(gentle music) >> Hello, beautiful humans and welcome back to fabulous Las Vegas, where we are combating the dry air of the desert and all giggling about the rasp of our voice at this stage. We're theCUBE and we are live from AWS reinvent. I am Savannah Peterson, joined by the fabulous Paul Gillin. Paul, how are you holding up? How are your feet doing? >> My feet are, I can't feel them anymore. (both laugh) >> We can't feel much after these feet. >> Two miles. Just to get from, just to get to to the keynotes this morning. >> Did you do your cross training to prepare >> For, >> Apparently not well enough. (Savannah laughs) Not well enough. >> Well, it's great to have you here >> likewise. and I'm very excited for our next conversation. We've got Ramesh from Prosimo. >> Thank you. >> Savannah: Welcome to the show. How is the show going for you? How's your voice? >> Oh my God. I woke up this morning and I could not hear my own voice. I'm like, this is not me. I think it's the dry air here, so if I cough, I apologize in advance. But no, the show has been great. It's been nonstop at the booth. It's wonderful to see all the customers in one place so you don't have to schedule lots of meetings spread across three, four weeks. So you get to >> Savannah: Right. I, yeah >> So yesterday was like eight to six, nonstop and it was awesome, right? Because you get to meet all these guys. The other important thing is the focus on the right layer, right? Like, I loved the keynote from Adam. It was about applications, services, data. Nowhere in there was there like infrastructure. Like we are infrastructure, right? I actually love that because that's where the focus should be and that's what customers are caring about right? So it's, it's been great so far. >> Yeah. I'm so happy to hear your booth's packed. I know exactly what you mean. I mean, we're going to be talking about optimization. It's a theme, but we also optimize our time here >> Ramesh: Yeah. >> on the show floor by getting to engage with our community. Prosimo's been around for three years just in case folks aren't familiar, give us the pitch. >> Sure. We are in the cloud networking space, solving for two problems. What happens within the cloud as you bring up VPCs, vnet and workloads, how are they able to talk to each other, secure each other, and how to use those access workloads? Those are the two problems that we solve for. It stemmed from really us seeing a complete diversion in what cloud wants versus what network really focuses on. Cloud has been always focused on applications and speed of operations and network has always been about reliability, scalability, and robust architecture. And we didn't really see these things come together. So that's when prosimo was born. >> So what are some of the surprises newcomers to the cloud may encounter with networking, with cloud networking that was not a factor when they were fully on-prem? >> So the first thing is in the cloud, you can't deal with the workload the same way you dealt with in the data center. In the data center, you usually had pools of service. They were all allocated some level of addressing. And it was not about the workload, it was more about the identity, IP addresses and so forth. In the cloud, those things have completely gotten demolished, right? You have to refer to a S3 service as an S3 service. It's not an IP endpoint. IP endpoint comes and goes, right? >> Savannah: Yeah. >> And so you have to completely shift around that, right? >> Now, this actually challenges almost 10 years, 12, 20 years maybe, of networking that we knew about, right? So that's why cloud networking is almost night and day difference compared to regular networking right? And, we're seeing that and that's what we are really helping customers with. >> What are some of the trends that you're seeing? I, well actually, let me ask you this question. Do you, is there an industry or vertical you work with specifically? I would imagine most people across, >> Ramesh: The Yeah, across. >> Yeah. >> Anybody that has workloads in the cloud right? >> Yeah, right. >> Ramesh: That's, >> I mean I can't imagine any companies that would have that. >> Exactly. (Savannah laughs) >> What are some of the trends that you're seeing? I know we talk about time to value. We talk about cost optimization. Is that the top priority for your customers? >> Yeah. Up until end of last year, a lot of the focus was about speed of operations. And so people would look at what are the type of workloads? How do I enable things? How do I empower my development team? So, if I'm the cloud platform team responsible for connecting, securing and making sure my applications can get deployed smooth and fast, that was the primary focus. Fast forward to this year, we started to see this a little bit at the beginning of the year. Now it's in full force. It's about cost control, right? It's about egress charges coming out of the cloud. Suddenly the cloud bill and every single line item on the cloud bill is in focus, right? And so that has a direct impact on what does this mean for networking. Cloud networking for many may not be familiar, it's about 14% of the cloud bill. And so anything that materially moves the needle on the cloud networking costs can actually have a have a big impact, right? And so we have seen the focus on the speed of operations are still there but cloud cost control has become a big part of it. >> So where are the excesses? I mean, it's, it's a big part of the bill. Where can company, where do companies typically waste money in networking costs? >> So, if you bring a person who understands networking and networking architecture really, really well, they'll can build a solid architecture, but they'll not focus on operations and automation. If you bring a 25 year old, they will automate the heck out of it. They know python day in and day out. And so they'll automate the heck out of it but it will not be with a robust architecture, right? And so you, on one hand, you end up wasting because you do things very suboptimally. It's a solid architecture, it's a really good design but it's really bad for operations. In the other hand, with push of a button you can get anything done but underneath the covers, underneath the hood, if you look at it, it's a mess, right? And so you have more competence than necessary. And so, what customers want is really a best of both, right? You need solid architecture that has all the right principles but also you need the automation so that you don't employ four, five people and a whole toolkit in order to make things work, right? And that's where we see most of the efficiencies come from >> You said you were you were super busy at your booth. Do customers understand that this is a problem now? >> So more so now than I would say last year. The last reinvent when we had a session. >> Yeah. >> We had to educate a lot of people on these are the requirements for cloud networking. Thanks to Gartner, thanks to many of the sessions you guys have been doing as well. The focus and the education for what cloud networking