 Live from Washington D.C., it's CUBE Conversations with John Furrier. Hello everyone, welcome to a special CUBE Conversation here at Amazon Web Services headquarters in public sector in Washington D.C., actually in Arlington, Virginia. It's a CUBE coverage on the ground in Washington D.C. Our next guest is Shannon Kellogg, who's the director of AWS Public Policy in Americas here joining us. Thanks for spending the time with us. It's a pleasure to be here. So obviously public policy is a big part of public sector hence the success you guys have had. Amazon's had great success. When you go back four years ago, the shot heard all around the cloud was the CIA deal. And since then there's been this gestation period of innovation, you guys have been penetrating, doing a lot of hard work. I know how hard it is and kind of knowing the D.C. culture. How hard was it and how hard is it for you guys now? Is it getting easier? Policies, got a lot of education, involved a lot of moving parts. Yeah, well, I joined over five years ago. And when I joined, there was very little understanding that Amazon was even in the cloud computing business. And so we really had to start from scratch. And so it was just basic education and awareness work. And I wouldn't call that easy, but it certainly wasn't a different time where people were curious about Amazon, AWS, and cloud, what is cloud computing? The cloud computing directive of the federal government, cloud first policy had just come out a year prior. And so there was a lot of curiosity. So people were willing to talk, people were curious, but they didn't really understand what cloud computing was. And again, they didn't even realize that AWS was in that business. And back at that time, and I think you have a tech history with EMC before in RSA, you know the tech game. You've seen many waves of innovation. And it's almost a time where you saw some interesting shadow IT developing. Shadow IT term referred to kind of in the shadows, experiment, put your credit card down, get some Amazon, get some cloud and test, kick the tires if you will, kind of without anyone seeing it called shadow IT. That became a big part of the growth. How much shadow IT has been involved to kind of force the Amazon to the table? Did that help? Was that a help driver for you guys? Was it going on? Well, it's interesting because when you look back four or five years ago, there were a lot of first movers in departments and agencies, folks in little units that I had actually even never heard of in some of the big agencies, customers that I would speak to that were experimenting with AWS and commercial cloud. And in those days, they were able to take out their credit card and experiment a little bit with it and discover what was possible. And we saw a lot of uptake and interest as a result of some of that experimentation. But really, things started to change in a big way when AWS won the contract to build the community cloud for the intelligence community. And following that win, and as that project was implemented and in the six months to a year after that award, we saw a lot more interest by agencies to not just experiment, but to go bigger. I couldn't get Amazon to confirm, I've tried many times on theCUBE, Jassy, and to Recept to get them to confirm that that was certainly a shadow IT effort that someone within the CIA came out of the woodwork and said, hold on IBM, we have an alternative. Yeah, well I can't comment on that either but I can tell you that it was a very open competitive process that we won and it was a very big deal for the community and a very big deal for us. And that's when we really started to see a number of other agencies and organizations really not just experiment with cloud but how can we leverage this to get the same benefits that the Intel community has? And IBM didn't help either, they got cocky, they figured they're going to sue you guys and end up amplifying it with a judge actually said on the ruling, Hamilton is a better service. I mean you couldn't get a better testimony but let's talk about that move. It was a resounding legal opinion and I would encourage your viewers who haven't read it to read it. It's well documented, SiliconANGLE, search SiliconANGLE, AWS, IBM, CIA deal, you'll find it. But I think what's notable about that is it's kind of cocky because the old way of doing things was schmooze when the ivory tower have that relationship, rely on that, lean on that relationship and the IT just, they were just like going through security at the airport, you know, just whatever, right? Just check the boxes. You got to win the C level. That now has changed where not only is the buying and evaluation process bottoms up, there's a lot of consensus involved there's now new stakeholders. You bet. Talk about that new dynamic because this is a modern trend, it's not just, you know, send it to the department for a check box, it's truly agile. Talk about this new modern procurement process that people are going through. You bet, and it's still evolving. But over the last few years, we've seen a lot of interest by federal organizations to shift from what is traditionally a capital expense model to an operational expense model. And you'll probably laugh at me that I actually even remember this, but in the 2015 budget with the previous administration, President Obama's budget request in 2015, there was actually on page 41 of that budget a line or actually a paragraph that talked about how the federal government would need to continue to move to commercial cloud services. And in the language, in the budget, it actually talked about the consumption model, the operational expense model versus, you know, the traditional CapEx model. What is commercial cloud? Because, you