 from Las Vegas. It's theCUBE, covering AWS re-invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. And welcome back to Las Vegas. We're in the Sands Expo. We're in a hall D if you happen to be at the show or drive it in just to watch. Come on by and say hi to us. Love to see you here on theCUBE as we continue our coverage day two. And along with Justin Warren, I'm John Walls. And now we're joined by a couple of gents from Hub International. Seth Morel, who is the Vice President of Enterprise Architecture and Design. Seth, good morning to you. And Jeremy, rather in Balabala, who is the Director of Security Architecture and Engineering, also at Hub International. Good morning, Jeremy. Good morning. Seth, by the way, plain hurt. She had broken finger with a snowblower in Chicago on Monday. On Monday. Good luck with the winter. Yeah, yeah, yeah. Started off well. All right, sorry to see that. But thanks for coming, regardless. No problem. Let's talk about Hub International a little bit about primary mission and then the two of you, what you're doing for them primarily. Right, right. So Hub International is an insurance brokerage, personal, commercial. We do employee benefits, retirement as well. We're based in the U.S. and Chicago. Operate in the U.S. and Canada. 500 plus locations, 12,000 employees. Okay, and then primary responsibilities between the two of you? Yeah, I'm the Director of Security Architecture, responsible for all things technical and regard to security, both on the architecture side, engineering and operations. All right, so yesterday we were talking about this earlier. You did a session. You're big Splunk guys, right? I mean, so let's talk about what you're doing with that, how that's working for you in general, if you would. Yeah, yeah. Go ahead. Yeah, so we're using Splunk Enterprise Security, the on-premise version. We actually, people always ask me, are you using Splunk Cloud or Splunk On-Prem? And I always joke, so we're using Splunk On-Prem in the cloud in AWS. But for us, we're really focused on Splunk as a SIM to enable our Security Operations Center to provide insights into our environment, help us detect and understand threats that are going on in the environment. So we have a managed partner that runs our Security Operations Center for us. They also manage our Splunk environment, but it helps us keep an eye on both our AWS environment that we have, our Azure environment, and our on-premise data center as well. All right, a few people have sort of gotten wary of the idea of a SIM. Like, people have tried to use SIMs and they haven't been very successful and they go, oh, SIM's a bit of a dirty word, but it sounds like SIM's actually working for you really well. Yeah, I really view a SIM as a cornerstone of a security program. Specifically, if you have a mature Security Operations Center, it's really hard to operate that without a SIM. SIMs are tricky. They're tricky to implement. They're generally very costly and they require a lot of tuning, a lot of love care and feeding in order to be effective. And quite frankly, if you don't get that right, they can actually be detrimental to your security program. But if you put the proper care and feeding into a SIM, it'd be very beneficial to your organization. Okay, so what's some of the things that you've been able to do now that you've got Splunk in there and is helping you manage this security? Because I saw some statistics earlier this morning where security is basically the second biggest, most popular term here at AWS and re-invent. It's clearly front of mind for a lot of enterprises. So what is it that Splunk is helping you to achieve that you wouldn't have been able to do otherwise? Yeah, so the biggest thing for us is the aggregation of all of our logs, our data sources in AWS, this was on-prem, our Windows file servers, our network traffic flow data, all that's aggregated in this Splunk. And that allows us to do some correlation with third-party threat intelligence feeds, take indicators of compromise that are streamed, that are observed out there in the real world, and apply those to data that we're seeing on our actual data sources in our environment. It allows us to detect threats that we wouldn't have been able to detect otherwise. Right, how does that translate through to what you're actually doing as a business? I mean, this is a sort of very technology-centric thing, but you're an insurance agent. So how does this investment in security translate into the business value? Well, one, it just gives us visibility into the environment. We can proactively identify potential threats and remediate them before they actually cause an impact to the business. Without these tools and without these capabilities, it would be a much riskier endeavor. And so it's helped us throughout, and we've been good partners with Splunk, they've been good partners with us, and coupled with all the other things that we're doing in the security space and in the cloud space, we're able to build a nice, secure environment for our customers and ourselves. We're also a very highly-regulated industry, so we have regulations that we have to comply with for security, and our customers also care about security very, very deeply. So it allows us to be able to protect our customers' data and really assure our customers that their data is safe with us, whether that data is hosted on-prem or it's in a cloud. What about that battle? At least there's often a battle between private enterprise regulation, just in general, right? It's making sure the policy makers understand capabilities and real threats as opposed to maybe perceptions or whatever. What do you see in terms of the federal regulatory environment and what you deal with in a Balkanized system such as where you're dealing with 50 states and Canada, so you've got your hands full, either, sir. So, we view security and compliance a little differently. Instead of trying to build security program and achieve compliance by aligning with all the regulations, we believe we do the right thing from a security