 from the Cube studios in Palo Alto and Boston. It's theCUBE, covering IBM Think. Brought to you by IBM. Hi everybody, welcome back to theCUBE's continuous coverage of IBM Think 2020. It's digital event experience. My name is Dave Vellante. Aki Duvour is here. He's the vice president of the IBM public cloud. Aki, great to see you. Thanks for coming on. Hope you're safe. Hey Dave, thanks. Thanks for having us on. As safe as can be, appreciate it. Yeah, so your background is really interesting. You're kind of heading IBM cloud now. You've got a CTO background. You've been in sales. That's interesting to me because it gave you an opportunity to really try to understand the product market fit if you will from the customer's point of view. But how did that shape your thinking about cloud generally and specifically where you're at today? Hey, great question Dave. So I'll tell you from my technology background, it really gave me a good appreciation for how applications get built, right? From everything from the infrastructure layer all the way up in through the application itself. So all of the criticality around how those applications need to be built, how they need to be made highly available, right? With business continuance in mind, which is exactly what we're trying to do at scale right now from a public cloud perspective to help from an architectural principles perspective. And then I would say from a sales perspective it gave me a sense of speed and clarity of vision, right? In terms of just how you have to be very net in terms of the value proposition that you bring forward to a client and how you position the public cloud large, right? So those two items or backgrounds have brought me full circle into my product role today and allow me to work with a sense of urgency for our clients and their journeys and their complex transformation as we build a cloud that is very enterprise centric to support their mission critical workload. Well, I want to follow up with that. So I mean the traditional approach to developing enterprise apps, you walk into inside any large financial institution, healthcare, pharma, et cetera, and you would have very much a waterfall approach, understand the requirements, you'd have a development team, you'd have an operations team, they throw the code over the fence, they throw it back, yeah, your code doesn't work. Well, it did when I sent it to you, and the cloud has really changed all that, hasn't it? And so now you're moving much faster, you're doing agile. How do you see that applying to sort of the traditional IBM base? Is it being embraced? How is it being embraced? Is it different from sort of other approaches? I wonder if you could address that. I think it's a transformation for the entire company, right? And when I say journey to cloud, it really is around not just the public cloud as a destination, but it's the entire hybrid approach that you have to take in delivering those applications that you just alluded to, right? That they're pretty much the mission critical heart of the enterprise. And so it's this transformation from a public cloud perspective, it's a transformation from how our services teams engage with our clients, how we migrate, how we modernize, right? How we take that middleware stack and we convert it into containerized software that we can actually leverage and deploy in the public cloud as part of this transformation. So really it's a reinvention of not just the way our customers interact with a public cloud, but the way that we as a public cloud provider and a services provider can react and give our clients the best value across that entire hybrid transition. So one of the things that, of course, IBM executive stress, we've heard Ginny talk about it, we hear Arvin talk about it across the whole company. You guys are aligned on this topic that only 20% of the workloads have moved to the cloud. It's the hard stuff that hasn't moved. IBM has stated, you want to be the preferred supplier for all the really challenging hybrid workloads, et cetera. So what I want to get to is how you're approaching that? Is it a combination of using open technologies and sort of blending those with your very large software estate? What's your kind of secret sauce around succeeding with that vision? That's a really good question. So there are kind of three pillars to our strategy. Number one is around open technologies, right? Embracing open technologies. And one of the things that we did very early on in our transformation, in fact, back in 2017, before any other cloud provider focused on this, we rebased our entire public cloud on Kubernetes as the base, right? Not only for the way we deliver upstack services, right? Whether it's Watson or IoT or other services, but also in the way that we deliver our IaaS, right? So our entire control plane is built on Kubernetes. And that was a big bet that we made probably two years before everybody else in the industry sort of followed through it, right? And we are the only cloud provider today that has their entire cloud based on tube. That was one pillar. The second pillar was around pervasive security, right? So it's ensuring that our clients have the controls required to be able to deliver pervasive security, whether it's encryption in flight at rest or in motion, but also ensuring that they're the only ones that have access to their keys, right? So nobody else, not even the provider can decrypt their data in the public cloud. And then finally, it's around enterprise capability. So as you talked about this other 80% of workloads, a lot of those apps are brittle workload, right? So they have upstream and downstream connectivity that creates a lot of complexity and chatter in the application itself. So you've got to be able to support those workloads from a public cloud perspective so that there is none of that chattiness and you can actually deliver those applications in a way that they can one be moved into the public cloud and then later transformed into microservices and or into microservices directly as part of that transformation. So that middleware content, et cetera, delivered as containers allows for a lot of that transformation of different aspects of the cloud. So I would take us back to that bet that you made. So Kubernetes obviously with a portability, the decision had to be made strategically that you're not just going to try to lock everybody into the IBM cloud. You're going to support multiple clouds in all fairness. You kind of were late to that later to the cloud game. So that became part of your strategy. Hybrid is obviously a piece of that, but you embrace