 Live from the Sands Convention Center in Las Vegas, Nevada, it's theCUBE at AWS ReInvent 2014. Brought to you by headline sponsors, Amazon, and Trend Micro. Okay, welcome back everyone. We are here live in Las Vegas for Amazon ReInvent. This is theCUBE, this is the Silicon Angle and Mookie Bonds flagship program. We go out to the events, I'm John Furrier, the founder of Silicon Angle. And my next guest is Jerry Miller, founder and chief technologist of Cloudticity. Welcome to theCUBE. Thanks, John. It's great to be here. So what do you guys do? Because you have a very interesting story. I want you to share what you do. You guys are a very unique product and value proposition. So quickly just share with the folks out there what you guys do. Perfect. Thanks, John, for that opportunity. So Cloudticity is focused exclusively on building HIPAA Workloads. So explain that. What does that mean? Like applications, the documents? Are you have APIs into the systems? So it's a great question. HIPAA is a fairly large area and so we cover quite a bit of ground. Everything from patient portals to medical storage systems. Some pretty interesting high-tech applications we can talk about. We don't have our own products. We build products that we can use as we can talk about. We don't have our own products. We build products for other companies for hire. So we tend to come in at the front. We help companies with a medical problem to identify the appropriate architecture on AWS. We help them build the product. We help them test it, deploy it and maintain it for the life cycle. So the HIPAA thing brings up the whole. I mean everyone in the weeds on HIPAA thinks like, again, regulations, all this slow moving bureaucracy designed for a quality purpose to protect the records and no one wants their stuff floating around on the cloud or iCloud or getting on Instagram. Who knows, right? Security issues, breaches and incidents. So okay, I get that. But still, there's some issues around health and like someone's lives being saved because that information needs to be in the right hands at the right time. Doctors. So what's going on with that? How are we using the cloud on AWS to make that happen? So it's a great question, probably a long-winded answer so feel free to break it anytime. So one of the things that HIPAA was designed to do and follow on the HITECH Act was designed to ensure the portability of health information and the protection of health information. So there is quite a bit of regulation and bureaucracy surrounding the protection of what's called PHI or personal protected health information. These are some of the more personal aspects of our lives that we want to make sure don't get revealed unnecessarily. On the other hand, HIPAA and HITECH are designed specifically to ensure that medical records are able to be integrated and viewed in a consolidated way. So I'll give you some specific examples. For the most part today, medical records are, they exist in silos. So if you go to your doctor, if it's an individual practitioner, your doctor may have paper records that they store in files behind the desk. If you go to a lab, if you go to a hospital, if you go to a clinic, if you're out of state, all of these visits will generally result in a medical record that exists solely within the confines of that practitioner's walls. What HITECH and HIPAA are designed to do is to ensure that those records in some way get consolidated. And what happens in that case is records are submitted electronically to sort of a central clearinghouse and merged with all of the other records and then pushed back out so that any provider that might see you has a complete picture of your health history. And we've got specific examples. I'll share a case study a little bit later during our chat. Specific people who are alive today because a doctor was able to make a diagnosis in light of a full medical record as opposed to a very narrow view of the medical record. But that's really, this is what it's all about. That's the goal of information. So one of our favorite customers is Great Lakes Health Connect. Great Lakes Health Connect is a HIE, a health information exchange. These are organizations, generally nonprofit, that are specifically designed to connect regional medical providers and merge the health records so that any provider can see the complete picture of a person's health. Great Lakes Health Connect is centered in Michigan right now. They've got about 4,000 providers, 126-ish hospitals. Across all of those, there are about 10,000 doctors whose patients are in the system, about 6 million patients. And all of the data of those patients are under Great Lakes Health Connect's stewardship. We helped Great Lakes Health Connect build that system on AWS and one of the more gratifying aspects of that is the gentleman that brought us in, Barry Noak, who is their IT Director of Operations. His daughter was born with a heart defect and she was successfully treated for it and when she was about two, she was having trouble walking and they went to a clinic and they diagnosed her with a stress fracture in her ankle, put a cast on, sent her home. The next day, Barry got a phone call from