know, I mean, again, back to the old days, kind of back in my days when I was growing up in the industry, you had a federal division that managed all the government stuff, sometimes separate products, right? I mean, absolutely different unique features in the government. Now with the cloud, are you hearing that this is the same cloud that Amazon runs? Is it a different product? I know there's different, you know, private cloud. Certainly our cloud is one option. Explain with commercial cloud. Yeah, our cloud is one option in this area of commercial cloud services and we think it's a great option. But if you look at the different types of solutions, NIST actually talked about this when they put out the definition on what cloud computing should be described several years ago. I think the final definition came out in 2011. And at the time they called public cloud, which, you know, we in federal agencies now really refer to as commercial cloud as one of the deployment models. But it also is really emphasizing commercial solutions and commerciality versus having an agency go out and try to build its own cloud or to issue a special contract that is controlled by that agency that does a traditional private cloud type of build like for example, California did with CalCloud several years ago. We're seeing more and more agencies move away from that model and into procuring. Why is that? Well, because, yeah. Just like HP and everyone else backed out of cloud? Same reason? It's costly and one thing looking at CalCloud and if you haven't sort of looked at what they did with their policy. In 2014 they issued a policy California did which basically created a preference for CalCloud and by August of 2017 they moved away from that preference, reversing the policy and then doing sort of a about face and saying not only is there not a preference for a CalCloud that's privately built cloud anymore in California, but there's going to be a preference for commercial cloud services and leveraging commercial solutions and technologies. Was that, again, the same reasons why a lot of commercial vendors like HP, even VMware and others who kind of backed out of the cloud, it's expensive, it's complicated, right? Is that the main driver or is it more of talent? I mean, why did CalCloud move from that to the model? Yeah, I mean, I obviously can't speak for what other generalities have done, but I think based on our observations at the federal level, at the state level and even internationally, we're seeing more and more governments in their cloud policies focus on how to leverage commercial cloud services versus build their own or go out and spend a billion dollars and trying to build their own through a contract or a traditional contract. I talked to Theresa Carlson. And by the way, just for the record, in California it was IBM who actually ended up building CalCloud. Nice dig on IBM there, good one. So I just talked to Theresa Carlson and she and I were talking about the notion of commercializing the ecosystem of bringing tech in with government, kind of the mashup or integration culturally and among other things, technology. I had an interview with an executive, New Relic, one of your Amazon's top customers. I think they were saying they were getting FedRAM certified, but there's a variety of certifications that you guys offer essentially people in the ecosystem non-governmental, but they can come in and provide solutions. Can you talk about that dynamic because we're seeing that become a trend now where folks in the Amazon or in general tech ecosystems says, hey, you know what, I can go in through Amazon and do some business with the public sector. Sure. What do you guys offer? Is there a playbook? Is there a roadmap? Is there checkboxes? What's the playbook? Well, first of all, if you don't, your viewers don't know what FedRAM is. It's a federal government security evaluation process for cloud computing providers and service providers who want to sell to the US federal government. And the framework itself was created on international security standards as well as existing and evolving in some cases, in this security standards. And so it's a common security framework that any company of any size can align to. And AWS, because we believe so strongly in security and because we had a lot of first mover customers in the federal government marketplace, we really invested in that process early. And as a result of that, we meet the FedRAM requirements at the different security levels that exist. And we were one of the first providers to actually do that. And then partners started working with us and leveraging that and not just resellers or systems integrators. They take you back on your certification or they have to do some modifications. It's like the stamp of approval. You can't get into the party without it, right? Yeah, you have to have FedRAM certification in order to provide certain types of services to the US government. A lot of agencies now require some type of FedRAM certification to do business with them. It's very common. Any other certifications that they need? Well, that's the most common one at the federal level, but there are some department-specific requirements too. So for example, when you look at the Defense Department, they've added additional requirements on top of FedRAM and providers like us have to go through those additional processes. And then again, if you're partnering with an AWS and we've gone through that process and we made the investments and you have some software that's based on AWS, that's gonna be favorable for you in order to sell to that market segment. Take a step back and zoom out and talk about the big landscape in DC. Obviously, DC is the center of the action for policy