, I'm gonna consolidate. I wanna get into that a little bit with you, how well the strategy's working. We're gonna get into some of the m and a activity and really bring your perspectives to the table. Well, >>It's, it's not easy. I mean, people have been calling for the consolidation of security for decades, and it's, it's, they're the first company that's actually made it happen. Right? And, and I think this is what we're seeing here is the culmination of this long-term strategy, this company trying to build more of a platform. And they, you know, they, they came out as a firewall vendor. And I think it's safe to say they're more than firewall today. That's only about two thirds of their revenue now. So down from 80% a few years ago. And when I think of what Palo Alto has become, they're really a data company. Now, if you look at, you know, unit 42 in Cortex, the, the, the Cortex Data Lake, they've done an excellent job of taking telemetry from their products and from the acquisitions they have, right? And bringing that together into one big data lake. >>And then they're able to use that to, to do faster threat notification, forensics, things like that. And so I think the old model of security of create signatures for known threats, it's safe to say it never really worked and it wasn't ever gonna work. You had too many days, zero exploits and things. The only way to fight security today is with a AI and ML based analytics. And they have, they're the gold standard. I think the one thing about your post that I would add, they're the gold standard from a data standpoint. And that's given them this competitive advantage to go out and become a platform for security. Which, like I said, the people have tried to do that for years. And the first one that's actually done it, well, >>We've heard this from some of the startups, like Lacework will say, oh, we treat security as a data problem. Of course there's a startup, Palo Alto's got, you know, whatever, 10, 15 years of, of, of history. But one of the things I wanted to explore with you coming into this was the notion of can you be best of breed and develop a suite? And we, we've been hearing a consistent answer to that question, which is, and, and do you need to, and the answer is, well, best of breed in security requires that full spectrum, that full view. So here's my question to you. So, okay, let's take Estee win relatively new for these guys, right? Yeah. Okay. And >>And one of the few products are not top two, top three in, right? >>Exactly. Yeah. So that's why I want to take that. Yeah. Because in bakeoffs, they're gonna lose on a head-to-head best of breed. And so the customer's gonna say, Hey, you know, I love your, your consolidation play, your esty win's. Just, okay, how about a little discount on that? And you know, these guys are premium priced. Yes. So, you know, are they in essentially through their pricing strategies, sort of creating that stuff, fighting that, is that friction for them where they've got, you know, the customer says, all right, well forget it, we're gonna go stove pipe with the SD WAN will consolidate some of the stuff. Are you seeing that? >>Yeah, I, I, I still think the sales model is that way. And I think that's something they need to work on changing. If they get into a situation where they have to get down into a feature battle of my SD WAN versus your SD wan, my firewall versus your firewall, frankly they've already lost, you know, because their value prop is the suite and, and is the platform. And I was talking with the CISO here that told me, he realizes now that you don't need best of breed everywhere to have best in class threat protection. In fact, best of breed everywhere leads to suboptimal threat protection. Cuz you have all these data data sets that are in silos, right? And so from a data scientist standpoint, right, there's the good data leads to good insights. Well, partial data leads to fragmented insights and that's, that's what the best, best of breed approach gives you. And so I was talking with Palo about this, can they have this vision of being best of breed and platform? I don't really think you can maintain best of breed everywhere across this portfolio this big, but you don't need to. >>That was my second point of my question. That's the point I'm saying. Yeah. And so, cuz cuz because you know, we've talked about this, that that sweets always win in the long run, >>Sweets win. >>Yeah. But here's the thing, I, I wonder to your your point about, you know, the customer, you know, understanding that that that, that this resonates with them. I, my guess is a lot of customers, you know, at that mid-level and the fat middle are like still sort of wed, you know, hugging that, that tool. So there's, there's work to be done here, but I think they, they, they got it right Because if they devolve, to your point, if they devolve down to that speeds and feeds, eh, what's the point of that? Where's their >>Valuable? You do not wanna get into a knife fight. And I, and I, and I think for them the, a big challenge now is convincing customers that the suite, the suite approach does work. And they have to be able to do that in actual customer examples. And so, you know, I I interviewed a bunch of customers here and the ones that have bought into XDR and xor and even are looking at their sim have told me that the, the, so think of soc operations, the old way heavily manually oriented, right? You have multiple panes of glass and you know, and then you've got, so there's a lot of people work before you bring the tools in, right? If done correctly with AI and ml, the machines would do all the heavy lifting and then you'd bring people in at the end to clean up the little bits that were missed, right? >>And so you, you moved to, from something that was very people heavy to something that's machine heavy and machines can work a lot faster than people. And the, and so the ones that I've talked that have, that have done that have said, look, our engineers have moved on to a lot different things. They're doing penetration testing, they're, you know, helping us with, with strategy and they're not fighting that, that daily fight of looking through log files. And the only proof point you need, Dave, is look at every big breach that we've had over the last five years. There's some SIM vendor up there that says, we caught it. Yeah. >>Yeah. We we had the data. >>Yeah. But, but, but the security team missed it. Well they missed it because you're, nobody can look at that much data manually. And so the, I I think their approach of relying heavily on machines to fight the fight is actually the right way. >>Is that a differentiator for them versus, we were talking before we went live that you and I first hit our very first segment back in 2017 at Fort Net. Is that, where do the two stand in your >>Yeah, it's funny cuz if you talk to the two vendors, they don't really see each other in a lot of accounts because Fort Net's more small market mid-market. It's the same strategy to some degree where Fort Net relies heavily on in-house development in Palo Alto relies heavily on acquisition. Yeah. And so I think from a consistently feature set, you know, Fort Net has an advantage there because it, it's all run off their, their their silicon. Where, where Palo's able to innovate very quickly. The, it it requires a lot of work right? To, to bring the front end and back ends together. But they're serving different markets. So >>Do you see that as a differentiator? The integration strategy that Palo Alto has as a differentiator? We talk to so many companies who have an a strong m and a strategy and, and execution arm. But the challenge is always integrating the technology so that the customer to, you know, ultimately it's the customer. >>I actually think they're, they're underrated as a, an acquirer. In fact, Dave wrote a post to a prior on Silicon Angle prior to Accelerate and he, he on, you put it on Twitter and you asked people to rank 'em as an acquirer and they were in the middle of the pack, >>Right? It was, it was. So it was Oracle, VMware, emc, ibm, Cisco, ServiceNow, and Palo Alto. Yeah. Or Oracle got very high marks. It was like 8.5 out of, you know, 10. Yeah. VMware I think was 6.5. Naira was high emc, big range. IBM five to seven. Cisco was three to eight. Yeah. Yeah, right. ServiceNow was a seven. And then, yeah, Palo Alto was like a five. And I, which I think it was unfair. Well, >>And I think it depends on how you look at it. And I, so I think a lot of the acquisitions Palo Alto's made, they've done a good job of integrating the backend data and they've almost ignored the front end. And so when you buy some of the products, it's a little clunky today. You know, if you work with Prisma Cloud, it could be a little bit cleaner. And even with, you know, the SD wan that took 'em a long time to bring CloudGenix in and stuff. But I think the approach is right. I don't, I don't necessarily believe you should integrate the front end until you've integrated the back end. >>That's >>The hard part, right? Because UL ultimately what you're gonna get, you're gonna get two panes of glass and one pane of glass and it might look pretty and all mush together, but ultimately you're not solving the bigger problem, right. Of, of being able to create that big data lake to, to fight security. And so I think, you know, the approach they've taken is the right one. I think from a user standpoint, maybe it doesn't show up as neatly because you don't see the frontend integration, but the way they're doing it is the right way to do it. And I'm glad they're doing it that way versus caving to the pressures of what, you know, the industry might want or >>Showed up in the performance of the company. I mean, this company was basically gonna double revenues to 7 billion from 2020 to >>2023. Think about that at that. That makes, >>I mean that's unbelievable, right? I mean, and then and they wanna double again. Yeah. You know, so, well >>What did, what did Nikesh was quoted as saying they wanna be the first cyber company that's a hundred billion dollars. He didn't give a timeline market >>Cap. Right. >>Market cap, right. Do what I wanna get both of your opinions on what you saw and heard and felt this week. What do you think the likelihood is? And and do you have any projections on how, you know, how many years it's gonna take for them to get there? >>Well, >>Well I think so if they're gonna get that big, right? And, and we were talking about this pre-show, any company that's becoming a big company does it through ecosystem >>Bingo >>Go, right? And that when you look around the show floor, it's not that impressive. No. And if that, if there's an area they need to focus on, it's building that ecosystem. And it's not with other security vendors, it's with application vendors and it's with the cloud companies and stuff. And they've got some relationships there, but they need to do more. I actually challenge 'em on that. One of the analyst sessions. They said, look, we've got 800 cortex partners. Well where are they? Right? Why isn't there a cortex stand here with a bunch of the small companies here? So I do think that that is an area they need to focus on. If they are gonna get to that, that market caps number, they will do so do so through ecosystem. Because every company that's achieved that has done it through ecosystem. >>A hundred percent agree. And you know, if you look at CrowdStrike's ecosystem, it's, I mean, pretty similar. Yeah. You know, it doesn't really, you know, make much, much, not much different from this, but I went back and just looked at some, you know, peak valuations during the pandemic and shortly thereafter CrowdStrike was 70 billion. You know, that's what their roughly their peak Palo Alto was 56, fortune was 59 for the actually diverged. Right. And now Palo Alto has taken the, the top mantle, you know, today it's market cap's 52. So it's held 93% of its peak value. Everybody else is tanking. Even Okta was 45 billion. It's been crushed as you well know. But, so Palo Alto wasn't always, you know, the number one in terms of market cap. But I guess my point is, look, if CrowdStrike could got to 70 billion during Yeah. During the frenzy, I think it's gonna take, to answer your question, I think it's gonna be five years. Okay. Before they get back there. I think this market's gonna be tough for a while from a valuation standpoint. I think generally tech is gonna kind of go up and down and sideways for a good year and a half, maybe even two years could be even longer. And then I think there's gonna be some next wave of productivity innovation that that hits. And then you're gonna, you're almost always gonna exceed the previous highs. It's gonna take a while. Yeah. >>Yeah, yeah. But I think their ability to disrupt the SIM market actually is something that I, I believe they're gonna do. I've been calling for the death of the sim for a long time and I know some people of Palo Alto are very cautious about saying that cuz the Splunks and the, you know, they're, they're their partners. But I, I think the, you know, it's what I said before, the, the tools are catching them, but they're, it's not in a way that's useful for the IT pro and, but I, I don't think the SIM vendors have that ecosystem of insight across network cloud endpoint. Right. Which is what you need in order to make a sim useful. >>CISO at an ETR round table said, if, if it weren't for my regulators, I would chuck my sim. >>Yes. >>But that's the only reason that, that this person was keeping it. No. >>Yeah. And I think the, the fact that most of those companies have moved to a perpetual MO or a a recurring revenue model actually helps unseat them. Typically when you pour a bunch of money into something, you remember the old computer associate says nobody ever took it out cuz the sunk dollars you spent to do it. But now that you're paying an annual recurring fee, it's actually makes it easier to take out. So >>Yeah, it's just an ebb and flow, right? Yeah. Because the maintenance costs were, you know, relatively low. Maybe it was 20% of the total. And then, you know, once every five years you had to do a refresh and you were still locked into the sort of maintenance and, and so yeah, I think you're right. The switching costs with sas, you know, in theory anyway, should be less >>Yeah. As long as you can migrate the data over. And I think they've got a pretty good handle on that. So, >>Yeah. So guys, I wanna get your perspective as a whole bunch of announcements here. We've only been here for a couple days, not a big conference as, as you can see from behind us. What Zs in your opinion was Palo Alto's main message and and what do you think about it main message at this event? And then same question for you. >>Yeah, I, I think their message largely wrapped around disruption, right? And, and they, and The's keynote already talked about that, right? And where they disrupted the firewall market by creating a NextGen firewall. In fact, if you look at all the new services they added to their firewall, you, you could almost say it's a NextGen NextGen firewall. But, but I do think the, the work they've done in the area of cloud and cortex actually I think is, is pretty impressive. And I think that's the, the SOC is ripe for disruption because it's for, for the most part, most socks still, you know, run off legacy playbooks. They run off legacy, you know, forensic models and things and they don't work. It's why we have so many breaches today. The, the dirty little secret that nobody ever wants to talk about is the bad guys are using machine learning, right? And so if you're using a signature based model, all they gotta do is tweak their model a little bit and it becomes, it bypasses them. So I, I think the only way to fight the the bad guys today is with you're gonna fight fire with fire. And I think that's, that's the path they've, they've headed >>Down. Yeah. The bad guys are hiding in plain sight, you know? Yeah, >>Yeah. Well it's, it's not hard to do now with a lot of those legacy tools. So >>I think, I think for me, you know, the stat that we threw out earlier, I think yesterday at our keynote analysis was, you know, the ETR data shows that are, that are that last survey around 35% of the respondents said we are actively consolidating, sorry, 44%, sorry, 35 says who are actively consolidating vendors, redundant vendors today that number's up to 44%. Yeah. It's by far the number one cost optimization technique. That's what these guys are pitching. And I think it's gonna resonate with people and, and I think to your point, they're integrating at the backend, their beeps are technical, right? I mean, they can deal with that complexity. Yeah. And so they don't need eye candy. Eventually they, they, they want to have that cuz it'll allow 'em to have deeper market penetration and make people more productive. But you know, that consolidation message came through loud and clear. >>Yeah. The big change in this industry too is all the new startups are all cloud native, right? They're all built on Amazon or Google or whatever. Yeah. And when your cloud native and you buy a cloud native integration is fast. It's not like having to integrate this big monolithic software stack anymore. Right. So I, I think their pace of integration will only accelerate from here because everything's now cloud native. >>If a customer comes to you or when a customer comes to you and says, Zs help us with this cyber transformation we have, our board isn't necessarily aligned with our executives in terms of execution of a security strategy. How do you advise them where Palo Alto is concerned? >>Yeah. You know, a lot, a lot of this is just fighting legacy mindset. And I've, I was talking with some CISOs here from state and local governments and things and they're, you know, they can't get more budget. They're fighting the tide. But what they did find is through the use of automation technology, they're able to bring their people costs way down. Right. And then be able to use that budget to invest in a lot of new projects. And so with that, you, you have to start with your biggest pain points, apply automation where you can, and then be able to use that budget to reinvest back in your security strategy. And it's good for the IT pros too, the security pros, my advice to the IT pros is, is if you're doing things today that aren't resume building, stop doing them. Right. Find a way to automate the money your job. And so if you're patching systems and you're looking through log files, there's no reason machines can't do that. And you go do something a lot more interesting. >>So true. It's like storage guys 10 years ago, provisioning loans. Yes. It's like, stop doing that. Yeah. You're gonna be outta a job. So who, last question I have is, is who do you see as the big competitors, the horses on the track question, right? So obviously Cisco kind of service has led for a while and you know, big portfolio company, CrowdStrike coming at it from end point. You know who, who, who do you see as the real players going for that? You know, right now the market's three to 4%. The leader has three, three 4% of the market. You know who they're all going for? 10, 15, maybe 20% of the market. Who, who are the likely candidates? Yeah, >>I don't know if CrowdStrike really has the breadth of portfolio to compete long term though. I I think they've had a nice run, but I, we might start to see the follow 'em. I think Microsoft is gonna be for middle. They've laid down the gauntlet, right? They are a security vendor, right? We, we were at Reinvent and a AWS is the platform for security vendors. Yes. Middle, somewhere in the middle. But Microsoft make no mistake, they're in security. They've got some good products. I think a lot of 'em are kind of good enough and they, they tie it to the licensing and I'm not sure that works in security, but they've certainly got the ear of a lot of it pros. >>It might work in smb. >>Yeah, yeah. It, it might. And, and I do like Zscaler. I, I know these guys poo poo the proxy model, but they've, they've done about as much with prox as you can. And I, I think it's, it's a battle of, I love the, the, the near, you know, proxies are dead and Jay's model, you know, Jay over at csca, throw 'em back at 'em. So I, it's good to see that kind of fight going on between the >>Two. Oh, it's great. Well, and, and again, ZScaler's coming at it from their cloud security angle. CrowdStrike's coming at it from endpoint. I, I do think CrowdStrike has an opportunity to build out the portfolio through m and a and maybe ecosystem. And then obviously, you know, Palo Alto's getting it done. How about Cisco? >>Yeah, Cisco's interesting. And I I think if Cisco can make the network matter in security and it should, right? We're talking about how a lot of you need a lot of forensics to fight security today. Well, they're gonna see things long before anybody else because they have all that network data. If they can tie network security, I, I mean they could really have that business take off. But we've been saying that about Cisco for 20 years. >>But big install based though. Yeah. It's hard for a company, any company to say, okay, hey Cisco customer sweep the floor and come with us. That's, that's >>A tough thing. They have a lot of good peace parts, right? And like duo's a good product and umbrella's a good product. They've, they've not done a good job. >>They're the opposite of these guys. >>They've not done a good job of the backend integration and that, that's where Cisco needs to, to focus. And I do think g G two Patel there fixed the WebEx group and I think he's now, in fact when you talk to him, he's doing very little on WebEx that that group's running itself and he's more focused in security. So I, I think we could see a resurgence there. But you know, they have a, from a revenue perspective, it's a little misleading cuz they have this big legacy base that's in decline while they're moving to cloud and stuff. So, but they, but they, there's a lot of Rick there trying to, to tie to network. >>Lots of fuel for conversation. We're gonna have to carry this on, on Silicon angle.com guys. Yes. And Wi KeePon. Lets do see us. Thank you so much for joining Dave and me giving us your insights as to this event. Where are gonna be next? Are you gonna be on >>Vacation? There's nothing more fun than mean on the cube. So what's outside of that though? Yeah, you know, Christmas coming up, I gotta go see family and be the obligatory, although for me that's a lot of travel, so I guess >>More planes. Yeah. >>Hopefully not in Vegas. >>Not in Vegas. >>Awesome. Nothing against Vegas. Yeah, no, >>We love it. We love >>It. Although I will say my year started off with ces. Yeah. And it's finishing up with Palo Alto here. The bookends. Yeah, exactly. In Vegas bookends. >>Well thanks so much for joining us. Thank you Dave. Always a pleasure to host a show with you and hear your insights. Reading your breaking analysis always kicks off my prep for show. And it, it's always great to see, but predictions come true. So thank you for being my co-host bet. All right. For Dave Valante Enz as Carla, I'm Lisa Martin. You've been watching The Cube, the leader in live, emerging and enterprise tech coverage. Thanks for watching.

