 Live from Las Vegas, it's theCUBE. Covering Edge 2016, brought to you by IBM. Now, here are your hoes, Dave Vellante and Stu Miniman. We're back, this is theCUBE, the worldwide leader in live tech coverage. Check out ibmgo.com. Donna Dillenberger is here, she's IBM fellow. Cube alum, Donna, fresh off the keynote. Great to see you again, thanks for coming on. Hi Dave, hi Stu. So really enjoyed your topic this year. We were just talking off camera, we were talking last year about sort of bringing analytics and transaction systems together to solve some of the big challenges in the world. But today you talked about open source and you talked a lot about blockchain. I want to sort of share that with our audience. Well, if I want to start with, you had 10, I think 10, at least 10 anyway, open source projects that IBM is heavily involved in. Talk about the importance of open source to IBM. Yeah, I mean, so, you know, of those 10 projects, some of them are, you know, no JS, open container, Eclipse, open power, open mainframe. Spark. Spark. Linux, open stack. So, you know, everyone has their own expertise, every company develops a core set of competencies. So for example, IBM, we're really good at like scalability and security. But when we partner that with other people who donate their expertise in analytics, their expertise in Docker containers, I mean, that's like the best date, right? I mean, you compliment each other, you push each other on, right? There's nothing that sharpens minds like other minds, right? And to have other people with such great skills, right? It not only brings IBM people to a better level of technical expertise, but just that collaboration, it really is, we're better together than separate. Okay, and then you also talked about, well, let's talk about blockchain. You know, it started with Bitcoin. Yeah. And I remember seeing Warren Buffett on CNBC some day talking about how Bitcoin would fail. And I remember thinking, well, Bitcoin is more than currency. You know, maybe the currency will fail, but the technology implications, which I didn't fully understand at a time and don't claim to fully now, but I think IBM was early on in understanding the technology implications of Bitcoin and blockchain. What were they and what led you to hyperledger? Yeah, so, you know, Bitcoin started in 2009 as a result of the Great Recession, right? There were a bunch of people, they wanted to build this cryptocurrency that would be free of like central governments and banks, right? And to do that, they thought, okay, we can't even rely on, you know, computer systems, right? We have to ensure that even that Bitcoin would be hosted in distributed computer systems that no one owned, right? And that led to the creation of a protocol that could run on distributed computers. And even if one computer fails, then the Bitcoin network would last. If a set of computers get compromised then the data would also still have integrity. And so that led to the creation of the blockchain protocol, right? So Bitcoin uses the blockchain protocol to use, you know, distributed systems to record financial transactions. But now that you have a distributed protocol that could record financial transactions, you could also use that distributed protocol to record the provenance of your food, you know? So for example, you know, if we're interested in buying this food product, we want to make sure that, you know, some of us, right? The eggs came from hens that could like, you know, walk around freely or that the ingredients weren't mixed with like glue or something, right? I mean, right now we hope that it's not mixed with glue, but now with blockchain, right? You could have these internet of thing devices. You could have these sensors put in the soil to measure the toxicity of the soil. You could have these IoT devices in shipping containers to measure the freshness of like lettuce. You could have like the IoT devices, you know, put in like the processing plants to measure, you know, how clean it is. And then all that data it's put on the blockchain, you can't change it, right? So even if you wanted a tamper with it and say, okay, well, you know, this factory isn't as clean as we thought it was, you can't, you know? It measures the level of toxicity. So now there's that level of transparency, right? And that ability to provide that data in a distributed way so that even like one owner can't compromise it, that actually leads to more trust, right? So yeah. So some of the characteristics help us unpack this. So it's immutable. I just mentioned that. I think I heard it's encrypted. It's distributed. So it's got provenance. There's no third party verification required. Right. I tweeted one time that it's virtually unhackable and somebody said everything's unhackable. I said, okay. If more than 50% of the participants, I guess, collaborate to hack it, it could be unhacked. It could be hacked, but if you and I have a transaction, we have to agree. Correct. Hey, let's hack our own system. So it's conceptually, virtually unhackable. Is it not? That's the goal to make it unhackable, right? So, you know, the Bitcoin, you know, Bitcoin was the first one and, you know, the Bitcoin development of their use of blockchain has some weaknesses, right? And that's why, you know, IBM with other companies came up with a different implementation of the blockchain. The Linux Foundation Hyperledger, you know, blockchain, and the Hyperledger blockchain is extremely different from Bitcoin-derived blockchains, right? Bitcoin-derived blockchains uses things like proof of work, right? And there, you know, when data gets committed, all of the computer nodes have to solve a complex math problem. They have to, you know, hash that into a value that starts with like what they call a nonce number, right? To provide some randomness in it. But then this is the weird thing, right? The computer system that first comes up with the solution to that complex math problem and creates that hash value, that's the data source that all the other Bitcoin-derived blockchains has to follow. And that is hackable, right? As proven by, you know, the breaches that were in the news, you know, there's somewhere where $60 million got stolen, $3 million got stolen. Hyperledger, you know, does not have that requirement for solving complex math problems and proof of work. We have a set of validators, and it's