requires has started to come about. Now, this is where the savviness of the customer is important, right? Like there are customers in different stages of their journey. Those that have been operating in the cloud for three years plus, know that they've crossed that initial phase, right? Like you have basic hygiene, you have certain things and moving from hundreds of VPCs to maybe about thousand, right? And so at that time, the set of challenges I need to work with are very, very different, right? So now increasingly we are seeing at the booth the challenges are, "Hey, I know how to operate in the cloud". Right? Like, "Don't talk to me about that." Right? "But how do I get from hundred to a thousand?" Because I have a gun to my head. My CIO has said, I need to decommission my data centers in the next couple of years and I need to go all in on cloud. Help me with that, right? And so it's the, I wouldn't call it like massive scale it's the scale from kind of the trivial to the next stage that's actually causing a lot of these problems to surface. >> It's that layer of transformation. >> Ramesh: Yeah. It's when you've made the commitment and now we've got to catch everything up >> [Ramesh} exactly. >> across the company locations and probably a variety of different silos doing different things. >> Ramesh: Exactly. Yeah. >> Super complex. So, how do folks get started with you? >> Yeah, so typically we start with like, even if the customer says, "Here's what my blueprint looks like." We say, "Bring two regions." That's it, two regions, a few workloads. We'll help you set up the connectivity, set up the secure access required, set up the foundational things There's a certain level of automation, right? Let's get to that point because governance is different. The cloud privileges are different so let's work through all of that, right? Usually this takes about a week or so. The actual proof of concept, proof of value can be done in a day, but getting permissions and what not takes about, about a week, right? And once you show two regions then it's actually game on, right? Then you go from 10 VPCs to a hundred to a thousand and it's just like one to one thing after another. So that's usually how we see customers get started. We have a full stack that covers kind of what does this mean for the network to application services to kind of layer seven and so forth. We tell the customer, as much as we want you to focus on the entire stack, let's start with one, right? Start baby steps, start with one. Because for many, cloud itself is, I wouldn't say new but they're in a region that's not comfortable, right? So you wannna, you don't want to throw too much at them. >> Savannah: Right. >> So we help them kind of progressively move towards different types of workplace. >> Savannah: Yeah. >> And you have a multicloud story as well. >> Ramesh: That's correct. >> So when companies begin to cross clouds with workloads, move them between clouds, what kinds of issues emerge then? >> Yeah, so there are two parts for this, right? There is the AWS and data center and then there is the AWS plus other clouds. Two different set of problems, actually, >> Paul: Hm-hmm. Hm-hmm. The AWS plus connectivity, back into my data center almost every single enterprise. We deal with kind of the global 2000. Every single one of them has that, right? And so we kind of, we go through a series of steps, come up with an architecture, deploy a solution. After that, it's, Hey, I have BigQuery in Google that needs to talk back to an S3 bucket out here. Like, no networking solution can help you with that. Like, you need like cloud native principles in order to come into the picture. So increasingly we are seeing requests for, hey I have a distributed workload. It's not, it's not that one single application is spread across multiple clouds, but I have these islands of workloads that all need to talk to each other. >> Paul: Right. And what I don't want to do is actually build highways that actually connect all these things together because that's a waste of time. I actually want to make sure that only these applications that care about the talking to each other, are allowed to talk to each other. So that's kind of one foundational thing that we see. A few others are around compliance and governance. So we say, Hey, if I'm a retailer, I need to have some workloads in Azure some in the GCP and so forth. So it depends on kind of the industry compliance, regulatory requirements and so forth. >> So many different needs >> Ramesh: Exactly. for so many different types of companies. But also, you know, creating that efficiency is so great. >> Ramesh: Yup. >> And especially that time to value tune, cost reduction >> Ramesh: Yup. doing a lot of great things for your customers. There's a note on my run sheet here that you've seen some success with Topgolf and I suspect we have some golfers in the audience. John even used to be a caddy. We had a caddy segment with someone who was a pro caddy. Drew, when we were at Cape Con. Tell us about that story. >> So it was a really wild idea. We said, okay people are going to be walking around 22,000 steps right? >> Savannah: Yeah. >> And so >> Like Paul, >> And, they're going to be talking to people, listening to sessions. So we said, let's, what do most others do? You set up some time in a restaurant, you come, you have a social time, and what not. We said, let's give people something different. So we reserve the Topgolf here and we opened it up. We initially paid for a certain number of things. It's actually gone three x of that right now. So we had in the Topgolf, can you give us like the entire thing? I think people just want to go do something different, right? >> Savannah: Yeah. >> And of course the topic is important but equally important is like, I just want to have a good time, right? >> Yeah. And if you, hit a few And there you go. >> It doesn't have to relate back to network >> Cloud, network. >> Yeah, exactly. And so >> Well, it's all about building community. >> Exactly. >> And especially right now, we all, you know, we're stronger together. >> Ramesh: Yup. We're entering a unique time, we're coming out of a unique time. >> Ramesh: Exactly. >> And, no, I think that's great. And we actually do a swag segment here on theCUBE, differentiating on the show floor. I mean, it's clear because of how thoughtful you are >> Ramesh: Yeah. there's a reason that your, that your booth is so busy. >> Ramesh: That's right. >> So what's next? What can you, can you give us a little sneak preview? What's coming out for you? >> Yeah, so, I'm sensitive and sympathetic to all the macroeconomic conditions that are happening but there's been, we have not skipped a beat. So our business is growing really well. Thanks to all the things that are happening in the cloud. Increasingly, folks are looking at, you know, how how do I move in mass into the cloud? And so a few themes have come about as a result. One, certainly around cost control. How do I, how do I make, how do we make sure that we help our customers in that journey, right? So