 Good morning, fellow cloud nerds, and welcome back to day four of AWS re-invent. We are here in fabulous Las Vegas, Nevada. I'm joined by my co-host, Paul Gillan. I'm Savannah Peterson. We're on theCUBE. Paul, how you doing? Hey, Paul. We're staggering to the conclusion. Yeah. And I say that only because we're talking about my feet. This event is still going strong. The great keynote this morning by Werner Vogels about system architecture and really teaching 70,000 people out of design systems. AWS is really taking advantage of this event to educate its customer base. So much education here. Yeah, and that was a fantastic sort of cap to the keynotes we've seen this week. Yeah, I'm impressed, Paul. Our first AWS re-invent, I think we're doing pretty good on all things. Well, we're still alive. And our next guest actually looks like he's been sleeping this week, which is remarkable. Please welcome I-all to the show. I-all, how you doing today? I'm good, I'm good. Thank you for having me. It's our pleasure. I'm here with Anjuna. Yes. Just in case the audience isn't familiar, what's Anjuna? Anjuna is an enterprise security company. We focus on the space of confidential computing. And essentially we enable people to run anything they want, anything they want in any environment with complete security and privacy. Which is a top priority for pretty much every single person here. That is true. Now, confidential computing, I keep hearing that term. Yeah, let's go then. Is it, I mean, is there a trademark associated with it? Is there a certification, is the concept or is it actually a set of principles of frameworks? Give us a scoop. Yeah, so confidential computing is essentially a set of technologies that were added to the hardware itself, to the CPU and now to GPUs by the hardware vendors. So Intel, AMD, ARM, NVIDIA, AWS were their own hardware solution for this. And essentially what it allows you to do is to run workloads on top of the CPU and the GPU in a way that even if somebody gets full access to the infrastructure, you know, root access, physical access, they're not going to have any access to the data and the code running on top of it. And as you can imagine in cloud environments, this is extremely, extremely well done. And it's done through encryption? It involves encryption. If you go one step deeper, it involves protecting the data while it's running, data in memory, when the application is processing it, which is always being the missing piece in terms of where you protect data. So I got excited when I looked at the show notes because you are serving some of the most notoriously security-strict customers in the market. Can you tell us about the Israeli Ministry of Defense? Sure, so essentially what we do with the Israel Ministry of Defense and other customers, especially on the government side, one of the challenges the government has is that they have to, if they want security and privacy in the cloud, they have to use something like a GovCloud. And sometimes that makes sense, but sometimes other the GovCloud is not ready because of legal battles or just it takes time to set it up. In some countries it's just, it's not going to make financial sense for the clouds to create a GovCloud. So what we do is we enable them to run in the commercial cloud with the security and privacy of a GovCloud. Was that, I can imagine, so you took them to the public cloud, correct? Was that a challenging process? When I think of national security, I can imagine a business transformation like that would be a little nerve-racking. Oh, definitely, it was a long process. And they went like, this is probably one of the best security experts on the planet. And they went extremely deep in making sure that this aligns with what they would be able to do to actually move sensitive data to the commercial cloud, which obviously that the requirements are higher than anything I've ever seen from anybody else. And the fact that we're willing to publicly talk about this and be a public reference for us shows the level of confidence that they have in the underlying technology in the security and privacy that this allows them to achieve. We still hear reservations, particularly from heavily regulated industries, about moving to the cloud, concerns about security, data ownership, shared responsibility. Are those real? Are those valid? Or is the technology foundation now strong enough that they should not be worried about those things? Yeah, this is an excellent question because the shared responsibility model is exactly sort of the core of what this is about. The shared responsibility model essentially means the cloud's sort of by definition. The cloud is somebody else managing the infrastructure for you, right? And if somebody's managing the infrastructure for you, they have full access to what you do on top of that infrastructure. That's almost the definition. And that's always been sort of one of the core security problems that was never solved. Confidential computing solves this. It means that you can use the cloud without the clouds having any access to what you do on top of their infrastructure. And that means that if the clouds get hacked, your data is safe. If an employee of the cloud decides to get access to your data, they can't. They just don't have any access. Or if the government comes to the cloud with a subpoena, the clouds can't give them access to your data, which is obviously very important for European customers and other customers outside of the US. So this is essentially what confidential computing does and it allows to break that chair responsibility model where you as the customer get full control of your data back. Now do you need the hardware foundation to do that or