more, as you said, if we are part of transactions, you know, just Dave and I, then Dave has to validate that, you know, okay, I gave Dave $50, right? And Dave says, yes, you know, truly, Donna gave $50, but we don't really care what Stu says, right? Stu is not part of this transaction. So why should Stu have any say of whether, you know, this data is valid or not? You know, we keep Stu out, right? So the Hyperledger blockchain provides that flexibility so that only the participants who are part of the transaction, they are the ones that know whether that data is valid or not. And you gave an example of IBM supply chain, you know, for some, I guess, some hardware components, 4,000 suppliers. And you've implemented this, and you gave a great demo of this blockchain example, this Hyperledger example, to mediate, well, today you mediate disputes, you know, kind of manually, but historically you've done that. It takes a lot of time. People will call each other up, you know, they're really frustrated. What do you mean you don't see my invoice, you know? Yeah, I sent it, I sent it again. So on average it takes 44 days to resolve. So you've implemented the system with things like proof of delivery and proof of payment, et cetera. What has been the business impact to IBM? Yeah, I mean, the goal, I mean, the reason why we put this on blockchain is to reduce the dispute, the amount of time it takes to resolve a dispute, which is 44 days. And then when we reduce the amount of time it takes to resolve a dispute, then we don't require that much money, you know, that we have to, like, put on hold in our supply chain. And then it also creates better relationships with our partners and suppliers as well. And that, you know, has been the goal of, you know, the IBM global finance blockchain, yeah. Donna, so many of the challenges that we're facing in IT these days seem to fit right in your area of expertise. You know, it's all about distributed architectures. So you mentioned that, you know, IBM really has strengthened scalability and security. So, you know, things like cognitive, Tom Rosamiglia said, you know, it's going to be in everywhere. You know, IoT is from, you know, edge to core and all over the place. You know, how was that knowledge of building distributed systems, getting spread in IBM and working with your partners and across the industry? Yeah, yeah. So, you know, when all was started as technical people, right, we, you know, we started by building a particular component, right? We programmed or we built a computer board, right? And we had this sense of craftsmanship, right? Because we own this widget. We own this, you know, these 20,000 lines of code, right? But it almost goes back to Dave's question about open source. The real power is like when we combine all these things, right? So if we just created little sensors on our own, right? And we never had that data, you know, we never looked at that data through analytics, then we couldn't find as much from putting these sensors in soil or putting these sensors in like airplane wheels or like cars, right? But then you combine that with analytics and then you could just, you could find all these patterns. But then, you know, you get this problem, okay, well then how could you trust the data, right? Because the data sent from IoT devices, you know, to some storage system or a laptop, it could get hacked in the middle, right? And that's when we have the blockchain protocol, right? It gets into, you know, it gets into a blockchain node, right? Other IoT sensors in the soil also sends the same data, right, so we have corroboration, right? And so now you have the pedigree of the data and it's combining all these three, right? IoT devices, analytics, you know, pedigree of data provided by blockchain and then of course all this, you know, can't run in just like, you know, one laptop that's in Las Vegas, right? You need like distributed systems to be able to, you know, safeguard the data and provide the power. So it's weird that, you know, it's almost like baking, right? You have all these ingredients and when you put them all in, you get a great cake, right? So it's much, it's really good to put them together. I'm curious your thoughts about some of the hyperscale players, you know, people like Google, Amazon, you know, Facebook and Apple, they all build, you know, very distributed architectures, but they're not nearly as open as a company like IBM, you know, is that a misperception or, you know, could that be a limit to some of our growth of things like IoT or going to require interaction with some of these type of players? You know, it's almost like, and maybe this is just a statement at this moment in time, but all roads lead to open source, right? I mean, we were talking about like history, right? So, I mean, just look back even before blockchain, right? The open source UNIX systems, right? You had Solaris, you had like AT&T, right? BSD, right? And then you had Linux and we all knew at the beginning, Linux was not as powerful, right? As all these other, you know, UNIX versions, but Linux came to be the most adopted, right? And you know, one reason is because it's free, but the other reason is because you have this whole community donating code to make Linux, you know, to make sure it scales, to make sure it's secure, to make sure it works with like little phones and large servers, right? That type of like, that type of density, you start out as a proprietary system, you know, the Googles or whatever companies, but even then, you know, even the Googles, right? They open source their code, other people donate and it makes it even better, right? I mean, if you really want to make your product better, you know, just open it up to the light of day of open source, right? People are going to read it, they're going to say, that doesn't work. This is a much better way to do it. And so what? We're grown-ups, we take criticism, right? But it'll make it better. And then we'll say, okay, you put an improvement, but that really is really bad. Here's a better way to do it, because we're always trying to like one up each other. That's a human thing. So Donna, it seems like everybody's a software company these days, so I've been thinking about Hyperledger. What types of companies are contributing to the project? What kinds of things are they doing? Where are they coming from? Is it different