 from Las Vegas, it's theCUBE. Covering InterConnect 2017, brought to you by IBM. Okay, welcome back everyone. We're here live in Las Vegas for IBM InterConnect 2017. The CUBE coverage, we're still going to angle media. I'm John Furrier, my co-host, Dave, a lot there. Next guest, Tom Reddy, Senior Vice President with State Street Corporation. Welcome to theCUBE. Thank you, thank you. I'm so, State Street, obviously financial powerhouse that you guys have and that we just talked about before we came on about the red slots. Season tickets, you guys own a pavilion there. Love Fenway Park, always great to visit. But seriously, IBM, you've had history with IBM and State Street. What's going on? Why are you here? What's the conversations? Well, we've, as you said, right? We probably go back 30 years in terms of the relationship State Street has with IBM, starting traditional technology, right? So, hardware and software. And evolved to a much more dynamic services relationship about four years ago, right? Where, combined with IBM and Wipro, we've taken advantage of their capabilities, both in application and infrastructure management. And transitioned quite a bit of our services from in-house managed to IBM managed. And your scope, specifically, in your role? Responsibilities I have are around infrastructure management, so which is the primary responsibility IBM has, right? Wipro's on the application side of the house. Okay, so big hybrid cloud discussion, right? So what does that all mean from a practitioner's perspective? Well, I think our challenge, candidly, is we probably have about 1700 applications give or take deployed today within the enterprise, within our enterprise. And predominantly hosted within our own core data centers. And as other financial companies and G-SIFs, right? We're a little, we have been a little reluctant to take advantage of the emerging capability and opportunity that the cloud represents. So we're starting our journey now to entertain IBM's capability in software where we've got an initiative underway to move the predominance of our development infrastructure there. So our developing teams can take advantage of that capability, if you would, speed. So it's a mix of understanding what they've got. It's a mix of understanding how we take advantage of it. It really is a challenge for us to understand as those capabilities evolve, how a company like ours can continue to take advantage of it, not just for development, but for real production work. So obviously you remember Y2K very well. Every CIO went through an application portfolio assessment before that, it was sort of entering a new wave of that assessment, understanding the portfolio, what's cloud ready and not. I think anyone would say it's- It's ongoing. It's one of the chapters in the playbook, right? Kind of application rationalization. I think a challenge that companies like we have are, one of our growth models is through acquisition. So every time we acquire another company, we just acquire two this year, it comes with some additional applications that honestly have to be rationalized back in, right? So that's kind of what we've got, right? And combine that with data placement, as it relates to privacy because we've got an awful lot of data under management. That's another challenge that has to be factored out. So talk about the application developer scene in your world, because if you look back, I mean, we were kind of joking on a previous interview about throwback Thursday and hackathon for a mainframe. There's a lot of workloads that are legacy enterprise that are mission critical. You guys are a great example that probably have, from soup to nuts, from old school to a new school cloud native going on. But the rage right now is enterprise readiness, enterprise grade, enterprise strongest. Ginny Rometti was saying, but the app developers has been around for a while, but what's the new mojo? What's the new vibe? What's the new culture like for developers in a large institution like the State Street? Well, we've been pushing the agile framework and the agile method, right? We undertook that about three years ago. We've got 200 certified teams, right? At State Street that are actually using agile now. And that's across probably six of the eight platforms that we run code on, everything from the mainframe all the way out to open systems, right? The distributed systems. You know, we've got some stagnant platforms like AS 400. We still have a few AS 400 kicking around and some DEX systems still sitting in DEX, right? So some of that isn't necessarily lend itself. Who supports those Vaxes? Yeah. It doesn't necessarily lend itself to multiple deployments, right? We just don't do much in that space, but yeah, I mean, they're energized around... Are they on the agile bandwagon? Obviously, agile's pretty huge now. Yeah, they absolutely are. And honestly, it's been a little bit tough for the infrastructure teams to keep up, right? And so we're not unique in that regard either, right? So one of the approaches that was done a few years ago is we do have our own platforms of service that we developed our own orchestration model going back five years. And the majority of that is supported today by the application teams, right? So application teams using agile-based methods deploying onto that platform as a service so that seems to work for us, right? Where the challenge becomes is for the apps that don't run there, how do we... And as we look to deploy those applications into software, how does that, if you would, seamless deployment work, right? From a software development environment and test environment back into production. And that's what we need to learn. So you've got Blue Mix and your own Paz sort of coming together, right? And so, I mean, it's just a little out of your scope, but what does that mean? And maybe specifically, what does it mean from an infrastructure perspective? Well, I mean, as I said, we've started that journey right now. So we'll have a thousand hosts migrated by the end of the year. That's the current target