 Live from Boston, Massachusetts, it's theCUBE. Covering AWS Reinforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. Okay, welcome back everyone to theCUBE's live coverage in Boston, Massachusetts for Amazon Web Services Reinforce. This is AWS's first inaugural conference around security, cloud security and all the benefits that security vendors are bringing. We're here with the man who runs the marketplace and more Dave McCann, CUBE alumni, Vice President of Migration Marketplace and Control Services. That's a new title that you have here since the last time we talked. A lot's changed. Give us the update. Welcome to theCUBE. Great to be back. I can't believe it's, is it seven months as reinvent? It feels like this. Seven years, right? No, you've got a lot of new things happening. We do. So explain, you have new responsibility. You've got the marketplace, which we've talked about, great product, great solutions. What else do you have? So we've obviously been expanding our service portfolio, right? And so AWS is launching new services all the time and we have a set of services around the migration of software. So I run now the migration services team and interestingly we're sitting in Boston and that's actually headquartered 800 yards down the road. So there's a set of services around the tools to help you as a CIO move your applications onto the cloud. Marketplace is obviously where we want you to find the software you need to buy and then once you get into the topic of governance we had one product called Service Catalog and at Reinvent we announced a new product that was in preview called Control Tower and yesterday we went to GA, full availability of Control Tower and Control Tower and Service Catalog together are in the governance space but we're calling them control services because it's around controlling the access of teams to particular resources. And so that's control services. What are people moving into the cloud? Give us a sense of the workloads. I know you say everything but any patterns that you can share? There's a lot of patterns emerging in migration and they are very industry specific but there are some common patterns. So you know we're doing migrations in thousands of companies worldwide and professional services run by Todd Weatherby is engaged in hundreds of those migrations but we also have now over 70 partners that we've certified as migration partners and migration partners are doing three times as many migrations as our own professional services team are doing. So in collection there's a lot going on. Now what are the common patterns? First of all everybody's moved their web development so their websites are done, they're all running on AWS. Now what they're doing is they're modernizing new applications so they may be building a new app or bringing an app over but moving on to containers. So it was an old app, it ran on a server and as they move it to the cloud they're going to reshape the app, throw away some of the code, break the code up into microservices and deploy it let's say on ECS which is you know containers. So there's a lot of application modernization and then on the migration side you know we're seeing applications clearly we're migrating a lot of SAP. So the big partners like Deloitte and Accenture are doing SAP migrations and we've done a lot of SAP migrations and then there are other business applications that are being moved with particular software vendors. You know there's a company here in Boston called Pega Systems and they do a world leading workflow platform and we've worked with Pega and we've migrated lots of Pega workflows in dozens of Pega customers up on the cloud. So you've innovated on the marketplace which is where people buy so they can contract with software. So now you've got moving to the cloud, buying on the cloud, consuming the cloud and then governing it and managing that aspect all under one cohesive unit. That's you, is that good? Yeah, it's a good way to think about it. It's a set of engineering teams with a common purpose for the customer. So you know one of the things we do at AWS is we innovate a lot and then we organize the engineering teams around a common customer need. So we set above all of the compute and storage services and we pay attention to the application layer and we describe the application. So if you think about migration services says I've actually got a service called Discovery and I crawl all your servers and I find what you have. Then what we do is we have a tool that says are you going to bring and move the tool so you have to build a business case and we just bought a company in Canada called TSR Logic and they had a super tool for building a business case that said what would this app look like running on AWS? So is the need, the business case, what's the core need that you guys have focused on? What was that? So interestingly, we run more Windows Server in the cloud than Microsoft. So you actually have the business case. Here's how many Windows Servers I'm running on on-prem. What does it look like when I run on AWS? And TSR Logic is a really good tool and we found our customers using it that says here's your on-prem Windows Server configuration with an app and run the model. What would it look like when it runs on AWS? But why wouldn't you just do that when a spreadsheet? What is the TSR Logic do that you couldn't do on a spreadsheet? Well, first