>> Announcer: TheCUBE presents Ignite22, brought to you by Palo Alto Networks. >> Hey, welcome back to Vegas. Great to have you. We're pleased that you're watching theCUBE. Lisa Martin and Dave Vellante. Day two of theCUBE's coverage of Palo Alto Ignite22 from the MGM Grand. Dave, we're going to be talking about data. >> You know I love data. >> I do know you love data. >> Survey data- >> There is a great new survey that Palo Alto Networks just published yesterday, "What's next in cyber?" We're going to be digging through it with their CMO. Who better to talk about data with than a CMO that has a PhD in machine learning? We're very pleased to welcome to the program, Zeynep Ozdemir, CMO of Palo Alto Networks. Great to have you. Thank you for joining us. >> It's a pleasure to be here. >> First, I got to ask you about your PhD. Your background as a CMO is so interesting and unique. Give me a little bit of a history on that. >> Oh, absolutely, yes. Yes, I admit that I'm a little bit of an untraditional marketing leader. I spent probably the first half of my career as a software engineer and a research scientist in the area of machine learning and speech signal processing, which is very uncommon, I admit that. Honestly, it has actually helped me immensely in my current role. I mean, you know, you've spoken to Lee Klarich, I think a little while ago. We have a very tight and close partnership with product and engineering teams at Palo Alto Networks. And, you know, cybersecurity is a very complex topic. And we're at a critical juncture right now where all of these new technologies, AI, machine learning, cloud computing, are going to really transform the industry. And I think that I'm very lucky, as somebody who's very technically competent in all of those areas, to partner with the best people and the leading company right now. So, I'm very happy that my technical background is actually helping in this journey. >> Dave: Oh, wait, aren't you like a molecular biologist, or something? >> A reformed molecular...yes. >> Yes. >> Okay. Whoa, okay. (group laughs) >> But >> Math guy over here. >> Yeah. You guys just, the story that I tease is... the amount of data in there is unbelievable. This has just started in August, so a few months ago. >> Zeynep: Yeah. >> Fresh data. You surveyed 1300 CXOs globally. >> Zeynep: That's right. >> Across industries and organizations are saying, you know, hybrid work and remote work became status quo like that. >> Yes. >> Couple years ago everyone shifted to multicloud and of course the cyber criminals are sophisticated, and they're motivated, and they're well funded. >> Zeynep: That's right. >> What are some of the things that you think that the survey really demonstrated that validate the direction that Palo Alto Networks is going in? >> That's right. That's right. So we do these surveys because first and foremost, we have to make sure we're aligned with our customers in terms of our product strategy and the direction. And we have to confirm and validate our very strong opinions about the future of the cybersecurity industry. So, but this time when we did this survey, we just saw some great insights, and we decided we want to share it with the broader industry because we obviously want to drive thought leadership and make sure everybody is in the same level field. Some interesting and significant results with this one. So, as you said, this was 1300 C level cybersecurity decision makers and executives across the world. So we had participants from Europe, from Japan, from Asia Pacific, Latin America, in addition to North America. So one of the most significant stats or data points that we've seen was the fact that out of everybody interviewed, 96% of participants had experienced one or more cybersecurity breaches in the past 12 months. That was more than what we expected, to be honest with you. And then 57% of them actually experienced three or more. So those stats are really worth sharing in terms of where the state of cybersecurity is. What also was personally interesting to me was 33% of them actually experienced an operational disruption as a result of a breach, which is a big number. It's one third of participants. So all of these were very interesting. We asked them more detailed questions around you know, how many...like obviously all of them are trying to respond to this situation. They're trying different technologies, different tools and it seems like they're in a point where they're almost have too many tools and technologies because, you know, when you have too many tools and technologies, there's the operational overhead of integrating them. It creates blind spots between them because those tools aren't really communicating with each other. So what we heard from the responders was that on average they were on like 32 tools, 22% was on 50 or more tools, which is crazy. But what the question we asked them was, you know, are you, are you looking to consolidate? Are you looking to go more tools or less tools? Like what are your thoughts on that? And a significant majority of them, like about 77% said they are actively trying to reduce the number of technologies that they're trying to use because they want to actually achieve better security outcomes. >> I wonder if you could comment on this. So early on in the pandemic, we have a partner, survey partner ETR, Enterprise Technology Research. And we saw a real shift of course, 'cause of hybrid work toward endpoint security, cloud security, they were rearchitecting their networks, a new focus on, you know, different thinking about network security and identity. >> Yeah. >> You play in all of those in partner for identity. >> Zeynep: Yeah. >> I almost, my question is, is was there kind of a knee jerk reaction to get point tools to plug some of those holes? >> Zeynep: Yes. >> And now they're...'cause we said at the time, this is a permanent shift in thinking. What we didn't think through it's coming to focus here at this conference is, okay, we did that, but now we created another problem. >> Zeynep: Yeah. Yeah. >> Now we're- >> Yes, yes. You're very right. I think, and it's very natural to do this, right? >> Sure. >> Every time a problem pops up, you want to fix it as quickly as possible. And you look... you survey who can help you with that. And then you kind of get going because cybersecurity is one of those areas where you can't really wait and do, you know, take time to fix those problems. So that happened a lot and it is happening. But what happened as a result of that. For example, I'll give you a data point from the actual survey that answers this very question. When we asked these executives what keeps them like up at night, like what's their biggest concern? A significant majority of them said, oh we're having difficulty with data management. And what that means is that all these tools that they've deployed, they're generating a lot of insights and data, but they're disconnected, right? So there is no one place where you can say, look at it holistically and come to conclusions very fast about how threat actors are moving in an organization. So that's a direct result of this proliferation of tools, if you will. And you're right. And it will...it's a natural thing to deploy products very quickly. But then you have to take a step back and say, how do I make this more effective? How do I bring things together, bring all my data together to be able to get to threats detect threats much faster? >> An unintended consequence of that quick fix. >> And become cyber resilient. We've been hearing a lot about cyber resiliency. >> Yes, yes. >> Recently and something that I was noting in the survey is only 25% of execs said, yeah, our cyber resilience and readiness is high. And you found that there was a lack of alignment between the boards and the executive levels. And we actually spoke with I think BJ yesterday on how are you guys and even some of your partners >> Yeah. >> How are you helping facilitate that alignment? We know security's always a board level- >> Zeynep: Yes. >> Conversation, but the lack of alignment was kind of surprising to me. >> Yeah. Well I think the good news is that I think we... cybersecurity is taking its place in board discussions more and more. Whether there's alignment or not, at least it's a topic, right? >> Yeah. That was also out of the survey that we saw. I think yes, we have a lot of, a big role to play in helping security executives communicate better with boards and c-level executives in their organizations. Because as we said, it's a very complex topic, and it has to be taken from two angles. When there's...it's a board level discussion. One, how are you reducing risk and making sure that you're resilient. Two, how do you think about return on investment and you know, what's the right level of investment and is that investment going to get us the return that we need? >> What do you think of this? So there's another interesting stat here. What keeps executives up at night? >> Mmhm. >> You mentioned difficulty of data management. Normally, the CISO response to what's your number one problem is lack of talent. >> Zeynep: Number three there, yes. Yeah. >> And it is maybe somewhat related to difficulty of data management, but maybe people have realized, you know what? I'm never going to solve this problem by throwing bodies at it. >> Yeah. >> I got to think of a better way to consolidate my data. Maybe partner with a company that can help me do that. And then the second one was scared of being left behind changes in the tech stack. So we're moving so fast to digitize. >> Zeynep: Yes. >> And security's still an afterthought. And so it's almost as though they're kind of rethinking the problems 'cause they know that they can't just solve the issue by throwing, you know, more hires at it 'cause they can't find the people. >> That is...you're absolutely spot on. The thing about cybersecurity skills gap, it's a reality. It's very real. It's a hard place to be. It's hard to ramp up sometimes. Also, there's a lot of turnover. But you're right in the sense that a lot of the manual work that is needed for cybersecurity, it's actually more sort of much easier to tackle with machines- >> Yeah. >> Than humans. It's a funny double click on the stat you just gave. In North America, the responders when we asked them like how they're coping with the skills shortage, they said we're automating more. So we're using more AI, we're using more process automation to make sure we do the heavy lifting with machines and then only present to the people what they're very good at, is making judgements, right? Very sort of like last minute judgment calls. In the other parts of the world, the top answer to that question is how you're tackling cybersecurity skill shortage was, we're actually trying to provide higher wages and better benefits to the existing p... so there's a little bit of a gap between the two. But I think, I think the world is moving towards the former, which is let's do as much as we can with AI and machines and automation in general and then let's make sure we're more in an automation assisted world versus a human first world. >> We also saw on the survey that ransomware was, you know, the big concern in the United States. Not as much, not that it's not a concern >> Lisa: Yeah. >> In other parts of the world. >> Zeynep: Yeah. >> But it wasn't number one. Why do you think that is? Is it 'cause maybe the US has more to lose? Is it, you know, more high profile or- >> Yeah. Look, I mean, yes you're right? So most responders said number one is ransomware. That's my biggest concern going into 2023. And it was for JAPAC and I think EMEA, Europe, it was supply chain attacks. >> Dave: Right. >> So I think US has been hit hard by ransomware in the past year. I think it's like fresh memory and that's why it rose to the top in various verticals. So I'm not surprised with that outcome. I think supply chain is more of a... we've, you know, we've been hit hard globally by that, and it's very new. >> Lisa: Yeah. >> So I think a lot of the European and JAPAC responders are responding to it from a perspective of, this is a problem I still don't know how to solve. You know, like, and it's like I need the right infrastructure to...and I need the right visibility into my software supply chain. It's very top of mind. So those were some of the differences, but you're right. That was a very interesting regional distinction as well. >> How do you take this data and then bring it back to your customers to kind of close the loop? Do you do that? Do you say, okay, hey, we're going to share this data with you, get realtime feedback- >> Zeynep: Yes. >> Dave: We often like to do that with data- >> Zeynep: Absolutely. >> Say okay...'cause you know, when you do a survey like this, you're like, oh, I wish we asked A, B and C. But it gives you, informs you as to where to double click. Is there a system to do that? Or process to do that? >> Yes. Our hope and goal is to do this every year and see how things are changing and then do some historical analysis as to how things are changing as well. But as I said in the very beginning, I think we take this and we say, okay, there's a lot of alignment in these areas, especially for us for our products to see if where our products are deployed to see if some of those numbers vary, you know, per product. Because we address as a company, we address a lot of these concerns. So then it's very encouraging to say, okay, with certain customers, we're going to go, we're going to have develop certain metrics and we're going to measure how much of a difference we're making with these stats. >> Well, I mean, if you can show that you're consolidating- >> Yeah. >> You know, the number of tools and show the business impact- >> Right. >> Exactly. >> Home run. >> Exactly. Yes- >> Speaking of business outcomes, you know, we have so many conversations around everything needs to be outcome-based. Can security become an enabler of business outcomes for organizations? >> Absolutely. Security has to be an enabler. So it's, you know, back to the security lagging behind the evolution of the digital transformation, I don't think it's possible to move fast without having security move fast with digital transformation. I don't think anybody would raise their hands and say, I'm just going to have the most creative, most interesting digital transformation journey. But, you know, security is say, so I think we're past that point where I think generally people do agree that security has to run as fast as digital transformation and really enable those business outcomes that everybody's proud of. So Yes. Yes it is. >> So...sorry. So chicken and egg, digital transformation, cyber transformation. >> Zeynep: Yes. >> Lisa: How are they related? Is one digital leading? >> They are two halves of the perfect solution. They have to coexist because otherwise if you're taking a lot of risk with your digital transformation, is it really worth going through a digital transformation? >> Yeah. >> Yeah. >> So there's a board over here. I'm looking at it and it started out blank. >> Yes. >> And it's what's next in cyber and basically- >> That's this. Yes. >> People can come through and they can write down, and there's some great stuff in there: 5G, cloud native, some technical stuff, automated meantime to repair or to remediation. >> Yeah. >> Somebody wrote AWS. The AWS guys left their mark, which is kind of cool. >> Zeynep: That's great. >> And so I'm wondering, so we always talk about... we just talked about earlier that cyber is a board...has become a board level you know, issue. I think even go back mid last decade, it was really starting to gain strength. What I'm looking for, and I dunno if there's anything in here that suggests this is going beyond the board. So it becomes this top down thing, not just the the SOC, not just the, you know, IT, not just the board. Now it's top down maybe it's bottom up, middle out. The awareness across the organization. >> Zeynep: Absolutely. >> And that's something that I think is that is a next big thing in cyber. I believe it's coming. >> Cybersecurity awareness is a topic. And you know, there are companies who do that, who actually educate just all of us who work for corporations on the best way to tackle, especially when the human is the source and the reason knowingly or unknowing, mostly unknowingly of cyber attacks. Their education and awareness is critical in preventing a lot of this...before our, you know tools even get in. So I agree with you that there is a cybersecurity awareness as a topic is going to be very, very popular in the future. >> Lena Smart is the CISO of MongoDB does... I forget what she calls it, but she basically takes the top security people in the company like the super geeks and puts 'em with those that know nothing about security, and they start having conversations. >> Zeynep: Yeah. >> And then so they can sort of be empathic to each other's point of view. >> Zeynep: Absolutely. >> And that's how she gets the organization to become cyber aware. >> Yes. >> It's brilliant. >> It is. >> So simple. >> Exactly. Well that's the beauty in it is the simplicity. >> Yeah. And there are programs just to put a plug. There are programs where you can simulate, for example, phishing attacks with your, you know employee base and your workforce. And then teach them at that moment when they fall for it, you know, what they should have done. >> I think I can make a family game night. >> Yeah. Yeah. (group laughs) >> I'm serious. That's a good little exercise For everybody. >> Yes. Yeah, exactly. >> It really is. Especially as the sophistication and smishing gets more and more common these days. Where can folks go to get their hands on this juicy survey that we just unpacked? >> We have it online, so if you go to the Palo Alto Networks website, there's a big link to the survey from there. So for sure there's a summary version that you can come in and you can have access to all the stats. >> Excellent. Zeynep, it's been such a pleasure having you on the program dissecting what's keeping CXOs up at night, what Palo Alto Networks is doing to really help organizations digitally transform cyber transformation and achieve that nirvana of cyber resilience. We appreciate so much your insights. >> Thanks very much. It's been the pleasure. >> Dave: Good to have you. >> Thank you >> Zeynep Ozdemir and Dave Vellante. I'm Lisa Martin. You're watching theCUBE, the leader in live and emerging tech coverage. (upbeat music)

