 Welcome to JSATV Europe and our live two-days event on 2023 predictions. I'm Jean-Marc Lehmann, joining me today is Amsterdam-based Sarah Paulen in mefield city of Hashi Corp. Sarah, thank you so much for joining me. Thank you for having me. We were just saying it was freezing where you are in Amsterdam. It's not much but in London but... It is properly cold here and given we all ride bikes everywhere for transport, it makes it a little bit a little bit difficult so hopefully... I'm not even imagining it with a cold wind. I mean, even though it's cold where we are, what's very hot is the market that we operate in. So I wanted to jump into what's been the biggest changes the sector has seen in 2022 across the region that you cover. Yeah, I think we've seen a couple major trends, the first just being attrition in general. Companies are having a really hard time hiring but also both keeping employees, which I think we saw begin with COVID and during the COVID times, but that seems to be propagating more and more. And in some industries that's going up to about 50% based off of what I'm hearing from some of our customers. So that's been one major challenge and something that's quite hot. How do we skill up the market? How do we make sure that our employees are getting what we need? And how are we fitting both culture and skilling within organizations? The second one is that jump to multi-cloud. I think we did a survey with Forrester and we're looking at over 50% of organizations are now running some form of multi-cloud. So in combination with that attrition, how are you managing the scalability of multiple clouds and the skills that are required to maintain both clouds, which then brings us into the security side of things. Security is super hot topic. I think we'll remain a very hot topic, especially given some of the breaches that we've seen more recently. So how do we get some of those skills then into the security market? And how do we change kind of our perspective on how are all of these things coming together? And then 5G. I think 5G has actually done a lot for the market in terms of what are we looking at. So previously it was really about a combination of virtualization and physical. But as 5G starts taking off and really starts driving the market and what is going on in terms of architecture and requirements, particularly in terms of latency, this virtualization is going to become much more complex and we'll be looking at containers, serverless, all of these things, all of these edge computing devices, they're really going to start taking off, I think. And we're already seeing some of that happening. It's great. I mean, there's so much to pick and choose from what you just said, because everything you said is basically just going to open so many new use cases that we've never even thought about in the past. I mean, everything you said, it can also fit into a prediction for next year. But if you have to choose one as in a big thing that you expect to happen next year, what do you think it will be? I think security is going to continue to be a very hot topic, because what we're having to do is adjust what we've previously done and how we've looked at security. So if you look at what has been addressed previously and how we've dealt with security controls from a technology standpoint, a lot of that has been managed through IP addresses. And because of all of these changes in the market, things like the 5G, the virtualization, multi-cloud, we can't really pin those security controls anymore to those IP addresses, which means we really have to start turning things on its head and how do we start leveraging that. At the same time, we need to make sure that we're securing the networks that kind of link all of these different things and drive those via identity. And that becomes a really complex undertaking and requires a different way of looking at security, making sure that nothing has the right necessarily to have that inherited trust that we've previously said is acceptable. And it was, when we were dealing with more physical devices and things running on these physical devices, that was an okay security model. But now, because everything is kind of logically based and we as humans are innately flawed and we make errors, we can't really assume anymore that inherited security is going to be sufficient anymore. Interesting. I wanted to ask because you work within the open source remit. So what does open source fit into all this? You've already kind of mentioned containers and serverless. It's been quite a few years since I last looked into that specific part of the sector with the Cloud Native Foundation. This is all pre-COVID because we used to go to Berlin and all that for the conference. So give us just an update of where we are with open source in Europe along the lines of where you just touched on special security. Yeah. So open source continues to thrive. And I think open source is a requirement for the community because it allows so many new adventures and just opens the door in terms of innovation for everyone where a lot of organizations, I think start drawing back a little bit and being quite wary about open source is the backing. So if you look at open source, you can sort of break it down into two areas. So at HashiCorp, we have our open source offering. Anyone's welcome to use that. But then we also have the more enterprise side of things so that if an organization wants to make sure that that's scalable or has the backing of support, then that's in place. So what we're seeing is kind of this deviation between these two enterprise and open source so that you still get access to the technology. But then if you need the additional support, that's there and you have that backing. And as we see legislation like Dora rollout, which is about operational resiliency, having that support is going to become more and more critical because it's going to be mandated on a regulatory level. So the creativity and the innovation that comes from open source, I think is unparalleled and organizations really need to look into that. I do understand though, also coming from the security standpoint that you need to be able to have full control over the software that is running in your organization. Okay. Because I was going to ask if that sort of separation between enterprise and consumer was more kind of a marketing cells thoughts. But so it was more regulation driven than anything else. It can be regulation