 Live from San Francisco, it's theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Hey everyone, welcome back to theCUBE's coverage here at San Francisco, the Moscone Center for RSA Conference 2020. I'm John Furrier, your host. We are a very special guest, the COO of VMware, Sanjay Poonan, Cube alumni. When you talk about security, you talk about the modern enterprise as it transforms new use cases, new problems emerge, new opportunities exist. Here to break it down, Sanjay, welcome back. Thank you, John. Always a pleasure to be on your show. I think it's my first time at RSA. We've talked a number of times, right? Nice to see you here. Well, with your security guard. Well, this is really why I wanted you to talk to you because operations has become now the big conversation around security. So security was once part of IT, it comes out and part of the board conversation. But when you look at security, all the conversations that we're seeing that are the most important conversations are almost a business model conversation. Almost like if you're the CEO of the company, you got people, HR, organizational behavior, collaboration, technology stack, compliance and risk management. So the threat of cyber has to cut across now multiple operational functions of a business. It's no longer one thing, it's everything. So this really kind of makes the pressure on the business owners to be mindful of a bigger picture. And the attack velocity is happening so much faster. More volume of attacks, milliseconds and nanosecond attacks. So this is a huge, huge problem. I need you to break it down for me. Good, but that wonderful intro. No, I would say you're absolutely right. First off, security is a boardroom topic. Audit committees are asking, the CIO so often reports a report directly, sometimes often not even to the CIO, to the head of legal or finance and often to the audit committee. So it's a boardroom topic. Then you're right, every department right now cares about security because they've got both threat and security of nation state, all malicious organized crime trying to come at them. But they've also got physical security in mind. I mean, listen, coronavirus is a serious threat to our physical security and we're really concerned about our employees and the idea of cyber security and physical security. We put at VMware, cyber security and physical security, one guy, the CISO, he actually runs both. So I think you're absolutely right. And if you're ahead of HR, you care about your employees. If you care ahead of communications, you care about your reputation and marketing the same way. If you're a finance, you care about your accounting systems and having all of the IT systems there. So we certainly think that holistic approach deserves a different approach to security, which is it can't be silo, silo, silo. It has to be intrinsic. And I've talked on your show about why intrinsic and how differentiated. That intrinsic security is what I talked about this morning on my keynote. Well, and then again, to connect the dots there, it's not just security, it's the applications that are being built on mobile. For instance, I got a mobile app. I have milliseconds to respond to whether something's yes or no. That's the app on mobile, but still the security threat is still over here and I got the app over here. This is now the reality. And again, air wash was a big acquisition that you did. Obviously it had some security. Carbon black was a $2 billion acquisition that VMware made. That's a security practice. How is it all coming together? Can you take a minute to explain the VMware because it's not just security, it's what's around it. Yeah, I think we began to see over the course of the last several years that there were certain control points in security that could help bring order to this chaos of 5,000 security vendors. They're all legitimate. They're all here at the show. They're good vendors. But you cannot, if you were trying to say healthy, go to a doctor and expect the doctor to tell you you eat 5,000 tablets to stay healthy. It's just not sustainable. It has to be baked into your diet. You eat your proteins, your vegetables, your fruit, you drink your water. The same way we believe security needs to become intrinsically deeper parts of the platform. So what were the key platforms and control points we decided to focus on? The network, the endpoint, and you could think of endpoint as two, both client and workload. Identity, cloud, analytics. You take a few of those. The network, we've been laboring the last seven years to build a definitive networking company. And now a networking security company where we can do everything from data center networking to firewalls to load balancing to SD-WAN in this NSX platform. You remember where you bought NYSERA. The industry woke up like, what's VM we're doing in networking? We've now built on that. 13,000 customers. Really good growing revenue business in networking and now doing networking security. That space is fragmented across Cisco, Palo Alto, F5, NetScaler, Checkpoint, Riverbed. VMer cleans that up. You get to the endpoint side. We saw the same thing. You know, you had endpoint management. Now Workspace One, the sequel of what AirWatch was. But endpoint security again fragmented. You had Symantec, McAfee, now CrowdStrike, Tenable, Qualis. You know, I mean, just so many fragmentation. We felt like we could come in now and clean that up too. And that's what we're about to do. Well, basically I'm explaining that, but I want to get now to the next conversation point that I'm interested in operational impact is