industries? It's not just the technology industry, obviously. Yeah, that's what really surprised me. You know, I thought, okay, we're going to open, you know, Hyperledger is going to be an open source blockchain, it's only going to be blockchain companies donating. But that's not true, it's industries that are writing blockchain applications. Financial companies are donating code to make sure that we satisfy their financial protocol requirements, right? Manufacturing companies are donating code and to make sure that we support like these manufacturing standards, healthcare companies, right? So in fact, the fewest numbers of companies that are donating blockchain code are actually pure blockchain people. It's the users of blockchain that are donating code. And that really surprises me. You never know who your collaborators are going to be. And it's good because they guide the shape of it, right? You know, I mean, we think that we're building like we're building a really good bicycle and then our collaborator says, you know, forget the bicycle, let's make this into a motorcycle or something, right? So it's, it's, it's interesting. And IBM's making these services available in the cloud. Yeah. And then you talked about some level of security, EAC-5 and FIPS and throughout a couple of other, you know, nomenclatures that I didn't, I wasn't familiar with, but you made a statement that it's the most, you know, secure that you're aware of. Yeah. Can you share with us what you've done there? Yeah, yeah, so, you know, there's something called FIPS 142 level four, Federal Information Processing Standard 140-2 level four, right? So it's a set of guidelines for any software or hardware manufacturer providing cryptographic algorithms. It has to, has this behavior, it has to protect your data in such a way to be qualified for FIPS 140 level two. Your crypto algorithms have to pass, you know, these set of criteria. There's four levels of FIPS 142. Level one is the weakest and level four is the strongest. The existing computer systems out there that provide crypto algorithms, you'll find levels one and two. If, you know, the industry really requires it, you'll have specialized companies provide these hardware modules that you could network attach that gives you the level three. And IBM Z systems, the Linux one servers, the only one that has the strongest level level four. In fact, it's not something that's network attached so that it could be hackable by network intruders. It's built into the system. The reason why we have to qualify for FIPS 140, you know, dash two level four is because if you're providing crypto algorithms for any type of regulated industry, you know, financial, healthcare, insurance, many governments require that level of certification. So we had to do it for all these others, for all the sensitive data and then we said, you know, people are putting this type of data on the blockchain, let's make sure that we, this vault we built also protects, you know, blockchain. So given the inherent security attributes of blockchain, there are obviously security applications and use cases. I know IBM's working on some, MIT's got Enigma. Can you share with us kind of what you think the potential is for blockchain as a new security paradigm? Now that's very interesting, right? So that will be really interesting. Like two years from now, we come back and we see if this takes hold, right? You know, at the heart of all these endeavors is this idea of what is identity, right? So, you know, I trust that you're Dave, right? And you trust that I'm Donna, right? We see each other, right? But what if we weren't sitting physically across from each other? What if we couldn't even Skype each other? How would you ensure that this other person that you couldn't even see is Donna, right? And then, you know, so you have like crude levels of like authentication, user ID passwords, those are hackable, right? Then, you know, the things coming up in the industry now is multi-factor authentication, not just one password, but okay, hey, we'll send you some, we'll send something to your cell phone and only you as the owner of the cell phone could see it, you know, we'll send it to your email system, right? But it's all to try to prove that you are who you are, right? And blockchain, since it is, once you put a record on the blockchain, you can't change it. There's a set of documents, right? That people, governments, corporations are coalescing around that if you have, for example, this driver's license, you have this in the USA, this social security number, you have this passport number, right? Maybe if you have these three types of identification, then we really know that you are, you know, your Dave. In other countries, you know, they might say, okay, you also have to supply like your last three postal addresses or something, but you know, the answers to those questions, I mean, we do it every time we sign up for a website, we have to put like five to 10 personal questions, right? I mean, that is so inefficient, right? But if that information could be on a blockchain somewhere secured and protected, right? And then you provide something called zero knowledge proof where, all right, you know, I'm Donna and I've provided two out of the five criteria, right? And when that blockchain identification service says, okay, Donna answered these questions, Dave, you could really believe this is Donna without Dave ever having to know what are the answers to my personal questions, right? That is the substance of this collaboration. It is, how do you prove who you are and not have to answer the same questions like a hundred times over? The black box validates it and I then, as a consequence, trust that you are Donna, so. Yeah, yeah, that's very interesting, right? And you think that's a couple of years, we'll start to see commercial use cases for that type of technology? You know, imagine that, imagine how small, smaller your wallet's going to be, right? No more driver's license, no more social security card, no more like whatever card, right? You know, I mean, yeah. Boy, that's really good, yeah. Well Donna, it's great to see you face to face and I really appreciate your time. Thanks for coming on theCUBE. All right, thank you. All right, keep right there, buddy, Stu and I will be back with our next guest. This is theCUBE, we're live from IBM Edge, hashtag IBM Edge.