 program to fill that void. We're not just touting off headlines, our goal is to provide you with a story, but we also want to analyze the big picture and ask the questions that no one else is asking. Our guests aren't just here to provide commentary, we work with analysts. My name is Jeff Rick. We're here at the AWS Summit in San Francisco 2013. You're in the Cube. We take the Cube out to the events where you wish you would be. We go, we extract the signal from the noise, we talk to the people that you want to talk to, we ask them the questions that you want to ask, and sometimes we even grab them before they have their breakout session. So I'd like to welcome into the Cube JD Sherry. He's the global director of technology and solutions for Trend Micro. Welcome to the Cube. Hey, thanks for having me, Jeff. Appreciate it. Yes, great. So let's jump in. So you're telling me you've got kind of a crazy title breakout session later today at 315. The cloud changes nothing, changes everything. Well, what's the story there? First of all, what a fantastic event. I haven't felt a vibe like this in a long time. I think it speaks to the adoption that obviously the cloud is driving people to take a look at capabilities, scale, cost efficiencies. But then one of the things we're going to talk about in our session really is that shared responsibility in securing those assets when you do look to adopt cloud services. That's going to be the basis of our conversation. I think the outcomes of that are really going to stem from what do you need to take a look at as you're moving your information assets to the cloud? What responsibilities do you have and then how do you secure those assets? So let's step up a level because I think early cloud kind of go to market. That was always a knock on the cloud, right? How can it be secure? I'm letting stuff out of my firewall. That's all fine and dandy for the little startup down the street. But we're a bank. We're a healthcare provider. We're a government agency. We've got a lot of regulations. Right. So what you're saying is really the security's been taken care of. Yeah, well certainly they've done an excellent job of cloud providers today of baking security into their solutions. And the shared responsibility piece is up to a certain point, particularly with infrastructure as a service, they're going to do a lot of the perimeter based security that you would see and have inside your four walls where the shared responsibility comes into play really is the control of the operating system level, the applications and how you're fundamentally fulfilling your business requirements of that particular asset. That's when a custom type security posture is required, and that responsibility then comes back on to the customer. But you're right, the old nomenclature of I need to see the blinking lights, I need to have control of my servers. We've seen a huge transformation and cloud has created a good disruption for that mindset, but there's an element of planning and security architecture that you have to still consider when you move to the cloud. Right, and what would you say are kind of the key mistaken attributes of security that people focus on too much that are either not as relevant as they think or more easily addressed and then what are the elements of security that people necessarily don't pay enough attention to, that they need to spend more time looking at that may or may not have anything to do with technology in terms of processes, people, etc. Yeah, that's a great question. I think when we get enamored by the capabilities and the features that the cloud affords us, I think we can get caught up in how quickly we can move, especially legacy businesses from point A to point B. Startups as we mentioned have a little bit easier opportunity to go in green field and spin up assets in the cloud and get moving. Legacy companies, larger enterprises, custom applications that have run homegrown, take a little bit more planning and understanding can I even port my application into the cloud? And if so, how do I do that from an engineering perspective and then how do I do that from a security perspective? Because there are nuances and differences from when you move from your on-prem solution to the cloud that you have to take into consideration. I think a lot of the adoption in people getting their toe in the water if you will really starts from moving their non-production environments to get an understanding of cloud, how it works, so it's your dev, your test, maybe even some elements of your QA environment and then once they get comfortable with that, securing that, creating a security profile, they start moving production-based assets in there. But I think the biggest piece is planning for that migration if you're a legacy company because it's going to take a heck of a lot longer than you think it is because you have to think more around the planning, the architecture, and securing those assets in the cloud. It's just a different platform. Right. So let's talk a little bit about that and a little deeper. So clearly I think a lot of people perceived incorrectly that a lot of the cloud services were used by DevTest, they were used by SkunkIT, they were used by all kinds of little projects. And then I think the follow-on of that we've seen is that newer projects that can be developed from the ground up with the cloud in mind are easier to actually go from DevTest to implementation. But talk about if someone wants to, or not even wants to, but wants to think through those items on migrating an existing legacy, a system or application, what are the big factors they need to think through and where are the big gotchas that they really need to make sure they identify and make sure the value of the migration justifies the cost or complexity of the migration? That's a great question. And it does come down to the business case of why do we move to the cloud? Why do we pick a cloud provider like AWS to move our assets into? What's the risk profile? What's the timeline associated doing that? And I think it does come down to a cost-benefit analysis, okay? And understanding that, okay, when we move to the cloud, we're going to see a return on investment based on overall capabilities that we're getting within the cloud. We're going to move from traditional capital expenditures that we have that's very, very focused on providing long-term investment to a more monthly recurring operating expense, which chief financial officers in many aspects like. It's a more non-lumpy revenue or cost model, if you will. I think when they look at what to move, it really comes down to less about the infrastructure and more about the info structure. Really, what data are we moving? What assets do we want to move? And then how are we going to secure that by putting categorization and classifications on that as we port that into the cloud and secure them as such? And I think that's the big decision many of our ITN line of business leaders are focusing on, and we're feeling more and more comfortable, and our customers are feeling more and more comfortable and who we serve on at Trend Micro with how to move those assets into the cloud securely and how to do it in a cost-effective manner where it's not breaking the bank when they're doing that. When you're doing the actual move. That's great. So, another thing I want to explore is you're talking to customers, right, and cloud is coming up. Have you seen any kind of a change of mood, if you will, between, you know, are they being pushed this way because of the carrot or are they being pushed this way for the stick? I mean, has there been a transformation in the attitude of some of the customers in terms of do they want to move to the cloud or kind of their perception of, I don't want to say value, but kind of rightness or timeliness or, you know, now is the right time. Yeah, no, there is. And I think with any huge transformation in IT and business for that matter, there's the early adopters, right, the first responders that get in and it certainly could be legacy companies, it could be new companies that say, I'm all in, I'm focused on it. Well, we're seeing a shift in the legacy customers that traditionally have done IT on their own say, you know what, I don't want to be in the data center business anymore. And from our perspective with the evolving threat landscape and the bad actors that are out there trying to acquire and exfiltrate our customers' data, they're thinking about how to secure that when they move into the cloud. So, you know, data centers are very, very complex. I think we're doing more with less now. So I think from a staffing perspective, we're rethinking the role of IT admin administrators, the role of IT application developers we're focused on this concept of dev ops or development operations, which fit perfectly in a cloud ecosystem. And that all comes with still a tremendous amount of responsibility and diligence to our customers. If you're a government entity, to your citizens and constituents and protecting those assets no matter where they reside, you have to think that through and really focus on that. That's great. Again, we're here in theCUBE at Amazon AWS Summit 2013 in San Francisco, Moscone Center. Again, joining the conversation, the hashtag is AWS Summit with two S's. We've been here with JD Sherry from Trend Micro. Thanks for dropping by theCUBE. Good luck. What time, 3.15? 3.15 at Pacific. Go see the panel. Change is nothing. Change is everything. We'll be right back after the short break. You're in theCUBE. When you're building an application, you want it to run fast and you want it to stay fast as your business grows and more and more people use your app. Databases have always been one of the biggest challenges in scaling these applications. Most databases just weren't designed to match the scale and performance needs of modern apps. As more and more people use your app,