 Live from San Francisco, extracting the signal from the noise. It's theCUBE, covering Oracle OpenWorld 2015 from Studio C, brought to you by Cisco. Now your hosts, Stu Miniman and Brian Graceley. Hi, this is Stu Miniman with wikibon.com. Joining my co-host on this segment is Brian Graceley. We're at Oracle OpenWorld 2015 here in Moscone South. Happy to have him back to the program. Sean Donaldson is the CTO of Secure24. Sean, welcome back. Thanks guys, thanks for having me. All right, so Sean, we've actually had you on the program a number of times. We were going through, I think it's Oracle OpenWorld, a couple of the other worlds. I think one more and we punch your card, you get a free sandwich. So congratulations, welcome on the program. So for those that aren't familiar with Secure24, maybe haven't stopped by the booth that you guys have here, can you give us kind of the elevator pitch? What does Secure24 do? And what's new in your life? Absolutely, and thanks for the introduction. So to tell you a little bit about Secure24, what we are is we're a managed hosting company that truly focuses on running enterprise applications. So we do the hosting and the infrastructure in the data centers, but really our specialties, the security and compliance here around business critical applications. We've been fortunate enough to have a beautiful booth here. We're booth 201 and we're giving away a Harley Davidson today. So love people to stop by and check it out. It's a great opportunity. Well, I wonder if the people at Oracle have been hearing your message for a bunch of years because Brian said earlier in the show, he said, this feels like Oracle Cloud World. And when you talk about, okay, once we get beyond cloud, what's the second best thing? Oh, it's security. I mean, security and hardware and security everywhere and everything's secure. So have you looked at what Oracle said? How does that mesh with kind of Secure24's vision to the world? No, absolutely. I think that's a great point. And I really feel like we're fortunate to be in a situation where the industry and our message are really meeting at a great place, right? A lot of our business is truly focused around that high security, high-compliancy type hosting, right? Whatever industry you're in today, whether it's pharmaceutical, whether it's FTI, federal tax information, whether it's SOX, even if you're just in an enterprise, you have IT general controls and security is a huge part of your business. We've seen, it's been the year of data breaches and nobody wants to be on that above the fold news. Oh boy. You know, it was interesting. We were at AWS re-invent a few weeks back and there were some real bold statements when we talked about security. It was one of the large blanks, Capital One actually said, the cloud is more secure than my data center is. You know, what conversations you're having with customers, where are we in that whole discussion of security as it comes to the cloud? No, absolutely. And that's a great point. We kind of look to look at that from the perspective not all clouds are created equal. And the cloud offering, the offering that we have is very much focused around that security and many times to support your point that the cloud is more secure, we have teams of security experts that are watching our firewalls and our IPS and denial of service attack pretensions. We have teams of auditors on staff because today's security is even going past the technology and really people are focusing on the process and the people behind it. Training the resources, obviously we know about the CIA director that was recently compromised because someone, social engineering, right? So it's much past the technology and going really to the process, the procedure, the people, the training. Yeah, so one of the things that was interesting, Larry gave his keynote, he said, look, we sell tons of security to our customers on premises and they never turn it on. We're going to make security an on function in the Oracle cloud. How do you, you know, when customers kind of go, boy, you know, maybe we're getting hacked and we're not getting hacked. How do you prove to them that you're secure and how do you continue to show them, you know, that things are secure and compliant? Absolutely. A lot of it's through auditing and transparency and we are in a continuous audit cycle. So Secure 24 is an organization. We go through an SSA type one, two and three audit and we do that three times a year. So we're in a situation where we're in a continuous audit cycle and we're actually audited three times a year. It's a lot, but it also proves to our customers our commitment to security and compliance. And what are you seeing as the trend? So, you know, this week we heard about chip level security. We hear about, you know, database level. Lots of people talk about defense and depth. What do you guys, how do you think about security? What are the sort of leading edge things that you do to make sure that your customers are really safe? Absolutely. And it's a, it's definitely an evolving ecosystem. So security is something that, it's not something you put in once and you're secure. It's not a firewall that you put in and now you're protected or encryption on a data file and now you're protected. It's a living ecosystem. And that's why coming to a cloud service provider that really focuses on security a lot of times puts you ahead because we're continuously, we have teams that are continuously focusing on staying on that trend. Whether it's denial of service attacks, the next generation firewall, connecting the internet of things now today, right? And all these different components. There's application layer components and infrastructure layer components. And we're continually keeping up on that. Generally within an enterprise that might not be your core focus and that might be things that slip or get cut from the budget. We're seeing more and more cloud providers talking about enterprise applications, which wasn't the case two, three years ago. It was, oh, enterprise applications are not designed for the cloud. You guys have been doing that for a long time. We saw EMC by Virtus Stream. We