we have a few things around those lines. Modernization, especially after you go through the first few workloads, the next few that come about are invariably modern workloads. And modern workloads is this sensitive thing where I think the ultra savvy developers know what to do but the infrastructure guys don't know what to do in order to serve, right? And so we have actually developed a set of capabilities to help with that kind of modernization, right? Because it's not enough if your apps are modernized, your infrastructure that serves the apps also need to be modernized. And so those are the, those are the things and certainly, getting our customers less than us. We want to get our customers to talk. And so you'll see quite a bit of that as well. >> I want to ask you about a statement that was in the notes that we were reading, running up this interview. Zero Trust network access is the next solution that will be disrupted. What do you mean by that? >> So, when we started the company about three years ago, zero test network access was there. It was about maybe two, three years old at that time. And so we said, it needs to be done differently in the cloud. Why? Because you are a user. You're trying to access an application in the cloud. Do you care what's in the middle? You really don't, you just want to be able to open up your laptop, go to dub dub something.com and you should be able to access, right? But that's not how the experience is today. There's invariably something that comes, a middle mile solution that comes in the middle, right? And then the guy needs to operationalize all of that. And that now passes on to you. You need to launch a an agent on your thing, connect into something. It just brings a lot of complexity, right? So we looked at that problem and we said, cloud has done really really a few things really, really well, right? It's literally at your doorstep. Cloud presence is literally at your doorstep. So as you open up your browser, connect from your home, I don't need anything in the middle. I am jumping straight into the cloud. And so when you do that, then you actually have the luxury of bringing a few capabilities to the entry point of the cloud so that security can be done better, posture control can be done better and so on and so forth. So we developed those capabilities almost three years ago. We have quite a few large enterprises that have deployed this. And we fundamentally believe on building on top of the hyperscale network because billions of tens of billions of dollars go into the investment here. And we want to be building a layer of value on top, right? And so we've been working closely with our AWS buddies here and actually built capabilities so that the infrastructure presence, the massive reach and also the underlying capabilities for zero trust are provided. But what the customer regains in terms of value is through our platform, right? And so we'll see a whole lot more innovation along these lines. Probably bad news for the Middle Mile provider who sit in the, in the middle because hey AWS is literally at your doorstep, so you have to rethink your strategy. >> Going to be a lot of agility >> Ramesh: Yes, absolutely. >> In a very different context than we normally use it in Nerdland. And no, I think that's great. So we have, it's an exciting time for you as a company. We have a new challenge here at Reinvent. >> Okay. >> On theCUBE. I know you're a venerable alumni. >> Yep. >> You have been on theCUBE multiple times with multiple companies which is very impressive. Which says a lot about you. Although given how fun this interview's been, I'm not surprised. Give us your 30 second, Instagram real highlight, sound bite on the biggest or most important theme or takeaway from this year's show. >> From this show? Yeah, so if you look across the keynotes in all the sessions, the focus is on data, services and the applications. So the biggest takeaway I would offer anybody is focus on that first because that's where the outcome needs to shine. The rest of the stuff is a means to an end. I am an infrastructure guy through and through, I have been for the last 20 years. It hurts me to say infrastructure is a means to end but it is, right. Let the people dealing with the infrastructure deal with the infrastructure. If you are a customer or a client of the service, focus on the outcome, focus on the apps, focus on the services focus on on the data. That would be the biggest takeaway. >> Savannah: I appreciate your >> Paul: Words of wisdom >> Savannah: transparency. Yeah, no, exactly. Words of wisdom and very honest words of wisdom. Really great to talk to you about intelligent infrastructure. >> Absolutely. >> Savannah: Thank you so much for being on the show, Ramesh. >> Thank you. >> Savannah: It's been, it's been awesome. Paul, it's always a pleasure. >> Likewise. Thank you all for tuning in today here live from the show floor at AWS, reinvent in beautiful sin city, in the high desert and the high end dry desert with Paul Gillin. My name is Savannah Peterson and you're watching theCUBE, the leader in high tech coverage. (gentle music)

>>Okay, welcome back everyone to Supercloud 22, this is the cube studio's live performance. We streaming virtually@siliconangledotcomandthecube.net. I'm John for host the cube at Dave Alane with a distinguished panel talking about securing the Supercloud all cube alumni G written house was the CEO of Skyhigh security, Peter Sharma founder of, of QX sold to tenable and Tony qua who's investor. Co-founder former head of product at VMware chance. Thanks for coming on and to our, in all girls super cloud pilot event. >>Good to see you guys big topic. >>Okay. So before we get into secure in the cloud, one of the things that we were discussing before we came on camera was how cloud, the relationship between cloud and on premise and multi-cloud and how Supercloud fits into that. At the end of the day, security's driving a lot of the conversations at the op side and dev shift left is happening. We see that out there. So before we get into it, how do you guys see super cloud Tony? We'll start with you. We'll go down the line. What is Supercloud to you? >>Well, to me, super cloud is really the next evolution, the culmination of the services coming all together, right? As a application developer today, you really don't need to worry about where this thing is. Sit sitting or what's the latency cuz cuz the internet is fast enough. Now I really wanna know what services something provides. What, how do I get access to it now? Security. We'll talk about that later. That that becomes a, a big issue because of the fragmentation of how security is implemented across all the different vendors. So to me it's an IP address I program to it and you know, off we go, but there's a lot of >>You like that pipe happens >>Iceberg chart, right? Like I'm the developer touching the APIs up there. There's a bunch of other things. BU service. >>Okay. Looking forward again. Gee, what's your take? Obviously we've had many conversations on the cube. What's