 from theCUBE studios in Palo Alto and Boston. It's theCUBE, covering IBM Think. Brought to you by IBM. We're back. This is theCUBE's coverage of the IBM Think 2020 digital experience. My name is Dave Vellante. This is wall-to-wall coverage over the multi-day event. Harish Grama is here. He's the general manager of the IBM public cloud. Harish, welcome back to theCUBE. Good to see you. I'm sorry we're not face-to-face, but this'll do. Yeah, thank you. Great to see you again as well. And, you know, it is the times. What do you do? You know, I want to start by asking you, you did a stint at a large bank. I'd love to talk to you about that, but I want to stay focused. You said last year on theCUBE, you can't do everything in the public cloud. Certain things need to remain on-prem. I'm interested in how your experience at the large financial institution and your experience generally working with, you know, your colleagues in the banking industry. How that shaped your vision of the IBM public cloud? Yeah, I think that's a great question. You know, if you think about trying to transform yourself to public cloud, a lot of people, what they try to do is, you know, they take applications that have been running their enterprise and they try to redo them in its entirety with microservices, using has-level services and trying to put it all up in the public cloud. Now, you know, just think about some of these applications that are running your large institution, right? Some of them will have regulatory rules around it. Some of them have latency requirements or low latency requirements, I should say. Some of them need to be close to the backend because that's where the data is. So for all these reasons, you know, you have to think about a holistic cloud picture of which public cloud is, you know, integral to it, but some of the things will need to remain on-prem, right? So when I build my public cloud out for IBM, I kind of keep those in the back of my mind as I get the team to work on it to ensure that we have the right capabilities on the public cloud. And then whether it makes sense, you know, have the right capabilities on the hybrid side as well, working with my colleagues in IBM. Well, you know, the COVID-19 pandemic, we've been talking to a lot of CISOs and CIOs. We had a couple of roundtables with our data partner, ETR. And it was interesting, you know, organizations that maybe wouldn't have considered the cloud, certainly as aggressively, maybe they put some test dev in the cloud, but you know, have said, well, we're really reconsidering that. One CIO actually said, you know, I'd love to delete my data center, but to your point, you can't just delete the data center. First of all, you don't want to necessarily move stuff. Second of all, we've got a lot of experience from a consulting standpoint looking at this, if you have to migrate, migrate is like an evil word, especially with mission critical systems. If you have to freeze code and you can't upgrade, you know, for some number of months, you may be out of compliance or you're not remaining competitive. So you have to really be circumspect and thoughtful with regard to what you do move. I wonder if you could comment on that. No, I completely agree with what you're saying. You know, if you think about, to your point, right? With COVID, things have really changed. I've been speaking with a lot of cloud transformers, I would say, you know, in the various industries, but specifically with banks as well. And the cloud leader for one of the large European banks said to me, he said, this was amazing because for four years, he's been trying to get his CSOS organization and risk and compliance, et cetera, to get their heads around moving applications to the cloud. And he said that, you know, one month of COVID and having everyone locked down at home has been able to unblock more than what he's tried in the last four years. So that's telling in itself, right? So look, you know, I've been working on public clouds for a good long time, now both from a provider side, as well as a consumer side. And while, you know, you certainly just can't close your data centers that are running your large enterprise overnight, you certainly can take a lot of stuff over there and move it to the public cloud in a meaningful fashion where you're able to take the pieces that really iterate more rapidly where you can get the innovation while keeping your data safe and, you know, being able to connect back into your backend systems, which run a lot of your large processes in your enterprise as well. So I think there is a balance to be had here and people, especially banks, I would say, haven't been moving so much to the public cloud. And I think this is the time where they're starting to realize that there is a time and place for a bunch of applications that can safely move. And that gives them the agility and the productivity while everyone's locked at home. And I think that's the eye-opener here. So I'd love to have a frank conversation about why the IBM cloud. I mean, you got the big guys, you know, Amazon, Microsoft and Google, maybe not as large. People put them sort of in a category of hyperscalers. Great, fair enough. And people oftentimes dismiss, you know, the IBM public cloud, however, your point that you just made is critical. And Ginny Rometti, who was the first to kind of make this point, Arvind's picked up on it that 80% of the workloads still are on-prem. And it's that hard to move stuff that hasn't moved. So, and that's kind of IBM's wheelhouse. I mean, let's face it, the hard stuff, it's the mission critical, you kind of running the banks and the insurance companies and the manufacturers and airlines around the world. So what's the case for the IBM cloud? Why the IBM cloud? And why even move that stuff? Why not just leave it where it is? Yeah, so I think there's a couple of answers here, right? One of them is the fact that when you talk to the hyperscalers, and by the way, I can't stress enough, we're a hyperscaler as well, right? People have taken a look at our cloud from about two plus years ago, which point in time we were not, but we certainly are, and we can provision VSI's and so on and so forth as best as the best guys can. So I want to just get that out of the way. But to your point, the reason why you would consider the IBM public cloud is when you talk to the other people, they come at it from a very narrow perspective, right? They think about, you know, use VSI's on x86 using cloud native pass services. Now, you know, I want to stress again that we do all three of those things extremely well, but if you think about how large enterprises work, nothing is as clean as that. I