see Amazon talking about, how much has that helped your business just that the industry as a whole is now saying, you know, enterprise applications belong in the cloud and they should, and it is more secure. How does that help you when sort of the, you know, all boats rise for the rising tide? No, and that's a great point. It helps us tremendously. To your point, we've been running enterprise applications in our enterprise private cloud for many years now. And even going back three to five years, we remember the conversations of really convincing someone that we have the security and the compliancy and the capabilities in place. And now we're in a great situation where we've continued to maintain and keep up on the technology, on the security capabilities. And we're seeing people a lot more comfortable with the idea of putting their enterprise applications in the cloud. Now more of the question is, not who's my cloud vendor? Who's going to be my partner in going through this transition to the cloud services? So, Sean, I'm curious, from an infrastructure standpoint, do your customers ask you who you're running and how do you help choose, you know, who you partner with? You know, everybody's going to tell you that they've got the best security. So how do you make those decisions? How have your partnership changed and what do your customers think about, you know, the choices that you make? No, absolutely, and that's a great question. And again, back in that three to five year era, customers were very concerned about the infrastructure you ran. They wanted to know that you were running big name infrastructure. In today's world, and a lot of the clients that we deal with, I would say some still are interested in the infrastructure, but the majority, what we offer and we deliver, that's pretty unique, is we actually deliver an application level SLA. So whether you're running JD Edwards, or Hyperion, or PeopleSoft, or eBusiness, or any of the Oracle application stack, really at the end of the day, what you're concerned about, is that I have an application level SLA for how my users are interacting with that application. Are you seeing customers utilize your service in a hybrid way, where maybe you're providing some of the secure elements, the enterprise elements, maybe they're using other locations, a private data center, or another public cloud to build out some of the application space. Are you starting to see that hybrid multi-cloud thing come into play for your customers yet? Probably the biggest area that I see the hybrid cloud, the hybrid cloud's an interesting thing, is it can be defined a lot of different ways, right? And primarily with enterprise applications, what we don't see is we don't see the idea of cloud bursting, right? Where I'm going to send a workload during a busy day up to the cloud. A lot of enterprise applications aren't designed for that, but what we do see a ton of, and we support and integrate with this, is a lot of integration with SaaS providers. So maybe we're hosting your ERP, financials, manufacturing, distribution, but maybe you have CRM, or talent management, HR in the cloud, and supporting that integration and actually continuing to support the security that goes around those integrations is something we've been continuing to adapt with. So Sean, in the keynote this morning, there was a lot of those emerging technology discussions. Dockering containers, IoT, analytics workloads. I mean, there's security implications on all those. How much are you looking at those? How much are your customers asking you? What's your take on some of those more emerging environments? No, absolutely. It's an exciting time to be in technology, right? And we're continuing to see things evolve. Internet of Things is something we could see a continued adoption for. We've internally, at Secure24, we've spun up a big data, a Cloudera Hadoop hosting practice. And we're continuing to see this grow. Internet of Things is a great example because now I'm taking maybe an enterprise application that's been integrated internal to my organization. It's ran for many years. Now I just poked thousands of little holes in it to outstretch devices all across the internet, right? Well, how do I secure all those devices? How do I make sure my security perimeter of my application has now gone way past my walls? So those are areas that we continue to work with our customers on different solutions, different capabilities to keep the information and data secure. Yeah, one of the things I talk a lot about because I've a lot of experience of people trying to build private clouds, trying to keep up with this technology. You just talked about building Hadoop clusters, talking about IoT. That's hard for customers to keep up with. Talk about the kind of learning curve that you guys experience and how much, because you're having to do it so frequently, how much better do you get at it over time? And how does that translate into being a better service than customers having to go higher and learn this themselves? No, absolutely, that's a great point because that's something we run into a lot. It's helping customers think about their IT infrastructure differently. Traditionally, we thought about our IT infrastructure in a three to five year capital purchase cycle. It's a lot about tearing down those barriers and going with a provider that is gonna be doing a continuous development cycle and as new technology capabilities are available, continuing to integrate those. And you're leveraging our capability that we like to look at ourselves as cutting edge but not bleeding edge. We're probably gonna play with a lot of the bleeding edge stuff but we're deploying the cutting edge capabilities. One of the things that we hear a lot from people, you just mentioned continuous development, continuous integration. That becomes an automated process. There's a lot of automation involved and actually we're hearing more and more that that's actually more secure because I can audit it. I'm doing it in a repeatable fashion. Help customers understand why that's so important to have automation to actually make you more secure. No, that's a great point. And this is