in this obviously public sector all around the world as well in the United States. What's the trend that you're seeing? I mean, obviously Amazon is kind of like its own black swan if you think about it. They're lowering prices and increasing functionality on a daily basis as the business model of Amazon. They win on scale. Customers are happy with that and the government seems to be happy. Yet the competitive landscape couldn't have been at an all-time high, certainly Oracle, IBM, Microsoft, the others are competing for the same dollars potentially. So you have the old guard, as Andy Jassy would say, and you guys, you know, self-described new guard. What's the landscape look like? How are you guys competing? What observation can you share and the role of policy makers in the middle of it? Are they stuck between all this? Well, it's been quite a ride over the last seven or eight years. Again, going back to the one the first cloud policy was issued by the federal government CIO at the time, Vivek Kundra. Very early days they talked about each agency trying to move three applications to the cloud. And so we're in a much different time now and there are a lot of agencies who are going all in on cloud services. That's actually been really fast-forwarded and emphasized even more over the last couple years, starting with the previous administration and the emphasis that they had. I talked about the 2015 budget, but we also saw a number of other policy initiatives in the previous administration during President Obama's eight years. And then you had the new administration come in and really emphasized this early too. And one of the cornerstone things that's happened by the new administration over the last year has been the development and then the release of the President's report on IT modernization. And they set up a new Office of American Innovation and a new tech console to advise on the development of that report. And they went out, the administration did, and got a lot of input from the industry. And then they came out with a final report of recommendations in December and they're already moving to actually implement a number of those recommendations in pilot, a number of recommendations in agencies. And they're really emphasizing shared services and commercial cloud services as a key part of that effort. And then in tandem with that, and this is probably gonna shock you, but in tandem with that, Congress actually worked with the administration to also make a number of changes to law, including in December of 2017, a really important piece of legislation called the Modernizing Government Technology Act. And that was added to the Defense Authorization Bill for 2018, you know in this town that's often how legislation moves at the end of the year is through the Defense Authorization Bill. And so that legislation was passed and it really is focused on helping agencies in their IT modernization efforts move again from legacy IT systems to the cloud. And they're not doing that just because it lowers costs and it's a good thing to do. They're actually doing that as part of a way to improve the federal government's cybersecurity posture. And that's the last thing I'll talk about that's happened in the last year is I mentioned what the administration did about its IT modernization report. I mentioned also what Congress did with the Modernizing Government Technology Act, while there was also a new cybersecurity executive order that was issued during the year by the president that married those two things. And basically it made very clear that there's very little possibility to actually improve the security of federal systems without moving forward with the IT modernization efforts and moving the cloud. And the cyber warfare we're living in and truly is a cyber war. This is not just hand-waving IT modernization. It's beyond that because it's critical. Critical infrastructure now being compromised. This is our security, right? It's the state of the security of our people. You bet, and quite frankly, we're seeing this trend internationally too. You see more and more governments making this link between IT modernization and improving the country's cybersecurity posture. We've seen that in the UK. We've seen that in Australia. It takes a cyber war to fix IT. I mean, is that what we're coming to? Okay, final point is obviously IT modernization is key. I love that that's driving it. We need to go faster. Question for you, Cloud First, certainly a big initial orientation from the government to go Cloud First. Question for you is, do you see the expectations yet in the agencies and throughout public sector for cloud speed? Meaning, I don't mean like speed and feeds, like moving to an agile outcome, fashion delivery, under budget, on time, lower prices. Is that expectation now set? Or is it still getting there? No, we believe it is being set. And if you look at developments over the last six months, I mean, you now have the Department of Defense that has come out with changes to policy to move faster to the cloud. And if you look at the Secretary, I'm sorry, the Deputy Secretary of Defense's memorandum in September of last year, he talked a lot about leveraging cloud computing as part of a way to make improvements in the implementation of technology such as artificial intelligence and machine learning. And in that memo they talked about that's a national security imperative to do that. And so they're seeing technology, not as the end result, but as a way to enable a lot of these developments and changes. And we've already seen many of those steps forward in the intelligence community. So it's very encouraging to us that we're also seeing now the Department of Defense move in this direction. So they're running