of all, you want to make it a simple tool. Somebody has to go run a spreadsheet. They've turned it into a tool that a business user can use, a sales person you can use, and they've built it on top of a database so it's got a rich set of choices, far richer than you would put on a spreadsheet with a UI that is intuitive and you're going to learn it in 20 minutes and I'm not going to have you mess up the spreadsheet. There's data in there, best practice, things like that that you can drop on. The whole library of what's gone down and it keeps the data store of all the ones we've done. So we're turning that into a tool and we're giving it all to all our solution architects. Well, you got a good thing going on with the marketplace. Good to see you wrapping around those needs there. I got to ask for the marketplace. Just give us some latest stats. How many subscriptions are in the marketplace these days? What's the overall number in the marketplace as a child? It's pretty exciting that we decided just at San Francisco to announce that we now have over a million active subscriptions in the marketplace, which is a mind-boggling number on its own. A million subscriptions, I subscribe. And within those subscriptions, we've got over 230,000 active accounts. Now you know, and the audience knows, that you could be an enterprise with a hundred accounts. And in an enterprise, what we typically see is that there are seven or eight teams that are buying or using software. So we'll have seven or eight accounts that have the rights to subscribe. And so you can be one team and you're in another team. You're buying BI tools. You're buying security tools. So those accounts, and what we're announcing at the show for the first time ever is security is we have over a hundred thousand security subscriptions. So that's a wow. That's a big number. You know, some companies only have a hundred customers. And in marketplace, our customers have switched on a hundred thousand security software. How many product listings is that roughly? It's just security. We're in security, we've got 300. It's over 800 listings. Listing is a product with a price. Okay. And you know, a vendor could be let's say, Palo Alto Networks or CrowdStrike or Trends or Symantec or McAfee or a brand new company like Twistlock out of Israel. And these companies might have one offer or 20 offers. So we have over 800 offers from over 300 vendors. And we're adding new vendors every week. That's the next question. How many security app developers or ISVs do you have? Over 300. Over 300. Okay. About 800 listings. Which by the way, I heard this morning from Gartner that they believe there are over a thousand security vendors. So I'm only 30% done. I got a lot of work to do. How do you govern all this stuff? How does the customer sort of make sure that they're in compliance and? Great question. You know, Steven Smith yesterday was talking about governance. Once you move things on the cloud, it's very elastic. You can be running it today, not running it tomorrow, running it in IED, running it in Sydney. So it's easy to fire up and run it everywhere. So how do the governance team of a company know what's running where? Now you get into tagging. Everything has to be tagged. Everything has to have a code attached to it. And then you do want to control who gets to use what. I might have bought a barracuda appliance, but I don't know that I gave you rights to use it. So we could have bought it on behalf of the company, but I need to grant you access. So we launched a couple of years ago, Service Catalog as our first governance tool. And yesterday we went into full release of our new tool called ControlTour. So that was- Right, what you announced. We announced it in the event. We were in preview, and yesterday we went to GA. What ControlTour does is it now allows me to set up a set of accounts. So if you think of it, you're a development team. You've got a dev account, a test account, and a product account. You're brand new to the company. I'm a little worried what you're going to get up to. You don't want to give them the keys to the kingdom. So I'm actually going to grant you access to a set of resources, and then I'm going to apply some rules of what we call guardrails, because you're brand new. You haven't read my manual, and you're in the company. So I'm going to put a set of guardrails on you to make sure that you follow our guidelines. Yeah, and just training, and so it's pressing the wrong button, that kind of thing. So I got to ask you, I mean, on the buying side, consumption, I heard you say in a talk upstairs, Monday you have buyer led engineering teams and seller led engineering teams, which tells me that you got a lot of innovation going on the marketplace. We do. So the results are obviously there, you mentioned the listings, but one of the trends that's here at the security conference, and all it was proper is, ecosystems importance in monetization. So back in the old days, channel partners were a big part of the old computer industry. You're essentially going direct with service listings, which is great. How does that help the channel? Is there thinking around the channel as a buyer opportunity? How do you, how does that work with the marketplace? What's your thinking around the relationship between the scale and simplicity and efficiency of the marketplace? Right. With the relationships the channel