 from the Sands Convention Center, Las Vegas, Nevada. Extracting the signal from the noise. It's theCUBE, covering AWS re-invent 2015. Now your host, John Furrier and Brian Graceley. Okay, welcome back everyone. We are live in Las Vegas for Amazon Web Services, AWS re-invent 2015. Our third year, this is Silicon Angles theCUBE, our flagship program. We go out to the events and extract the signal from the noise. I'm John Furrier, founder of Silicon Angles. I'm Joe Mike Coos for the segment, contributing analyst, Brian Graceley with wikibon.com. And our next guest is Tim Pendergas, the CEO of event.io. Welcome to theCUBE. Cool, thank you for having me. So I want to say congratulations to your success. You guys have got a big booth here, big part of the event. From a business standpoint, really tightly coupled with AWS, among with a lot of other big names. So give us the update. What's your role? Why are you guys so hot right now? Give us an update on event.io. Yeah, evidence are really interesting organization. One of the things kind of different trading for us is, we were founded from one of Amazon's largest customers, kind of going through the journey, seeing the problems we had when it came to securing infrastructure at scale. Amazon has a great security toolkit. They give you a lot of capability. It's leveraging that responsibly and continuously that was our challenge. So as an organization, we started off with kind of the mission that Amazon had, which was help every customer secure AWS as well as the Netflix, the Adobe, these really kind of cloud unicorns. And so our role in the ecosystem is really to help customers get the most out of Amazon's security capabilities and do it homogenously across their teams. So a lot of those clouds are born in the cloud, cloud native or they're pretty savvy. As customers in the enterprise move to this, I'd say a synchronous fully notification world, API economy, integrated stacks, they get a lot of leverage. I've seen some of the cost advantage Andy Jassy is quoting some numbers on stage. It's a mindset for how they're going to deploy software. What are you guys seeing with these customers? What are some of the things they're doing and where's the shift in technology that's enabling them to move to this new era? I think what's really different from the traditional enterprise software kind of data center model is as these enterprises move to the cloud, they don't just realize the cost benefits and the flexibility. They start to adopt these DevOps principles of let me get value to my customer faster and let me get their feedback faster so I can improve my product, improve the way we manage and deploy our product. And that goes everywhere from software engineering and coding languages and things like that to how you secure the software, how you make sure you protect your customer's identity, their data, et cetera. And what's really exciting about Amazon announcements and the ecosystem here of all the partners is that we've all kind of vulcanized around the fact that we continue to deliver security, deployment, management, all these things in a very agile fashion. So your traditional enterprise is now looking more like a traditional startup. Move fast, react fast, deliver very cool products. So we're ending up with a much more- Aka Agility. That's the buzzword. We get a richer product ecosystem and as consumers, I mean, we all go home, we all buy things, right? We all end up with better things in our household and our lives. So I think it's a pretty exciting time. Yeah, I mean, one of the biggest things is, you know, we hear about people moving apps to the cloud, building apps in the cloud. You know, the first thing, the guy from GE came on and said, look, I've got to reshape my people, my process, my thinking. You guys basically were built from the ground up with this idea that we're going to do security in a DevOps, you know, very agile, lots of changing mindset. Like, talk about how you guys have to think about security automation very differently than the traditional security companies do. If you take a look at what agility means in the cloud for a lot of organizations, it means get to faster deployments, faster feedback. It's almost like the scientific method of experimenting and reacting. Security had to become part of that cycle. We come from being old school information security people. We did a lot of these manual scans that take 24 hours. In the cloud, it's just not fast enough when you deploy every hour and you really turn your whole infrastructure over. So the fact that you can now have almost real time infrastructure assessment and security visibility across the cloud and then tying that into the DevOps process. So as I deploy, I'm getting feedback right back about not only the health of my application and service going out and how users use it, but the security of it and changes that impact my security for my customers. Now you have teams that have a whole picture and are managing it all themselves and having to kind of punt it upstairs. We always call it the white tower, the ivory tower the security lives in. And then wait for someone to be able to respond to you. There's just not enough security people on the planet. There's a lot of really great engineers and DevOps practitioners out there. And when they took on infrastructure management, they kind of took on security without really recognizing it. And without all that training the sophisticated security people have, but now they're able to get solutions that help them actually embrace that and do as great a job as they do anywhere else. It's