 From the CUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. Hello everybody, this is Dave Vellante and welcome to this breaking analysis. I'm here with Eric Bradley, who's the managing director of ETR and runs their Venn program. Eric, good to see you. Very nice to see you too, Dave. Hope you're doing well. Yeah, we're doing okay, hanging in there. You know, you guys in New York are fighting the battle. Looks like we're making some progress here. So, you know, all the best to you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO CISO panel last week. And we're going to explain sort of what that's all about. But one of the things that ETR does that I really like is they go deeper with anecdotal information. And it's almost like in-depth interviews in these roundtables. So they complement their quarterly surveys and their other drill-down surveys with other anecdotal information from people in their community. So it's a tried and true survey practice that adds some color to the data set. So guys, if you bring up the agenda, I want to share with the audience what we're going to talk about today. So we'll talk a little bit about, you know, we just did intros. I want to ask Eric what ETR Venn is and then we'll go through some of the guests. But if we go back to Eric, explain a little bit about Venn and the whole process and how you guys do that. Yeah, sure. We should hire you for marketing. You just did a great job actually describing that. But about three years ago, what we decided was ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to and when it's happening. But it can't always tell you why it's happening. So leveraging a lot of my background in 20 plus years in journalism and institutional Wall Street research, we decided to take the ETR community, the people that actually take the surveys and start doing interviews with them and start doing events with them. And in able to doing that, we're basically just trying to compliment the survey findings and the data. So what we always say is that ETR will give you the quantitative answer and Venn will give you the qualitative answer. Now guys, let's bring up the agenda slide again. Let's take a look at the folks that participated in the round table. Now for ETR's clients, they actually know the names and the titles and the company that these guys work for. We've anonymized it for the public, but you had a CIO of a global auto supply or a CISO of a diversified holdings firm who actually had some hospitality exposure, but also some government contract manufacturing exposure, chief architect of a software ISV and a VP and CISO of a global hospitality resort chain. So you had three out of the four, Eric, were really in industries that are getting hit hard. Obviously, the software company, maybe a little bit better, but maybe you could add some color to that. Well, actually the software company, unfortunately was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well. So this particular panel of CIOs and CISOs were actually in a very hard hit industries are going to make sure we do two more follow-ups with different industry verticals to make sure we're getting a little bit of a wider birth and collect all of that information in a better way. But coming back to this particular call, the whole reason we did this, and as you know, you spoke to my colleague and friend, Sagar Kadakia, who is the director of research for ETR. And we were nimble enough to actually change our survey while it was in the field to start collecting data on what the real-time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it and then say, okay, let's start reaching out to these people and dig deeper, find out why it's happening. And even more so, is it permanent and which vendors are going to win and which vendors might lose from it? So that was the whole reason we set up a series of calls. We've only conducted one so far. We have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals. Because as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others. So it's important to get a wider cross-section. So guys, let's take a look at some of the budget impacts, the anecdotal sort of evidence that we gathered here. So let me just scan through it and then Eric, I'll ask you to comment. So, you know, I mean, like Eric said, some hard hit industries, all major projects, anything sort of next gen have been essentially shelved. That was the ISV. And then another one, we cut at least 70% of the big projects moving forward. He mentioned ServiceNow actually called them out, but ServiceNow is a SaaS company, probably, you know, weather the storm here. But he did say we've put that on hold. The best comment, you know, as a service has saved our SaaS, which is great. And then we're going to get into some of the networking commentary, some really interesting things about how to support the work from home, you know, kind of shifting from a hardened top into uses remote workers. And then a lot of commentary on security. So, you know, that's sort of a high level scan. And there's just so much information here, Eric, but maybe you could sort of summarize on some of those, that commentary. Yeah, we should definitely dig into each of those sectors a little bit more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out. Their VPN didn't have enough bandwidth. So there was a real quick uptick in spending, but longer term, we're starting to see that these changes will become more permanent. So the real winners and losers right now, we're going to see on the loser side, traditional networking, the MPLS networking isn't a lot of trouble according to all the data and the commentary that we're seeing. It's expensive, it's difficult to ramp up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD WAN space. It's going to be impossible to ignore that going forward and some of our CIO and even CISO panelists said that change will be permanent. Also we're seeing at the same time what they were calling on SaaS and cloud. Now we know these trends obviously were already happening but they're being exacerbated. They're happening even more quickly and more strong and I don't see that changing anytime soon. That of course is at the expense of network, I'm sorry data centers, whether it be your own or hosted which has huge ramifications on on-prem hardware, even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation. We didn't necessarily expect