your super cloud update. >>Yeah, so I, I view it as just an extension of what we see today before like maybe 10 years ago we were mashing up applications built on other SAS applications and whatnot. Now we're just extending that down to further primitives, not, we don't really care where our mashup resides, what cloud platform, where it sits to Tony's point, as long as you have an IP address. But beyond that, we're just gonna start to get little micro services and deeper into the applications. >>BP, what should you take? >>I think, I think super cloud to me is something that don't don't exist. It exists only on my laptop. That's the super cloud means to me. I know it takes a lot behind the scene to get that working of and running. But, but essentially, essentially that the everything having be able to touch physically versus not being able to touch anything is super cloud to me. >>So we, what Victoria was saying. Yeah, we see serverless out there, all these cool things happening. Exactly. And you look at the, some of the successful companies that have come in, I call V two cloud. Some are, some are saying the next gen, they're all building on top of the CapEx. I mean, if, why would you not wanna leverage all that work AWS is doing and now Azure, and obviously Google's out there and you got other, other, other clouds out there. But in terms of AWS as a hyperscaler, they're spending all the money and they're getting better. They're getting lower level. We're talking about some of that yesterday, data bricks, snowflake, Goldman Sachs there's industry clouds that could be powerhouse service providers to themselves and their vertical. Then you got specialty clouds. Like there could be a data cloud, there could be an identity cloud. So yeah. How does this sort itself out? How do you guys see that? Because can they coexist? >>But I think they have to right, because I, I think, you know, eventually organizations will get big enough where they can be strong and really market leading in multiple segments. But if you think about what it takes to really build a massive scaled out database company that, that DNA doesn't just overnight translate to identity or translate to video, it takes years to build that up. So in the meantime, all these guys have to understand that they are one part of the service stack to power the next gen solutions. And if they don't play well with each other, then you're gonna have a problem. >>So security, I think is one of the hardest problems of, of super cloud. And not only do you have too many tools and a lack of talent, but you've now got this new first line of defense, which is the cloud. And the problem is you've got multiple clouds. So you've got multiple first lines of defense with multiple cloud provider tools. And then the CISO, I guess, is the next line of defense with the application development team. You know, there to be the pivot point between strategy and execution. And I guess audit is the third line of the defense. So it's an even more complicated environment. So gee, how do you see that CSO role changing and, and can there actually be a unified security layer in Supercloud? >>Yeah, so I believe that that they can be, the role is definitely changing because now a CSO actually has to have a basic understanding of how clouds work, the dependency of clouds on the, on the business that they serve. And, and this is to your point, not only do we have these new lines and opening up in a tax surface, but they're coupled together. So we have supply chain type connections between this. So there's a coherence across these systems that a CISO has to kind of think about not only these Bo cloud boundaries, but the trust boundaries between them. So classic example visibility, wh what, where are these things and what are the dependencies in my business then of course you mentioned compliance. Am I regulatory? And then of course protecting and responding to this, >>You know? Yeah. The, the, the supply chain piece that you just mentioned. I mean, I feel like there's like these milestones stocks, net was a milestone, you know, obvious obviously log four J was another one, the supply chain hack with solar winds. Yep. You know, it's just, the adversary just keeps getting stronger and stronger and, and, and more agile. So, so is this a data? Do we solve this as a data problem? Is it, you know, you can't just throw more infrastructure at it. What are your thoughts >>For it? I think, you know, great, great point that you're brought up. We need to look at things very fundamentally. What is happening is security has the most difficult job in the cloud, especially super cloud. The poor guys are managing some, managing something or securing something that they can't govern, right? Your, your custodian of the cloud as your developers and DevOps, they are the ones who are defining, creating, destroying things in the cloud. And that guy sitting at the end of the tunnel, looking at things that what he gets and he has to immediately respond. That's why it has to be fundamentally solve. Number one, we talked about supply chain. We talked about the, the, the stuck net to wanna cry, to sort of wins, to know the most recent one on the pipeline. Once the interesting phenomena is that the way industry has moved super cloud, the attackers are also moving them super attackers, right? They have stopped. They have not stopped, but they have started slowly moving to the left, which is the governance part. So they have started attacking your source code, you know, impersonating the codes, replacing the binary, finding one is there. So if they can, if the cloud is built so early, why can't I go early and, and, and inject myself. >>So super hackers is coming to super thinking Hollywood right now. I mean, that brings up a good point. I mean, this whole trust thing is huge. I mean, I hear zero trust. I think, wait a minute, that's not the conference I was just at, we went to, we managed, we work with DockerCon and they were talking about trust services. Yeah. So supply chain source code has trust brokering going on. And yet you got zero trust, which is which are they contextually different? I mean, what, what, >>What, from my perspective, though, the same in that zero trust is a framework that starts with minimum privileges and then build up those privileges over time. Normally in today's dialogue, zero trust is around access. I'm not having a broad access. I'm having a narrow access around an application, but you can also extend those principles to usage. What can, how much privilege do I have within an application? I have to build up my trust to enhance and, and get extended privileges within an application. Of course you can then extend this naturally to applications, APIs, applications, talking with each other. And so by you, you have to restrict the attack surface that is based on a trust model fundamentally. And then to your point, I mean, there's always this residual that you have to deal with afterwards. >>So, so super cloud implies more surface area. You're talking about private. So here we go. So