 Live from Boston, Massachusetts. It's theCUBE. Covering AWS Reinforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. Okay, welcome back everyone. CUBE's live coverage of AWS Amazon Web Services reinforced their inaugural conference around security here in Boston, Massachusetts. I'm John Furrier, Dave Vellante. Dave, we've been talking about blockchain has been part of security, but no mention of it here. Amazon announced a blockchain intention, but it was more of a service model, less of a pure play infrastructure or kind of a new game changer. So we thought we would get our friends to come on theCUBE and tell us about it. Val Birchovici, CEO and founder of Pencil Data, CUBE alumni, formerly of NetApp, among other great companies. And Ed Hugh, founder and CEO of Strong Salt. Welcome to theCUBE. Tell us, why aren't we talking about blockchain at a security conference on cloud computing where all these resources, different paradigms, decentralize? What's your take? So for me, having been in this world for about 18, 24 months now, friction is one of the main reasons we're not seeing enterprise blockchain discussed here. In fact, I had re-invented about six months ago, Andy Jassy mentioned that they finally understood AWS, the enterprise blockchain opportunity, and it was the integrity value minus the complexity. And they even announced a specific product, three announces a term called QLDB Quantum Budget database, should be available maybe by the time we have hold it down again this year. But it focuses specifically on the database interface on the cryptographic verifiability of transactions, minus the complexity of smart contracts, wallets, and protocol maintenance and so forth. And coincidentally, or you're also coincidentally that's what Pencil Data does with our blockchain services. We are the ledger part, so if you want the ledger database, the real part is Amazon calls it. We can apply that cryptographic verifiability to any user, whether it's a relational database, a doctrine database. Are you partying with Amazon? We are hosted on Amazon, so I don't have a formal partnership yet. That's always the first way to start. I know, any marketplace is something we're targeting. Any marketplace is Git, AWS. Any Amazon has two versions, right? One for distributed use cases. They now know what I call a P2 offering, so I'm managing the hyper ledger, managing the period. Everyone's had that, they're making that game, but that's not a different thing. The innovation that we're trying to be shipping is simplifying it out to something like people who've been without all that complexity about what's my governance model, and what's my token economic model. These are things enterprises aren't up to speed or are not yet, and they never want to stop. It's kind of like, do I need to know what my empty size is on PCP IP? Not really. I think Amazon wants to be that hard and tough like you said, complexity, but the reality is that their world is targeting a new generation, and it's just our core theme of this show is the new generation of developers, the new generation of day. We just talked about this on our intro. I mean, I'm hardcore on this because it's just so obvious I just can't get behind myself if people don't figure this out quicker. The new developers are younger and older systems people. There's a range of ages doing it. They're seeing the agility and it's a cultural shift, not just the age thing. Ed, they're not here, right? This is the missing picture of this show and my criticism of reinforces big gaping hole around crypto and blockchain. Absolutely, because in fact, I've been in the crypto area for the last three, four years and I actually know those people. I don't see any of them here because cryptography is difficult. Cryptocurrency is also difficult and blockchain is very hard to for people to understand how they use it. I think that's actually the missing piece for a lot of things. In fact, one of the things we actually launched is strong ball of the app. It allows you to actually see the blockchain actually think of it so you can actually see how it works. It basically, just like what Bell said, it records everything you do to your data so you always have a single source of truth and I think that's something that people should understand here. Dave, I want to get your thoughts on this because you made a comment about security native being the theme here. And security native implying that DevOps, what they did for configuration, hardening the infrastructures code, you have to consider this token economic, business model side of it with the applications. A decentralized application is still an application. Blockchain is still an infrastructure dynamic. There's software involved. I mean, we're talking about the same thing. Is there a lost in translation in your opinion? Well, yeah, I think that to your point, if you can abstract that complexity away, but the fundamentals of cryptography and software engineering and game theory coming together is what's always fascinated me about this space. And so, you're right. I think certainly enterprise customers don't want to, they hear crypto, they go, oh no. Although it's interesting, I was just at a conference at IBM yesterday. They talk a lot about blockchain. They don't talk about crypto. To me, they go together. But of course, IBM, they don't like to talk about job loss and automation. But the reality is it's there and it has a lot of momentum, which is why you started a company around this. Yeah, we're actually seeing it all over right now. And again, our thing is around reducing, if not eliminating, the friction towards adopting blockchain. So less is more in our case. We're explicitly choosing not to do crypto wallets or currency transactions. It's that Andy Jassy observation, the integrity value, the core integrity value for financial reconciliation, for detecting supply chain counterfeiting, for tracking assets and inventory across two-tier distribution, unifying multiple systems of record into a shared state. Those are the kinds of applications we're seeing. Well, it's obviously an agriculture and there's so many different use cases, obviously. And Amazon likes to use that word, well, words, raise the bar, which is more functionality. But the other phrase is undifferentiated heavy lifting. There's a lot of details involved in some of those complexities that you're talking about that can be automated away. That's goodness. But you still have