did say there was a lot of applications that have been running your institution that you can't just willingly rewrite. And then you have bare metal, you'll have power systems, whether it's AIX or I, you'll have some Z in there, Z-Linux in there. And then there's containers and then there's the VMware stack and there's containers running on bare metal, containers running on VSI, containers running on, you know, the VMware stack, as well as the other architectures that I mentioned. So we really meet our customers where they are in their journey and we give them a wide variety of capabilities and choices and flexibility to do their applications on the public cloud. And that's what we mean by saying our cloud is enterprise ready, as opposed to the narrow answer of you'll do everything with VSI's x86 and pass services. Yeah, I like that. And I want to circle back on that. Thank you for clarifying that point about hyperscalers. Having said that, I've often said, and I wonder if you could confirm or deny it, it's not IBM strategy to go head to head on cost per bit. Even though you will, you'll price it very competitively, but your game is to add value in other ways through your very large software portfolio, through AI, things like blockchain and differentiable services that you can layer on top. I've often made the point, I think a lot of people don't understand that, that insulates IBM from a race to the bottom with the, I'll call them traditional cloud suppliers. I wonder if you could comment. Yeah, you know, so I have to stress the point that just because I talk about all our other distinguishing capabilities, that people don't walk away with the impression that we don't do what any of the other large cloud service providers do. You know, to your point, we have AI, we have IoT. We've got 190 API driven cloud native pass services where you can write a cloud native application just like you put on the hyperscale, other hyperscalers as well, right? So we give nothing away. But for us, the true value proposition here is to give you all of those capabilities in a very secure environment, whether it is the fact that we are the only cloud where we don't have access to your data or your code because we have a keep your own key mechanism where we as a cloud service provider have no access to your key. Nobody else can say that. So it is those enterprise qualities of service and security that we bring to the table and the other architectures and the other, you know, constructs around bare metal and containers, et cetera, that distinguishes us further, right? So that's how it really, so these are really important points that you're making. And I know I'm kind of bringing out probably parts of the landscape that IBM generally doesn't want to talk about. But I think it's important, again, to have that prank conversation because I think a lot of people misunderstand. IBM is in the cloud game, not only in the cloud game to your point, but has very competitive, you know, from an infrastructure standpoint, so many companies in the last decade, we saw HP try to get in, they exited very quickly. Joe Tucci, the CEO of EMC said, we will be in the cloud and they ended up buying Mosey and exiting that. So Dell right now, you know, and won't have a cloud play. VMware tried to get in and now is, of course, big partner of yours. So you got in. And that to me is critical just in terms of positioning for the next decade and beyond. And the other piece of differentiation that I want to drill into is the financial services cloud. So what is that? You obviously have a strong background there. Let's dig into that a little bit. Yeah, if you look at the way most banks or actually every bank uses a public cloud is they build God rails, right? They build God rails from where their data center ends to where the public cloud begins. But once you get into the public cloud, then it really depends on the security that the cloud service providers provide. And the CSPs will tell you that they have a lot of secure mechanisms there. But if you ever speak with a bank, they will never put their highly confidential data-bearing apps with PII on a public cloud because they don't feel that the security that the cloud service providers provide is good enough for them to be able to put it there safely, number one. And number two, prove to their regulators that they are in fact in compliance. So what we've done is we worked with a Bank of America and now a whole bunch of other banks that I'm not allowed to mention by name as yet. Where we're building a series of controls, right? These are both controls during your DevSec Ops cycle when you're building your app and another 400 plus controls in the runtime that allow you as the bank to securely take your apps that have highly confidential data and PII and put it on the public cloud and we'll give you the right things whether it's the isolation of the control plane and the data plane or it's the data loss prevention mechanisms, the right auditing points, the right logging points, the right monitoring points, the right reporting data sovereignty. So we have controls built into the cloud that enable you to do all of this. Now, banks will be quick to tell you that the onus of proof is on them alone to the regulators and we can claim that for them and they're absolutely right. But today they spend hundreds of millions of dollars collecting all of that and providing that proof to the regulators. You use our cloud, we automate a whole bunch of that. So you're not number one as a bank trying to implement these controls on a public cloud because that's not your job, that's not your core expertise. And number two, when you actually build these compliance reports, you're not spending millions and millions of dollars trying to put it together where the compliance regulator will say, yes, this is okay. We automate a large part of that for you. And I think that's the key issue we're solving here. I want to follow up and just make sure I understand it because when I talk to executives in the financial services industry and other industries, they'll say things like, look, it's not that the cloud security is bad, it's just that I can't map the edicts of my organization into it certainly easily or even at all because I'm getting a sort of standard set of capabilities and it may not fit with what I need. What I'm hearing is that IBM, you guys are enterprise, you're used to specials, but so that's part of it. But you also said, they feel sometimes the cloud security is not good enough and I want to understand what that is specifically if IBM is doing something differently. So two things there. One is your willingness, whether it's