are you solving this problem in software? No, so we do need a hardware foundation for this which is not available in every cloud. And it's part of every server CPU, that Intel ship, that AMD ship. This is part of almost every data center in AWS. But what we bring to the table at Anjuna is every time there was a fundamental shift in computer architecture, you needed a software stack on top of it to essentially make it usable. And I think the best last example was VMware. Virtualization was extremely powerful technology that nobody was using until VMware built a software stack to make it super simple to virtualize anything. And to some extent that was the birth of the public cloud. We would never have a public cloud without virtualization. We're seeing the same level of shift now with confidential computing on the hardware side and all the large players are behind this, they're all part of the confidential computing consortium that pushes this, but the challenge customers are running into is for them to go use this, they have to go refactor and rebuild every application. Why? And nobody's going to go do that. And that's exactly what we helped them with. In terms of why, as part of confidential computing, what essentially means is that the operating system is outside the cross cycle. You don't want to cross the operating system because you don't want somebody with root access to have any access to your data. And what this means is every application, obviously communicates with the operating system pretty often to send something to the network or save something to the file system, which means you have to re-architect your application and break it into two, a confidential piece and a piece that's communicating with the operating system and build some channel for the two sides to communicate. Nobody's going to go do that for every application. We allow you to essentially do something like an Juno run application and it just runs in a confidential computing environment, no changes. Let's talk a little bit more about that. So when we're thinking about, I think we've talked a little bit about it, but I think there's a myth of control when we're talking about on-prem. Everybody thinks that things are more secure. It's not the case. Tell us how enterprise security changes once a customer has adopted and Juno. Yeah, so I think you're absolutely right. I think the clouds can put a lot more effort and expertise into bringing security than the data center, or you definitely have this sort of more sense of security in your data center because you own the full stack, right? It's your people, it's your servers, it's your networks in the cloud. It's in your house, so to speak. Exactly, and the cloud is the third party managing all that for you and people get very concerned about that and to some extent for a good reason because if a breach happens, regardless of who's fault it is, the customer is going to be the one sort of left holding the bag and dealing with the aftermath of the breach. So they're right to be concerned in terms of what we do. Once you run things in confidential computing, you sort of solve the core problem of security. One of the core problems of security has always been when somebody gets access to the infrastructure, especially route access to the infrastructure, it's game over, they have access to everything. And a lot of house security has been built is almost like these band-aid solutions to try to solve, like perimeter security is how do I make sure nobody gets access to the infrastructure if they don't need to, right? All these detection solutions is, once they're in the infrastructure, how do I detect that they've done something they shouldn't have? A lot of the vulnerability management is how do I make sure everything is patched because if somebody gets access, how do I make sure they don't get route access and then they really get access to everything? And confidential computing solves all of that. It solves the root cause, the root problem. So even if somebody gets route access, even if somebody has full access to the infrastructure, they don't have access to anything, which allows you to one, essentially move anything you want to the public cloud, regardless of the sensitivity of it, but also get rid of a lot of these other sort of band-aid solutions that you use today to try to stop people from getting that access because it doesn't matter anymore. Okay, so cyber security is a one and a half trillion dollar industry growing at over 10% a year. Are you saying that if organizations were to adopt confidential computing universally, that industry would not be necessary? No, I think a lot of it will have to change with confidential computing. Exactly like the computer industry changed with virtualization. If you had asked, you know, when VMware just got started, if the data centers are going to, like, oh, this is going to happen, I don't think anybody could have foreseen this, but this is exactly what virtualization did. Confidential computing will change the security industry in a massive way, but it doesn't solve every security problem. What it essentially does is it moves the perimeter from the machine itself, it used to be sort of the smallest atom, to be around the workload. And what happens on the machine doesn't matter anymore. You still need to make sure that your workload is protected, so companies that make sure that you write secure code or so are going to be needed, plus you're going to need security for things like the null service, because if somebody gets access to the infrastructure, they can stop you from running, but your data is going to be protected. You're not going to need any of these data protection solutions around the box