(bright music) >> Hello everyone and welcome back to AWS re:Invent, here in wonderful Las Vegas, Nevada. We're theCUBE. I am Savannah Peterson. Joined with my co-host, Dave Vellante. Day four, you look great. Your voice has come back somehow. >> Yeah, a little bit. I don't know how. I took last night off. You guys, I know, were out partying all night, but - >> I don't know what you're talking about. (Dave laughing) >> Well, you were celebrating John's birthday. John Furrier's birthday today. >> Yes, happy birthday John! >> He's on his way to England. >> Yeah. >> To attend his nephew's wedding. Awesome family. And so good luck, John. I hope you feel better, he's got a little cold. >> I know, good luck to the newlyweds. I love this. I know we're both really excited for our next guest, so I'm going to bring out, Lena Smart from MongoDB. Thank you so much for being here. >> Thank you for having me. >> How's the show going for you? >> Good. It's been a long week. And I just, not much voice left, so. >> We'll be gentle on you. >> I'll give you what's left of it. >> All right, we'll take that. >> Okay. >> You had a fireside chat, at the show? >> Lena: I did. >> Can you tell us a little bit about that? >> So we were talking about the Rise, The developer is a platform. In this massive theater. I thought it would be like an intimate, you know, fireside chat. I keep believing them when they say to me come and do these talks, it'll be intimate. And you turn up and there's a stage and a theater and it's like, oh my god. But it was really interesting. It was well attended. Got some really good questions at the end as well. Lots of follow up, which was interesting. And it was really just about, you know, how we've brought together this developer platform that's got our integrated services. It's just what developers want, it gives them time to innovate and disrupt, rather than worry about the minutia of management. >> Savannah: Do the cool stuff. >> Exactly. >> Yeah, so you know Lena, it's funny that you're saying that oh wow, the lights came on and it was this big thing. When when we were at re:Inforced, Lena was on stage and it was so funny, Lena, you were self deprecating like making jokes about the audience. >> Savannah: (indistinct) >> It was hilarious. And so, but it was really endearing to the audience and so we were like - >> Lena: It was terrifying. >> You got huge props for that, I'll tell you. >> Absolutely terrifying. Because they told me I wouldn't see anyone. Because we did the rehearsal the day before, and they were like, it's just going to be like - >> Sometimes it just looks like blackness out there. >> Yeah, yeah. It wasn't, they lied. I could see eyeballs. It was terrifying. >> Would you rather know that going in though? Or is it better to be, is ignorance bliss in that moment? >> Ignorance is bliss. >> Yeah, yeah yeah. >> Good call Savannah, right? Yeah, just go. >> The older I get, the more I'm just, I'm on the ignorance is bliss train. I just, I don't need to know anything that's going to hurt my soul. >> Exactly. >> One of the things that you mentioned, and this has actually been a really frequent theme here on the show this week, is you said that this has been a transformative year for developers. >> Lena: Yeah. >> What did you mean by that? >> So I think developers are starting to come to the fore, if you like, the fore. And I'm not in any way being deprecating about developers 'cause I love them. >> Savannah: I think everyone here does. >> I was married to one, I live with one now. It's like, they follow me everywhere. They don't. But, I think they, this is my opinion obviously but I think that we're seeing more and more the value that developers bring to the table. They're not just code geeks anymore. They're not just code monkeys, you know, churning out lines and lines of code. Some of the most interesting discussions I've had this week have been with developers. And that's why I'm so pleased that our developer data platform is going to give these folks back time, so that they can go and innovate. And do super interesting things and do the next big thing. It was interesting, I was talking to Mary, our comms person earlier and she had said that Dave I guess, my boss, was on your show - >> Dave: Yeah, he was over here last night. >> Yeah. And he was saying that two thirds of the companies that had been mentioned so far, within the whole gamut of this conference use MongoDB. And so take that, extrapolate that, of all the developers >> Wow. >> who are there. I know, isn't that awesome? >> That's awesome. Congrats on that, that's like - >> Did I hear that right now? >> I know, I just had that moment. >> I know she just told me, I'm like, really? That's - >> That's so cool. >> 'Cause the first thing I thought of was then, oh my god, how many developers are we reaching then? 'Cause they're the ones. I mean, it's kind of interesting. So my job has kind of grown from, over the years, being the security geek in the back room that nobody talks to, to avoiding me in the lift, to I've got a seat at the table now. We meet with the board. And I think that I can see that that's where the developer mindset is moving towards. It's like, give us the right tools and we'll change your world. >> And let the human capital go back to doing the fun stuff and not just the maintenance stuff. >> And, but then you say that, you can't have everything automated. I get that automation is also the buzzword of the week. And I get that, trust me. Someone has to write the code to do the automation. >> Savannah: Right. >> So, so yeah, definitely give these people back time, so that they can work on ML, AI, choose your buzzword. You know, by giving people things like queriable encryption for example, you're going to free up a whole bunch of head space. They don't have to worry about their data being, you know harvested from memory or harvested while at rest or in motion. And it's like, okay, I don't have to worry about that now, let me go do something fun. >> How about the role of the developer as it relates to SecOps, right? They're being asked to do a lot. You and I talked about this at re:Inforce. You seem to have a pretty good handle on it. Like a lot of companies I think are struggling with it. I mean, the other thing you said said to me is you don't have a lack of talent at Mongo, right? 'Cause you're Mongo. But a lot of companies do. But a lot of the developers, you know we were just talking about this earlier with Capgemini, the developer metrics or the application development team's metrics might not be aligned with the CSO's metrics. How, what are you seeing there? What, how do you deal with it within Mongo? What do you advise your customers? >> So in terms of internal, I work very closely with our development group. So I work with Tara Hernandez, who's our new VP of developer productivity. And she and her team are very much interested in making developers more productive. That's her job. And so we get together because sometimes security can definitely be seen as a blocker. You know, funnily enough, I actually had a Slack that I had to respond to three seconds before I come on here. And it was like, help, we need some help getting this application through procurement, because blah, blah, blah. And it's weird the kind of change, the shift in mindset. Whereas before they might have gone to procurement or HR or someone to ask for this. Now they're coming to the CSO. 'Cause they know if I say yes, it'll go through. >> Talk about social engineering. >> Exactly. >> You were talking about - >> But turn it around though. If I say no, you know, I don't like to say no. I prefer to be the CSO that says yes, but. And so that's what we've done. We've definitely got that culture of ask, we'll tell you the risks, and then you can go away and be innovative and do what you need to do. And we basically do the same with our customers. Here's what you can do. Our application is secure out of the box. Here's how we can help you make it even more, you know, streamlined or bespoke to what you need. >> So mobile was a big inflection point, you know, I dunno, it seems like forever ago. >> 2007. >> 2007. Yeah, iPhone came out in 2007. >> You remember your first iPhone? >> Dave: Yeah. >> Yeah? Same. >> Yeah. It was pretty awesome, actually. >> Yeah, I do too. >> Yeah, I was on the train to Boston going up to see some friends at MIT on the consortium that I worked with. And I had, it was the wee one, 'member? But you thought it was massive. >> Oh, it felt - >> It felt big. And I remember I was sitting on the train to Boston it was like the Estella and there was these people, these two women sitting beside me. And they were all like glam, like you and unlike me. >> Dave: That's awesome. >> And they, you could see them like nudging each other. And I'm being like, I'm just sitting like this. >> You're chilling. >> Like please look at my phone, come on just look at it. Ask me about it. And eventually I'm like - >> You're baiting them. >> nonchalantly laid it on the table. And you know, I'm like, and they're like, is that an iPhone? And I'm like, yeah, you want to see it? >> I thought you'd never ask. >> I know. And I really played with it. And I showed them all the cool stuff, and they're like, oh we're going to buy iPhones. And so I should have probably worked for Apple, but I didn't. >> I was going to say, where was your referral kickback on that? Especially - >> It was a little like Tesla, right? When you first, we first saw Tesla, it was Ray Wong, you know, Ray? From Pasadena? >> It really was a moment and going from the Blackberry keyboard to that - >> He's like want to see my car? And I'm like oh yeah sure, what's the big deal? >> Yeah, then you see it and you're like, ooh. >> Yeah, that really was such a pivotal moment. >> Anyway, so we lost a track, 2007. >> Yeah, what were we talking about? 2007 mobile. >> Mobile. >> Key inflection point, is where you got us here. Thank you. >> I gotchu Dave, I gotchu. >> Bring us back here. My mind needs help right now. Day four. Okay, so - >> We're all getting here on day four, we're - >> I'm socially engineering you to end this, so I can go to bed and die quietly. That's what me and Mary are, we're counting down the minutes. >> Holy. >> That's so sick. >> You're breaking my heart right now. I love it. I'm with you, sis, I'm with you. >> So I dunno where I was, really where I was going with this, but, okay, there's - >> 2007. Three things happened. >> Another inflection point. Okay yeah, tell us what happened. But no, tell us that, but then - >> AWS, clones, 2006. >> Well 2006, 2007. Right, okay. >> 2007, the iPhone, the world blew up. So you've already got this platform ready to take all this data. >> Dave: Right. >> You've got this little slab of gorgeousness called the iPhone, ready to give you all that data. And then MongoDB pops up, it's like, woo-hoo. But what we could offer was, I mean back then was awesome, but it was, we knew that we would have to iterate and grow and grow and grow. So that was kind of the three things that came together in 2007. >> Yeah, and then Cloud came in big time, and now you've got this platform. So what's the next inflection point do you think? >> Oh... >> Good question, Dave. >> Don't even ask me that. >> I mean, is it Edge? Is it IOT? Is there another disruptor out there? >> I think it's going to be artificial intelligence. >> Dave: Is it AI? >> I mean I don't know enough about it to talk about it, to any level, so don't ask me any questions about it. >> This is like one of those ignorance is bliss moments. It feels right. >> Yeah. >> Well, does it scare you, from a security perspective? Or? >> Great question, Dave. >> Yeah, it scares me more from a humanity standpoint. Like - >> More than social scared you? 'Cause social was so benign when it started. >> Oh it was - >> You're like, oh - I remember, >> It was like a yearbook. I was on the Estella and we were - >> Shout out to Amtrak there. >> I was with, we were starting basically a wikibond, it was an open source. >> Yeah, yeah. >> Kind of, you know, technology community. And we saw these and we were like enamored of Facebook. And there were these two young kids on the train, and we were at 'em, we were picking the brain. Do you like Facebook? "I love Facebook." They're like "oh, Facebook's unbelievable." Now, kids today, "I hate Facebook," right? So, but social at the beginning it was kind of, like I say, benign and now everybody's like - >> Savannah: We didn't know what we were getting into. >> Right. >> I know. >> Exactly. >> Can you imagine if you could have seen into the future 20 years ago? Well first of all, we'd have all bought Facebook and Apple stock. >> Savannah: Right. >> And Tesla stock. But apart from, but yeah apart from that. >> Okay, so what about Quantum? Does that scare you at all? >> I think the only thing that scares me about Quantum is we have all this security in place today. And I'm not an expert in Quantum, but we have all this security in place that's securing what we have today. And my worry is, in 10 years, is it still going to be secure? 'Cause we're still going to be using that data in some way, shape, or form. And my question is to the quantum geniuses out there, what do we do in 10 years like to retrofit the stuff? >> Dave: Like a Y2K moment? >> Kind of. Although I think Y2K is coming in 2038, isn't it? When the Linux date flips. I'll be off the grid by then, I'll be living in Scotland. >> Somebody else's problem. >> Somebody else's problem. I'll be with the sheep in Glasgow, in Scotland. >> Y2K was a boondoggle for tech, right? >> What a farce. I mean, that whole - >> I worked in the power industry in Y2K. That was a nightmare. >> Dave: Oh I bet. >> Savannah: Oh my God. >> Yeah, 'cause we just assumed that the world was going to stop and there been no power, and we had nuclear power plants. And it's like holy moly. Yeah. >> More than moly. >> I was going to say, you did a good job holding that other word in. >> I think I was going to, in case my mom hears this. >> I grew up near Diablo Canyon in, in California. So you were, I mean we were legitimately worried that that exactly was going to happen. And what about the waste? And yeah it was chaos. We've covered a lot. >> Well, what does worry you? Like, it is culture? Is it - >> Why are you trying to freak her out? >> No, no, because it's a CSO, trying to get inside the CSO's head. >> You don't think I have enough to worry about? You want to keep piling on? >> Well if it's not Quantum, you know? Maybe it's spiders or like - >> Oh but I like spiders, well spiders are okay. I don't like bridges, that's my biggest fear. Bridges. >> Seriously? >> And I had to drive over the Tappan Zee bridge, which is one of the longest, for 17 years, every day, twice. The last time I drove over it, I was crying my heart out, and happy as anything. >> Stay out of Oakland. >> I've never driven over it since. Stay out of where? >> Stay out of Oakland. >> I'm staying out of anywhere that's got lots of water. 'Cause it'll have bridges. >> Savannah: Well it's good we're here in the desert. >> Exactly. So what scares me? Bridges, there you go. >> Yeah, right. What? >> Well wait a minute. So if I'm bridging technology, is that the scary stuff? >> Oh God, that was not - >> Was it really bad? >> It was really bad. >> Wow. Wow, the puns. >> There's a lot of seems in those bridges. >> It is lit on theCUBE A floor, we are all struggling. I'm curious because I've seen, your team is all over the place here on the show, of course. Your booth has been packed the whole time. >> Lena: Yes. >> The fingerprint. Talk to me about your shirt. >> So, this was designed by my team in house. It is the most wanted swag in the company, because only my security people wear it. So, we make it like, yeah, you could maybe have one, if this turns out well. >> I feel like we're on the right track. >> Dave: If it turns out well. >> Yeah, I just love it. It's so, it's just brilliant. I mean, it's the leaf, it's a fingerprint. It's just brilliant. >> That's why I wanted to call it out. You know, you see a lot of shirts, a lot of swag shirts. Some are really unfortunately sad, or not funny, >> They are. >> or they're just trying too hard. Now there's like, with this one, I thought oh I bet that's clever. >> Lena: It is very cool. Yes, I love it. >> I saw a good one yesterday. >> Yeah? >> We fix shit, 'member? >> Oh yeah, yeah. >> That was pretty good. >> I like when they're >> That's a pretty good one. >> just straightforward, like that, yeah yeah. >> But the only thing with this is when you're say in front of a green screen, you look as though you've got no tummy. >> A portal through your body. >> And so, when we did our first - >> That's a really good point, actually. >> Yeah, it's like the black hole to nothingless. And I'm like wow, that's my soul. >> I was just going to say, I don't want to see my soul like that. I don't want to know. >> But we had to do like, it was just when the pandemic first started, so we had to do our big presentation live announcement from home. And so they shipped us all this camera equipment for home and thank God my partner knows how that works, so he set it all up. And then he had me test with a green screen, and he's like, you have no tummy. I'm like, what the hell are you talking about? He's like, come and see. It's like this, I dunno what it was. So I had to actually go upstairs and felt tip with a magic marker and make it black. >> Wow. >> So that was why I did for two hours on a Friday, yeah. >> Couldn't think of another alternative, huh? >> Well no, 'cause I'm myopic when it comes to marketing and I knew I had to keep the tshirt on, and I just did that. >> Yeah. >> In hindsight, yes I could have worn an "I Fix Shit" tshirt, but I don't think my husband would've been very happy. I secure shit? >> There you go, yeah. >> There you go. >> Over to you, Savannah. >> I was going to say, I got acquainted, I don't know if I can say this, but I'm going to say it 'cause we're here right now. I got acquainted with theCUBE, wearing a shirt that said "Unfuck Kubernetes," 'cause it was a marketing campaign that I was running for one of my clients at Kim Con last year. >> That's so good. >> Yeah, so - >> Oh my God. I'll give you one of these if you get me one of those. >> I can, we can do a swapskee. We can absolutely. >> We need a few edits on this film, on the file. >> Lena: Okay, this is nothing - >> We're fallin' off the wheel. Okay, on that note, I'm going to bring us to our challenge that we discussed, before we got started on this really diverse discussion that we have had in the last 15 minutes. We've covered everything from felt tip markers to nuclear power plants. >> To the darkness of my soul. >> To the darkness of all of our souls. >> All of our souls, yes. >> Which is perhaps a little too accurate, especially at this stage in the conference. You've obviously seen a lot Lena, and you've been rockin' it, I know John was in your suite up here, at at at the Venetian. What's your 30 second hot take? Most important story, coming out of the show or for you all at Mongo this year? >> Genuinely, it was when I learned that two-thirds of the customers that had been mentioned, here, are MongoDB customers. And that just exploded in my head. 'Cause now I'm thinking of all the numbers and the metrics and how we can use that. And I just think it's amazing, so. >> Yeah, congratulations on that. That's awesome. >> Yeah, I thought it was amazing. >> And it makes sense actually, 'cause Mongo so easy to use. We were talking about Tengen. >> We knew you when, I feel that's our like, we - >> Yeah, but it's true. And so, Mongo was just really easy to use. And people are like, ah, it doesn't scale. It's like, turns out it actually does scale. >> Lena: Turns out, it scales pretty well. >> Well Lena, without question, this is my favorite conversation of the show so far. >> Thank you. >> Thank you so much for joining us. >> Thank you very much for having me. >> Dave: Great to see you. >> It's always a pleasure. >> Dave: Thanks Lena. >> Thank you. >> And thank you all, tuning in live, for tolerating wherever we take these conversations. >> Dave: Whatever that was. >> I bet you weren't ready for this one, folks. We're at AWS re:Invent in Las Vegas, Nevada. With Dave Vellante, I'm Savannah Peterson. You're washing theCUBE, the leader for high tech coverage.