when you have all these things to operationalize, you saw that with DevOps and cloud, now hybrid. You got to operationalize this stuff. You guys have been in the operations side of the business from VMware, that's what you're known for. Yeah, and the developers are now on the horizon. I got to operationalize all the security. What do I do? I'm going to see so. I think it's really important that in understanding operations of the infrastructure, we have that control point called vSphere. And we're now going to take carbon black and make it agentless on the server side workloads, which has never been done before. That's operationalizing it at the infrastructure level. At the endpoint, we're going to unify carbon black and workspace one into a unified agent, never been done before. That's operationalizing it on the client side. And then on the container and the DevOps side, you're going to start bringing security into the container world. We actually happened to now have a great point of view in containers. You've seen us do stuff with Tanzu and Kubernetes and Pivotal bringing that together. Container security is a very logical thing that we will add there. So we have a very good view of where the infrastructure and operations parts that we know well. vSphere, NSX, Workspace One, containers with Tanzu. We're going to bring security to all of them and then bake it more and more in so it's not feeling like it's a point tool. The same platform, carbon black, we'll be able to handle security of all of those use cases. One platform, several use cases. Are you happy with the carbon black acquisition? Listen, you know, you stay humble and hungry, John, for a fundamental reason. I've been involved with a number of acquisitions from my SAP to VMware days. Billion dollar plus, we've done tuck in once. The Harvard Business Review had an article several years ago which chronicled acquisitions and majority of them failed. And they feel not because of process, of product, they feel because good people leave. One of the things that we have is a recipe to this acquisition. We applied it to AirWatch, we applied it to NYSERA. There is usually some brain trust. Remember in the days of NYSERA, it was Martin Casado. In the case of AirWatch, it was John Marshall and that team. We want to preserve that team to help incubate this and then what Brever brings to scale. So I'm delighted by Patrick Morales. I want to have him on your show next time because he's now the head of our security business unit. He's culturally a fit for VMware, humble, hungry. He wants to see just, we have a billion dollar business now in security across networking, endpoint, and thing. He wants to take just his piece of it, right? The carbon black piece of it, make it a billion dollar business while the overall security business goes from three to five. And I think we're going to count on him for many years to come to really be a key part of VMware's fabric, a great leader. So we're successful if he's successful. What's my job then? He reports to me is to get all the obstacles out of the way, get every one of my core reps to sell carbon black. Every one of the partners like Dell to sell carbon black. So one of the deals we did within a month is Dell has now announced that their preferred solution on Dell laptops is carbon black. They were working in the past with Psylands and with CrowdStrike, now it's carbon black. Every Dell laptop now has a default option as carbon black. So as we do these, John, the way we roll is we're not here to basically come in and occupy that acquisition, get the obstacles out of the way and then let Patrick scale this. The same way Martin Casado or John March. So we have a playbook. We're going to apply that playbook, stay humbling, hungry, and you ask me that question every year. How are we doing in carbon black? I will be checking it. I will be putting a check on you and we'll be checking in on it. How have we done on AirWatch? What do you think? Pretty good. Very good, I think. Pretty good. Stayed long to the radar, kept growing it. It's top right now in every Magic Quadrant. That business is significant bigger than the 100 million. Well, nice year. How do we do a nice year? NSX. It's evolved. See, it's evolved. So this is back to the point. VMware makes bets. So unlike other acquisitions where there are big numbers, still big numbers, billions are billions, but they're bets. AirWatch is a good bet. Turned out okay. The bets- You mean you're being conservative today. Anyway. The bets that you're making now, how would you classify those bets? What are the big bets that you're making right now? Listen, I think there's a handful of them. I like to think of things as no more than three to five. We're making a big, better multi-cloud, okay? The world is going to be private, public edge. You and us have talked a lot about VMware AWS, expanded now to Azure and others. We've a big future there, private cloud, public cloud edge. Number two, we're making a big bet on app modernization with container level, Tanzu or something. Number three, we're making a big bet in virtual cloud networking because we think long-term, there's going to be only two networking companies that matter, VMware and Cisco. Number four, we're making a big bet in the digital workspace built on what we've done with AirWatch and other technology. Number five, we're making a big bet in security. So these five, we think of what can take the company from 10 to 20 billion. So we've talked about the $10 billion mark and the next big milestone for the company is a 20 billion mark and you have to ask yourself, can