the doctor who said, take her immediately to the emergency room. We think she has a heart infection and in fact that was true and that call saved her life. So the product that we built in conjunction with Great Lakes Health Connect actually merged the information, pushed it to the physician who with a complete picture was able to very quickly, accurately diagnose the true problem and save this little girl's life. So what was the problem? The heart infection? The heart infection and that was causing a degeneration of the bone. Okay, so he basically was treating the wrong thing just on the surface. Okay, so I got to ask you about security because obviously medical records, security is number one, but at the same time people want it now, speed for those reasons, right? I want to save lives, but I also want to maintain my security. Well we had the Illumio guys in yesterday with their new product, perimeterless security and you got the trend micro guys in here. There's no perimeter anymore. So is HIPAA outdated? And if so, can you still get the benefits of a HIPAA with cloud? Take us through your take on the technology implementation. Is there a HIPAA 2.0 world? It's a great question. So without diving into the depths of legal details, the critical piece is that you have to, as a steward of protected health information or PHI, there are certain rules that you have to follow. And whether it's bound within a perimeter or whether it's in a more open cloud oriented system, the rules of engagement remain the same. So for example, we require at all stages encryption at rest. We further require management of the keys and that sort of thing. We require full encryption in transit, so any protected health information is never unencrypted as it sits in the public cloud nor as it's transmitted into perhaps your private data center. Encryption end to end at all times. Another thing that we always require, and in fact is required by AWS to be compliant with their HIPAA rules, is that any instances that either store or process PHI must be dedicated instances, meaning they exist on a dedicated piece of hardware where only your VMs reside and there's no co-location with any other companies' VMs. No multi-tenancy at all. No multi-tenancy at all. Okay, so they have that, what about the key escrow? There's also potentially with the keys of the kingdom, right? So interestingly, most of our clients have opted to be comfortable with AWS's current key management system and while it's technically not fully NIST compliant in that the same vendor manages the keys is also in possession of encrypted data, we think in most of our customers think that AWS does a pretty darn good job at that. Probably better than any of the smaller hospitals could do on their own. That being said, Trend Micro has a fantastic encryption mechanism that we can use to encrypt elastic block store volumes where the keys are actually separated from the data and not stored at AWS. Furthermore, AWS interestingly at this morning's keynote announced some additional capabilities related to key management and escrow keys. So Jerry, talk about your company, the story, how it's founded. Yeah. How'd you get here? Why did you stumble into AWS? What was the innovation? What was the spark? Yeah. So I personally live, breathe technology. It's my hobby and so I feel very fortunate that I actually get paid to do what I love to do every single day. It was an early, early adopter really almost on day one of AWS and a big proponent of its technologies and really the economies of scale that it's brought to the market. How it's leveled the playing field where disruptive start-ups can enter the market unlike a decade ago when they may have had to invest $2 million in a data center. That's no longer the case. I'm a big fan for the democratization that AWS brings to the playing field. I mean anybody can basically go after things now that was out of reach. Absolutely. So entrepreneur, some of the creative idea. They don't got to go stand in the line to bank and VCs for money. They can use their coding chops or whatever and go get it. And when it wins then they bring the cash in. And the incumbents have no inherent advantage because there's zero barrier to start up and that's what I love about cloud and AWS has just done it better than anybody. Well now that's going into a bigger pond where you have small, medium-sized businesses who now can go after the big whales like Oracle and leverage a database like Aurora. Absolutely. AWS has really injected a new energy into the marketplace. So tons and tons of passion around AWS and what they've done. On the flip side I have tons and tons of passion around the medical space. We call it a healthcare system, but what we have is a sick care system. Doctors get paid to treat you. And so the sicker you are and the more procedures they can push up on you the more they get paid. I think that's backwards. I think we should have a healthcare system that focuses on keeping people healthy and the healthier that people are the more doctors get paid. And in fact their payments should sort of fall off as people are sicker so what we think is that there's an opportunity to flip the system on