all automation. Tim, I want to ask you, evident.io, you guys are doing some cutting edge stuff. Certainly the cloud customers. You have two challenges, right? You challenge one is stay lockstep with the innovation pace of the cadence of the slew of goodness coming out of AWS, which is challenging for you. Then you got customers that are kind of putting their toe in the water, now moving pretty quickly with cloud. Things like the fire hose. You're seeing the streaming of data. This teases out the IoT, which we're expecting to have some big announcements tomorrow. We kind of tease it out on the intro. This opens up a can of worms now on the app side. Jassy kind of teased it out today talking about some of the customizations that apps will have to do and they're trying to build an easier framework there so they announced that. What is that doing for your business? I mean, because at the end of the day, how do you play in that trend? Because the apps are key, right? You got to have the apps deployed. You got the cutting edge streaming. You got the kinesis, fire hose. You got Redshift, all the stuff's going on in real time. What are you guys doing under the hood there? I think what's really exciting about this is our bet early on was everything in this world was going to go to be API-centric and API-driven, right? So all of our data's going to go away from presence-based security, meaning I'm in line with the traffic. I'm on the actual machine doing computation. I move into this complementary model whereas things are happening. Security is active and engaged through the API tier and the more announcements we see from Amazon around, fire hose and things like kinesis that are real-time available for everyone, these actually enable these trends to be successful and on the security side, that's what excites us most is we're doing things you can never do in security before. But I tried to build this company, not cloud-native and do it in a data center and then give the same kind of service level to customers where we can get. You can be chasing your tail basically. Yeah, you'd never be able to do it, right? And so- Give me an example of what you just said because that's key, right? The active data going on in real time, having that active engaged security layer in there. What is that? Give an example of that. I mean, let's go to the continuous integration and continuous deployment cycle, right? People are deploying hundreds of times a day. If you had some deployment out and someone's engaged the wrong cloud formation template or they've misconfigured the security key they're supposed to use to encrypt data. I mean, what ends up happening is you end up with an exposure that you don't discover until you play a part on the line. Once you inject that into the pipeline, it kind of stays and you iterate on the broken message, right? So security can actually pick it up as soon as it goes out the door before you promote it to production and then give you that feedback or that stimulation saying, ah, this is a bad thing for your security posture or this is violating one of your internal security policies, please go back and correct this. And here's the actual raw metadata describing what's happening. And they can, your DevOps engineers take that, they go back into their native language. Cloud formation templates, Jenkins, and they go fix it there and redeploy like a true DevOps process. They're not triaging things in the middle of something that's running, right? Yeah, I think the simplest way to think about this is we're seeing all these tools come out from Amazon that are basically saying, look, things are moving in real time and when some action takes place, I should be able to kick off a check that says, is that right? You guys are taking a bunch of tools plus all the goodness that you have inherently and going, just apply that same principle to security. So a deployment goes on, I should have a security check that goes with that. Transactions go on, I should have a security check with it and it's not a secondary thought after process. Nothing should happen in your account without there being security checks and balances on it. And that's kind of the guarantee of having this continuous security model in place. Anything that happens in my account, whether my team does it purposefully, accidentally, maliciously, right? So there's always the insider threat. Or if someone happens to get one of our developers' keys and starts doing something from overseas, you actually have the checks and balances to detect it and respond to it. And what we see from Verizon's reports is that window of opportunity from a vulnerability being introduced to the attack and then you finding it is almost in the years and now on the cloud it can be within the minutes and seconds, which is revolutionary for sure. You know, when we started the queue five years ago in 2010, I'll never forget my first year with Dave Vellante, he said, snorage for the storage industry. And I'm like, yeah, it's because it's boring, you're snoring away. I'm like, no, storage is sexy, it's the center of the value, but I've got to store all the data. With that being said, you're seeing fast forward today, the boring stuff is actually some of the most compelling stuff. We heard on stage today, there's some of the compliance stuff. This is like in between the toes details that really is boring stuff, it's super critical. But now you've got to bolt in security. So in a DevOps framework, what does that mean? So share with the folks your view on what's the real deal on this new exciting kind of compliance streaming