perspective. We make the right investments, we build the right controls into our environment. When those new regulations come out for provincial law in Canada or different states or GDPR in Europe, that will be 95% of the way there by just building the right controls into our environment at a foundational level. Then we have to discipline our efforts just kind of aligning ourselves with the other 5% that vary from regulation to regulation. Was that a shift in management philosophy at all? Because quite often or maybe in the past, it's like, I'm only going to do something, I'm not saying, huh, but in general, when I have to, as opposed to, you appear to be preemptive, right? You're doing things because you should. So, there's a different mindset there, right? It sounds like a much more strategic view of security rather than a tactical, reactive kind of security. How long has that been the philosophy at home? Yeah, so we really built out a security program starting being of last year. There's all new leadership that came in, Seth came in, myself came in, all new leadership across the organization. And that's where that mindset came from and the need and recognition to make an investment in security. We view security as a driver of business, not just a cost center. That's a way that we can add to the bottom line, be able to generate revenue for the business by being able to show our customers that we really care about their data and we're going to do our best to take care of them. So with that mindset, we can actually help market, use that as a marketing tool to be able to help drive business. Brian. So what are some of the things that you've seen here at the show that you're thinking about? Well, actually that will support my strategy, some of the more longer term things. Is there anything that sort of stuck out to you that's going, oh, that's something that we should actually take back? Yeah, well, there's some tactical announcements that are very important to us. The announcement of Windows File Server Support. File Share Support is a big deal for us. We're a heavy file server organization and having that native within AWS is very interesting. There's been some other announcements with SFTP, other items that we're going to be trying to take advantage of in a fairly quick fashion. And we're excited about that. We've been on our journey to cloud since essentially the summer of 2017 through now. And we're kind of ready for the next steps, the next set of capabilities. And so at a conference like this and all these announcements, we're excited to take a look at the menu and start picking out what we want to eat. It's a great buffet. Yeah, yeah. In a city that's famous for it. Yeah, it's true, it's true. Oh, you can eat. Yeah. All right, so let's talk about the journey then. You said 2017, it's been so year-a-year plus into that. And you're excited about what's coming. Well, what do you need? So I know you got this great buffet that you're looking at, but maybe you don't want the pork, maybe you want the turkey, maybe you want... What do you need? What do you want the most, do you think, to service your clients? Right, so we spend most of our migration just essentially moving what we had over to the cloud. And so our next steps are, let's really understand our workloads. Let's be smarter about how we're running them. Let's take advantage of the appropriate technologies and menu items that are out there. Per workload, just to be smarter. We're going to be spending much more time this year looking at more automation, orchestration, and basically maturing our cloud capabilities so that we're ready for the next big thing. And as we acquire another company or there's a new business need, we're working to be more proactive in being able to anticipate those needs with building a platform that we can really extend and build upon. And I'm sorry, go ahead, Justin. Yeah, the question on the choosing of workloads then. So are you going to be moving everything to the cloud or do you think that there'll be some things that will actually remain on-prem or is it going to be a hybrid cloud? Our goal is to go from a data center to a network closet. Right. Yeah, so we've moved almost all of our application workloads out of our data center right now. We have a large VDI environment. We're looking to move as well. Once that's done, we'll be down to our phone system and a couple of other legacy applications that we're trying to determine what we actually want to do with strategically. Right, okay. That's a pretty common sort of story is there's a lot of people who are moving as much as they possibly can and then there's a few little bits that just sort of sit there that you need to decide, do we rewrite this? Do we actually need this at all? Maybe we just turn it off. Right. Yeah. And are there any capabilities specific to your industry that you need or that you'd like to have refined, something that would allow you to do your job specifically in the insurance space that would be unique to you? Anything floating out there that say, if we had that, that'll fine tune this to a better degree or greater degree. So for us, it's all about flexibility. We grow very, very rapidly through our mergers and acquisitions. We bought 52 companies last year that we're on pace to do almost 70 companies this year. So for us, Cloud really enables us to be able to absorb those organizations that we acquire, bring them in much, much faster. Part of the story of our Cloud migration, we were able to move the integration time from mergers and acquisitions from six months down to under 90 days because we're now able to move those workloads in much, much quicker with the Cloud. So for us, that's really a key capability. Well, you guys are used to writing checks, dinners on them tonight, right? Definitely. Seth, Jeremy, thanks for being with us. Hey, thank you. Appreciate your time. Good luck with the winter. Thank you. You might need it. Yeah, yeah, exactly. All right, we'll be back with more from AWS. Reinvent, you're watching theCUBE from Las Vegas.