you see this company with these five bets going from where they are, about a 10 billion company to a 20 billion? We hope we can. Dave Vellante is doing a breaking and now he might have already shipped the piece this morning on multi-cloud. He and I were commenting that, well, I said it's the third wave of cloud computing, public cloud, hybrid, multi-cloud and hybrid's the first step towards multi-cloud. Everyone kind of knows that. But I want to ask you, because I told Dave and we kind of talked about, this is a multi-decade growth opportunity, wealth creation, innovation growth, new opportunity, multi-cloud, for the generation, take this industry to the next level. How do you see that multi-cloud wave? Do you agree on the multi-generational and if so, what specifically do you see that unfolding into? Listen, I'm deeply inspired by what Andy Jassy, Satya Nadella, you know, the past leading peer up to Thomas Gurian, these folks have created big cloud businesses. Amazon's the biggest in the ISPAS world, Azure, second, Google is third in just market shares. These folks collectively are growing, growing really well. In some senses VMware gets to feed off that ecosystem in the public cloud. So we are firm believers in what you described. Hybrid cloud is the path to the multi-cloud. We coined that term hybrid cloud. In fact, the first incantation of eCloud Air was called via cloud hybrid service. So we coined the term hybrid cloud, but the world is now multi-cloud. The key though is that I don't think you're going to work away from, those three clouds I mentioned have deep pockets. They're none of them are going away. And they're going to compete hard with each other. The market shares may stay the same there. Our goal is to be a Switzerland player that can help our customers take VMware workloads, optimize them in the private cloud first. When a bank of America says on their earnings call, Brian Moynihan said, I can run a private cloud better than a public cloud. And I can save two billion doing that. It turns out many of the banks are actually running on VMware. That's their goal. But there are other companies like Freddie Mac were going all in with Amazon. We want to ride the best of both worlds. If you're a private cloud, we're going to make you the most efficient private cloud of VMware software. Well, if you're a public cloud and going to Amazon like a Freddie Mac, we'll help you ride your apps into that through VMware. So sometimes history can be a predictor of future behavior and just to kind of rewind the computer industry clock. If you look at mainframe mini computers, internet working, internet, proprietary network operating systems dominated it. But you saw the shift and it was driven by choice for customers, multiple vendors, interoperability. So to me, I think cloud, multi-cloud is going to come down to the best choice for the workload and then the environment of the business. And that's going to be a spectrum. But the key in that is multi-vendor, multi, a friend choice, multi-vendor interoperability. This is going to be the next equation in the modern era. It's not going to look the same as mainframe mini's networking, but it'll create the next Cisco. They'll create the next new brand that may or may not be out there yet that might be competing with you or you might be that next brand. So interoperability, multi-vendor choice has been a theme in open systems for a long time. Your reaction to that? I think it's absolutely right, John. You're onto something there. Listen, the multi-cloud world is almost a replay of the multi-hardware system world 20 years ago. If you asked who was the multi-hardware player before, it was Dell, HP, at the time IBM now Lenovo, EMC, NetApps, so on and so forth, and server storage networking. The multi-cloud world today is Amazon, Azure, Google, if you go to China, Alibaba, so on and so forth. A multi, somebody has to be a Switzerland player that can serve the old hardware economy and the new hardware economy, which is the cloud. And then of course, don't forget the device economy of Apple, Google, Microsoft, I think that if you have some fundamental first principles, you express one of them. Listen, where open source exists, embrace it. That's why we're going big on Kubernetes. If there are multiple clouds, embrace it. Do what's right for the customer. Abstract away, that's what virtualization is. Manage common infrastructure across orbit, which is what our management principles are. Secure things at the point of every device and every workload. So those are the principles. Now, the engineering of it changes. The way in which we're doing virtualization today in 2020 is slightly different from when Diane started the company around the year 2000, 20 years ago. But the principles are the same, we're just not working just with the hardware vendors working to make the cloud vendors. So you think choice is where it's at? The choice is what they want. Absolutely, absolutely. And you're right, it's choice because of different workloads. We see, for example, Amazon having a head start in the public cloud markets, but there's some use cases where Azure is applicable. Some other use cases where Google is applicable. And to us, if the entire world was only one hardware player or only one cloud player or only one device player, you don't need VMware. We thrive in heterogeneity. It's awesome, I love that work. No, heterogeneity provided, it's not 3,000 vendors. There's almost three, three of every kind. Three server vendors, three storage vendors, three networking vendors, three cloud vendors, three device vendors. VMware's