that. You know, many, many cloud providers either were late to embracing that or flat out don't embrace that sort of multi-cloud approach. Security's kind of table stakes and we're going to get into that later, but that enterprise apps piece is critical. Take us back to that, that Kubernetes decision. What was that? Was that the strategy of being sort of open cloud and multi-cloud? Was it sort of a red hat angle, pre red hat acquisition where you had affinity toward not only Linux, but OCP, maybe you can talk about it. I think it's a combination of many things. In fact, it predates red hat too in that this was back in 2017. And fundamentally after Google open source Kubernetes, right? One of the big, you know, if you look at the way that the virtual server platforms back in the late 90s, early 2000s, one of the big challenges was around management of those VMs at scale, right? So we saw very similarly we saw containers as being a very sort of rapid approach to application deployment and really sort of merging that DevOps transformation that many of our clients were going through. So we said that this was a perfect vehicle to not only deliver applications at scale, but also ensure all of the attributes of a public cloud which are higher levels of availability, self-healing, right? And scale up, scale down being able to turn on more storage, more memory. So you weren't tied into the physical boundaries of a typical virtual machine. So that really allowed us to sort of break the paradigm a little bit in terms of our approach and the bet paid off, right? Because we have, you know, a significant almost 20,000 production clusters running across our enterprise clients, you know, today. So pretty significant footprint just on Cuba loan. Well, like I was saying, it gives clients the opportunity to have portability, hedges their bets, gives them an exit strategy if in fact they want one and it just seems like good business. What about OpenShift? How does that fit in there in regard to OCP? Well, I think OpenShift is a perfect compliment, right? Now, so as we talk about the fact that we have a cloud built on Kubernetes, you know, OpenShift becomes, you know, the engine that runs all of our capabilities now, right? So as we think about how we deliver our services, how we deliver, you know, common services, whether it's logging or monitoring, identity and access, right? All of the governance and orchestration required around a CUBE environment, you know, OpenShift is a terrific solution to be able to provide that at scale, not just for, you know, our clients as a first class deployment in the public cloud, but also as they look and deploy on-prem so that they have, you know, multimodal deployments here, you know, with perhaps their applications that are very sensitive, that have PHI data, that they want to control on-prem, they have that approach and they have the ability to be able to support it. They also have the ability to take advantage of strangler patterns, right? So parts of the application that sit, run, perhaps in an OpenShift environment, in the on-prem environment, with other aspects of it being controlled, orchestrated and run in the public cloud on our Red Hat OpenShift Kubernetes service, right? So we've got all of those attributes and capabilities to support that hybrid and even multi-cloud deployment, right? One of the good sort of dive into security is you've seen this sort of interesting, divergent narrative in the industry. On the one hand, you've had, you know, executives like Pat Gelsinger come out and say security is broken. On the other hand, you've had, you know, for instance, the CISO of AWS say, no, security of cloud is great. So you're a customer, who do you believe? And you talk to CISOs and they say, look, it's on us, you know? This problem will never be solved. It's an ongoing challenge. But I wonder if you could give us IBM's point of view on security, because you're on both sides. You got the cloud, you got on-prem, you got a deep history in security, go back to rack F on the mainframes. And so I wonder if you could share with us your thoughts on this. Well, I think security is table stakes, right? And always been table stakes. And now more so than ever, especially as we look at that other 80% that we talked about, these are revenue generating applications, right? They're mission critical, and they have significant impact if they're down in any way, shape, or form, right? Especially if there's a security attack of some kind and there's a breach, you know, you're talking about businesses completely going, you know, out, right? I mean, they're basically bankrupt at that point. So it is table stakes. We have taken a very, you know, long strategic look at how we build security, right? From the chip all the way up into the security architecture and into memory as well, right? Ensuring that every sort of attack vector is locked down. We have our, you know, our dedicated HSMs with the highest compliance that's 140-2 level four. As I mentioned before, we allow for keep your own key and bring your own key. Everybody does bring your own key, right? But keep your own key is a client's ability to bring and manage their own key in the public cloud. So, you know, if anybody tries to tamper with it, that just gets locked down. And, you know, there's no access that even the provider could have in terms of decrypting, right? We have to get rid of that dedicated HSM at that point. So it really puts the control on our clients and ensures that every aspect of their, you know, environment from profiles to templates, you'd mentioned CI CD pipeline before, it's ensuring that, you know, we have a shift left strategy, which is really sec dev ops because it really allows for us to focus on security and every interaction from the start of how code gets, you know, integrated and deployed into the cloud, right? So ensuring that we have that entire end-to-end approach nailed down is pretty core to us. Well, I think that's key. If you're, you know, a CISO, you don't want to have sort of different security protocols for on-prem than the cloud. You want that sort of end-to-end approach. Now, maybe that doesn't happen overnight, but presumably that's kind of the vision is that kind of consistency because every CISO will tell you, you know, the lack of skills is our biggest challenge. So the last thing we need to do is learn just the whole nother environment, all new processes. So how have you made progress in terms of that end-to-end, you know, experience? Well, you know, we've tried to make it completely cloud native. We've tried to make it very API