anymore. Let's hang out there for a second. Where do you see, I mean, what an exciting time to be you, like, frankly, and congratulations on all of your success so far. Where are we going in the next two to five years? Yeah, I think with confidential computing, the first thing that this is going to enable is essentially moving everything to the public cloud. I think the number one concern with the cloud, kind of like you mentioned, is security and privacy. Right. And this essentially eliminates that need, and that's why the clouds are so excited about this. That's why AWS talks about it. And I think Steve Schmidt, the CEO of Amazon, who used to be the CEO of AWS, talks about confidential computing as the future of data security and privacy. And there's a reason why he does that. We've seen other clouds talk about this and push this, that that's why the clouds are so excited about this. But even more so, again, I think over time, this will allow you to essentially remove a lot of the security tools that exist today, kind of reimagine security in a better way. Clean it up a little bit, yeah. Exactly, and over time, I think it's going to change the world of compute even more, because one of the things this allows you to do is, the closer you get to the edge, the more security and privacy problems you have. Right, and so many variables. Exactly, and it's basically out there in the wild, and people can get physical access. Quite literally, a lot of the time, yeah. Exactly, and what confidential computing does, it provides that complete security and privacy, regardless of even if somebody has physical access, which will allow you to move workloads much closer to the edge or to the edge itself, instead of sending everything back to your backend, to process things. We have interviewed a number of security companies here during this event, and I have to say confidential computing has never come up. They don't talk about it. Why is that? Is there an awareness problem? Are they threatened? Yeah, so I think the biggest, and to some extent, this is exactly like, I kept bringing up VMware, but like VMware, you can think of Salesforce. When they talked about SaaS, they sort of invented the concept of SaaS, no other company in the planet was talking about SaaS. They created a new category and now almost everything is SaaS. You know, VMware with virtualization, right? Nobody was doing it again and now almost everything is virtualized. Confidential computing is a new way of doing things. It's basically, I kind of have to shift the way of how you think about security and how you think about privacy, and this is exactly what we're seeing. I don't expect other security companies to talk about this, and to some extent, one of the things I've realized that we're almost more of an infrastructure company than a security company, because we bake security to be part of the infrastructure, but we're seeing more and more of the cloud stock about this. The CPU vendors talk about this. We talk to customers more and more, like almost every large bank I talk to now has a confidential computing strategy for 2023. This is not becoming part of the mainstream. And yeah, security companies will have to adopt or die if they don't fit into that new world that it's going to create. It's the new world order, baby. Get on the train or get up, you know? Get left behind. I love it. This is a really fascinating conversation and honestly what you're doing makes so much sense. Yeah, you don't need me to validate your business model, but I will just for the sake of that. Thank you. We have a new challenge here at Reinvent on theCUBE where we are looking for your 32nd Instagram real hot take, thought leadership. What's the biggest theme key takeaway from the show or experience this year? For you. Yes, so for me obviously focusing on confidential computing, I think this is just going to be similar to how, you know, no network was encrypted 10 years ago and today every network is encrypted with TLS and HTTPS and how, you know, five years ago no disk was encrypted and today every disk is encrypted with this encryption. The one missing piece is memory. Memory is where data is exposed now. I think within a few years, all memory is going to be encrypted and it's just going to change two industries, the security industry as well as the computer industry. Does that include cache memory? What's that? Does that include cache memory? That is encrypting the RAM essentially. So everything, this is the one last place where data is not encrypted and that's exactly what confidential computing brings to the table. Are there any performance concerns with encrypting memory? That's a phenomenal question. One of the really nice things about confidential computing is that the, this was the heavy lifting is done by the hardware vendors themselves as part of the hardware and not part of the critical path in the CPU. It's very similar to the TLS acceleration cards if you remember those, which allows us to be extremely, extremely performant and that's why I think this is going to be for everything because every time we had a security solution that had no performance impact and was super simple to use, it just became the default because why wouldn't you use it for everything? I all, this has been absolutely fascinating. We could talk to you all day. Unfortunately, we're out of time, but really thank you so much for coming on the show. Now we feel more confident in terms of our confidential computing knowledge and definitely learned a lot. Thank all of you for tuning in to our fantastic four day live stream at AWS re-invent here in Sin City. With Paul Gillan, I'm Savannah Peterson. You're watching theCUBE, the leader in high tech coverage.