partners may have with their customers and how do you bridge that together? What's the thinking? You've obviously been around a long time. So you know, the 90s, isn't that? Well, the channels have been modernized since the 90s. I've been around a long time. It's really interesting. When we conceived marketplace, you know, candidly, we didn't put the channel in marketplace. And in retrospect, that was a miss. Our customers, our big customers, our small customers trust some of the resellers. You know, some resellers operate solely on price. Some resellers bring a lot of knowledge. Even the biggest of the Global 2000, the Fortune 100, they have a preferred advisor. Let's take a company like Optif. You know, Optif's got 700 security engineers. There are blue chip companies in America that trust Optif, and they buy the software that Optif recommends. And so Marketplace really didn't accommodate for Optif. Or let's pick another one in Europe. It would be Computer Center. So in the last two years, we've dedicated a dead, separate engineering team. We actually opened up a team in a different city and their sole customer is the reseller. And so we launched this thing called Consulting Partner Private Offer. And so now you're Palo Alto or you're trained, you can authorize Optif or Sirius or SHI to be the reseller at this corporation. And they can actually negotiate the price, which is what a lot of resellers do. They negotiate price in terms. So we've actually put the reseller right into the heart of Marketplace. So you're building software for fulfillment through the Marketplace for partners, which are now customers to you now, so that they could wrap services around. Because that's the thing, when we talk to people on the channel, number one conversation is, we love the cloud, but how do I make money? And that is services, right? They all want to wrap services around it. So, okay, you guys are delivering this. Is that, am I getting that right? You guys are providing a direct link into Marketplace for partners and they can wrap services around it? So you're saying two things. First of all, yes, we're allowing the reseller to sell the software. So absolutely. So you're a reseller, you can quote the software, you bill, we bill for you. So now I've become the billing partner for Assyrius or a billing partner for Optiv. And Optiv can use Marketplace to fulfill cloud software for their customers. So Dan Burns, the CEO of Optiv, is pretty happy. Now you cross the line into a second scenario, which is, can Dan Burns attack services? And clearly that's a use case we hear. Usually when we hear use cases, we end up fulfilling that use case. It's a little, little, it's not a use case I have yet enabled. But we've heard Dan- You're working on it. We've heard what the customer wants. How does the reseller get into the Marketplace? What kind of requirements are there? Is it different than some of your other partners or is it sort of a similar framework? They have to become an approved reseller. So first of all, they have to be an APN partner. I mean, we work tightly with APN. APN screens partners for AWS. So Josh Hoffman's team, Terry Wise's team, the whole partner team screened the reseller. We would only work with resellers that are screened and approved by APN. Once they're APN approved, we have now set up a dedicated program team. They work with the reseller. We train them what's involved. Ultimately, however, the relationship is between Splunk in its reseller, F5 in its reseller, NetApp in its reseller, or Palo or Trend or CrowdStrike. So it's up to the ISV to tell us that, hey, computer centers my reseller. I don't control that relationship. I'm a fulfillment agent, but you, CrowdStrike, decide who a reseller is, and I simply have to make that work so that I get the end customer happy. So you're an abler in that instance. That's really... You know, I'm really an engineering team for everybody. If you think of an engineer for the ISV, we engineer for the buyer, and now I have to engineer for the reseller. You have your hands in a lot of the action, obviously, because you're in the middle of all this marketplace, engineering, you must do a lot of planning. I got to ask you the question, and this comes up that kind of put on my, and learning all the Amazon lingo, covering the re-invent for eight years, and covering all the different events. So you got to raise the bar, which is an internal, you keep innovating. Andy Jassy always talks about removing the undifferentiated heavy lifting. So what is the undifferentiated heavy lifting that you're working to automate for your customers? Great question. Right now, there's probably three. Let's say what the buyer friction is, and then we'll talk about what the seller friction is. The buyer frustration that is undifferentiated heavy lifting is the, interestingly, it's the team process around choosing software. So a couple of customers were on stage yesterday, right? And those big institutions talked about security software. But in order for an institution to buy that software, there are five groups involved. The security director is choosing the vendor, but procurement has to be involved. And right now, the procurement's kind of been left out of the debate. So yesterday, we did the integration to Cooper. There's a procurement system. So that friction is, I subscribe in Marketplace. How do I match it with the PO? Because