and the security piece. And talk about the rugged DevOps stuff, you guys. I mean, you guys are sort of bringing the sexiness of DevOps to security or mashing the two together. Oh yeah, you can call it rugged DevOps, you can call it DevSecOps, you can call it DevOps, Pepper and Salted with Security. What it really is, is it's security renovating it the way it's done and implemented and managed. And that means, think about compliance, it's an exercise customers go through once a year. And when you get time to recertify eight weeks ahead of time, basically, everyone stops what they're doing and they cater to an auditor that comes in who's trying to do the right thing for the business, but it really impedes the way that products delivered engineers do things, it sucks up all their time. And then you might fail that and then everyone's head goes on fire because you're certifications out of compliance. Well, if you're doing your compliance all day, every day, all year long, when you do a deployment, our encryption control got broken, we actually fixed it within five minutes. You deploy a non-compliant golden AMI image out to your infrastructure that doesn't have all your patches on it. These are actually violations of your compliance regulatory frameworks. Well, when you're notified about them immediately and you can actually fix them, then you're just nudging compliance back in all year long. So when it comes time for end of year and they show up, one of the big four shows up to do your audit, you've actually been managing it all year. It's kind of like brushing your teeth. You do it every day, you don't get cavities. That's the best analogy I've heard in a long time. It's kind of do it, you don't even think you're about it, it's done. Don't brush once a year and be surprised you have a bad dental report, right? That's kind of a true motto there. It gets, I won't try to quote Andy Jassy, but Jassy is kind of talking about the old school companies and how it's being disrupted. So I got to ask you specifically the kind of, and the segment is what is announced, what announcements this year get you guys excited, gets you personally excited and where your company's involved. Today at Amazon re-invent, a lot of announcements. Where do you guys focus in on, what's the key focus that you want to share? I think the things that we're really excited about, Amazon Inspector clearly giving visibility into a hosting application layer through the API. Fits perfectly with our agentless model on the platform we've built to communicate entirely through APIs. It's better for customers, it's frictionless, it's painless. As well as, you know, you look at things like config rules and natural iterations of Amazon's audit framework that's in place. We're getting much closer to those things being real time. You still get a five, 10 minute lag in a lot of these kind of services. The closer we get to real time, the safer customers are and the more enjoyable experience they have in the cloud. And the further we get from that data center model that people want to cling on to and they can just embrace this new security model in the cloud that'll make it more successful going forward. So that's what really gets us super charged. Seeing those big companies embrace the cloud and then realize the security that they have in the cloud is so much better than they had in the data center. And then pushing that limit even further and making vendors like us do really cool things that change the way the industry thinks about it. And that's really the exciting piece because we've been in this for a long time. Tim, final question, share with the folks that are watching live and then on demand. If they're a practitioner out there, they're a CXO or someone in the trenches that are really making these hard decisions now to go fully into the cloud, have some hybrid, do this architectural transformation. What's your take of this show here and this impact on their job? I think this show is probably, I mean, we can say the show's revolutionary every year, it's very influential because the Amazon doesn't slow down, they actually accelerate. But with 19,000 attendees here and the kinds of announcements that are happening, it's better that there's never been a better time to move to the cloud because the things that were missing three or five years ago when I was moving large enterprises in the cloud are now all there. You don't have to build it all yourself so that you can come in and you can adopt technologies that are going to help you do real-time streaming, get great end-user analytics, do mobile, do gaming, do internet of things, and then most importantly, do security like you've never been able to before, whether you're a one-man startup or you're a 100,000 employee organization. And that really just levels the playing field and makes an exciting time for companies that develop software and technology that's delivered to the world. All right, we're here at Tim Pendergrass, C of evident.io, check out the company, big part of the integration around some of the real hard stuff that's happening. The cloud is being hardened for the enterprise, enterprise ready, whatever, enterprise great, whatever you want to do, these guys have it and we're at Amazon re-invent. And hey, check out today's schedule. We have Jerry Chen, Frank Artali, a ton of VCs coming on theCUBE. They're going to share their perspectives on the startup ecosystem. How did the innovation continue for startups and in the ecosystems? It's theCUBE broadcasting live here at Amazon re-invent. We'll be right back after this short break.