>>We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome. Good to see you. >>Hey, good morning Davis. Nice to meet, Meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so a few years ago IT security and an enterprise was primarily putting a wrapper around the data center because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the one small enough control today with the distributed data, intelligent software, different systems, multi-cloud onement and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure. In today's, you know, data driven world, it operates everywhere. And that has created and accessed everywhere so far from, you know, the centralized mono data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation, enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a wrap around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic. They need to be integrated, scalable, one that spans the entire enterprise and with a consistent and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing, changing, destroying, or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape, primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you're thinking about securing network infrastructure, when you are looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say, rules for that metal in a role based access control, whether you are security admin or a network admin or a storage admin. >>And it's imperative that logging is enabled because any of the change to the configuration is actually logged and monitored as well. We talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get und desired results in terms of, say validation of the images. It's, it needs to be done through in digital signature. So, so it's important that when you're talking about say, software integrity, A, you are ensuring that the platform is not compromised, you know, is not compromised, and B, that any upgrades, you know, that happens to the platform is happening through validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i, I think response, but please continue. >>Yeah, so you know, the third myth about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different. You know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And this are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It prides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging of any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like say segmentation isolated segments, I know via vrs or, or some micro segmentation via partners, this allows various level of security for each of those segments. >>So it's important, you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? You know, there are multiple layers of defense, you know, both at the edge and in the network, in the hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. >>If you look at say that you know the different pillars of a zero touch architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trusted platform in a trusted platform models tpms on certain offer products and you know, the physical security know, plain, simple old one lab port enabled from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. If you look at say a transport and a session trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain or telenet or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or a certificate authority based certification. >>And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the VGP peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here in now, you know, it's, it's typical that if you don't have a contra plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. From an application trust perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. >>And I did talk about, say the digital signature and the cryptographic checks and that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about say multitenancy aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift a vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz sec op teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our portfolio, >>It enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the anti fabric and you know, from a deployment and you know, the management of the network infrastructure, there are simplicities, you know, using, you know, like Ansible s for Sonic for example, are, you know, for a better or settle and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and awareness and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic NAS is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center. You now right up to the edge. Now if you look at our north from a smart traffic voice 10 perspective, you know, as I mentioned, we do have smart fabric services which essentially, you know, simplifies the deployment day zero. I mean rather day one, day two deployment expansion plans and the life cycle management of our conversion infrastructure and hyper and hyperconverge infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick pitch me, can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned. We've talking about the physical security, for example, let's say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is validated for the digital signature in know prior to any upgrade process. And if you are looking at secure access control, we do have things like role-based access control, SSH to the switches, control plane access control that pretty do attacks and say access control from multifactor authentication. >>We do have various tech hacks for entry control to the network and things like CSAC and P IV support, you know, from a federal perspective, we do have, say logging wherein, you know, any event, any auditing capabilities can be possible by say, looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say networks, you know, say network separation and you know, these, you know, separation, you know, ensures that that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone. And you know, this can be implemented by a, the micro segmentation, you know, just a plain old wheel are using virtual route of framework vr, for example. >>A lot there. I mean, I think, frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in, in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you can be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the Cube, your leader in enterprise and emerging tech coverage.

>>The cybersecurity landscape continues to be one characterized by a series of point tools designed to do a very specific job, often pretty well, but the mosaic of tooling is grown over the years causing complexity in driving up costs and increasing exposures. So the game of Whackamole continues. Moreover, the way organizations approach security is changing quite dramatically. The cloud, while offering so many advantages, has also created new complexities. The shared responsibility model redefines what the cloud provider secures, for example, the S three bucket and what the customer is responsible for eg properly configuring the bucket. You know, this is all well and good, but because virtually no organization of any size can go all in on a single cloud, that shared responsibility model now spans multiple clouds and with different protocols. Now that of course includes on-prem and edge deployments, making things even more complex. Moreover, the DevOps team is being asked to be the point of execution to implement many aspects of an organization's security strategy. >>This extends to securing the runtime, the platform, and even now containers which can end up anywhere. There's a real need for consolidation in the security industry, and that's part of the answer. We've seen this both in terms of mergers and acquisitions as well as platform plays that cover more and more ground. But the diversity of alternatives and infrastructure implementations continues to boggle the mind with more and more entry points for the attackers. This includes sophisticated supply chain attacks that make it even more difficult to understand how to secure components of a system and how secure those components actually are. The number one challenge CISOs face in today's complex world is lack of talent to address these challenges. And I'm not saying that SecOps pros are not talented, They are. There just aren't enough of them to go around and the adversary is also talented and very creative, and there are more and more of them every day. >>Now, one of the very important roles that a technology vendor can play is to take mundane infrastructure security tasks off the plates of SEC off teams. Specifically we're talking about shifting much of the heavy lifting around securing servers, storage, networking, and other infrastructure and their components onto the technology vendor via r and d and other best practices like supply chain management. And that's what we're here to talk about. Welcome to the second part in our series, A Blueprint for Trusted Infrastructure Made Possible by Dell Technologies and produced by the Cube. My name is Dave Ante and I'm your host now. Previously we looked at what trusted infrastructure means and the role that storage and data protection play in the equation. In this part two of the series, we explore the changing nature of technology infrastructure, how the industry generally in Dell specifically, are adapting to these changes and what is being done to proactively address threats that are increasingly stressing security teams. >>Now today, we continue the discussion and look more deeply into servers networking and hyper-converged infrastructure to better understand the critical aspects of how one company Dell is securing these elements so that dev sec op teams can focus on the myriad new attack vectors and challenges that they faced. First up is Deepak rang Garage Power Edge security product manager at Dell Technologies. And after that we're gonna bring on Mahesh Nagar oim, who was consultant in the networking product management area at Dell. And finally, we're close with Jerome West, who is the product management security lead for HCI hyperconverged infrastructure and converged infrastructure at Dell. Thanks for joining us today. We're thrilled to have you here and hope you enjoy the program. Deepak Arage shoes powered security product manager at Dell Technologies. Deepak, great to have you on the program. Thank you. >>Thank you for having me. >>So we're going through the infrastructure stack and in part one of this series we looked at the landscape overall and how cyber has changed and specifically how Dell thinks about data protection in, in security in a manner that both secures infrastructure and minimizes organizational friction. We also hit on the storage part of the portfolio. So now we want to dig into servers. So my first question is, what are the critical aspects of securing server infrastructure that our audience should be aware of? >>Sure. So if you look at compute in general, right, it has rapidly evolved over the past couple of years, especially with trends toward software defined data centers and with also organizations having to deal with hybrid environments where they have private clouds, public cloud locations, remote offices, and also remote workers. So on top of this, there's also an increase in the complexity of the supply chain itself, right? There are companies who are dealing with hundreds of suppliers as part of their supply chain. So all of this complexity provides a lot of opportunity for attackers because it's expanding the threat surface of what can be attacked, and attacks are becoming more frequent, more severe and more sophisticated. And this has also triggered around in the regulatory and mandates around the security needs. >>And these regulations are not just in the government sector, right? So it extends to critical infrastructure and eventually it also get into the private sector. In addition to this, organizations are also looking at their own internal compliance mandates. And this could be based on the industry in which they're operating in, or it could be their own security postures. And this is the landscape in which servers they're operating today. And given that servers are the foundational blocks of the data center, it becomes extremely important to protect them. And given how complex the modern server platforms are, it's also extremely difficult and it takes a lot of effort. And this means protecting everything from the supply chain to the manufacturing and then eventually the assuring the hardware and software integrity of the platforms and also the operations. And there are very few companies that go to the lens that Dell does in order to secure the server. We truly believe in the notion and the security mentality that, you know, security should enable our customers to go focus on their business and proactively innovate on their business and it should not be a burden to them. And we heavily invest to make that possible for our customers. >>So this is really important because the premise that I set up at the beginning of this was really that I, as of security pro, I'm not a security pro, but if I were, I wouldn't want to be doing all this infrastructure stuff because I now have all these new things I gotta deal with. I want a company like Dell who has the resources to build that security in to deal with the supply chain to ensure the providence, et cetera. So I'm glad you you, you hit on that, but so given what you just said, what does cybersecurity resilience mean from a server perspective? For example, are there specific principles that Dell adheres to that are non-negotiable? Let's say, how does Dell ensure that its customers can trust your server infrastructure? >>Yeah, like when, when it comes to security at Dell, right? It's ingrained in our product, so that's the best way to put it. And security is nonnegotiable, right? It's never an afterthought where we come up with a design and then later on figure out how to go make it secure, right? Our security development life cycle, the products are being designed to counter these threats right from the big. And in addition to that, we are also testing and evaluating these products continuously to identify vulnerabilities. We also have external third party audits which supplement this process. And in addition to this, Dell makes the commitment that we will rapidly respond to any mitigations and vulnerability, any vulnerabilities and exposures found out in the field and provide mitigations and patches for in attacking manner. So this security principle is also built into our server life cycle, right? Every phase of it. >>So we want our products to provide cutting edge capabilities when it comes to security. So as part of that, we are constantly evaluating what our security model is done. We are building on it and continuously improving it. So till a few years ago, our model was primarily based on the N framework of protect, detect and rigor. And it's still aligns really well to that framework, but over the past couple of years, we have seen how computers evolved, how the threads have evolved, and we have also seen the regulatory trends and we recognize the fact that the best security strategy for the modern world is a zero trust approach. And so now when we are building our infrastructure and tools and offerings for customers, first and foremost, they're cyber resilient, right? What we mean by that is they're capable of anticipating threats, withstanding attacks and rapidly recurring from attacks and also adapting to the adverse conditions in which they're deployed. The process of designing these capabilities and identifying these capabilities however, is done through the zero press framework. And that's very important because now we are also anticipating how our customers will end up using these capabilities at there and to enable their own zero trust IT environments and IT zero trusts deployments. We have completely adapted our security approach to make it easier for customers to work with us no matter where they are in their journey towards zero trust option. >>So thank you for that. You mentioned the, this framework, you talked about zero trust. When I think about n I think as well about layered approaches. And when I think about zero trust, I think about if you, if you don't have access to it, you're not getting access, you've gotta earn that, that access and you've got layers and then you still assume that bad guys are gonna get in. So you've gotta detect that and you've gotta response. So server infrastructure security is so fundamental. So my question is, what is Dell providing specifically to, for example, detect anomalies and breaches from unauthorized activity? How do you enable fast and easy or facile recovery from malicious incidents, >>Right? What is that is exactly right, right? Breachers are bound to happen and given how complex our current environment is, it's extremely distributed and extremely connected, right? Data and users are no longer contained with an offices where we can set up a perimeter firewall and say, Yeah, everything within that is good. We can trust everything within it. That's no longer true. The best approach to protect data and infrastructure in the current world is to use a zero trust approach, which uses the principles. Nothing is ever trusted, right? Nothing is trusted implicitly. You're constantly verifying every single user, every single device, and every single access in your system at every single level of your ID environment. And this is the principles that we use on power Edge, right? But with an increased focus on providing granular controls and checks based on the principles of these privileged access. >>So the idea is that service first and foremost need to make sure that the threats never enter and they're rejected at the point of entry, but we recognize breaches are going to occur and if they do, they need to be minimized such that the sphere of damage cost by attacker is minimized so they're not able to move from one part of the network to something else laterally or escalate their privileges and cause more damage, right? So the impact radius for instance, has to be radius. And this is done through features like automated detection capabilities and automation, automated remediation capabilities. So some examples are as part of our end to end boot resilience process, we have what they call a system lockdown, right? We can lock down the configuration of the system and lock on the form versions and all changes to the system. And we have capabilities which automatically detect any drift from that lockdown configuration and we can figure out if the drift was caused to authorized changes or unauthorized changes. >>And if it is an unauthorize change can log it, generate security alerts, and we even have capabilities to automatically roll the firm where, and always versions back to a known good version and also the configurations, right? And this becomes extremely important because as part of zero trust, we need to respond to these things at machine speed and we cannot do it at a human speed. And having these automated capabilities is a big deal when achieving that zero trust strategy. And in addition to this, we also have chassis inclusion detection where if the chassis, the box, the several box is opened up, it logs alerts, and you can figure out even later if there's an AC power cycle, you can go look at the logs to see that the box is opened up and figure out if there was a, like a known authorized access or some malicious actor opening and chain something in your system. >>Great, thank you for that lot. Lot of detail and and appreciate that. I want to go somewhere else now cuz Dell has a renowned supply chain reputation. So what about securing the, the supply chain and the server bill of materials? What does Dell specifically do to track the providence of components it uses in its systems so that when the systems arrive, a customer can be a hundred percent certain that that system hasn't been compromised, >>Right? And we've talked about how complex the modern supply chain is, right? And that's no different for service. We have hundreds of confidence on the server and a lot of these form where in order to be configured and run and this former competence could be coming from third parties suppliers. So now the complexity that we are dealing with like was the end to end approach and that's where Dell pays a lot of attention into assuring the security approach approaching and it starts all the way from sourcing competence, right? And then through the design and then even the manufacturing process where we are wetting the personnel leather factories and wetting the factories itself. And the factories also have physical controls, physical security controls built into them and even shipping, right? We have GPS tagging of packages. So all of this is built to ensure supply chain security. >>But a critical aspect of this is also making sure that the systems which are built in the factories are delivered to the customers without any changes or any tapper. And we have a feature called the secure component verification, which is capable of doing this. What the feature does this, when the system gets built in a factory, it generates an inventory of all the competence in the system and it creates a cryptographic certificate based on the signatures presented to this by the competence. And this certificate is stored separately and sent to the customers separately from the system itself. So once the customers receive the system at their end, they can run out to, it generates an inventory of the competence on the system at their end and then compare it to the golden certificate to make sure nothing was changed. And if any changes are detected, we can figure out if there's an authorized change or unauthorize change. >>Again, authorized changes could be like, you know, upgrades to the drives or memory and ized changes could be any sort of temper. So that's the supply chain aspect of it and bill of metal use is also an important aspect