how, and by the way, the AWS was supposed to be at this conference. They said they couldn't make it. They had a schedule issue, but they wanted to be here, but I would ask them, how do you differentiate AWS going forward? Do you go IAS all the way? Do you release the pass layer up? How does this solve? Because you have native clouds that are doing great, the complexity on super cloud, and multi-cloud has to be solved. >>Let me offer maybe a different argument. So if you think about we're all old enough to see the history sort of re pendulum shift and it shifting back in a way, if you're arguing that this culmination of all these services in the form of cloud today, essentially moving up stack, then really this is a architectural pattern that's emerging, right? And therefore there needs to be a super cloud, almost operating system. So operating systems, if you build one before you need a scheduler, you need process handler, you need process isolation, you need memory storage, compute all that together. Now that is our sitting in different parts of the internet. And, and there is no operating system. Yes. And that's the gap, right? And so if you don't even have an operating system, how do you implement security? And that's the pain. Yeah, because today it's one off, directly from service to service. Like how many times can you set up SAML orchestration? You can have an entire team doing that, right. If that's, that's what you have to do. So I think that's ultimately the gap and, and we're sort of just revolving around this concept that there's missing an operating system for superpower. >>It's like Maribel Lopez said in the previous panel that Lord of the rings, there will be no one ring rule the ball. Right. Probably there is needs one. Oh yeah. But, but, but, so what happens? So again, security's the hardest problem. So Snowflake's gotta implement its security, you know, data bricks with an open source model has to implement its security. So there's these multiple security models. You talk about zero trust, which I, if, if I infer what you said, gee, it's essentially, if you don't have privilege access, you don't get access. Yeah. Right. If you, okay. Okay. So that's the framework. Fine. And then you gotta earn it over time. Yeah. Now companies like Amazon, they have the, the talent and the skills to implement that zero trust framework. Exactly. So, so the, the industry, you, you guys with the R and D have to actually ultimately build that, that super cloud framework, don't you? >>Yeah. But I would just look all of the major cloud providers, the ones you mentioned and more will have their own framework within their own environment. Right? Yeah. The problem is with super cloud, you're extending it across multiple ones. There's no standards. There's no easy way to integrate that. So now all of that is left to the developer who is like throwing out code as fast as they can >>Is their, their job is to abstract that, I mean, they've gotta secure the, the run time, they gotta secure the container. >>You have to >>Abstract it. Right. Okay. But, but they're not security pros or ops. >>Exactly. They're haves. >>But to, but to G's point, right. If everyone's implementing their own little Z TNA, then inherently, there's a blind trust between two vendors. Right. That has to >>Be, >>That has to be >>Established. That's implicit. You're saying, >>Yeah. But, but it's, it's contractual, it's not technology. Right. Because I'm turning something out in my cloud, you're turning out something in your cloud that says we've got something, some token exchange, which gives us trust. But what happens if that breaks down and whatever happens to the third party comes in? I think that's the problem. >>Yeah. In fact, in fact, the, if I put the, you know, combine one of those commons, the zero trust was build, keeping identity authentication, then authorization in mind, right? Yeah. This needs to be extended because the zero test definition now probably go into integrity. Yeah, exactly. Right. Yeah. I authenticated. I worked well with Tony in the past, but how do I know that something has changed on the Tony's side? Yeah, exactly. Right, right. That, that integrity is going to be very, very foundational. Given developers are building those third party libraries, those source code pumping stuff. The only way I can validate is, Hey, what has changed? >>And then throw edge into the equation, John and IOT and machine to machine. Exactly. It's just, >>Well, >>Yeah. I think, I think we have another example to build on Tony's operating system model. Okay. And that is the cloud access service broker model for SAS. So we, we have these services sitting out there, we've brokered them together. They're normally on user policies. What I can have access to what I can do, what I can't do, but that can be extended down to services and have the same kind of broker arrangement all through APIs. You have to establish that trust and the, and the policies there, and they can be dynamic and all of this stuff. But you can from an, either an operating system or a SAS interaction and integration model come to these same kind of points. So who >>Builds the, the, the secure Supercloud? Is it new guys like you? Is it your old company giants like Palo Alto? Who, who actually builds the and secures the Supercloud it sounds like it's an ecosystem. >>Yeah. It is an ecosystem. Absolutely. It's an ecosystem. >>Yeah. There's no one security Supercloud >>As well. No, but I, I do think there's one, there's one difference in that historically security has always focused on that shiny object. The, the, the, a particular solution to a particular threat when you're dealing with a, a cloud or super cloud, like the number of that is incalculable. So you have to come into some sort of platform. And so you will see if it's not one, you know, a finite number of platform type solutions that are trying to solve this on behalf of the >>Customer. That to your point, then get connected. >>I think it's gonna be like Unix, right? Like how many flavors of Unix were there out there? All of them 'em had a scheduler. All of them had these processes. All of them had their little compilers. You can compile to that system, target to that system. And for a while, it's gonna be very fragmented until multiple parties decide to converge. >>Right? Well, this is, this is the final question we have one minute left. I wish we had more time. This is a great panel. We'll we'll bring you guys back for sure. After the event, what one thing needs to happen to unify or get through the other side of this fragmentation than the challenges for Supercloud. Because remember the enterprise equation is solve complexity with more complexity. Well, that's not what the market wants. They want simplicity. They want SA they want ease of use. They want infrastructure risk code. What has to happen? What do you think each of you? >>So I, I can start and extending to the previous conversation. I think we need a consortium. We need, we need a framework that defines that if you really want to operate in