all of our community members and IT decision makers to talk about them being possibly permanent. So that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR is a widening bifurcation between the next gen security vendors and the more traditional security or the legacy security players. That bifurcation just keeps getting wider and wider and this situation could be the last term. So I want to follow up on a couple of those things. You talked about sort of the network shift and you know, toward SD-WAN. What people have described to me is that they've got a hard and top, it's a hierarchical network. It's very well understood and it's safe, right? And now all of a sudden you got all these remote workers and so you've got to completely sort of rethink your whole network architecture. The other thing I want to drill into is your cloud commentary. There's a comment that I saw, Eric, that really stood out. One of the folks said, I would like to see the data centers be completely deleted, if you will, or closed down. I mean, I think we're going to see a lot more of this obviously, not only from the standpoint of, and you heard this a lot, the kind of pay-by-the-drink, but just generally getting rid of all that sort of so-called non-differentiated heavy lifting as we often hear about. That is a extreme comment. I don't think everyone feels that way. But yes, the comment was made and we've heard the comment from other people. As you and I both know, the larger the enterprise, the harder that is to go completely SAS. But yeah, when a situation like this happens and see the inflexibility of their on-prem infrastructure, yes, it becomes something that really has to be addressed and it can become a permanent change. I was also shocked about that comment. That gentleman also stated that his executives outside of the IT area, the CEO, the CFO had never, ever, ever wanted to discuss cloud. They did not want to discuss work from home. They did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies doing everything they can with this opportunity to make that happen. Yeah, and so, you're right. I mean, the whole work from home conversation, that's to your point earlier, Eric. Big chunks of COVID, the post-COVID world are going to remain permanent. Guys, bring up the SAS slide, if you will. The SAS commentary as a service saved our SAS as the wittiest quip award according to ETR. But you had, it was very interesting to hear folks. In fact, I think somebody even called out, hey, we expected Oracle to be auditing us but they were actually being very supportive as is IBM. Salesforce was an interesting comment, Eric. One of the folks said they would share accounts on-prem, but when they all do the work from home, they had to actually buy some more. You also got Cisco with big props. Microsoft was called out. A lot of organizations actually allowing them to defer payments. So the SAS vendors actually got very high marks, didn't they? They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009, right? After we came out of the financial crisis. They have notoriously been a bad act. I don't know if they found religion and they decided to be nice to their customers but every single person mentioned them as one of the vendors that was actually helping. That was very shocking. And we all know that when bad situations happen, people become opportunistic and right now it's really seeming that the SAS vendors understand that they need a long-term relationship with these customers and they're being altruistic instead, which is really nice to see. Yeah, I think anybody with a cloud realizes that, hey, we have an opportunity here to the lifetime value of that customer. Whereas maybe in 2009, Oracle didn't have a cloud. They had to get people in a headlock to try to preserve their income statement. If we, let's go to the networking drill down guys, that next slide, because Fortinet, some of the things that we've been reporting on is the sort of divergence in valuations between Fortinet and Palo Alto before this whole thing hit. Fortinet has done a really good job with its cloud offerings. Palo Alto struggled a little bit with trying to figure out the sales compensation is maybe a little bit behind, although both companies got strong props and I've talked to a number of customers that Palo Alto is going to be in the mix, but Fortinet from a cloud standpoint seems to be doing quite well. Obviously networking, Cisco is the big gorilla there. But so, and we also got callouts from guys like Trend Micro, which was interesting from some of the folks. So your thoughts on this, Eric? Yeah, I'll start on the networking side because this is something that I really, I've dug into quite a amount in not only this panel, but a lot of interviews and it really seems as if as networking refresh starts to come up and it's coming up with a lot of large enterprises. When your network refresh comes up, people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change. I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they were basically saying that from a permanency perspective, the freedom from MPLS will reduce our network spend by over half while more than doubling or tripling our bandwidth. You can't ignore that. You're going to save me money and triple my bandwidth. And hey, by the way, my refresh is due. It's something that's coming and it's going to happen. And yes, you mentioned a few, right? There's Viptela, there's Velocla, there's some big players like Cisco, but Palo Alto just acquired Cloud Genics in the midst of all of this. They just went and got an SD-WAN player themselves and they just keep acquiring a portfolio to shift from their on-prem to next-gen. It's going to take some time because 70% plus of their revenues is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving. And that's just one comment on the traditional networking versus the next-gen SD-WAN. And the customers have indicated, it's not easy just to get off of their MPLS networks. I mean, it takes time. It's like slowly pulling off the band aid, but like many things, COVID-19 is sort of accelerating that. We haven't talked about digital transformation. That came up as a maybe more strategic initiative, but one that very clearly has legs. You know, David, it's very simple. You just said it. People, when things are going well and they're comfortable, they don't change. And that's the same for an enterprise or a