the PO is what goes on the ledgers of the company, a purchase order. So there has to be a matching purchase order for the marketplace subscription. And then engineers don't tag well. Engineers don't always remember. You didn't tag it. How does finance know where it's being spent? So we're doing work on working service catalog to do more tagging. And so the buyer wants good tagging and procurement integrated. So we're working on a workflow between Marketplace Service Catalog for procurement and tagging. So you've kind of eliminated procurement or are eliminating procurement as a potential blocker to use another. Actually, we want them to be a partner. Yeah. You know, thought leading procurement VPs want their VPs of engineering to be happy. Is legal next? Actually, great question. We actually tackled legal first. We did something called enterprise contract. And our customer advisory board two years ago, one of our buyers, one of our customer said, we're going to move a hundred vendors to the cloud. We're not doing a hundred contracts. We've only got one lawyer. I got, you know, I've got 6,000 engineers and one lawyer. Well, lawyers don't code as quickly as engineers. So we've created a standard contract. Now it takes time to persuade legal because that's risk. So we've now got a whole bunch of corporations adopting enterprise contract. And we're up to over 75 companies adopting enterprise contract. But legal is a partner. So modernizing the procurement is a key goal. Procurement, legal, security, engineering. And then the next one is IT finance. So if you think of our budgets and our cost teams on AWS, everything needs to become visible in AWS budgets. And everything has become visible in cost explorer. So we have to have all the right tags. I heard a stat that six million apps are moving to the cloud in the next three to five years. Security, obviously a focus, reinforce. It's not a summit, it's branded as AWS reinforce. Just like reinvent same kind of vibe here for security. What's your impressions of the show so far? I know you've been highly active speaking, doing briefings, talking to customers, burn the midnight oil with partners and customers. What's your vibe of the show? What's your takeaway? What's the most important thing happening here? What's your summary? So I always think you get the truth in the bar. Right, customers with a glass of wine and they cut to the chase. I met a customer last night from a major media company who we all know, who's in Los Angeles. And his comment was, we exceeded his expectations. Wasn't sure he wanted to come because he goes to reinvent. And he's like, why am I coming to Boston in June? Because I'm going to reinvent November. And this director of security for a major media company last night, basically said, loved the subject matter, is so security centric. He actually ended up bringing a bunch of people from his team and he loves the topics in the sessions. The other thing he loved was, everybody here is in security. And reinvent, there's lots of people from lots of functions, but everybody here is a security professional. So that was the director of security for a media company. He was at an event, talking to one of the suppliers of Marketplace. And I asked this president of a very well known security vendor, who I won't name. And I said, so what's your reaction to Reinforced? And he said, frankly, when you guys told me it was coming, we didn't really want to bother. It's the end of the quarter. It's a busy time of year. It's another event. He said, I am so glad we came. And he was standing talking to his VP of marketing saying, we want to bring more people next year. So he's overjoyed. His comment was, when I go to Reinforced event, there's 50,000 people, but only 5% of them are in security. And I came to Reinforced. Everybody's in security. And Houston in 2020, any insight as to why Houston? I have no clue. What I actually think is really smart about the venue, and this was what another customer said last night. I met a customer from Connecticut, who isn't allowed to travel far. They don't get to go to Reinforced event in Vegas. I think what we did when we came to Boston, we tapped into all the states that could drive. So there are people here who don't get to go to Reinforced. I think when we go to Houston, we're going to get a whole bunch of Texas customers who don't get a flight to Vegas. So I think it's really good for the customer that people who don't get budget to travel can drive. It's kind of a geographic spread to wealth. So we're expanding the customers that can learn. So from an education point of view, we've just increased the audience that we're teaching. It's great. Dave, great to have you on. Thanks for the insights. And congratulations on the new responsibility as you get more calls in the round. Marketplace, been very successful. Million subscriptions. That's good stuff. Appreciate it. I appreciate it. I guess I see you in Reinvent in five months and seven days. Well, we're excited. I love covering the growth of the cloud, certainly cloud security of his own conference. Dave McCann, vice president of Marketplace, migration and control services, control catalog, how you move, contract and govern applications in the future. It's all going to be happening online in the cloud. It's theCUBE coverage from Boston, AWS Reinforced. We'll be right back with more after this short break.