to galing security, right? And we provide a software bill of materials, which is basically a list of ingredients of all the software pieces in the platform. So what it allows our customers to do is quickly take a look at all the different pieces and compare it to the vulnerability database and see if any of the vulner which have been discovered out in the wild affected platform. So that's a quick way of figuring out if the platform has any known vulnerabilities and it has not been patched. >>Excellent. That's really good. My last question is, I wonder if you, you know, give us the sort of summary from your perspective, what are the key strengths of Dell server portfolio from a security standpoint? I'm really interested in, you know, the uniqueness and the strong suit that Dell brings to the table, >>Right? Yeah. We have talked enough about the complexity of the environment and how zero risk is necessary for the modern ID environment, right? And this is integral to Dell powered service. And as part of that like you know, security starts with the supply chain. We already talked about the second component verification, which is a beneath feature that Dell platforms have. And on top of it we also have a silicon place platform mode of trust. So this is a key which is programmed into the silicon on the black service during manufacturing and can never be changed after. And this immutable key is what forms the anchor for creating the chain of trust that is used to verify everything in the platform from the hardware and software integrity to the boot, all pieces of it, right? In addition to that, we also have a host of data protection features. >>Whether it is protecting data at risk in news or inflight, we have self encrypting drives which provides scalable and flexible encryption options. And this couple with external key management provides really good protection for your data address. External key management is important because you know, somebody could physically steam the server walk away, but then the keys are not stored on the server, it stood separately. So that provides your action layer of security. And we also have dual layer encryption where you can compliment the hardware encryption on the secure encrypted drives with software level encryption. Inion to this we have identity and access management features like multifactor authentication, single sign on roles, scope and time based access controls, all of which are critical to enable that granular control and checks for zero trust approach. So I would say like, you know, if you look at the Dell feature set, it's pretty comprehensive and we also have the flexibility built in to meet the needs of all customers no matter where they fall in the spectrum of, you know, risk tolerance and security sensitivity. And we also have the capabilities to meet all the regulatory requirements and compliance requirements. So in a nutshell, I would say that you know, Dell Power Service cyber resident infrastructure helps accelerate zero tested option for customers. >>Got it. So you've really thought this through all the various things that that you would do to sort of make sure that your server infrastructure is secure, not compromised, that your supply chain is secure so that your customers can focus on some of the other things that they have to worry about, which are numerous. Thanks Deepak, appreciate you coming on the cube and participating in the program. >>Thank you for having >>You're welcome. In a moment I'll be back to dig into the networking portion of the infrastructure. Stay with us for more coverage of a blueprint for trusted infrastructure and collaboration with Dell Technologies on the cube, your leader in enterprise and emerging tech coverage. We're back with a blueprint for trusted infrastructure and partnership with Dell Technologies in the cube. And we're here with Mahesh Nager, who is a consultant in the area of networking product management at Dell Technologies. Mahesh, welcome, good to see you. >>Hey, good morning Dell's, nice to meet, meet to you as well. >>Hey, so we've been digging into all the parts of the infrastructure stack and now we're gonna look at the all important networking components. Mahesh, when we think about networking in today's environment, we think about the core data center and we're connecting out to various locations including the cloud and both the near and the far edge. So the question is from Dell's perspective, what's unique and challenging about securing network infrastructure that we should know about? >>Yeah, so few years ago IT security and an enterprise was primarily putting a wrapper around data center out because it was constrained to an infrastructure owned and operated by the enterprise for the most part. So putting a rapid around it like a parameter or a firewall was a sufficient response because you could basically control the environment and data small enough control today with the distributed data, intelligent software, different systems, multi-cloud environment and asset service delivery, you know, the infrastructure for the modern era changes the way to secure the network infrastructure In today's, you know, data driven world, it operates everywhere and data has created and accessed everywhere so far from, you know, the centralized monolithic data centers of the past. The biggest challenge is how do we build the network infrastructure of the modern era that are intelligent with automation enabling maximum flexibility and business agility without any compromise on the security. We believe that in this data era, the security transformation must accompany digital transformation. >>Yeah, that's very good. You talked about a couple of things there. Data by its very nature is distributed. There is no perimeter anymore, so you can't just, as you say, put a rapper around it. I like the way you phrase that. So when you think about cyber security resilience from a networking perspective, how do you define that? In other words, what are the basic principles that you adhere to when thinking about securing network infrastructure for your customers? >>So our belief is that cybersecurity and cybersecurity resilience, they need to be holistic, they need to be integrated, scalable, one that span the entire enterprise and with a co and objective and policy implementation. So cybersecurity needs to span across all the devices and running across any application, whether the application resets on the cloud or anywhere else in the infrastructure. From a networking standpoint, what does it mean? It's again, the same principles, right? You know, in order to prevent the threat actors from accessing changing best destroy or stealing sensitive data, this definition holds good for networking as well. So if you look at it from a networking perspective, it's the ability to protect from and withstand attacks on the networking systems as we continue to evolve. This will also include the ability to adapt and recover from these attacks, which is what cyber resilience aspect is all about. So cybersecurity best practices, as you know, is continuously changing the landscape primarily because the cyber threats also continue to evolve. >>Yeah, got it. So I like that. So it's gotta be integrated, it's gotta be scalable, it's gotta be comprehensive, comprehensive and adaptable. You're saying it can't be static, >>Right? Right. So I think, you know, you had a second part of a question, you know, that says what do we, you know, what are the basic principles? You know, when you think about securing network infrastructure, when you're looking at securing the network infrastructure, it revolves around core security capability of the devices that form the network. And what are these security capabilities? These are access control, software integrity and vulnerability response. When you look at access control, it's to ensure that only the authenticated users are able to access the platform and they're able to access only the kind of the assets that they're authorized to based on their user level. Now accessing a network platform like a switch or a rotor for example, is typically used for say, configuration and management of the networking switch. So user access is based on say roles for that matter in a role based access control, whether you are a security admin or a network admin or a storage admin. >>And it's imperative that logging is enable because any of the change to the configuration is actually logged and monitored as that. Talking about software's integrity, it's the ability to ensure that the software that's running on the system has not been compromised. And, and you know, this is important because it could actually, you know, get hold of the system and you know, you could get UND desire results in terms of say validation of the images. It's, it needs to be done through say digital signature. So, so it's important that when you're talking about say, software integrity, a, you are ensuring that the platform is not compromised, you know, is not compromised and be that any upgrades, you know, that happens to the platform is happening through say validated signature. >>Okay. And now, now you've now, so there's access control, software integrity, and I think you, you've got a third element which is i I think response, but please continue. >>Yeah, so you know, the third one is about civil notability. So we follow the same process that's been followed by the rest of the products within the Dell product family. That's to report or identify, you know, any kind of a vulnerability that's being addressed by the Dell product security incident response team. So the networking portfolio is no different, you know, it follows the same process for identification for tri and for resolution of these vulnerabilities. And these are addressed either through patches or through new reasons via networking software. >>Yeah, got it. Okay. So I mean, you didn't say zero trust, but when you were talking about access control, you're really talking about access to only those assets that people are authorized to access. I know zero trust sometimes is a buzzword, but, but you I think gave it, you know, some clarity there. Software integrity, it's about assurance validation, your digital signature you mentioned and, and that there's been no compromise. And then how you respond to incidents in a standard way that can fit into a security framework. So outstanding description, thank you for that. But then the next question is, how does Dell networking fit into the construct of what we've been talking about Dell trusted infrastructure? >>Okay, so networking is the key element in the Dell trusted infrastructure. It provides the interconnect between the service and the storage world. And you know, it's part of any data center configuration for a trusted infrastructure. The network needs to have access control in place where only the authorized nels are able to make change to the network configuration and logging off any of those changes is also done through the logging capabilities. Additionally, we should also ensure that the configuration should provide network isolation between say the management network and the data traffic network because they need to be separate and distinct from each other. And furthermore, even if you look at the data traffic network and now you have things like segmentation isolated segments and via VRF or, or some micro segmentation via partners, this allows various level of security for each of those segments. So it's important you know, that, that the network infrastructure has the ability, you know, to provide all this, this services from a Dell networking security perspective, right? >>You know, there are multiple layer of defense, you know, both at the edge and in the network in this hardware and in the software and essentially, you know, a set of rules and a configuration that's designed to sort of protect the integrity, confidentiality, and accessibility of the network assets. So each network security layer, it implements policies and controls as I said, you know, including send network segmentation. We do have capabilities sources, centralized management automation and capability and scalability for that matter. Now you add all of these things, you know, with the open networking standards or software, different principles and you essentially, you know, reach to the point where you know, you're looking at zero trust network access, which is essentially sort of a building block for increased cloud adoption. If you look at say that you know the different pillars of a zero trust architecture, you know, if you look at the device aspect, you know, we do have support for security for example, we do have say trust platform in a trusted platform models tpms on certain offer products and you know, the physical security know plain, simple old one love port enable from a user trust perspective, we know it's all done via access control days via role based access control and say capability in order to provide say remote authentication or things like say sticky Mac or Mac learning limit and so on. >>If you look at say a transport and decision trust layer, these are essentially, you know, how do you access, you know, this switch, you know, is it by plain hotel net or is it like secure ssh, right? And you know, when a host communicates, you know, to the switch, we do have things like self-signed or is certificate authority based certification. And one of the important aspect is, you know, in terms of, you know, the routing protocol, the routing protocol, say for example BGP for example, we do have the capability to support MD five authentication between the b g peers so that there is no, you know, manages attack, you know, to the network where the routing table is compromised. And the other aspect is about second control plane is here, you know, you know, it's, it's typical that if you don't have a control plane here, you know, it could be flooded and you know, you know, the switch could be compromised by city denial service attacks. >>From an application test perspective, as I mentioned, you know, we do have, you know, the application specific security rules where you could actually define, you know, the specific security rules based on the specific applications, you know, that are running within the system. And I did talk about, say the digital signature and the cryptographic check that we do for authentication and for, I mean rather for the authenticity and the validation of, you know, of the image and the BS and so on and so forth. Finally, you know, the data trust, we are looking at, you know, the network separation, you know, the network separation could happen or VRF plain old wheel Ls, you know, which can bring about sales multi 10 aspects. We talk about some microsegmentation as it applies to nsx for example. The other aspect is, you know, we do have, with our own smart fabric services that's enabled in a fabric, we have a concept of c cluster security. So all of this, you know, the different pillars, they sort of make up for the zero trust infrastructure for the networking assets of an infrastructure. >>Yeah. So thank you for that. There's a, there's a lot to unpack there. You know, one of the premise, the premise really of this, this, this, this segment that we're setting up in this series is really that everything you just mentioned, or a lot of things you just mentioned used to be the responsibility of the security team. And, and the premise that we're putting forth is that because security teams are so stretched thin, you, you gotta shift the vendor community. Dell specifically is shifting a lot of those tasks to their own r and d and taking care of a lot of that. So, cuz scop teams got a lot of other stuff to, to worry about. So my question relates to things like automation, which can help and scalability, what about those topics as it relates to networking infrastructure? >>Okay, our >>Portfolio, it enables state of the automation software, you know, that enables simplifying of the design. So for example, we do have, you know, you know the fabric design center, you know, a tool that automates the design of the fabric and you know, from a deployment and you know, the management of the network infrastructure that are simplicities, you know, using like Ansible s for Sonic for example are, you know, for a better sit and tell story. You know, we do have smart fabric services that can automate the entire fabric, you know, for a storage solution or for, you know, for one of the workloads for example. Now we do help reduce the complexity by closely integrating the management of the physical and the virtual networking infrastructure. And again, you know, we have those capabilities using Sonic or Smart Traffic services. If you look at Sonic for example, right? >>It delivers automated intent based secure containerized network and it has the ability to provide some network visibility and Avan has and, and all of these things are actually valid, you know, for a modern networking infrastructure. So now if you look at Sonic, you know, it's, you know, the usage of those tools, you know, that are available, you know, within the Sonic no is not restricted, you know, just to the data center infrastructure is, it's a unified no, you know, that's well applicable beyond the data center, you know, right up to the edge. Now if you look at our north from a smart traffic OS 10 perspective, you know, as I mentioned, we do have smart traffic services which essentially, you know, simplifies the deployment day zero, I mean rather day one, day two deployment expansion plans and the lifecycle management of our conversion infrastructure and hyper and hyper conversion infrastructure solutions. And finally, in order to enable say, zero touch deployment, we do have, you know, a VP solution with our SD van capability. So these are, you know, ways by which we bring down the complexity by, you know, enhancing the automation capability using, you know, a singular loss that can expand from a data center now right to the edge. >>Great, thank you for that. Last question real quick, just pitch me, what can you summarize from your point of view, what's the strength of the Dell networking portfolio? >>Okay, so from a Dell networking portfolio, we support capabilities at multiple layers. As I mentioned, we're talking about the physical security for examples, say disabling of the unused interface. Sticky Mac and trusted platform modules are the things that to go after. And when you're talking about say secure boot for example, it delivers the authenticity and the integrity of the OS 10 images at the startup. And Secure Boot also protects the startup configuration so that, you know, the startup configuration file is not compromised. And Secure port also enables the workload of prediction, for example, that is at another aspect of software image integrity validation, you know, wherein the image is data for the digital signature, you know, prior to any upgrade process. And if you are looking at secure access control, we do have things like role based access control, SSH to the switches, control plane access control that pre do tags and say access control from multifactor authentication. >>We do have various tech ads for entry control to the network and things like CSE and PRV support, you know, from a federal perspective we do have say logging wherein, you know, any event, any auditing capabilities can be possible by say looking at the clog service, you know, which are pretty much in our transmitter from the devices overts for example, and last we talked about say network segment, you know, say network separation and you know, these, you know, separation, you know, ensures that are, that is, you know, a contained say segment, you know, for a specific purpose or for the specific zone and, you know, just can be implemented by a, a micro segmentation, you know, just a plain old wheel or using virtual route of framework VR for example. >>A lot there. I mean I think frankly, you know, my takeaway is you guys do the heavy lifting in a very complicated topic. So thank you so much for, for coming on the cube and explaining that in in quite some depth. Really appreciate it. >>Thank you indeed. >>Oh, you're very welcome. Okay, in a moment I'll be back to dig into the hyper-converged infrastructure part of the portfolio and look at how when you enter the world of software defined where you're controlling servers and storage and networks via software led system, you could be sure that your infrastructure is trusted and secure. You're watching a blueprint for trusted infrastructure made possible by Dell Technologies and collaboration with the cube, your leader in enterprise and emerging tech coverage, your own west product management security lead at for HCI at Dell Technologies hyper-converged infrastructure. Jerome, welcome. >>Thank you Dave. >>Hey Jerome, in this series of blueprint for trusted infrastructure, we've been digging into the different parts of the infrastructure stack, including storage servers and networking, and now we want to cover hyperconverged infrastructure. So my first question is, what's unique about HCI that presents specific security challenges? What do we need to know? >>So what's unique about hyper-converge infrastructure is the breadth of the security challenge. We can't simply focus on a single type of IT system. So like a server or storage system or a virtualization piece of software, software. I mean HCI is all of those things. So luckily we have excellent partners like VMware, Microsoft, and internal partners like the Dell Power Edge team, the Dell storage team, the Dell networking team, and on and on. These partnerships in these collaborations are what make us successful from a security standpoint. So let me give you an example to illustrate. In the recent past we're seeing growing scope and sophistication in supply chain attacks. This mean an attacker is going to attack your software supply chain upstream so that hopefully a piece