we've got with full deployment across into the hybrid cloud, probably within a year and a half from now, right? So as we undertake that journey, they're going to have to learn, the development teams are going to have to learn. The underlying service components, infrastructure service components, right? We're probably being a little heavy with that. Now, so that the development and test environments are exactly like the production environments are now. We'll probably pair that back as they understand what they need and don't need. So I challenge on us to speed. That's our current challenge. How quickly can we get things turned up for them? Challenge on them with regard to what they need, right? So, Tom, from a practitioner's perspective, what's the driver for a hybrid cloud? Is there specific use cases? Is it agility? Is it bursting? Help us understand that. Well, for us, it's probably all of that, right? I think that the challenge that any legacy shop like ours has is as you adopt, what's the speed by which you go to the cloud, the hybrid cloud, right? We've got our own centers, right? There's a financial model that needs to be achieved. As we do rationalization and data center consolidation, that feeds it, right? So it ends up going at a rate and pace that isn't necessarily in line with the speed that a new company would potentially take advantage of or that a forced migration would perhaps yield as well, right? So it's a little bit of both. So it's to support that little extra agility, kind of give you a tailwind for that initiative? Well, yeah, it's to enable the application guys clearly. But the ideal benefit on the infrastructure side becomes burst ability, right? And the ability for that capacity to come up quickly, right? And today, we'd struggle with that using traditional infrastructure based models. We are extremely interested in some of the work that IBM's got going on with regard to how some of these clouds actually comply with regulatory requirements, right? We operate in 29 countries and have to satisfy 48 different regulators. So the work that they've got going on with understanding what a regulatory compliant cloud is and which authorities does it satisfy and what are those controls look and feel like? That may actually be something that we could take advantage of fairly quickly. Can we talk about the security discussion a little bit? I mean, most people I think, early on in the cloud days, like, oh, cloud. I think most people would agree that there's a lot of advantages to the cloud from a security standpoint. That said, there's also a lot of specials that a company like yours requires. So it's not necessarily good or bad in the cloud. It's just, does it meet the edicts of our organization? I wonder if you could talk about that a little bit. Yeah, I think we've evolved, our policies have evolved and I think the regulators have become clearer with regard to what it is they want and what they don't want. I think all three of those things have helped. So when we look at the security policies that we have to adhere to, our CISO teams have been working fairly consistently and tightly with the different regulatory entities with regard to what it is we think we need to adhere to. That clarity allows us then to begin to look at the marketplace, understand what capabilities are there and begin to procure and use those, right? So yeah, I think it's come a long way but not only is the capability of the providers come a long way, it's the clarity around the controls and the regulatory. In what role and involvement do you have in security? Are you a sort of recipient of the edict and you have to enforce it? Are you a contributor? Do you have a meeting with the board? Yeah, I think it's a little bit of everything, right? So yeah, we're the recipient of the policies, if you would. And so therefore I have to be compliant with them. We participate in how those policies are set, right? So there's a process within our firm where we sit down, talk about emerging threats, talk about what policies perhaps should be implemented and then agree upon what those policies are and the timeframe for adoption, so we have that. And then the team, my team, for the controls it's responsible for have to stand up to regulatory oversight, right? So the term we use is first line of defense, right? So we're the control owners and our controls have to satisfy our own policies and external regulators. You know, one of the things I want to drill into brings out how hard it is with the cloud and in IT in general these days, and you know, Dave's in Massachusetts, I'm in Silicon Valley in Palo Alto, in Silicon Valley it's like, oh yeah, new toy, you know, shiny new, so let's go fast and loose. In fact, Mark Zuckerberg once said, move fast, break stuff. Now they've gone to move fast, be secure. So your world doesn't really, I mean you want to go fast and loose to get innovation, but you have to also manage really, really heavy requirements around the compliance and other security things. So you've got a balance set, so that's a very tricky thing. So can you share some insight into what it takes to do that, because you want to have DevOps, development and operations being faster and more nimble with Agile, at the same time you want to keep the pace of innovation and not be in the stone age. So what's the trick, what's the secret, what have you learned, share some anecdotal data, real data. You know, we started out, when we first looked at hosting offerings and opportunities five years ago, we didn't really think for a combination of capability that was available generally in the marketplace and the controls, we thought we needed around that. We didn't think they were where they needed to be, so we developed our own, right? So that's the far end of the spectrum where a firm like ours actually spent money and time to deploy orchestration for platforms of service. So we started there, you know, we've, yeah, if we think of the continuum of that journey, we're to the point now where we're considering using hosting companies that have the same