a, we've told some great stories around this. We've heard about Heartbleed, the SSL vulnerability that went out. So we run thousands of Linux servers and because of automation, because of the capabilities we have in place, within an hour we could identify every system that wasn't patched and didn't have this vulnerability. We could patch and deploy mitigating controls to every one of these systems and having those, having that automated capability to be able to touch more than just dozens of servers, thousands of servers and manipulate them and keep them under control. Also from an audit and compliancy perspective, when we sit down with our auditors and we go through it, we don't just go through audits where we talk about the controls we have in place, we go through audits where we have to evidence them. How do I evidence across thousands of servers that they're all consistent, maintained, well through configuration management and automation tools? And it's got to help your customers feel comfortable. They're not, you're not telling them, well our best team is there from eight to five, but if there's an outage at two, you're going to get the C team. I mean, it's the same automation regardless of what time of day, what day, a year. Oh, absolutely. And consistency breeds a certain degree of success, right? So keeping a consistent build that's repeatable the same way, that if I'm deploying a third web server versus a fifth web server, if I'm deploying a dev environment, for example, it needs to match that production environment. So Sean, I hear you say consistent build, but when I talk to security experts, one of the challenges they see today is to be the most secure, you should get on the newest version. I need those patches. I need to make sure that I'm getting up to date. And if we look at most infrastructure, I mean, you look at networks and you say, I don't want to touch that firmware. I don't want to update it. And you look at most of the infrastructure and usually I'm multiple revisions behind. How's the industry doing on this? How do you guys manage that? And what can we do to get better? Absolutely. So enterprise applications and patching have always somehow been at odds, right? And what we see though is through education, through the industry really changing and through people's perception of security changing, we're seeing a lot more adoption that as we get customers, we can educate them on here's standard patch cycles. Here's why we have dev and testing QA machines that we're going to create processes where we're going to patch those first, you're going to test them, then roll them into production and really trying to integrate those processes into the mainstream of the organization. Many, there's a number of organizations we take on that maybe didn't even have a patch process in the past. So it's about as we can bring them on into our environment that a lot of times is very secure, we can also integrate those patching processes and those procedures to help get them to the next level. So Sean, if you had a chance at the show, talk to some of the users, like what's kind of some of the top of mind issue? Is security getting up there? What other things are you finding of interest at the show so far? Yeah, absolutely. I think security now is to the point where it's an expectation, right? It shouldn't be even a conversational point of whether it's there or not. It's absolutely an expectation that there's going to be a certain degree of security. And that's really what starts to differentiate Secure 24 from some of our competitors and some of our other hosting providers out there. The other thing we're seeing a lot of is that people are really looking for a partner more than just a vendor, right? They want someone who they can work with, who they can grow with. And as we know in the industry, there's a lot of acquisitions and divestitures and different things happening and they need to rely on someone who can help them through those types of transitions. So Sean, in your role as a CTO, I mean you must see a lot of new technologies, everybody's talking. What's kind of catching your eye lately? What are some of the things that you think we might be talking about come a year from now? So a couple years from now, I think Hadoop is going to be much more integrated as part of enterprise applications. Hadoop is growing fast and it's being adopted but it's got a ton of data analytics capabilities. I think we're going to continue to see that really pair a lot closer with some of the enterprise applications and really be a big part of their data archiving. This idea of never getting rid of data. I'm going to have all my data from every possible source from everywhere all the time, right? And I'm going to be able to do stuff with it. So figuring that out and storing that, it's just going to be part of an enterprise application. It's not going to be this integration project I have to do. Yeah, so I've been joking a little bit. This could be Oracle Cloud World with all the cloud announcements. You guys have been running Oracle Cloud, Oracle in the cloud for a while. If you're talking to a customer or somebody who's not sure about giving the experience, what is it like to run Oracle in the cloud and what can they expect from that? So obviously there's different tools for different jobs, right? And again, it's one of those things where we see very much a partnership. This is going to be a decade of coexistence, right? And there's going to be integrations where they're using CRM and Oracle's cloud as a SaaS. They're using Tileo, different talent management tools. And there's going to be different parts of their application that they have different requirements for that are going to be great hosting solutions for Secure24. And we see that there's enough industry and enough business coming to this that there's enough room for a lot of people to exist very cooperatively. Excellent. Well, Sean, really appreciate you coming back, sharing your knowledge on theCUBE. Look forward to catching up with you in the future and we will be right back here with lots more coverage from Oracle Open World 2015. This is theCUBE, thanks for watching.