driven. It can also be scalability. So if we take, you know, a good example, just being HashiCorp in general, our open source tooling gives you a lot of functionality. It's more or less the same feeling of the product but then the enterprise allows you to do is really scale that on a much larger scale so that you have that required workflow and it can handle the required load as necessary. Okay. So if we're looking to what HashiCorp is going to be doing in 2023, so of course I'm sure you're going to be building on a log for you just said, but won't be the main three things you're going to be pushing out to the market and even region-wise as well. Well, if there's going to be any specifics to different parts within the region, you're going to be operating with it. Yeah. So one thing just being this idea of zero trust and the zero trust security, how do you make sure that you can secure with, you know, reasonable parameters, your workloads, make sure that you aren't trusting anything but then everything is authenticated and identity driven. And I think that's something largely the market is responding to across the board. We're also realizing that, you know, within Europe, we have different requirements than the United States, for example, things like data sovereignty are becoming a really large issue. So making sure that we have that in place so that the security side is fully responded to and making sure that there's the ease of operability there as well so that you're ensuring that you have that iteration speed that you can enable high performing teams, essentially, without the cognitive load that's kind of associated with that. So really trying to pull that all together and make sure that teams have access to all of these tools. Interesting. Just quickly picking up on the data sovereignty point because both the audience would be very American. So I think it would be quite interesting for them to understand a bit that. So the sign is really coming through now. I can't see you anymore. This is just the sun now. I was going to ask, in the old days before GDPR started, everything was getting a little bit messy because each country was doing their own thing. There was another regulation. I can't remember the name now, actually, but then GDPR came in and it was meant to standardize everything across the block. But we seem to be now not only have that, but each country seems to be also starting to go back and look into their own national legislations. Where are we with all this? And the sovereign clouds, Germany and France being two big countries doing that. Just give us a general overview of what data sovereignty is within Europe. Yeah, so there are different levels of required data sovereignty. I think the biggest divide we see and the largest concern that we see, especially as we're dealing with some multinational companies and companies that have presence within several countries within Europe is really the European data sovereignty. There are a couple legislations and regulations that have come out of the US which make it, in theory, possible for the US government to then gain access or knowledge over data which is residing even in Europe, contrary to popular belief. And now that we've seen things like Shrems 2 with the US and EU Shield which has fallen, that's really called into question a lot more. What is actually possible? And there's a lot of uncertainty there because there's not a whole lot of jurisprudence. On the flip side, we're also seeing, like you said, countries like Germany, France, say that that data actually has to remain within their own specified countries. And that really has a large impact, particularly for things like public sector. It would be the equivalent of making sure that in the United States you don't want government information then floating out to a different country where, in theory, there could be some political blowback. So the question then becomes, how do you balance all of that? Because on a certain level, managing all of that is extremely difficult, especially if you're using something like public cloud. And there's a lot of value to public cloud. So how do you balance that risk and where does that risk fall as well? And that's becoming quite a hot topic here within Europe as well. Okay, interesting. And then, sorry, so if people want to learn more about Hashi Corp and reach out, maybe just delve into that topic of their sovereignty and regulation because they can go on for many days and weeks and years, if anything. How can they reach out? Well, so for Hashi Corp in and of itself, if you want to check out some of our tooling, HashiCorp.com is a great place to start to see what we have available in our portfolio. My absolute favorite thing I have to confess is Arman, who's one of our co-founders and Mitchell as well have some amazing videos up on YouTube just about what are secrets management, what are some of these key problems that we're trying to solve, how HashiCorp began even. So if you just go on to YouTube and Google Arman Dadgar or Mitchell Hashimoto, you'll come up with some really great stuff there. And then if you want to start getting a little bit more hands-on, either the HCP platform, which is the cloud-based platform where you can start experimenting with some of these tools that are already spun up in a cloud environment or conversely learn.hashicorp.com, that'll give you an idea of some of the use cases that we're trying to solve and give you some step-by-step tutorials as well. I love the YouTube element because so often people forget YouTube is the second largest search engine in the world, the first one being Google and YouTube is on by Google. Oh, for sure. And I know that a lot of organizations now are really heavily relying on YouTube for things like tutorials and learning just across the board. That's where you get all your information. And then last question I'll probably miss. If you had to describe how you feel about next year in one word, what word would you choose? I think the word for me is going to be innovation. Next year is all about how do we spend things to our advantage and look at things a little bit differently. Okay, interesting. I'm curious to see what's going to come out by the end of 2023. Me too. Sarah Paulin, thanks so much for talking to me. And to our viewers, thank you for tuning into JSA TV Live. Don't forget to check out our social channels for more content. Until next time, happy networking. Thanks so much. Thank you.