the security problem of immutability, which is the beautiful thing about the blockchain. Actually, a lot of times people actually forgot to mention that one thing that blockchain allows you to do that's actually different from before was actually privacy. It's actually not just security, it's also privacy, which actually is getting bigger and bigger. As we know, it's something that people feel very strongly about because it's something they feel personal about. And that's something that, in fact, token economics encourages a lot of things that enables privacy that was not able to do before. Well, look at Facebook. Exactly. I mean, what do you guys think about Facebook? I'm one of the few, I'm a public Facebook critic. I think they've done an atrocious job on the privacy front so far in protecting our data. On the other hand, it's kind of like the Mueller report. If you actually read Facebook's white paper, and it's not a launch, it's an announcement, it's a technical announcement, it's a well-written design so far. And Facebook doesn't completely control it. They do have a vision for programmability. They're evolving it from being a permission to ultimately a permissionless system. So on paper, I like what I read, and I think it will start to popularize and democratize the notion of crypto amongst a broader population. I'm going to take a much more wait-and-see approach than just writing it off. I always love Facebook. I think they've done an atrocious job, but I'm addicted. I have all my stuff on there. Centralized, they're bringing an education. Bitcoin is up for a reason. They're bringing the masses. They're showing that this is real market. This is kind of like when the web was still viewed as kitty playground for technologists, because AOL was so slow, and that was kind of for dummies, and you had the web, World Wide Web. So when that hit, that same arguments went down, right? This has been a crypto thing that's been on for years. But with Facebook coming in, it really legitimizes that, well, if you bring two billion people to the party, exactly, a lot of good stuff could happen. I'm excited about it too. Now, the critics of Facebook is they basically copied HashCraft kind of model, and there's no way they're going to get it through because the world's not going to let Facebook run commerce and currency. It's like, and they don't do it well anyway. So I think it's going to be a game-changing market-making move. I think they'll have a play in there, but I don't, I think Facebook's not going to have a global currency. Well, it says a lot that you get 100 companies to put up 10 million each. The consortium is, yeah, already the first to accomplish it. They don't need any more money. We need money. Give it to us. But still, the power of, yeah, right. But that power of that ecosystem, to me, I was, I'm a big fan of this because I think it gives credibility. So many companies get interested in it, and I'm not sure exactly what's going to come out of it. It's interesting that, you know, Bitcoin's up. Everybody's like, oh, sell your Bitcoin. I'm like, no. No. This is premature. Well, I think Open is going to always win. If you look at, even though the web's kind of one example of kind of the maturity argument, I think the real analog for me, at least my generation value, you probably relate to this, Dave, as you as well, I might have been, you know, I don't have been born yet. Hey, you are. But, you know, PCPIP came after SNA, which IBM owned the protocols back. That's right. Decknet was the largest network at that time, too. Novel is all businesses, yeah. Well, Novel was land, all three proprietary network operating systems. So proprietary NASAs, decimated by TCPIP. So to me, I think even if Facebook does go in there, they will recognize that unless they stay open, I think Open will always win. I think this is the beginning of the death of the closed platform. Yeah, I think they're forced to. I think they have to open it up, because if they don't open up, people won't trust them, and people won't use them. And for blockchain, if you don't have a community behind it, there will be nothing. Well, so the thing about the crypto spring, and everything like the crypto winter, but to your point, TCPIP, HTTP, DNS, SMTP, those were government funded or academic funded protocols, people stopped spending money on them. And then the big internet companies just co-opted. That's what Gmail's built on. So, but let me finish the thought is, all this crypto money that came in drove innovation. So you're seeing this new internet emerge, and I think it's real. I think people overlook a lot of the innovation that's coming. I've always said, Dave, that Facebook is what the web would look like if Tim Berners-Lee took venture financing. Because what they had at the time was a browser, and the way to stand up websites for self-service information. They kept it open, and it thrived. Facebook became basically the web's version of AOL. LinkedIn does the same. Twitter has opened, they have no developer community, so. Yeah, I think Twitter's the only company, in my opinion, that actually does a good job opening up their data. Now they charge you for it to get their earnings up, but we still haven't. And crypto's the only community that's entire ethos is based upon openness and community. You mentioned community. That is a key word. And traditional media will of course focus on the bad stuff that happens. But those of us in the business who pay attention to it see, there's a lot of goodness too. There's a lot of mission driven, a lot of openness, it's a model for innovation. What do you guys think about the narrative now to break up big tech? You know, you're hearing Facebook, Amazon, Google, coming under fire. What are your thoughts on that? So I wrote a blog, maybe it was ahead of its time about 18 months ago, it was coincided with Ginny Rametti at Davos in 2018, not 2019, talking about data responsibility. The reason we're having this conversation is that the tech industry, by and large, and especially the fang stocks or whatever we're calling them now, have been irresponsible with our data. The backlash is palpable in Europe. It's law in Europe. The backlash we knew was going to start at the state level here. There's already a head of my personal schedule, federal discussions, FTC, DOJs of a couple weeks ago. So it's inevitable that this sort of tech reckoning is coming and more responsibility is going to have to be demonstrated