the middle of all of it. And yeah, there may be other companies who try to do that too. If they are, we should learn from them, do it better than them, and competition, even to us, is a good thing. All right, my final question for you is, in the Dell Technologies family, of which VMware is a part of, although a big part of it, the crown jewel, as we've been calling on theCUBE, they announced RSA as being sold to a private equity company. What's the internal reaction amongst VMware folks in the Dell Technology family? Good move, no impact, what's the- We support Dell in all the moves that they've made. And from our perspective, you know, if we're not owning it, we're going to partner it. So, I see no overlap with RSA. We partner with them, they've got three co-pillars, security, net witness, and archer. We partner with them very well. We have no aspirations to get into those aspects of governance, risk, and compliance, or security business, so it's a partner. So whoever's running it, Rohit runs that very well, he also owns the events of this conference. We have a great relationship, and we'll keep doing that well. We are focused on the areas I describe, network, endpoint, security. And I think what Michael's done brilliantly through the course of the last few years is set up a hardware and systems company in Dell and allow the software company called VMware to continue to operate, and I think, you know, the movement of some of these assets between the companies like Pivotal to Washington, so on and so forth, cleans it up so that now you've got, both these companies doing well. Dell's gone public, VMware's gone public, and he has set on the record, what's good for Dell is good, what's good for VMware, and vice versa. And good for the customer. And I think the key is there's now visibility on what cloud native looks like. Hybrid, public, multi, multi, not so much, but you get them all, it's an easy breach to get across and get there. AI, cybersecurity, these are all big, clear trends. They're waves. Sounds good, great. Thanks for your job. Thanks for coming on. Your thoughts on the security show here, what's your takeaway? I think the two definitive security shows, I hope it stays that way, even with the change of where RSA's ownership goes, is this conference in Black Hat. We play in both Amazon's conference, I was totally starting to reinforce. That's kind of cloud security. We'll show up there too. But we think, listen, there's what, 30,000 people here, so it's a force. It's a little bit like VMworld. We will play here, we'll play a big, we've got, it just so happens, because the acquisition happened before we closed them, but we have two big presence here, VMware and Common Black. And it's an important business to us, like I said, we have a billion dollar business in security today, about 30,000 customers using us in a security network endpoint cloud. I want to take that to be multiple times that size. And I think there's a path to do that, because it's an adjacent US in security. So we have our own kind of selfish motives here in terms of getting more mind share and security. We did a keynote this morning, which was well received with Southwest Airlines. She did a great job, Carrie Miller, she was a fantastic speaker. And it was our way of showing in 20 minutes, not just our point of view, because you don't want to be self-serving, a practitioner's point of view, and that's what's really important. Well, final on a personal note, I always use the term tech athlete, which I think you are one, you really work hard and are smart, but I got to get your thoughts, because I saw you on Twitter, when IBM announced the new CEO, Arvin Fishnep, Indian American, another CEO, this is a pattern. We're starting to see Indian American CEOs running American companies, because this is the leadership, and it's really a great thing in my mind. I think it's one of the most successful stories of meritocracy of all time. Your quick thoughts. I'm a big fan of Arvin, big fan of Shantanu, Sundar Pichai, Satya Nadella, many of them are close friends of mine. Many of them have grown up in Southern India, we're different ages, some of them are older than me. And in many cases, we were following behind other great players, like Vinod Kosla, who came even 10 or 15 years prior. And it's hard for an immigrant in this country. When I first got here, and I came as an immigrant to Dartmouth College, there may have been five or 10 brown-skinned people in the town of Hanover, New Hampshire. I don't know if you've been to New Hampshire. Yeah, I've been there, yeah. There's not many at that time, in the late 1980s. Now, of course, there's much more. So, you know, we stay humble and hungry, there's a part of our culture in India that's really valued education and hard work. And people like Arvin and some of these other people are products, I look up to them, there's things I learn from them, and I'm, you know, for the country of India, it's a really good thing to see these people be successful at name-brand American companies, whether it's IBM or Microsoft or Google or Adobe or MasterCard. So, we're, I'm in their fan club, and there's a lot I learned from them. I just love being around people who love entrepreneurship, love innovation, love technology, and work hard. So, congratulations on all your success. Great to see you again. So, how'd you put in the COO of VMware here on the ground floor, here at RSA Conference at Moscone, sharing his insight into the security practice that is now carbon black and VMware, all the good things that are going on there. Thanks for watching.