of code, malicious code that wasn't identified early in the software supply chain is distributed like a large player, like a VMware or Microsoft or a Dell. So to confront this kind of sophisticated hard to defeat problem, we need short term solutions and we need long term solutions as well. >>So for the short term solution, the obvious thing to do is to patch the vulnerability. The complexity is for our HCI portfolio. We build our software on VMware, so we would have to consume a patch that VMware would produce and provide it to our customers in a timely manner. Luckily VX rail's engineering team has co engineered a release process with VMware that significantly shortens our development life cycle so that VMware would produce a patch and within 14 days we will integrate our own code with the VMware release we will have tested and validated the update and we will give an update to our customers within 14 days of that VMware release. That as a result of this kind of rapid development process, VHA had over 40 releases of software updates last year for a longer term solution. We're partnering with VMware and others to develop a software bill of materials. We work with VMware to consume their software manifest, including their upstream vendors and their open source providers to have a comprehensive list of software components. Then we aren't caught off guard by an unforeseen vulnerability and we're more able to easily detect where the software problem lies so that we can quickly address it. So these are the kind of relationships and solutions that we can co engineer with effective collaborations with our, with our partners. >>Great, thank you for that. That description. So if I had to define what cybersecurity resilience means to HCI or converged infrastructure, and to me my takeaway was you gotta have a short term instant patch solution and then you gotta do an integration in a very short time, you know, two weeks to then have that integration done. And then longer term you have to have a software bill of materials so that you can ensure the providence of all the components help us. Is that a right way to think about cybersecurity resilience? Do you have, you know, a additives to that definition? >>I do. I really think that's site cybersecurity and resilience for hci because like I said, it has sort of unprecedented breadth across our portfolio. It's not a single thing, it's a bit of everything. So really the strength or the secret sauce is to combine all the solutions that our partner develops while integrating them with our own layer. So let me, let me give you an example. So hci, it's a, basically taking a software abstraction of hardware functionality and implementing it into something called the virtualized layer. It's basically the virtual virtualizing hardware functionality, like say a storage controller, you could implement it in hardware, but for hci, for example, in our VX rail portfolio, we, our Vxl product, we integrated it into a product called vsan, which is provided by our partner VMware. So that portfolio of strength is still, you know, through our, through our partnerships. >>So what we do, we integrate these, these security functionality and features in into our product. So our partnership grows to our ecosystem through products like VMware, products like nsx, Horizon, Carbon Black and vSphere. All of them integrate seamlessly with VMware and we also leverage VMware's software, part software partnerships on top of that. So for example, VX supports multifactor authentication through vSphere integration with something called Active Directory Federation services for adfs. So there's a lot of providers that support adfs including Microsoft Azure. So now we can support a wide array of identity providers such as Off Zero or I mentioned Azure or Active Directory through that partnership. So we can leverage all of our partners partnerships as well. So there's sort of a second layer. So being able to secure all of that, that provides a lot of options and flexibility for our customers. So basically to summarize my my answer, we consume all of the security advantages of our partners, but we also expand on them to make a product that is comprehensively secured at multiple layers from the hardware layer that's provided by Dell through Power Edge to the hyper-converged software that we build ourselves to the virtualization layer that we get through our partnerships with Microsoft and VMware. >>Great, I mean that's super helpful. You've mentioned nsx, Horizon, Carbon Black, all the, you know, the VMware component OTH zero, which the developers are gonna love. You got Azure identity, so it's really an ecosystem. So you may have actually answered my next question, but I'm gonna ask it anyway cuz you've got this software defined environment and you're managing servers and networking and storage with this software led approach, how do you ensure that the entire system is secure end to end? >>That's a really great question. So the, the answer is we do testing and validation as part of the engineering process. It's not just bolted on at the end. So when we do, for example, VxRail is the market's only co engineered solution with VMware, other vendors sell VMware as a hyper converged solution, but we actually include security as part of the co-engineering process with VMware. So it's considered when VMware builds their code and their process dovetails with ours because we have a secure development life cycle, which other products might talk about in their discussions with you that we integrate into our engineering life cycle. So because we follow the same framework, all of the, all of the codes should interoperate from a security standpoint. And so when we do our final validation testing when we do a software release, we're already halfway there in ensuring that all these features will give the customers what we promised. >>That's great. All right, let's, let's close pitch me, what would you say is the strong suit summarize the, the strengths of the Dell hyper-converged infrastructure and converged infrastructure portfolio specifically from a security perspective? Jerome? >>So I talked about how hyper hyper-converged infrastructure simplifies security management because basically you're gonna take all of these features that are abstracted in in hardware, they're now abstracted in the virtualization layer. Now you can manage them from a single point of view, whether it would be, say, you know, in for VX rail would be b be center, for example. So by abstracting all this, you make it very easy to manage security and highly flexible because now you don't have limitations around a single vendor. You have a multiple array of choices and partnerships to select. So I would say that is the, the key to making it to hci. Now, what makes Dell the market leader in HCI is not only do we have that functionality, but we also make it exceptionally useful to you because it's co engineered, it's not bolted on. So I gave the example of spo, I gave the example of how we, we modify our software release process with VMware to make it very responsive. >>A couple of other features that we have specific just to HCI are digitally signed LCM updates. This is an example of a feature that we have that's only exclusive to Dell that's not done through a partnership. So we digitally signed our software updates so the user can be sure that the, the update that they're installing into their system is an authentic and unmodified product. So we give it a Dell signature that's invalidated prior to installation. So not only do we consume the features that others develop in a seamless and fully validated way, but we also bolt on our own a specific HCI security features that work with all the other partnerships and give the user an exceptional security experience. So for, for example, the benefit to the customer is you don't have to create a complicated security framework that's hard for your users to use and it's hard for your system administrators to manage it all comes in a package. So it, it can be all managed through vCenter, for example, or, and then the specific hyper, hyper-converged functions can be managed through VxRail manager or through STDC manager. So there's very few pains of glass that the, the administrator or user ever has to worry about. It's all self contained and manageable. >>That makes a lot of sense. So you've got your own infrastructure, you're applying your best practices to that, like the digital signatures, you've got your ecosystem, you're doing co-engineering with the ecosystems, delivering security in a package, minimizing the complexity at the infrastructure level. The reason Jerome, this is so important is because SecOps teams, you know, they gotta deal with cloud security, they gotta deal with multiple clouds. Now they have their shared responsibility model going across multiple cl. They got all this other stuff that they have to worry, they gotta secure the containers and the run time and and, and, and, and the platform and so forth. So they're being asked to do other things. If they have to worry about all the things that you just mentioned, they'll never get, you know, the, the securities is gonna get worse. So what my takeaway is, you're removing that infrastructure piece and saying, Okay guys, you now can focus on those other things that is not necessarily Dell's, you know, domain, but you, you know, you can work with other partners to and your own teams to really nail that. Is that a fair summary? >>I think that is a fair summary because absolutely the worst thing you can do from a security perspective is provide a feature that's so unusable that the administrator disables it or other key security features. So when I work with my partners to define, to define and develop a new security feature, the thing I keep foremost in mind is, will this be something our users want to use and our administrators want to administer? Because if it's not, if it's something that's too difficult or onerous or complex, then I try to find ways to make it more user friendly and practical. And this is a challenge sometimes because we are, our products operate in highly regulated environments and sometimes they have to have certain rules and certain configurations that aren't the most user friendly or management friendly. So I, I put a lot of effort into thinking about how can we make this feature useful while still complying with all the regulations that we have to comply with. And by the way, we're very successful in a highly regulated space. We sell a lot of VxRail, for example, into the Department of Defense and banks and, and other highly regulated environments and we're very successful there. >>Excellent. Okay, Jerome, thanks. We're gonna leave it there for now. I'd love to have you back to talk about the progress that you're making down the road. Things always, you know, advance in the tech industry and so would appreciate that. >>I would look forward to it. Thank you very much, Dave. >>You're really welcome. In a moment I'll be back to summarize the program and offer some resources that can help you on your journey to secure your enterprise infrastructure. I wanna thank our guests for their contributions in helping us understand how investments by a company like Dell can both reduce the need for dev sec up teams to worry about some of the more fundamental security issues around infrastructure and have greater confidence in the quality providence and data protection designed in to core infrastructure like servers, storage, networking, and hyper-converged systems. You know, at the end of the day, whether your workloads are in the cloud, on prem or at the edge, you are responsible for your own security. But vendor r and d and vendor process must play an important role in easing the burden faced by security devs and operation teams. And on behalf of the cube production content and social teams as well as Dell Technologies, we want to thank you for watching a blueprint for trusted infrastructure. Remember part one of this series as well as all the videos associated with this program and of course today's program are available on demand@thecube.net with additional coverage@siliconangle.com. And you can go to dell.com/security solutions dell.com/security solutions to learn more about Dell's approach to securing infrastructure. And there's tons of additional resources that can help you on your journey. This is Dave Valante for the Cube, your leader in enterprise and emerging tech coverage. We'll see you next time.

(upbeat music) >> Welcome back to San Francisco, "theCUBE" is live, our day two coverage of VMware Explore 2022 continues. Lisa Martin with Dave Nicholson. Dave and I are pleased to welcome Jason Collier, principal member of technical staff at AMD to the program. Jason, it's great to have you. >> Thank you, it's great to be here. >> So what's going on at AMD? I hear you have some juicy stuff to talk about. >> Oh, we've got a ton of juicy stuff to talk about. Clearly the Project Monterey announcement was big for us, so we've got that to talk about. Another thing that I really wanted to talk about was a tool that we created and we call it, it's the VMware Architecture Migration Tool, call it VAMT for short. It's a tool that we created and we worked together with VMware and some of their professional services crew to actually develop this tool. And it is also an open source based tool. And really the primary purpose is to easily enable you to move from one CPU architecture to another CPU architecture, and do that in a cold migration fashion. >> So we're probably not talking about CPUs from Tandy, Radio Shack systems, likely this would be what we might refer to as other X86 systems. >> Other X86 systems is a good way to refer to it. >> So it's interesting timing for the development and the release of a tool like this, because in this sort of X86 universe, there are players who have been delayed in terms of delivering their next gen stuff. My understanding is AMD has been public with the idea that they're on track for by the end of the year, Genoa, next gen architecture. So can you imagine a situation where someone has an existing set of infrastructure and they're like, hey, you know what I want to get on board, the AMD train, is this something they can use from the VMware environment? >> Absolutely, and when you think about- >> Tell us exactly what that would look like, walk us through 100 servers, VMware, 1000 VMs, just to make the math easy. What do you do? How does it work? >> So one, there's several things that the tool can do, we actually went through, the design process was quite extensive on this. And we went through all of the planning phases that you need to go through to do these VM migrations. Now this has to be a cold migration, it's not a live migration. You can't do that between the CPU architectures. But what we do is you create a list of all of the virtual machines that you want to migrate. So we take this CSV file, we import this CSV file, and we ask for things like, okay, what's the name? Where do you want to migrate it to? So from one cluster to another, what do you want to migrate it to? What are the networks that you want to move it to? And then the storage platform. So we can move storage, it could either be shared storage, or we could move say from VSAN to VSAN, however you want to set it up. So it will do those storage migrations as well. And then what happens is it's actually going to go through, it's going to shut down the VM, it's going to take a snapshot, it is going to then basically move the compute and/or storage resources over. And once it does that, it's going to power 'em back up. And it's going to check, we've got some validation tools, where it's going to make sure VM Tools comes back up where everything is copacetic, it didn't blue screen or anything like that. And once it comes back up, then everything's good, it moves onto the next one. Now a couple of things that we've got feature wise, we built into it. You can parallelize these tasks. So you can say, how many of these machines do you want to do at any given time? So it could be, say 10 machines, 50 machines, 100 machines at a time, that you want to go through and do this move. Now, if it did blue screen, it will actually roll it back to that snapshot on the origin cluster. So that there is some protection on that. A couple other things that are actually in there are things like audit tracking. So we do full audit logging on this stuff, we take a snapshot, there's basically kind of an audit trail of what happens. There's also full logging, SYS logging, and then also we'll do email reporting. So you can say, run this and then shoot me a report when this is over. Now, one other cool thing is you can also actually define a change window. So I don't want to do this in the middle of the afternoon on a Tuesday. So I want to do this later at night, over the weekend, you can actually just queue this up, set it, schedule it, it'll run. You can also define how long you want that change window to be. And what it'll do, it'll do as many as it can, then it'll effectively stop, finish up, clean up the tasks and then send you a report on what all was successfully moved. >> Okay, I'm going to go down the rabbit hole a little bit on this, 'cause I think it's important. And if I say something incorrect, you correct me. >> No problem. >> In terms of my technical understanding. >> I got you. >> So you've got a VM, essentially a virtual machine typically will consist of an entire operating system within that virtual machine. So there's a construct that containerizes, if you will, the operating system, what is the difference, where is the difference in the instruction set? Where does it lie? Is it in the OS' interaction with the CPU or is it between the construct that is the sort of wrapper around the VM that is the difference? >> It's really primarily the OS, right? And we've not really had too many issues doing this and most of the time, what is going to happen, that OS is going to boot up, it's going to recognize the architecture that it's on, it's going to see the underlying architecture, and boot up. All the major operating systems that we test worked fine. I mean, typically they're going to work on all the X86 platforms. But there might be instruction sets that are kind of enabled in one architecture that may not be in another architecture. >> And you're looking for that during this process. >> Well usually the OS itself is going to kind of detect that. So if it pops up, the one thing that is kind of a caution that you need to look for. If you've got an application that's explicitly using an instruction set that's on one CPU vendor and not the other CPU vendor. That's the one thing where you're probably going to see some application differences. That said, it'll probably be compatible, but you may not get that instruction set advantage in it. >> But this tool remediates against that. >> Yeah, and what we do, we're actually using VM Tools itself to go through and validate a lot of those components. So we'll look and make sure VM Tools is enabled in the first place, on the source system. And then when it gets to the destination system, we also look at VM Tools to see what is and what is not enabled. >> Okay, I'm going to put you on the spot here. What's the zinger, where doesn't it work? You already said cold, we understand, you can schedule for cold migrations, that's not a zinger. What's the zinger, where doesn't it work? >> It doesn't work like, live migrations just don't work. >> No live, okay, okay, no live. What about something else? What's the oh, you've got that version, you've got that version of X86 architecture, it-won't work, anything? >> A majority of those cases work, where it would fail, where it's going to kick back and say, hey, VM Tools is not installed. So where you would see this is if you're running a virtual appliance from some vendor, like insert vendor here that say, got a firewall, or got something like that, and they don't have VM Tools enabled. It's going to fail it out of the gate, and say, hey, VM Tools is not on this, you might want to manually do it. >> But you can figure out how to fix that? >> You can figure out how to do that. You can also, and there's a flag in there, so in kind of the options that you give it, you say, ignore VM Tools, don't care, move it anyway. So if you've got less, some VMs that are in there, but they're not a priority VM, then it's going to migrate just fine. >> Got It. >> Can you elaborate a little bit on the joint development work that AMD and VMware are doing together and the value in it for customers? >> Yeah, so it's one of those things we worked with VMware to basically produce this open source tool. So we did a lot of the core component and design and we actually engaged VMware Professional Services. And a big shout out to Austin Browder. He helped us a ton in this project specifically. And we basically worked, we created this, kind of co-designed, what it was going to look like. And then jointly worked together on the coding, of pulling this thing together. And then after that, and this is actually posted up on VMware's public repos now in GitHub. So you can go to GitHub, you can go to the VMware samples code, and you can download this thing that we've created. And it's really built to help ease migrations from one architecture to another. So if you're looking for a big data center move and you got a bunch of VMs to move. I mean, even if it's same architecture to same architecture, it's definitely going to ease the pain of going through and doing a migration of, it's one thing when you're doing 10 machines, but when you're doing 10,000 virtual machines, that's a different story. It gets to be quite operationally inefficient. >> I lose track after three. >> Yeah. >> So I'm good for three, not four. >> I was going to ask you what your target market segment is here. Expand on that a little bit and talk to me about who you're working with and those