or similar capability and we're at an inflection point with regard to where are we going to make our investments, right? Are we going to continue with our own or actually begin to migrate, right? So, you know, honestly, our challenge is just that, how do we progress on that journey? Because as always the case, it becomes very difficult when you're out of your sweet spot and owning your core competency to maintain the investments that are needed. And in this particular case, it's pretty classic, right? For us to keep pace with what the likes of IBM or Amazon or any of them are doing, tremendous investment stream, right, and we'd question whether that investment is best suited, you know, from a shareholder's point of view. To buy or build things, too, think about it, because one of those things you say, okay, well, I'm going to rely on IBM Cloud or AWS or whoever could be the provider. It could be like an RFP process. That's right. You've got to start thinking, so you look at it that way. We do, we do, and Brokerage is going to help us there, right? So we'll get Brokerage up and running fairly soon. And assuming the capabilities are somewhat similar or neutral, if you would, then we'll let the application team pick what they want based upon what their specific requirements are. So I've got to ask you in a few minutes we have left. I see Ginny's up there, and I've been a big believer for a long time that data is the key asset, and we've been saying it for a long time, but Dave and I were going back almost 10 years ago talking about data as a development asset for developers, but she says something pretty compelling. Data is you own the data. That's profound. Now we believe that to be the case, because if you're renting everything and you're buying or you're building your own, the data becomes the critical layer of value. You've got to protect it. It's obviously you have financial data, so it's secure. How do you guys look at the data layer as an architectural philosophy? Well, we have 12, probably over 12 petabytes under management today, so it's a pretty, pretty significant environment for us to manage. The challenge, honestly, isn't, we've got the business side of the house wants to take advantage of that data because it's got an awful lot of client information within it that we should be able to take to market the right way. Clearly, client confidentiality is important, but the data actually becomes a little bit of a millstone if you would around us, because we've got privacy concerns over all of that data. So, and that data is grown up over time, so strong lineage doesn't necessarily exist. So a real strong data framework isn't there for us to understand whose data it is, when, what state it happens to be, and where it sits at rest. So, it's an investment. And then the motion piece is kicking up huge. It is. With the mobile devices. That's right. You got motion going. Yep, so it does all come back to the data, but it does require a pretty strong framework around the data for you to actually be able to take advantage of it, right? We're kind of leads to the digital transformation discussion, it's a big buzzword today. Now, you guys, you know, you're not servicing, you know, mom and pop consumer, you know, situations big institutions, but nonetheless, their data implies digital, implies, you know, you're changing your business model. You got smaller companies that are disrupting your business. So what does it all mean to you generally, and specifically to the infrastructure? Are you guys developing, you know, SaaS products, mobile apps that have a ripple down effect to your infrastructure? Well, we don't have, you wouldn't think a state street is a retail operation. Right, of course. So we don't have that, right? But there is a need for probably a third of my colleagues to have access to data, you know, via a mobile framework. That's internal. Internal, right? In terms of external clients, you know, we do have a framework that we are, that we do provide through my state street, it's an internet portal, and it's all back office, middle office data that they would typically access. Do they require that to be generally mobile, is it mobile enabled, I guess, is the term I'm struggling with, right? Our competition hasn't gone there, and so we're undertaking the evaluation that says, do we need to go there from a differentiation perspective, right? But traditionally people are accessing that data through web-based portals and using it in their day job that way, our clients are, right? So thanks for coming on the queue, really appreciate it. Quick end to the segment. Your impression of the event here, people that are watching aren't here so they can't feel the vibe. What's your take of the show this year? Certainly we've been seeing the digital traffic on IBM Go, doubled from World of Watson, which we thought was the hottest show IBM's ever done. Looks like Interconnect, this seems to be the hottest. What's the conversation, what's the vibe like? What's the experience here? I generally like the collaboration that takes place in these kinds of things, right? And I think, I think what IBM's done here in terms of how they've laid out the center and all of the space that's available, the sessions have all been reasonably collaborative. You know, you go to some of these things where you kind of fall asleep in the back row, haven't necessarily seen much of that here, right? So a kudos to IBM for running this to where they have, right? So. It's very engaging content. Thanks for coming on the queue, really appreciate your insight and sharing what's going on at State Street Corporation. I used to call the State Street Bank from being from New England 18 years ago, but great to see you and well to see it at a Red Sox game. Sounds good, guys. So maybe you have some tickets. Holy kid, this is the queue, of course. Always trying to get the Red Sox tickets. I'm John Furrier with Dave Vellante. Stay with us. More great interviews coming right up here. Day two of three days of coverage of IBM Interconnect 2017. We'll be right back.