auditability, transparency, mapping to corporate edicts and it may be other things that you're doing that make it better relative to good or not. Yeah, absolutely. So one of the things is, as I mentioned, it's the mechanisms like keep your own key which is fundamental to building some of these compliance safeguards in. But the fundamental different thing we've done here is we work with the Bank of America and we've defined these controls to use your language that maps to their edicts, right? Which should map to every bank's edicts now. There'll be a couple of extra controls here or there, but largely they're all regulated by the same regulators. So what satisfies one bank for the most part satisfies every other bank in the US as well, right? And so specifically what we've done is we've built those controls whether they're preventative controls or compensatory controls in the CI CD pipeline as well as in the runtime on the cloud. And that gives them a patch to automation to produce the right results and the right reports to their auditors. And that's really what we've helped them do. So I know I'm pushing you here a little bit. I'm going to keep pushing if that's okay. It was a great conversation. Yeah, absolutely. When IBM completed the acquisition of Red Hat, the marketing was all about cloud, cloud, cloud. And I came out and said, yeah, okay, fine. But really about his application modernization, that's the near term opportunity for IBM. You certainly saw that in the last earnings report where I think you're working with a hundred plus clients in terms of their application modernization. So I said, that is the way in which this thing becomes a creative, which by the way, it's already a creative and a cash flow standpoint. But I'm going to press you on the cloud piece. So talk about Red Hat and why it is cloud in terms of a cloud play. Yeah, so this is the power of Red Hat and the IBM public cloud. And of course Red Hat works with the other cloud service providers as well. So if you think about modernizing your application, the industry pretty much has standardized around containers as the best way to modernize our applications. And those containers are orchestrated by Kubernetes. That's the orchestrator that's basically won the battle. And Red Hat has OpenShift, which is an industry leading capability. It's a Kubernetes control plane that manages containers. And we from IBM, we've put our content, we've re-factor our content into containers and we've made it run on OpenShift. And we have a cloud managed OpenShift service on the IBM public cloud, as well as an on-prem that really helps bring our content to people who are trying to modernize their applications. Now think about an application that most people try to modernize. You know, rough rule of thumb about 20 to 25% of it is application code. That is the onus is on the client to go and modernize that. And they've chosen containers and Kubernetes. And the other 75% or 80% arguably is middleware that they've got, right? And we've re-architected and refactored that middleware into containers managed by OpenShift. And we've done 80% of the work for them. So that's how this whole thing comes together. And you can run that on-prem, you can run it on the IBM public cloud and I give you a cloud managed OpenShift service to do that effectively on our cloud. So that's how- That's interesting. Yeah, that's very interesting. I think there are, you know, probably at least three sort of foundational platforms. One is obviously Z mainframe. It's still much of IBM's customer base, you know, tied to the Z and it drives all kinds of other software and so forth. The second is middleware, to your point. And you're saying you refactored that. I think the third really is your hybrid cloud strategy. You kind of made the point, you threw an on-prem. It's, to me, it's that end-to-end piece that's your opportunity and your challenge. If you can show people that, look, we've got this cloud-like experience from cloud all the way to on-prem, multi-clouds, that is a winning strategy. It's jump ball right now. Nobody really owns that space. And I think IBM's intent is to try to go after that. I think you called it a trillion dollar market opportunity. And it's obviously growing. Yes, that's exactly right. And the peace parts that I've been describing to you, the way people modernize their applications all fit very nicely into that. Now, if you speak with the analysts, they're going towards a whole different category called distributed cloud, which basically means, how do you bring these capabilities that run on your public cloud to on-prem and to other people's clouds? And what I hinted at here is that's exactly where we're going with our set of capabilities. And that is a technical journey. I mean, Kubernetes is necessary, but insufficient condition to have that sort of nirvana of this distributed, massive distributed system, bring in edge systems as well. So this is at least a multi-year, maybe even a decade long journey. There's a lot of work to be done there. What would you say are there strategic comparatives for IBM cloud over the next several years? So I think for us, really it is building on this notion of the distributed cloud as I talked about. It is fully building out the FSS cloud, most of which we've already done. And some of these things will never be at end of job because regulations keep changing and they keep adding to it. And so you have to keep adding to it as well. So a focus on FSS to begin with, but then also to other industries as well, right? Because there are other regulated industries here that can benefit from the same kind of automation that we're doing for FSS. So we'll certainly do that. And we're in a good position because it's not only our technology, but it's our services practice. It's a pre-monetary that deals with regulators, et cetera. So we have the whole package. So we want to continue to build out on that, branch into other industry verticals, using our industry expertise across the board, services, product, everything. And then of course, you know, if there's one thing IBM has market permission for, it is understanding the enterprise and building a secure product. So we clearly want to evolve on that as well. Yeah, IBM has a lot of arrows in its quiver, including as we discussed cloud, now you just got to get her down as they say. So Harry, thanks so much for coming to the queue. Great discussion. I appreciate your transparency and stay well. Thank you, you too. Thank you so much. All right, you're welcome. And thank you for watching everybody. This is theCUBE's coverage of the IBM Think 2020 digital event experience. We'll be right back right after this short break.