super cloud, these are the 10 things that you must follow. It doesn't matter whether you take AWS slash or GCP, or you have all, and you will have the on-prem also, which means that it has to follow a pattern. And that pattern is what is required for super cloud. In my opinion, otherwise security is going everywhere. They're like they have to fix everything, find everything and so on. So forth, it's not gonna be possible. So they need a, they need a framework. They need a consortium. And it, this consortium needs to be, I think, needs to led by the cloud providers, because they're the ones who have these foundational infrastructure elements and the security vendor should contribute on providing more severe detections or findings. So that's, in my opinion is, should be the model. >>Well, thank you G >>Yeah, I would think it's more along the lines of a business model we've seen in cloud that the scale matters. And once you're big, you get bigger. We haven't seen that coals around either a vendor, a business model, whatnot, to bring all of this and connect it all together yet. So that value proposition in the industry I think is missing, but there's elements of it already available. >>I, I think there needs to be a mindset. If you look again, history repeating itself, the internet sort of came together around set of I ETF, RSC standards, everybody embraced and extended it. Right. But still there was at least a baseline. Yeah. And I think at that time, the, the largest and most innovative vendors understood that they couldn't do it by themselves. Right. And so I think what we need is a mindset where these big guys like Google, let's take an example. They're not gonna win at all, but they can have a substantial share. So how do they collaborate with the ecosystem around a set of standards so that they can bring, bring their differentiation and then embrace everybody >>Together. Guys, this has been fantastic. I mean, I would just chime in back in the day, those was proprietary nosis proprietary network protocols. You had kind of an enemy to rally around. I'm not sure. I see an enemy out here right now. So the clouds are doing great. Right? So it's a tough one, but I think super OS super consortiums, super business models are gonna emerge. Thanks so much for spending the time. Great conversation. Thank you for having us to bring, keep going hour superclouds here in Palo Alto, live coverage stream virtually I'm John with Dave. Thanks for watching. Stay with us for more coverage. This break.

>> The CUBE presents Dell technologies world brought to you by Dell. >> Hey everyone. Welcome back to theCube's live coverage of Dell technologies World 2022 from the Venetian in Las Vegas. Lisa Martin here with Dave Vellante, Dave this is our second day, lots of conversations. We've been talking a lot about APEX, Multi-cloud, edge, resilience, cyber resilience. >> I guess the number one topic actually. I mean, a lot of Multi-cloud talk obviously too, but I think security is the hot topic at the event. >> It is a hot topic, and we've got two guests joining us from Dell technologies. We're going to unpack that and talk about some of the great new things they are enabling. Please welcome. One of our alumni, Mihir Maniar our vice president at Dell technologies and Aaron Krishnmoorthy, global strategy resiliency and security at Dell technologies. Guys, welcome to the program. >> Pleasure meeting you Lisa and Dave. >> So ransomware, it's a household term. I'm pretty sure my mom even knows what ransomware is. >> Exactly. >> Legitimately. But I mean, if you look at the numbers, a ransomware attack is happening once every 11 seconds, the numbers, the stats say, an estimated 75% of organizations are going to face an attack, 75%, by 2025, it's around the corner. So it's no longer a matter of are we going to get hit? If we get hit? It's when? And that resiliency, and that recovery is absolutely critical. Talk about some of the things there, Dell's comprehensive approach to helping organizations really build resiliency. >> That's a great point. So if you go to see organizations are going to get hit, if not already 75% already out there. And then we find that through research, a lot of our customers need a lot of help. They need help because security is really complex. I mean, they have a tough job, because there's so many attacks happening at the same time. One single ransomware incident can cost them on an average $13 million. They have to integrate 50 plus different security vendors to go and build a secured defense in depth, kind of for mechanism, they're liable to the board, at the same time they have lines of business that are talking about, hey, can you provide me, you know, security, but make sure productivity doesn't get impacted. So it's a tough role for them, And that's where Dell services comes in, where our Dell Managed Security Services. We have a full comprehensive suite of offers for our customers to help them to remain secure. And we have focused on the services based on a NEST framework, so I can talk more about the NEST framework as a hobby about, go about doing that. >> There's a lot of talk in the community about should I pay the ransom? Should they not pay the ransom? And I suppose your advice would be, well pay up front and avoid the ransom if you can. >> Absolutely. Yeah. Dave, what we've seen is the ransomware payment has been very unreliable. We know of many, many examples where either they paid the ransom and they were not able to recover data, or they got the decryption keys and the recover process was too slow. So we are all about helping customers understand the risks that they have today, and giving them some pragmatic technology solutions. >> Talk about that conversation. Where is it happening at the customer level, as security is a board level conversation. Are you still talking with the CIOs lines of business, who else is involved in really understanding where all these vulnerabilities are within an organization? >> Yeah. So that's a great question. So we work with CIOs, we work with CSOs a lot more and the CSOs actually are facing the skills shortage problem. >> Yes. >> That's where they need actually help from vendors like Dell. And talking about ransomware, if you go to see a NEST framework, it goes all the way from identification of threats to prevention, creating measures with defense in depth. How do you detect and respond to threats in time? Because time is critical actually. And recovering from threats. So in that whole process, it's better for customers to have the full suite of security services installed, so that they don't end up paying the ransomware eventually. To provide the whole defense mechanism. >> So the adversary is, very, they're motivated. They're well funded, incredibly sophisticated these days. So how do you not lose if you're a customer? What's the playbook that you're helping your customers proceed with? >> Yeah, it's a great, so in the NEST framework as I mentioned before, services are evolving around, how do you identify the threats that exist in the customer's