company. Hey, everything's great, our revenue's fine. Why would we do this? We'll worry about that next year. Then something like this happens and you realize, wow, we've been dragging our feet. That digital transformation that we've been talking about and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I because we know this is a theme. We know cloud adoption is there. We know digital transformation is there, but there are still a lot of people that haven't moved as quickly as they should. And this is going to be that final catalyst to get them there without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there. But in other interviews besides this, I heard the phrase point of 40 everything. So through R&D and through acquisitions, Fortinet has really expanded the portfolio and right now is their time to shine because when you have smaller satellite offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price when you have smaller branch offices. And I actually, I was glad you brought up Fortinet because it's not a name that we get to herald that often. And it was deserving from this panel. Yeah, and companies that can secure gateways, secure endpoints, obviously going to have momentum, Zscaler came up, I think that's, and I tell you, looking at it, I've done a couple of breaking analysis on security and Fortinet has been strong in two dimensions. ETR as our audience is, I think, getting to know, we really look at two key metrics. One is net score, which is a measure of spending momentum and the other is market share, which is a measure of pervasiveness. And companies like Fortinet in security show up on both of those dimensions. So it's notable. Yes, it certainly is, it is. And I'm glad you brought up Zscaler to very recently by client request, we did a very in-depth research on Zscaler versus Palo Alto Prisma access. And they were very interested, and this was before all this happened. Does Palo Alto have a chance of catching up, taking share from Zscaler? And I've had the pleasure of myself personally hosting Jay, the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler at the moment, their technology is still ahead, according to their interests, there is no doubt. However, there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe that parity of a feature set will shrink over time, and then it will come down to Palo Alto obviously has a wider end user base. Now, what's happening today might change that because if I had to make a decision right now for my company on Secure Web Gateway, I'm still probably going to go to Zscaler. It's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance. So in this panel, as you brought up, Zscaler was mentioned numerous times as just the wave of the future, along with CASB brokers, right? Whether you're talking about a Netscope or a force pointer, all those people that also play in the CASB space to secure your access, zero trust is no longer a marketing hype term. It is real, and it is becoming more real by the week. And so I want to kind of end on one of the other comments that really struck me because we're constantly talking about, okay, do you go with a portfolio of a suite of services or do you go with best of breed? What about startups, you know? Are startups more risky in a crisis like this? And one of your panelists, I just loved his comment, he said, one of the things that I've always done, he said, you always hear about the guy, oh, we're going to go to the garden and we're going to check out the magic garden. We'll pick out three guys in the upper right hand corner and test them out. He says, one of the things that I've always liked to do is I'll pick two from the upper right and I'll take one from the lower left, one of the emerging texts, and I'll give them a shot. They won't win every time, but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. All right, love that comment. It's a great comment. And honestly, if you're in charge of procurement, you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiating leverage and I could say, oh, well, I can always just take their contract. So it's silly not to do it from a business perspective, but from a technology perspective, but we kept hearing from these people with the smaller vendors and my partner, Peter Stubbe, my colleague and I, who did the host together, we asked this question really believing that the financial insecurity of the moment and the times would make smaller vendors not viable. We heard the exact opposite. What our panelists said was no, I'd be happy to work with a smaller vendor right now because they're gonna give me pricing flexibility. They're going to work with me right now. I don't need to pay them upfront because we're seeing a permanent shift from CAPEX to OPEX and the smaller vendors are willing to work with me and I could pay them later. So we were actually surprised to hear that and glad to hear it because to connect to your other point, the other person who was talking about security in a platform approach versus best of breed, he said, listen, platform approaches, you're already with the vendor, you can bundle a little bit, but the problem is if you're just going to acquire a new technology every time there's a new threat, the bad guys are just going to switch the threat and you can't acquire indefinitely. So therefore best of breed with security will always be platform. And that's kind of a message to Palo Alto and Cisco in my opinion, because they seem to be the ones fighting that out and even Microsoft now, trying to say that they're a platform approach and security. Well, and it says to me the security business as we predicted is going to stay fragmented because you're still going to get that best of breed. Just like cloud is going to be fragmented and it's multiple vendors. Ever since I've been in this business, people are trying to consolidate the number of vendors, but technology moves so quickly, it gives competitive advantage. Eric, awesome. Thank you so much for joining us. I'm looking forward to next Tuesday with the next Venn and love to have you back and talk about it anytime. You're a great guest. Thanks so much. Certainly I'll do my best to get a better AV connection last the next time, guys. I apologize for that, but it was great talking to you tonight. Hey, we're all learning, you know? So thank you everybody for watching. This is Dave Vellante for theCUBE and we'll see you next time.