oriented. So, you know, it's basically really simple for them to integrate into the cloud and take advantage of the CI CD pipeline, as I mentioned, right? So if you look at how we deliver our code from a tecton perspective, and if you look at how we can do signed images in the registry, right? So ensuring that developers are only authorized to run the appropriate applications that they have permission for and that they can't, you know, leverage other assets or tools that they're not, right? So ensuring that role-based access control is very tightly knit, ensuring least privileged access as opposed to opening up and ensuring that everybody has all access all the time and then working your way down into least privileged access is critical, right? So it's those core sort of first principles that you would leverage in an on-prem environment and extending it into the public cloud so that it becomes a very translatable experience bar client. Okay, I want to push you a little bit. We started out with openness and you sort of laid down the gauntlet as, you know, we made the decision early on to be open. What if I'm a security practitioner and I say, hey, you know, I like CrowdStrike or I like Okta or, you know, I want to use Zscaler. Can I use those in your environment? How open are you to that type of approach? You absolutely can and you can integrate into our security dashboard, right? So the nice thing about it is you can leverage our capabilities that we have in the cloud or you can leverage your third-party tools, right? And you can integrate them so you have a single pane of glass and you always know, you know, who's accessing your systems? Where are they accessing them from? Did they succeed or did they fail, right? This is table stakes. Allowing integration for best of class and best of breed security technologies is core. So you're obviously, you know, cloud guy, more cloud, better for you personally, your group, whatever. But what's the business case for moving those mission critical workloads in the cloud, former CTO? I'm sure you've had a lot of discussions with customers. Hey, why not just leave it there? Put a brick wall around it, you know, it ain't broke. Why fix it? What's the business case that you're seeing for putting those workloads in the cloud? I think, you know, the current healthcare crisis we're in is probably proving out a lot of the challenges of, you know, managing a data center in traditional sense, right? Number one. And I think if you think about just the innovation agenda that many of our clients have, you know, they are kind of hamstrung by all of the legacy technologies, you know, and sometimes monolithic architectures that they've got deployed, right? They're unable to break out of that because of the amount of costs and the amount of resource it takes to manage those environments today, right? And keep a lot of end of life infrastructure running and really the move to public cloud and being able to transform and modernize your workloads frees up a lot of that budget and innovation that you can start to infuse into driving new revenue streams from a company perspective, right? So I think that is the critical aspect to it. And I think, you know, the current crisis just proves out that clients that have built for scale, who've kind of gone in with the cloud first set of principles are actually well set up to be able to navigate, you know, some of the current challenges a little bit better than others, right? Yeah. And I think, you know, if you're listening to your talk, it reminds me of a conversation I had probably 10 years ago with a former IBMer legend, Steve Mills, who said to me, look, we spend way too much money on IT labor and it's just not productive. So automation is key. You can't scale without it. I talked earlier about the skills gap. Automation is at least one part of that answer. And so because people just to your point, if you're spending money on, you know, wasting it on labor that's not giving you differentiation, that's stealing from the innovation budget. Yeah, totally agree, Dave. So give me the final word. What's your vision for the IBM public cloud? Where do you see all this in, you know, three to five years? Well, I think, you know, we're just at the tip of the iceberg right now, right? When it comes to a lot of the complex, you know, brittle applications that we talked about before, right? ERP applications, mission critical, you know, back office apps that haven't moved. And I think we are very, very early in that journey. And I think we're positioned really well to capture and win that marketplace, right? I think we have the right solutions. We have the right, you know, sort of core principles. You know, when I, as I mentioned, open and secure and enterprise grade, you know, having a multi-platform approach to support our clients applications, being able to modernize and kind of walk them through this crawl, walk, run approach to how they transform into the public cloud and having all of the service expertise, right? So we're not just the CSP, but we're also an MSP and we have since around handling complex workloads, right? We've done that all through our, you know, existence. And we feel like this is where this starts to get interesting for our clients now as they take these next steps. And as you probably heard last year with our announcement of the FSS Ready Public Cloud with Bank of America, you know, we're trying to bring all that together in terms of how we meet our clients and ensure that we can, you know, take care of their regulatory requirements which continue to change as well, regardless of industry. Well, it's a multi-trillion dollar, you know, trillion plus dollar opportunity that you guys are after. And you're in the cloud game. A lot of people tried and failed. You know, IBM, you know, made it through that not whole. And now you're in a position to really compete and participate in those, those the modernization of those workloads. We've done research that shows that a lot of this is especially for the hard to move workloads is about risk and for the extent that you can, you know, maintain that compatibility, if you will, between what's on-prem and what's in the cloud. You dramatically de-risk, you know, the cloud move and the decision. So I think you're in a good spot and I really appreciate you coming on theCUBE. Hey Dave, thanks for having me, appreciate it. All right, our pleasure, Aki. This is Dave Vellante for theCUBE. This is our continuous coverage of IBM Think 2020, the digital event experience. We'll be right back right at the short break. Thank you for watching theCUBE.