towards the cloud. They're running towards AI. They're trying to. They're going as fast as they can because they need to. They're trying to. Final word on security, what do you hope to have happen in our government in America to really crack the code on cyber security and surveillance, all these holes, especially with IoT, the surface area, it couldn't be bigger. So before I answer that question, one thing I did want to say, because we were talking about the Department of Defense and you had added a question in earlier about what some of the legacy providers may or may not be doing. Well, these two things are married. What we're seeing at the Department of Defense is that they really do want to move faster to the cloud. But you probably noticed in the press that there are many different legacy providers out there. And as our boss would say, Andy Jassy, a lot of the old guard community who want to try to slow that transition down. And so that is really something that's going on right now. There's a lot of effort out there to pursue this status quo, to continue to keep the lights on. And if you look at what amount of the federal budget that is being spent on keeping the lights on an IT, it's over 80% is what the number is commonly referred to. And so a lot of companies are making traditional companies, old guard companies, as Andy Jassy would say, are making a lot of money following that same path. And you know what? The taxpayer can't afford that anymore. The mission owners can't afford that anymore. And so it's really time to move forward into the 21st century and leverage commercial cloud technologies, some of these advanced capabilities like artificial intelligence and machine learning. And then to answer your final question. Hold on, just on the DOD thing. I did see that news. It's completely fud, fear, uncertainty, and doubt as they say in the industry from the old guards to slow down the process. That's classic move, right? Hey, slow down, we're going to lose this thing. We don't put the brakes on it. It's a classic move that some companies have been practicing for a few decades. Decades, decades. We all know it's called selling 101 when you want to secure the ivory tower, okay? So, but this is the tactic and I want to get your opinion. This is a policy question. It's not in the best interest of the users and the society and the citizens to have a policy injection for political warfare on deal selling. So that's essentially what I see happening. Yeah, we agree. And we get your comments on this because it comes up to a very political topic, technically, multi-cloud, right? So the move is, whoa, you can't go to one cloud. We're putting all our eggs in one basket. So we have to speck it to be multi-cloud. That's the policy injection. What's the impact of that in your opinion? It doesn't matter, does the government say, hey, we should do multi-cloud or? Or first. You actually want to have one cloud. That's what the agency wants. Well, actually, you know, that's not true. What I'll say and take a step back here is that what we want is what the customer wants. And, you know, a lot of companies are forgetting the customer in this debate about multi-cloud versus single cloud. So you're jump ball. Just your philosophy is jump ball. We welcome open competition. So multi-cloud, single-cloud. We want to serve the customer. What happened with the intelligence community is they had an open competition for a single-cloud approach. One thing that's happening right now, you know, as part of this broader discussion is some of the old guard companies are spreading a lot of misinformation about the different types of contracts. And so there's been a lot of misinformation about DoD trying to pursue a sole-source contract for this Jedi program, you know, that they're trying to do to implement cloud. And what DoD has said in the stories that I've read on the record is that they want to have an open competition. And whether or not they choose a single award, which is different than a sole-source that's not competed, if they choose a single award that's competed like the intelligence community did, or they choose a multi-award, it's going to be their preference. And let me tell you something in the policy space. What we've heard consistently from members of Congress and other policymakers is they don't want to be in the business of telling the Department of Defense or any other federal agency specifically what they should do or shouldn't do in a technology procurement. What they want is an open competition. And I'll tell you on the record, we embrace an open competition and that will serve the customer as well. But don't tell the customer if you're an old guard company what they should or shouldn't do and don't ignore the customer. Well, I would have run from just on a personal standpoint, industry participant, I would say that that's going backwards. If you have the companies doing old guard tactics, injecting policy and FUD to slow a deal down just to save it, that's really bad form. Yeah. And that's going backwards. It's bad policy, but it's also bad for the taxpayer and it's bad for the mission owner. So let there be open competition, let the customers like DOD make the decisions that they're going to make, which is going to be best for their mission. Well, Shannon, as Teresa, a basketball fan would say, jump ball, make it fair and let the chips follow what they make. Let's do it. All right, open competition. That is Amazon's position here in DC policy, no problem. We can play that game, but it's all about the customers. Shannon, thanks for your insight and observation. Shannon Kellogg, who's in charge of policy in Americas for AWS. This is CUBE Conversations. I'm John Furrier. Thanks for watching.