by all the custodians of our data. And that's why we're positioning Chankit as a chain of custody as a service to demonstrate to your regulators, your customers, your partner suppliers, transparency, irrefutable transparency, using blockchain for how you're handling data. If you don't have that transparency and you can't prove it, we're back to the same old discussions. We're back to uninformed old legislators making internet-as-tube-type regulation. So here, here, and DOJ, you could argue that they were maybe too slow to respond to Microsoft back in the 90s. I'm not sure breaking up big tech is the right thing because I think it's almost like AT&T, that little techs will become big techs again. But they should not be breaking the law. I think the reason why is there's actually a limitation of what is possible in technology. Because they understand, and also Facebook understands as well, is that it's actually very, very hard to have data that's owned by your customers. But you are the one who's actually keeping track of everything, and you are the one who's using the data. It's like no win. Because if you think about encryption, cryptography, yes, you can make the data encrypted. That way, the customer has the key, they control it. But then, Facebook can't offer the services. So now you have the Congress thinking, well, if there's no technological way of doing this, what can you do in a legal perspective, on a law perspective, how do you make it so that the customer actually owns the data? We actually think that is the perfect reason why we have to actually, Facebook actually technically should be built on our platform. Because we actually allow them to have data that's encrypted and still be able to do operations on the data if the customer gives them the permission to do so. And I think that's the perfect way to go forward. And I think blockchain is the fundamental thing that's bringing everybody together in a way that actually benefits everyone else. And take a minute to explain StrongSalt, your project. What's it about? What's the mission? Where are you at? So we see StrongSalt as actually privacy first. We literally are building a platform where developers, including Facebook, LinkedIn, Salesforce can actually build on top of a platform. So what happens when you do this is that they actually give the data governance to the customers. The customers actually own the data, but because of cryptography, they actually can offer services to the customers when the customer allows them to do so. For example, we have something called searchable encryption allows you to encrypt the data and still be able to search and operate on the data without decrypting the data first. By giving this power to developers and also to community, then you can have apps that you currently use, but they're not hard to use that are frictionless and still offer the same service that Facebook or Salesforce offers the service. So they can do some discovery on it. You can do things. You can do some programmability around data. Right, exactly. Even though the data is encrypted, but the customer owns the data. So the customer has to give them permission to do so. Right? And we actually in fact launched the first app that I actually told you it's called StrongVault. You can download it on iOS or Android and you can actually see the blockchain at play. Literally you can see the blockchain in your fingerprint. I mean fingertip to see what happens to the data. You see everything that happens when you share a file or you open a file or something like this. Well congratulations Val, give a quick plug for your project chain kit. I see the new branding there like it. Pencil data, where are you on your project? So after nine months of hard selling we're finding out what customers are actually paying for right now. In our case, it's hardening their apps, their data and their logs and wrapping a chain of custody around those things. And use case at a security conference like this is actually quite existential when you think about it. One of the things that the industry doesn't talk enough about is that every attack we read about in the headlines was through privilege escalation. So the attackers somehow hacked your web server, managed to get administrative credentials and network or domain administrative credentials. And here's what professional attackers do once they have Godlike authority on your network. They identify all the installed security solutions and they make themselves invisible because they can. After that, they operate with impunity. Our technology, the security use case that we're seeing a lot of traction is, is we can detect that. We're applying blockchain, we're agnostic, so bring your own blockchain in our case. But we're able to- Is chain kit a product? Is it a development environment? It's a globally available service, hosted on AWS, restful APIs. And fundamentally, we're enabling developers to harden their apps, to wrap a chain of custody around key data or logs in their apps, so that when the attackers attempt to leverage that administrative authority and tamper with logs, tamper with the state- So it's a service, not a software demo. It's a developer oriented service. But this is one of the biggest problems is the challenge to security today, is you see the static. After you get infiltrated, it takes 250 or 300 days to even detect. And I have not heard that number shrink. I've heard people aspire to that number shrink. We can get it down to real time. Real tip of the spear on any attack. Yeah. So that's what we're excited to be here. We're excited to talk about one of the dirty secrets of the security industry is that it shouldn't take a year to detect an advanced attack. Guys, thanks so much for coming on theCUBE and sharing your insight. Congratulations on your project, Ed. Val, great to see you. Likewise, and thanks to SPJ for having us on here and we're looking forward to coming back and we appreciate the opportunity. Absolutely, thanks for SPJ and thanks for you guys as well. The CUBE is always paying it forward. Of course, really the most important conversation in security is going to be a blockchain type of implementation. This is a reality that's coming very soon. But we're here at AWS Reinforce talking about the first conference with Amazon Web Services dedicated to CISOs, CIOs around security. I'm John Furrier, Dave Vellante. Stay with us for more coverage after this short break. My name is Dave Vellante.