organizations. >> So really this is targeted toward organizations that have large deployments in enterprise, but also I think this is a big play with channel partners as well. So folks out there in the channel that are doing these migrations and they do a lot of these, when you're thinking about the small and mid-size organizations, it's a great fit for that. Especially if they're kind of doing that upgrade, the lift and shift upgrade, from here's where you've been five to seven years on an architecture and you want to move to a new architecture. This is really going to help. And this is not a point and click GUI kind of thing. It's command line driven, it's using PowerShell, we're using PowerCLI to do the majority of this work. And for channel partners, this is an excellent opportunity to put the value and the value add and VAR, And there's a lot of opportunity for, I think, channel partners to really go and take this. And once again, being open source. We expect this to be extensible, we want the community to contribute and put back into this to basically help grow it and make it a more useful tool for doing these cold migrations between CPU architectures. >> Have you seen any in the last couple of years of dynamics, obviously across the world, any industries in particular that are really leading edge for what you guys are doing? >> Yeah, that's really, really interesting. I mean, we've seen it, it's honestly been a very horizontal problem, pretty much across all vertical markets. I mean, we've seen it in financial services, we've seen it in, honestly, pretty much across the board. Manufacturing, financial services, healthcare, we have seen kind of a strong interest in that. And then also we we've actually taken this and presented this to some of our channel partners as well. And there's been a lot of interest in it. I think we presented it to about 30 different channel partners, a couple of weeks back about this. And I got contact from 30 different channel partners that said they're interested in basically helping us work on it. >> Tagging on to Lisa's question, do you have visibility into the AMD thought process around the timing of your next gen release versus others that are competitors in the marketplace? How you might leverage that in terms of programs where partners are going out and saying, hey, perfect time, you need a refresh, perfect time to look at AMD, if you haven't looked at them recently. Do you have any insight into that in what's going on? I know you're focused on this area. But what are your thoughts on, well, what's the buzz? What's the buzz inside AMD on that? >> Well, when you look overall, if you look at the Gartner Hype Cycle, when VMware was being broadly adopted, when VMware was being broadly adopted, I'm going to be blunt, and I'm going to be honest right here, AMD didn't have a horse in the race. And the majority of those VMware deployments we see are not running on AMD. Now that said, there's an extreme interest in the fact that we've got these very cored in systems that are now coming up on, now you're at that five to seven year refresh window of pulling in new hardware. And we have extremely attractive hardware when it comes to running virtualized workloads. The test cluster that I'm running at home, I've got that five to seven year old gear, and I've got some of the, even just the Milan systems that we've got. And I've got three nodes of another architecture going onto AMD. And when I got these three nodes completely maxed to the number of VMs that I can run on 'em, I'm at a quarter of the capacity of what I'm putting on the new stuff. So what you get is, I mean, we worked the numbers, and it's definitely, it's like a 30% decrease in the amount of resources that you need. >> That's a compelling number. >> It's a compelling number. >> 5%, 10%, nobody's going to do anything for that. You talk 30%. >> 30%. It's meaningful, it's meaningful. Now you you're out of Austin, right? >> Yes. >> So first thing I thought of when you talk about running clusters in your home is the cost of electricity, but you're okay. >> I'm okay. >> You don't live here, you don't live here, you don't need to worry about that. >> I'm okay. >> Do you have a favorite customer example that you think really articulates the value of AMD when you're in customer conversations and they go, why AMD and you hit back with this? >> Yeah. Actually it's funny because I had a conversation like that last night, kind of random person I met later on in the evening. We were going through this discussion and they were facing exactly this problem. They had that five to seven year infrastructure. It's funny, because the guy was a gamer too, and he's like, man, I've always been a big AMD fan, I love the CPUs all the way since back in basically the Opterons and Athlons right. He's like, I've always loved the AMD systems, loved the graphics cards. And now with what we're doing with Ryzen and all that stuff. He's always been a big AMD fan. He's like, and I'm going through doing my infrastructure refresh. And I told him, I'm just like, well, hey, talk to your VAR and have 'em plug some AMD SKUs in there from the Dells, HPs and Lenovos. And then we've got this tool to basically help make that migration easier on you. And so once we had that discussion and it was great, then he swung by the booth today and I was able to just go over, hey, this is the tool, this is how you use it, here's all the info. Call me if you need any help. >> Yeah, when we were talking earlier, we learned that you were at Scale. So what are you liking about AMD? How does that relate? >> The funny thing is this is actually the first time in my career that I've actually had a job where I didn't work for myself. I've been doing venture backed startups the last 25 years and we've raised couple hundred million dollars worth of investment over the years. And so one, I figured, here I am going to AMD, a larger corporation. I'm just like, am I going to be able to make it a year? And I have been here longer than a year and I absolutely love it. The culture at AMD is amazing. We still have that really, I mean, almost it's like that underdog mentality within the organization. And the team that I'm working with is a phenomenal team. And it's actually, our EVP and our Corp VP, were actually my executive sponsors, we were at a prior company. They were one of my executive sponsors when I was at Scale. And so my now VP boss calls me up and says, hey, I'm putting a band together, are you interested? And I was kind of enjoying a semi-retirement lifestyle. And then I'm just like, man, because it's you, yes, I am interested. And the group that we're in, the work that we're doing, the way that we're really focusing on forward looking things that are affecting the data center, what's going to be the data center like three to five years from now. It's exciting, and I am having a blast, I'm having the time of my life. I absolutely love it. >> Well, that relationship and the trust that you will have with each other, that bleeds into the customer conversations, the partner conversations, the employee conversations, it's all inextricably linked. >> Yes it is. >> And we want to know, you said three to five years out, like what? Like what? Just general futurist stuff, where do you think this is going. >> Well, it's interesting. >> So moon collides with the earth in 2025, we already know that. >> So we dialed this back to the Pensando acquisition. When you look at the Pensando acquisition and you look at basically where data centers are today, but then you look at where basically the big hyperscalers are. You look at an AWS, you look at their architecture, you specifically wrap Nitro around that, that's a very different architecture than what's being run in the data center. And when you look at what Pensando does, that's a lot of starting to bring what these real clouds out there, what these big hyperscalers are running into the grasps of the data center. And so I think you're going to see a fundamental shift. The next 10 years are going to be exciting because the way you look at a data center now, when you think of what CPUs do, what shared storage, how the networking is all set up, it ain't going to look the same. >> Okay, so the competing vision with that, to play devil's advocate, would be DPUs are kind of expensive. Why don't we just use NICs, give 'em some more bandwidth, and use the cheapest stuff. That's the competing vision. >> That could be. >> Or the alternative vision, and I imagine everything else we've experienced in our careers, they will run in parallel paths, fit for function. >> Well, parallel paths always exist, right? Otherwise, 'cause you know how many times you've heard mainframe's dead, tape's dead, spinning disk is dead. None of 'em dead, right? The reality is you get to a point within an industry where it basically goes from instead of a growth curve like that, it goes to a growth curve of like that, it's pretty flat. So from a revenue growth perspective, I don't think you're going to see the revenue growth there. I think you're going to see the revenue growth in DPUs. And when you actually take, they may be expensive now, but you look at what Monterey's doing and you look at the way that those DPUs are getting integrated in at the OEM level. It's going to be a part of it. You're going to order your VxRail and VSAN style boxes, they're going to come with them. It's going to be an integrated component. Because when you start to offload things off the CPU, you've driven your overall utilization up. When you don't have to process NSX on basically the X86, you've just freed up cores and a considerable amount of them. And you've also moved that to where there's a more intelligent place for that pack to be processed right, out here on this edge. 'Cause you know what, that might not need to go into the host bus at all. So you have just alleviated any transfers over a PCI bus, over the PCI lanes, into DRAM, all of these components, when you're like, but all to come with, oh, that bit needs to be on this other machine. So now it's coming in and it's making that decision there. And then you take and integrate that into things like the Aruba Smart Switch, that's running the Pensando technology. So now you got top of rack that is already making those intelligent routing decisions on where packets really need to go. >> Jason, thank you so much for joining us. I know you guys could keep talking. >> No, I was going to say, you're going to have to come back. You're going to have to come back. >> We've just started to peel the layers of the onion, but we really appreciate you coming by the show, talking about what AMD and VMware are doing, what you're enabling customers to achieve. Sounds like there's a lot of tailwind behind you. That's awesome. >> Yeah. >> Great stuff, thank you. >> It's a great time to be at AMD, I can tell you that. >> Oh, that's good to hear, we like it. Well, thank you again for joining us, we appreciate it. For our guest and Dave Nicholson, I'm Lisa Martin. You're watching "theCUBE Live" from San Francisco, VMware Explore 2022. We'll be back with our next guest in just a minute. (upbeat music)

(upbeat music) >> Good afternoon. theCUBE is live at VMware Explorer. Lisa Martin here in San Francisco with Dave Nicholson. This is our second day of coverage talking all things VMware and it's ecosystem. We're excited to welcome from DXC Technology, James Bion, Hybrid Cloud and Multi Cloud Offering manager to have a conversation next. Welcome to the program. >> Thank you very much. >> Welcome. >> Talk to us a little bit about before we get into the VMware partnership, what's new at DXC? What's going on? >> So DXC is really evolving and revitalizing into more of a cloud orientated company. So we're already driving change in our customers at the moment. We take them on that cloud journey, but we're taking them in the right way, in a structured mannered way. So we are really excited about it, we're kicking off our Cloud First type, Cloud Right sort of story and helping customers on that journey. >> Yesterday in the keynote, VMware was talking about customers are on this Cloud chaos phase, they want to get to Cloud Smart. You're saying they want to get to Cloud Right. Talk to us about what DXC Cloud Right is, what does it mean? What does it enable businesses to achieve? >> That's a very good question. So DXC has come up with this concept of Cloud Right, we looked at it from a services and outcome. So what do customers want to achieve? And how do we get it successfully? This is not a technology conversation, this is about putting the right workloads at the right place, at the right time, at the right cost to get the right value for your business. It's not about just doing it for the sake of doing it, okay. There's a lot of changes it's not technology only you've got to change how people operate. You've got to work through the organizational change. You need to ensure that you have the right security in place to maintain it. And it's about value, really about value proposition. So we don't just focus on cost, we focus on operations of it, we focus on security of it. We focus on ensuring the value proposition of it and putting not just for one Cloud, it's the right place. Big focus on Hybrid and Multi Cloud solutions in particular, we're very excited about what's happening with VMware Cloud on maybe AWS or et cetera because we see there a real dynamic change for our customers where they can transition across to the right Cloud services, at the right time, at the right place, but minimal disruption to the actual operation of their business. Very easy to move a workload into that place using the same skilled resources, the same tools, the same environment that you have had for many years, the same SLAs. Customers don't want a variance in their SLAs, they just want an outcome at a right price and the right time. >> Right, what are some of the things going on with the VMware partnership and anything you know, here we are at this the event called the theme is "The Center of the Multi Cloud Universe", which I keep saying sounds like a Marvel movie, I think there needs to be some superheroes here. But how is DXC working with VMware to help customers that are in Multi Cloud by default, not by design? >> That's a very good one. So DXC works jointly with VMware for more than a thousand clients out there. Wide diversity of different clients. We go to market together, we work collaboratively to put roadmaps in place for our clients, it's a unified team. On top of that, we have an extremely good VMware practice, joint working VMware team working directly with DXC dedicated resources and we deliver real value for clients. For example, we have a customer experience zone, we have a customer innovation zone so we can run proof of concepts on all the different VMware technologies for customers. If they want to try something different, try and push the boundaries a little bit with the VMware products, we can do that for them. But at the end of the day we deliver outcome based services. We are not there to deliver a piece of software, but a technology which show the customer the value of the service that they've been receiving within that. So we bring the VMware fantastic technologies in and then we bring the DXC managed services which we do so well and we look after our customers and do the right thing for our customers. >> So what does the go-to market strategy look like from a DXC perspective? We say that there are a finite number of strategic seats at the customer table. DXC has longstanding deep relationships with customers, so does VMware and probably over a shorter period of time, the Hyper scale Cloud Providers. How are you approaching these relationships with customers? Is it you bringing in your friends from the cloud? Is it the cloud bringing in their friend DXC? What does it look like? >> So we have relationships with all of them, but were agnostic. So we are the people who bring it all together into that unified platform and services that the customers expect. VMware will bring us certainly to the table and we'll bring VMware to the table. Equally, we work very collaboratively with all the cloud providers and we work in deals together. They bring us deals, we bring them deals. So it works extremely well from that perspective, but of course it's a multi-cloud world these days. We don't just deal with one cloud provider, we'll normally have all of the different services to find the right place for our customers. >> Now, one thing that that's been mentioned from DXC is this idea that Cloud First which has been sort of a mantra that scores you points if you're a CIO lately, maybe that's not the best way to wake up in the morning. Why not saying, Cloud First? >> So we have a lot of clients who who've tried that Cloud First journey and they've aggressively taken on migration of workloads. And now that they've settled in a few of those they're discovering maybe the ROI isn't quite what they expected it was going to be. That transformation takes a long time, a very long time. We've seen some of the numbers around averaging a hundred apps can take up to seven years to transition and transform, that's a long time. It makes you almost less agile by doing the transformation quite ironically. So DXC's Cloud Right program really helps you to ensure that you assess those workloads correctly, you target the ones that are going to give you the best business value, possibly the best return on investment using our Cloud and advisory practice to do that. And then obviously off the back of that we've got our migration teams and our run services and our application modernization factories and our application platforms for that. So DXC Cloud Right can certainly help our customers on that journey and get that sort of Hybrid Multi Cloud solution that suits their particular outcomes, not just one Cloud provider. >> So Cloud Right isn't just Cloud migration? >> No. >> People sometimes confuse digital transformation with Cloud migration. >> Correct. >> So to be clear Cloud Right and DXC has the ability to work with customers on not just, oh, here, this is how we box it up and ship it out, but what makes sense to box up and ship out. >> Correct, and it's all about that whole end to end life cycle. Remember, this is not just a technology conversation, this is an end to end business conversation. It's the outcomes are important, not the technology. That's why you have good partners like DXC who will help you on that technology journey. >> Let's talk about in the dynamics of the market the last couple of years, we saw so many customers in every industry race to the Cloud, race to digitally transform. You bring up a good point of people interchangeably talking about digital transformation, Cloud migration, but we saw the massive adoption of SaaS technologies. What are you seeing? Are you seeing customers in that sort of Cloud chaos as VMware calls it? That you're coming in with the Cloud Right approach saying, let's actually figure out, you may have done this because of the pandemic maybe it was accelerated, you needed to facilitate collaboration or whatnot, but actually this is the right approach. Are you seeing a lot of customers in that situation? >> We are certainly seeing some customers going into that chaos world. Some of them are still in the early stages of their journey and are taking a more cautious step towards in particular, the companies that would die on systems to be up available all the time. Others have gone too far, the other are in extreme are in the chaos world. And our Cloud Right program will certainly help them to pull their chaos back in, identify what workloads are potentially running in the wrong place, get the framework in place for ensuring that security and governance is in place. Ensuring that we don't have a cost spend blowout in particular, make sure that security is key to everything that we do and operations is key to everything we do. We have our own intelligent Platform X, it's called, our service management platform which is really the engine that sits behind our delivery mechanism. And that's got a whole lot of AI analytics engines in there to identify things and proactively identify workload placements, workload repairs, scripting, and hyper automation behind that too, to keep available here and there. And that's really some of our Cloud Right story, it's not just sorting out the mess, it's sorting out and then running it for you in the right way. >> So what does a typical, a customer engagement look like for a customer in that situation? >> So we would obviously engage our client right advisory team and they would come in and sit down with your application owners, sit down with the business units, identify what success needs to look like. They do all the discovery, they'll run it through our engines to identify what workloads are in the right place, should go to the right place. Just 'cause you can do something doesn't mean you should do something and that's an important thing. So we will come back with that and say, this is where I think your cloud roadmap journey should be. And obviously that takes an intuitive process, but we then can pick off the key topics early at the right time and that low hanging fruit that's really going to drive that value for the customer. >> And where are your customer conversations these days? I mean from a Cloud perspective, digital transformation, we're seeing everything escalate up the C-suite? Are you engaging the executives in this conversation so that they really want to facilitate, let's do things the right way that's the most efficient that allows us as a business to do what we're best at? >> So where we've seen programs fail is where we don't have executive leadership and brought in from day one. So if you don't have that executive and business driver and business leadership, then you're definitely not going to be successful. So to answer your question, yes, of course we are, but we also working directly with the IT departments as well. >> So you just brought up an insight executive alignment, critically important. Based on what you've experienced in the real world, contrast that with the sort of message to the world that we hear constantly about Cloud and IT, what would be the most shocking thing that you can share with us that people might not be aware of? It's like what shocks you the most about the disconnect between what everybody talks about and the reality on the ground? Don't name any names of anyone, but give us an example of the like, this is what's really going on. >> So, we certainly are seeing that big sort of move into Cloud quickly, okay. And then the big bill shock comes and just moving a workload across doesn't mean you're in Cloud, it's a transition and transformation to the SaaS and power services, it's where you get your true value out of cloud. So the concept that just 'cause it's in Cloud it's cheap is not always the case. Doing it right in Cloud is definitely going to have some cost value, but it's going to bring other additional values to their business. It's going to give them agility, it's going to give them resilience. So if you look at all three of those platforms cost, agility, and resilience and live across all three of those, then you're definitely going to get the best outcomes. And we've certainly seen some of those where they haven't taken all of those into consideration, quite often it's cost is what drives it, not the other two. And if you can't keep operations up working efficiently then you are in a lot of trouble. >> So Cloud wrong comes with sticker shock. >> It certainly does. >> What's on the horizon for DXC? >> We're certainly seeing a big drive towards apps modernization and certainly help our customers on that journey. DXC is definitely a Cloud company, may that be on Hybrid Cloud, Private Cloud, Public Cloud, DXC is certainly leading that edge and pushing it forward. >> Excellent, James, thank you so much for joining us on the program today talking about what Cloud Right is, the right approach, how you're helping customers really get to that right approach with the people, the processes, and the technology. We appreciate your time. >> Thank you very much. >> For our guest and Dave Nicholson, I'm Lisa Martin. You're watching theCUBE live from VMware Explorer, 2022. Our next guest joins us momentarily so don't change the channel. (upbeat music)