network? So we provide advisory services and we provide assessment of the customer's vulnerabilities that exist, so we can detect those vulnerabilities, and then we can build the prevention mechanisms once we detect those vulnerabilities. It's all about what you cannot see, you can't really defend against. So that's where the whole assessment comes in, where you can go and do a zero trust assessment for the customers entire infrastructure, and then figure out where those issues lie. So we can go and block those loopholes, with the prevention mechanisms. In the prevention mechanisms, actually we have a whole zero trust prevention mechanism. So you can actually go and build out, end to end defense in depth, kind of security. >> Arun, before the pandemic, the term zero trust people would roll their eyes. It was kind of a buzzword, and it's becoming sort of a mandate. What does zero trust mean to your customers? How are you helping them achieve it? >> Yeah. So great question, Dave. A lot of customers think zero trust is a product. It's not, it's a framework, it's a mindset. It helps customer think through, what kind of access do I want to give my users, my third party, my customers? Where does my data sit in my environment? Have I configured the right network policies? Have I segmented my network? So it is a collection of different strategies that work across cloud, across data, across network, across applications that interact with each other and what we are helping customers with understand what that zero trust actually means and how they can translate into actionable technology implementations. >> What do you help customers do that when we know that, I mean, the average customer has what? Seven different backup protection solutions alone, if we're talking about like data protection. How do you help them understand what's in their environment now? If they're talking about protecting applications, users, data, network, what's that conversation? And what's that process like to simplify their protection so that they really can achieve cyber resilience? >> That's correct. That's a great question, Lisa. One of the big issues we see with customers, is they don't know what they don't know. There's data across multi-cloud, which is great, it enables productivity, but it also is not within the four walls of a data center. So one of the first things we do is identify where customer's data is, where is their application live? And then we look for blind spots. Are you protecting your SaaS workloads? Are you protecting your endpoints? And we give them a holistic strategy on data protection and you bring up a great point. A lot of customers have had accidental growth over the years. They started off with one tool and then different business needs drove them to different tools. Maybe now is a good time to evaluate what is your tool set, can we consolidate it and reduce the risk in the environment. >> Yeah, I dunno if you guys are probably familiar with that. I use it a lot when I write, it's an Optive chart and it's this eye test and it says here's this security landscape that taxonomy it's got to be the most complicated of any in the business. And so my question is ecosystem, you've got to have partners. But there's so many choices, how are you helping to solve that problem of consolidating choices and tools? >> That's a great point. So if you look at the zero trust framework which Lisa you talked about, in the zero trust framework, we have few things we look at, that is through Dell's technologies and partner technologies. So we can provide things like secure access, context based. So which users can access which applications. Identity based, the second one is which applications can talk to which applications for micro segmentation. Again, identity based. And then you have encryption everywhere, encryption with data and motion data and rest. Encryption is super important to prevent hacks. So, and then you have cloud workloads, we have cloud workload protection. So some of those things, we rely on our partners and some of them actually we have technologies in house I was like Arun talked about the cyber resilience and the world that we have in house. So we provide the end-to-end framework for our customer for zero trust, where we can go and identify, we can assess, we can go build it out for them. We can detect and respond with our excellent MDR service that we came out with last, just last year. So that MDR service allows you to detect attacks and respond automatically using our AI and ML platform, that reduces the signal from the noise and allows to prevent these attacks from happening. >> Arun, question for you as we've seen the proliferation of cyber attacks during the pandemic, we've seen the sophistication increasing, the personalization is increasing. Ransomware as a service is making it, there is no barrier to entry these days. How has Dell technologies overall cyber resilience strategy evolved in the last couple of years? I imagine that there's been some silver linings and some accelerations there. >> Yeah, absolutely Lisa. One of the things we recognized very early on when big cyber attacks going on five years ago, we knew that at as much as customers had great technologies to prevent a cyber attack, it was a matter of when, not if. So we created the first purpose built solution to help customers respond and recover from a cyber attack. We created innovative technologies to isolate the data in a cyber wall. We have imutable technologies that lock the data, so they can't be tampered with. And we also build some great intelligence based on IML. In fact, this is the first and only product in the world that looks at backup data, does full content indexing, and it's able to look for behaviors or patterns in your environment that you could normally not find with signature based detection systems. So it's very revolutionary and we want to help customers not only on the prevention side, which is proactive. We want them to be equally, have a sound strategy on how they would respond and recover from a cyber attack. >> So there's two pieces there, proactive, and then if, and when you get hit, how do you react? And I think about moments in cyber, I mean Stuxnet was obviously a huge turning point. And then of course the solar winds. And you see that the supply chain hacks, you see the island hopping and the living off the land and the stealth moves. So, it's almost like wow, some of these techniques have even being proactive, you're not going to catch 'em. So you've got to have this, you talked about the NEST framework multi-level, but I mean customers are aware, obviously everybody customer you talk to the solar winds, blah, blah. But it seems like they're still sleeping with one eye open. Like they're really nervous. And like we haven't figured it out as an industry yet. And so that's where solutions like this are so critical because you're almost resigning yourself to the fact that, well, you may not find it being proactive. >> Yeah, right. >> But you've got to have, the last, it's like putting tapes in a