its head and to combine the disruptive technology of the AWS cloud with this disruptive notion of a healthcare system versus a sick care system and those two passions aligned and merged with some opportunities that we had to actually build some projects in the healthcare space and that was the genesis of cloud. So the lowest hanging fruit was just attack HIPAA because that's where the pain is. Absolutely. So were you kind of looked at it? Meaning HIPAA meaning this whole document flow plus there's money in there too. So speaking of the money, let's talk about the economics of it. HIPAA and sort of a follow on act called HITECH HITECH requires a provable degree of digital engagements between providers and patients. So there are now requirements that providers have to submit records to the state within 72 hours. They have to prove that X% of their patients visit the patient portal and retrieve their test results within three days of a doctor visit. So there are all sorts of metrics that measure how deeply providers are allowing their patients and in fact incenting their patients to engage digitally. So right now the federal government beginning in the year 2014 allocated $26 billion to pay out for incentives for providers that are successfully meeting these criteria. So we chose to play in a market that has a funded $26 billion budget. It's a great economic situation. On top of that So you're hitting those metrics? Actually yeah, we helped one of our customers in the federal group. We helped them hit it's called meaningful use. We helped them hit their meaningful use metrics the first on AWS and their ROI was ridiculous. You must have renewed that contract. We have a mutual liking of each other. That's good business. That's good business. Well back to the passion. So first of all, I love the passion. I think that's totally true. This is about flipping the things on their head. I mean Amazon is a disruptor, a commoditizer and innovator. That is a very rare breed in tech circles. You see either one of those. I'm a commoditizer, I'm a disruptor or I'm just innovator. But they're doing all of it. What do you think is going to happen to the other guys? I'm sure EMC is probably sitting there going I'm not worried about pure storage flash arrays putting me out of business. But they might be thinking what do I think is going to happen to the other guys? I guess my question back to you is what other guys? Who else is there? The guys holding on to the IT spend in a lot of the enterprises. They're like clutching and grabbing in data center HP, IBM, Oracle EMC, VMware. It's going to be a transition but there's no doubt in my mind and as you heard in the keynotes today in most industry analysts' minds there's no question that the data center is dead. We'll as much have a data center as we generate our own electricity at home. Nobody wants a data center. Every customer I talk to and we had another one of trend, Microsoft customers. I'm not in the data center business. I'm in the oil and gas business. And that's what I do. I don't really want to manage. But you'd be surprised still that many companies cling to the old mindset and are not yet ready to give up control of their data. They like putting patch cables in switches but that will go away without a doubt. That's a no brainer. The idea of a storage admin is going to go away now with convergent infrastructure. Get a new job, be a cataloged service manager. The OEMs that manufacture disk drives their customer will change. They're not going to sell to a business anymore. They're going to sell to the cloud providers. You're a natural on theCUBE. You have the ESPN of tech in your blood. I can tell. We can go for 30 minutes more. But we're getting the hook. I want to ask you straight up. Wasn't for Trend Micro sponsoring us? Which I really want to say to the folks out there, if you're watching Trend Micro, took the time to sponsor theCUBE for our passion to bring free content. Share what we can with the folks. Thanks to Trend Micro. What's your take on those guys? They're a very close partner of ours. We embed Trend Micro security products in every single deployment that we do. Every time we propose a solution to a prospective customer it always includes Trend Micro products. They're key for two reasons for us. One is they really ensure the protection of the data. For us, that's paramount. If we were to have one breach we would be out of business. Our reputation would be shattered. And more importantly, people's lives might be shattered because secrets that people don't want in the public would get out. So from a protection standpoint, they're critical. But also from a monitoring standpoint, Trend Micro gives us products that allows us deep visibility into the security and the current security of our clients environments. And for those two reasons, they're an absolutely critical product that sits side by side with us in any project that we perform on. Jerry Miller, founder of Cloudticity here inside theCUBE. Thanks for coming on. Really appreciate it. This is theCUBE. We'll be right back with more live coverage from Las Vegas. This is theCUBE. I'm John Furrier. We'll be right back after this short break.