(upbeat music) >> Hey everyone. Welcome back to San Francisco, VMware Explorer 2022, Lisa Martin and Dave Nicholson here. We've been having some great conversations today. Lots of news coming out about VMware and its partner ecosystem. We're going to have another conversation about that next. Please welcome two guests to the program, Chance Bingen, technical marketing engineer at NetApp and Jason Massae, staff technical marketing architect, storage and vVols at VMware. Guys, welcome to the program. >> Thanks. >> Glad to be here. >> It's nice to be back in person. >> It is. It's very nice. Oh my gosh. >> And we're hearing there about 7,000 to 10,000 people here, when I was in the Keynote, this morning it was definitely standing room only. >> Yeah, yeah. You've definitely seen the numbers ticked up at the last minute. It was good to see that. It's good, I think a lot of people have really wanted to get back, get that one on one that face to face. There's nothing like being able to, you know, talk to, the experts, talk to the vendors, you know, see your comrades. I mean, that's the thing. I mean, we've seen people that I haven't seen for years, even on my own team, so really good to be back into it. >> It is and it was lots of news coming out this morning during the Keynote. My goodness. But Jason, talk to me, the NetApp and VMware folks had been in tight partnership for a long time. Talk to me about, get both of your perspective from a technical perspective about the depth of the partnership. >> Yeah, so actually NetApp was one of the original design partners for vVols. And with that, now with some of the stuff we're doing with more current stuff with virtual volumes is, NetApp is back and we've got some pretty neat stuff that we've been working on with vVols. And NetApp's got some pretty neat stuff that they've been working on to enable the customers with more features, more functionality with the virtual volume functionality. >> Yeah, absolutely. >> Give us a quick primer on what is a vVol? What is a virtual volume? How does it fit into the, into this stack of stuff that we do in IT? >> Yeah. So the easiest way to kind of think of what a vVol is or a virtual volume is you can think of it kind of like an RDM, those row device map, which is kind of a four letter word. We don't really like those, but the idea is that object, that virtual volume is native on the array and presented directly to the VM. But now what we do is we're presenting all of the storage array features up to vSphere and we're managing those storage features via policy based management. But instead of applying storage capabilities at a data store level, we're now applying them at a VM or an application level. So you can have one data store and multiple VMs, and every VM can have a different storage capability managed by a policy that the VI admin gets to manage now. So he doesn't have to go to the storage admin to say, I need a new line, or I need a new volume. He can just go in and create a policy or change a policy. And now that storage capability is applied to the VM or the application. >> Yeah. One thing I'd like to add to that is you can mentioned the word capabilities. >> So we look at the actual data protocols, whether they're file based or block based, you know, I-scuzzy, fiber channel, whatever the case might be. Those protocols have defined sets of capabilities and attributes and things they can expose. What vVols along with the VASA protocol brings to the table is the ability to expose things that are just impossible to expose via the data protocols themselves. So that the, actual nature of the array, what kind of array is it? What's it capable of doing? What is the nature of, you know, encryption? You know, is this going to be a secure, encrypted data store? Is it going to be something else? It just allows you to do so much more with the advanced capabilities that modern storage arrays have than you could ever do if you were just using the data protocols by themselves. >> Right? Yeah. Kind of under that same context. If you think about before with traditional storage, the vSphere or the array really doesn't understand what's going on underlying storage, but with vVols the array and vSphere completely understand at a disc level even, how that VM should be treated. So that helps the storage admin. Storage admin can now go in and see a specific disc of a VM and see the performance on the array. They can go in the array and see, oh, this disc on this VM has got performance issues or needs to be encrypted, or here's the size of that disc. And you couldn't easily see that with your traditional storage. So there's really a lot of benefits and it frees up a lot of time for the storage administrator and enables the VI admin to be able to do a lot of the storage management. >> So there have been, there been a lot of movements over the last decade in the realm of software defined storage. Where essentially all of the things that you are talking about are completely abstracted from the underlying hardware. In this case, you're leveraging the horsepower, if you will and the intelligence of a storage array that has a lot of horsepower and intelligence, and you're accessing those features. You mentioned encryption, whether if you're doing a snapshot or something like that, what's interesting here is it kind of maps to what we're looking at now, which is the trend in the direction of things like DPUs. >> If you go back in history long enough, we had the, you know, the TOE, NIC, TCP offload, you know, the idea of, hey, you know what, what if we had a smart device with its own brain power and we leveraged it. Well, you guys have been doing that from a vVols all perspective with NetApp filers, for lack of better term. For how long now, when did, when were they originally? >> 6.0 it was so it's been what? 11, 12 years. Something like that. >> It's been a while. So yeah, but it's been a decade or so. >> Mm-hmm >> So what's on the frontier. What's the latest there in terms of, in terms of cool stuff that's coming out. >> So actually today, in one of the things that we worked with NetApp that was part of the design partnership was, you know, the NVMe over Fabric protocol has become very popular to extend that functionality of all flash to the, an external array. And now we announce today, in including with that NVMe over Fabrics, you can now do vVols with NVMe over Fabrics. And again, that was something that we worked with NetApp to be a design partner for them. >> That's right. We're very excited about it. We've always been, you know, NVMe been something we've been very proud of for a while. Delivering the first end to end NVMe stack from inside the host, through the fabric, to the array, with the arrays front ports, all the way to the disc on the backend. So we're very excited about that. >> So target market joint NetApp, VMware customers, I presume. >> Really it's, the key here that I like to make sure customers understand is to see that vVols are on the leading edge of VMware's storage design. Some tend to think that maybe vVols wasn't the primary focus, but actually now it is the primary focus. Now I always like to give the caveat that VMFS and NFS are not going away. Those are still very much stuff that we work on. It's just that most of the engineering focus is on virtual volumes or vVols. >> Yeah. Similarly, when you talk about and you're sort of alluding to vSAN when we start talking about VMFS and things like that. >> Yeah. >> Architecturally, we've been talking to folks about the recent announcements with capabilities within AWS. You know, NetApp in AWS for VMware environments. Breaking out of the stranglehold that the, oh, you want more storage, you must buy more CPU and memory, building block process entails. The reality is no matter what you do with vSAN, you're going to have certain constraints that go away when now you have the option to leverage storage from the NetApp filers. >> Yeah, absolutely. >> So how does, how do vVols play in the cloud strategy moving forward? >> Well, so one of the things that we do with, vVols currently is mostly On-prem. But when you have the storage architecture, that vVols gives you as far as individual objects, it makes it much easier to migrate up into the cloud because you're not trying to migrate individual VMs that are on another type of system, whatever it might be, those objects are already their own entity. Right, so cloud, Tanzu, those type of things, those vVol objects are already their own entity. So it makes it very easy to migrate them on and off prem. >> So Chance talk to us a little bit about this from NetApp's perspective. You're in customer conversations, who are you talking to? Is this primarily an engineering conversation? Has this gone up the stack in terms of customers are finding themselves in this default multi-cloud environment? >> Yeah, so interestingly, when I talk to customers these days they are almost all either on a journey to a hybrid multi-cloud or they're in some kind of phase of transforming themselves into their own hyperscaler, right? They're be adopting a cloud service provider model and vVols is a perfect fit for that kind of model, because you have the ability to offer different tiers of service, different qualities of service with VM granular controls or VMDK granular controls, even. And even if you look at First Class Disc, right? Which is something that came out largely to support Tanzu, I think which fantastic use case for vVols as well there, but that gives you the ability to offer something like Amazon EBS, right? You can offer Amazon EBS in a native VMware stack using First Class Discs and vVols. And you're able to apply things like quality of service with that granular control that allows you to guarantee that customer the disc that they bought and paid for. They're going to get the IOPS that they're paying for because you're applying those QoS policies directly to that object on the array. And instead of having to worry about is the array going to be able to handle it? Are you going to have one VM that consumes all your IO, you know? You don't have to worry about that with vVols because you've got that integration with the array's native quality controls. >> And Chance what's in this for me as a customer? I'm hearing productivity, I'm hearing cost savings, control efficiency. Talk to me about the benefits in it for the folks that you're talking to. >> Yeah, absolutely. A lot of times it comes down to, you know I mentioned like the cloud service provider model, right? When you're looking to build a robust service catalog and you're able, you want to be able to meet all these like, we mentioned Tanzu, right? Containers as a service, you're able to provide the persistent volumes for your Kubernetes containers that are again, these native objects on the array and you have these fine grain controls, but it's handled at massive scale because it's all handled by storage policies, Kubernetes storage classes, which are natively mapped to VM storage policies through Tanzu. So it just, it gives you the ability to offer all of these services in a, again a rich and robust contents catalog. >> So what are you doing? So you mentioned a couple of things in terms of using array based quality of service. So give me an example of how you're avoiding issues of contention and over subscription in an environment where I'm an administrator and I've got this virtual volume that's servicing this VM or this app on this VM. What kind of visibility do I have down into the actual resources because look at the end of that chain there's a physical resource. And that physical resource represents, what? IOPS and bandwidth and latency and throughput and all of this bundle of things. So how do you avoid colliding with others who are trying to carve vVols out of this world? >> You mean like a noisy neighbor type of thing? >> Yeah. Yeah. >> So that's actually one of the big benefits that you get with vVols is that because those vial objects are native on the array, they're not sharing a loan or a volume. They're not sharing a resource. The only resource they're actually sharing is the array itself. So you don't get that typical noisy neighbor where this one's using all the resources of that volume because really you're looking out at the all encompassing array. And so a storage administrator and the VI admin have a lot more insight. The VI admin can now go to the storage admin if there's say a debugging issue, they want to find a problem. The storage admin now can see those individual objects and say, oh, well this VM, it's not really this, it's not all the discs. It's just disc number two or disc number three or they can actually see at a single disc level on the array, the performance, the latency, you know, the QS, all that stuff. >> Oh, absolutely. >> And that really is what, it frees up at the storage admin's time because the debugging is so much more simple. And it also allows the storage admin a lot more insight. Right? They know those, what's the problem. If you were typically looking at a loaner volume, they don't really know what's going on inside that and neither does the array. But with vVols, the array knows what each disc and how it's supposed to be treated based on the policies that the customer defines. So if one VM is supposed to have a certain QS and another VM isn't. The array knows that that VM, if it goes above it, it's going to be like, nope, you can't have those resources. You weren't granted those resources, but this one was. So you have much more control. And again, it's at an application or a VM level. >> And it's still, it's fairly dynamically configurable. I spoke to a customer just the other day. They are a cloud service provider. And what they do is their customers are able to go in and change their quality of service. So they go into that service portal and they say, okay, I'm paying for gold and I want platinum and they'll go in. They know that they've got a certain time where they need more IO capacity. So they'll go in, they'll pay the fee, increase that capability. And then when they don't need it anymore, they'll downgrade again. >> Okay, so that assumes some ability at the array level to do some sort of resource sharing and balancing to be able to go out and get, say more IO. Because again, fundamentally, if you have a virtual volume, that's drawing its resources from five storage devices, whether those are SSD based or NVMe or spinning disc that represents a finite it amount of resource. The assumption is if you're saying that the array is the pool that you need to worry about, that assumes the array has the ability to go beyond here, based on a policy. >> So that's how it works. It does... >> Well, essentially. I mean, you can't outrun physics. So if the array can't go faster, but the idea is that you understand the performance profile of your array and then you create your service tiers appropriately. >> Okay. >> Yeah. And one of the big benefits is like Chance was saying, if you want to change a profile that used to be a Storage vMotion to a different data store. Now it's just a policy change. The storage admin doesn't have to do anything. The VI admin just changes the policy. And then the array understands, oh, I now need to treat that different. And that's exactly what Chance was talking about in that cloud provider situation, where today I'm using a 100,000 IOPS. I need to use 200,000 tomorrow for special, whatever it is, but I only need to use it for tomorrow. So they don't have to move anything. They just change the policy for that time. And then they change it back. They don't have to do anything on the array itself. They don't have to change anything physically on the VM. It's just a policy change. And that's really where you get that dynamic control of the storage capability. >> So as business dynamics are changing and I'm thinking of like black Friday or Prime day, being able to dial things up and dial it down, they have the ability to do that with a policy. >> Yes. >> Exactly. >> So huge time savings there. >> Oh, it's huge. Yeah. >> Yeah. >> And it simplifies because now, I don't have to have multiple data stores. You can have one data store, all your VMs in there. You can limit test and dev and you can maximize business critical applications. Again, all via policy. So you've simplified your infrastructure. You've gone to more of a programmatic approach of managing your storage capabilities. But you're now managing at the VM level. >> So we mentioned that the cloud chaos (indistinct) that was mentioned this morning during the Keynote and we're saying a lot of customers are still in this cloud chaos phase. They want to get to Cloud Smart. How is this going to be one of those tools that helps customers pull the levers, dial the knobs, to be able to get to eventually, Cloud Smart. >> I could go on for this for hours. (Lisa Laughs) (Chance chuckles) This is really what simplifies storage. Because typically when you use traditional storage, you're going to have to figure out that this data store has this capability or another example, as you mentioned was Tanzu. If you're managing persistent volumes and you're not using something like vVols, if you want to get a certain storage capability, you have to either tag it or you have to create that data store with that capability. All of that goes away when you use vVols. So now that chaos of multiple data stores, multiple lines or multiple volumes, all that stuff goes away. So now you're simplifying your infrastructure, you have a programmatic approach to managing your storage and you can use it for all of your different types of workloads. So cloud, Kubernetes, persistent volumes, all that type of stuff. And again, all being managed via a simple and again, programmatic approach. So you could automate this. You know today, like you said, black Friday. Okay, Black, Friday's coming up. I want to change the policy. You could automate that. So you don't even have to go in and physically make the change of the policy now. You just say on Fridays, change it to this policy on Sunday night, change it back. >> Yep. >> Again, that's not something you can do with traditional storage. >> Okay. >> And I think from a simplification standpoint as well, you know, I was telling you about that other customer a couple days ago, they were running into the inability to grow beyond the bounds of VMFS file systems for very, very large VMs. And so what I talked to them about was look, if you go to vVols, you're not bound by file systems anymore. You have the capacity of the array and you can have VM discs up to 62 terabytes, you know, as many as you want. And it doesn't matter what they fit in because we can fit them all. So it's, to be able to, and that's some of our largest customers, the reason they go with vVols is to be able to grow beyond the bounds of traditional storage, anything like path limits, you know. That's something you have to contend with. >> Path limits, line limits, all that stuff. Typically just disappears with vVols. >> All those limits go away. Guys- >> They go away. >> Amazing. Congratulations on the work that you guys have done. Thank you so much for joining us on theCUBE talking about the value in it for customers and obviously the technical depths of the NetApp, VMware relationship. Guys, we appreciate your time. >> Yeah, thanks for having us on. >> Our pleasure. For my guests and Dave Nicholson. I'm Lisa Martin. You're watching theCUBE live from VMware Explorer 2022, Dave and I will be right back with our next guest. So stick around. (upbeat music)