truck and driving them somewhere. What do you? Do you sense that it was a major milestone in the industry, milestone, negative milestone and that was a turning point and it was kind of a wake up call for the industry, a new wake up call. What's your sense of how the industry is responding? >> Yeah, I think that's a great point. So if you go to see the verbiages that it's not, if you're going to get attacked, it's when you're going to get attacked. So the attacks are going to happen no matter what. So that's the reason why the defense in depth and the zero test framework comes into play, where customers have to have an end-to-end holistic framework, so that they can have not just an defensive mechanisms, but also detect and respond when the attacks happen. And then as you mentioned, some of them, you just can't catch all of them. So we have excellent incident response and recovery mechanisms. So if the attack happened, it will cause damage. We can do forensics analysis. And on top of that, we can go and recover like the cyber recovery wall. We can recover that data and them production again, ready. >> I guess, I'm sorry. What I was trying to ask is, do you think we've understand solar winds, have the industry figured it out? >> Yeah, great question. I think this is where customers have to take a pragmatic approach on how they do security. And we talk about concepts like intrinsic security. So in other words, you can do a certain activity in your environment and punt the ball to some other team to figure out security. Part of what Dell does, you asked the question, there's a lot of tools, where do customers start? One of the big values we bring to customers is the initial awareness and just educating customers. Hey, what happened in these water-shed moment, in with these different attacks. Wannacry, Stuxnet, and how did those customers respond and where did they fail? So let's do some lessons learned with past attacks and let's move forward with some pragmatic solutions. And, we usually don't overwhelm our customers with a lot of tools. Let's have a roadmap, let's do an incremental build of your security posture. And over time, let's get your enter organization to play with it. >> You talk about awareness, obviously that's critical, but one of the other things that's critical with the cyber threats and the what's going on today is the biggest threat venture still is people. >> Exactly. >> So talk to us about some of the things that you help organizations do. When you're talking about the from an awareness perspective, it's training the people not to open certain links if they look suspicious, that sort of thing. How involved is Dell technologies with your customers from a strategic perspective about really drilling this into the end users that they've got a lot of responsibility here? >> Yeah, if you go to see phishing is one of the most common attack vectors to go and infiltrate these attacks. So Dell has a whole employee education program that they rolled out. So we all are aware of the fact, that clicking on links and phishing is a risk factor. And we are trying to take that same message to our customers through an employee awareness training service. So we can actually provide education for the employees from getting these phishing attacks happening. >> Yeah, that's really critical because as I mentioned, we talked about the sophistication, but the personalization, the social engineering is off the charts these days. And it's so easy for someone to, especially with with all this distractions that we have going on, if you're working from home and you've got kids at home or dogs barking and whatnot, it's easy to be fooled into something that looks incredibly legitimate. >> You bring another great point. You can keep tell people in your environment don't do things, don't do it. You create a friction. We want people to be productive. We want them to use different access to different applications, both inhouse and in the cloud. So this is where technology comes into play. There are some modern malware defenses that will help customers identify some of these email phishing, spear phishing. So they are in a better prepared position. And we don't want to curb productivity, but we want to also make, a very secure environment where people can. >> That's a great point is it has to be frictionless. I do have a question for you guys with respect to SaaS applications. I talk to a lot of customers using certain SaaS applications who have this sort of, there's a, a dual responsibility model there, where the SaaS vendors responsible for the application protection. But Mr. and Miss customer, you're responsible for the data, we are. Are you finding that a lot of organizations are going help. We've got, Google workspace, Microsoft 365, Salesforce, that, and it's really incredibly business critical to data. Dell technologies help us protect this, because this is on vulnerability that we were not aware of. >> Absolutely, and that's why we have the backup service with APEX, where we can actually have stats, data which is backed up using IEX solution for backup recovery. So, yes, that's very critical. We have the end to end portfolio for backing it up, having the vault, which is a air gap solution, recovering from it when you have an attack. And I think the value prop that Dell brings to the table is we have the client side and we have the data center side, With the Multi-cloud. So we provide a completely hardened infrastructure, where we all the way from supply chain to secure OS, secure boot and secure image. Everything is kind of hardened with stick hardening on top of that. And then we have the services layer to go and make sure we can assess the risks, we can detect and respond, we can recover. So that we can keep our customers completely secure. That's the value prop that we bring to the table with unmatched scale of Dell services. In terms of the scale that we bring to the table to our customers and help them out. >> It's an interesting opportunity. And it's certainly from a threats perspective, one that's going to persist. Obviously we know that, great that there's been such a focus from Dell on cyber resiliency for its customers, whether we're talking about multi-cloud OnPrem, public cloud, SaaS applications, it's critical. It's a techno, it's a solution that every industry has to take advantage of guys. Thank you so much for joining us. I wish we had more time. I could talk about this all day. >> Thank you. >> Great work going on there. Congratulations on what was going on with APEX and the announcement, and I'm sure we'll be hearing more from you in the future. >> Excellent. Thank you, Lisa. We are super excited about Dell services and what we can bring for managed security services for our customers. >> Excellent. >> Appreciate it. >> Thanks guys. >> Thank you. >> For our guests and for Dave Vellante. I'm Lisa Martin, you're watching theCube live from day two of our coverage of Dell technologies World, live from Las Vegas. Dave and I will be right back with our last guest of the day. (gentle music)