 Okay, welcome back to the Splunk Conference, the Dot Conference 2013. This is SiliconANGLE, Wikibon's theCUBE, our flagship program. We go out to the advanced extract of SiliconANGLE Noise. We are live in Las Vegas. I'm John Furrier, the founder of SiliconANGLE. I'm joined by my co-host. I'm Dave Vellante of wikibon.org. Darren dances here. He's the UNIX technical lead at WorldPlay. WorldPlay is an online payment service provider. Darren, welcome to theCUBE. Thank you, welcome. So tell us a little bit more about WorldPlay. WorldPlay, sorry. Oh, WorldPlay, sorry, sorry about that. So WorldPlay is a payments company. We process a lot of transactions face to face in the UK. And we also are a worldwide online payments. They can be used for people who play games, right? Yeah. On-line gaming, right? Yeah, so online gaming, software purchases, micro-payments within applications. The platform is completely versatile and we have customers in the industry. So actually everyone's going gaga over, you know, square, brain tree was just sold to PayPal. I mean, payments is going to be ubiquitous, embedding them all across the network. And you bring up the notion of the, and the keynote they talk about the internet of things. I mean, people are going to be paying from any edge device. Yeah, that's a complex technical challenge. So how do you guys look at that? And what is, how does Splunk fit into all of this? So Splunk, initially when we put it into our organization, it was purely to do operational intelligence and problem solving. And then we're starting to break into the application space now to use it, to work out, for example, where our transactions are coming to run, to work out where our peaks and drops. And then going forward, we will expand that into customer-facing scenarios to help with our customer services and reduce the customer contact time. So you're giving a talk here at Splunk on securing Splunk for the enterprise. Yes. So obviously security is a big deal. Everyone's concerned about it. What does that look like? I mean, what are you going to be talking about on your talk? And what are some of the security challenges you see? Yeah, so what I'm going to be talking about is taking Splunk from the out-of-the-box solution to something which is more secure, which is better for the auditors for when the payments industry, we have to go through PCI, various other audit requirements. And it will basically be moving us from the out-of-the-box solution to something that auditors are happy with, that something our enterprise security teams are happy with, and something that is a more secure, better product. You know, Dave and I love talking about cloud mobile and social. DevOps is one of the hottest areas right now where you see people like Facebook throwing things around like just break stuff. And they're kind of changing their slogan now that they're getting bigger. But there's a lot of network challenges around protocols and security issues around perimeter security versus application security containers, virtualization is changing all that. Within that network environment there's a ton of data being instrumented. Is that mainly an application you guys do? Is that some area that's a concern or is it solid? What's your take on that? Massive amounts of data that we're generating because we actually split away from RBS two years ago and we just built our own data centers and we populated them. And now we're migrating all our applications and systems across. And the amount of data that we've gone from in the last 12 months that we're generating is just insane. We started just over 12 months ago with 500 meg a day on the free license. And we're currently capping the edge of 500 gig a day. That's a ton of data that's been thrown off. So take us back to when you decided to bring Splunk in. What was the driver? How did you justify it? How did it all happen? And what was it like beforehand? Paint a picture for us? Yeah, so I'd actually seen Splunk running and I'd followed it when it was a very early project. And we had a need at the time for an application logging engine so that we could start to do some analytics and we could start to find the problems that we knew were probably there but we couldn't see the symptoms of. So we brought it in initially on a small scale and then as we've built out, it's grown and grown and grown and we're starting to see real business value from the data that we're collecting and the analysis that we're doing on it. So it sounds like it came in under the radar, you probably didn't have to do a big business justification, right? There wasn't at the time. It's going for a lot more control now but at the time when it was small, it did slip in. Well, with that amount of data being indexed here. So, okay, so we'll talk about the business case a little bit so somebody sees the Splunk bill and they go, oh, what is this? Yeah. It's okay. And they go right to you and say, what are you spending all this money on? What are we getting? Yeah, so when we're rolling out new use cases, we've actually been collecting how long it's taking them to do it the old way and then we can map how long that's going to take doing it using Splunk and that helps us as our drivers for our business use cases because we can say, look, we put this in and it saved us X amount. It saved us this amount of time. It saved us reduce the number of contacts into the call center, for example. Talk about the old way. What is the old way? Well, the old way is logging on to each box individually and trawling through the log files using find, grep and all those good old Unix tools. Yeah, okay. And doing it. Yeah, basically, but you can't see everything in a single place. If you find an issue, you've got to go out and manually trawl across your entire state to find if that issue is occurring elsewhere. Whereas if you find an issue, you can actually then look in Splunk and say, well, is this issue elsewhere? Now, you're giving a presentation at the conference. Yes, I am, yes. Securing Splunk for the enterprise, how to keep your creditors away from your Splunk. Yes. So tell us about that. Yeah, so it's basically securing the out-of-the-box solution so that we can actually get it past auditors so that we can make auditors happy and comfortable that what we're putting in there is safe and secure and also role-based access control, which is really important. Because I've seen a lot of Splunk deployments where I've been chatting to people where they've created almost silos of Splunk, where the Windows guys have a silo of Splunk and the Linux guys have a silo and the network guys have a silo. I'm a great believer in making a highly available system where all the data is going into one place. We share the resource so that we get the benefit from the resiliency and the performance, but we need to control who has access to that data. And if you don't have need to access that data, you shouldn't have access to that data. Darin, talk about, obviously, securities. We talked about the security piece is important. You mentioned compliance, right? That's like the nightmare, everyone's nightmare scenario. It's like, people just like to pile a trash. You don't want to look at it, but you have to at least stare at it. There's a huge compliance issue that comes down from like the CFO, the legal guys, but all the innovations coming up from the bottom up, right? So there's a collision happening, right? It does clash in the middle. It clashed in the middle. What have you learned and what are some of the issues that you found around compliance? How do you make it easier? What are some of the threshold issues? Any observations you share? We're really lucky that our current auditors at BCI have actually seen Splunk before and they're quite keen on it. Our previous auditors were a little bit scared and apprehensive. The main challenges that we've, because we are looking at security use cases and security guys tend to be a little bit paranoid about who can access what. And as long as we can demonstrate it, we found within our organization that if you can document it, demonstrate it, improve that you're not allowing people to access to the data that shouldn't have access, then we found it within our organization. It works very well. So two hours ago on the keynote, there was a comment on Twitter from one of someone tweeting, I have the quote, I'm going to get your comment on this. Quote, I've lost track of the number of times the security team has asked me to install Splunk 6. What do you think about that? I mean, is that similar vibe you're getting? Security teams are requesting it because of the ease of access to data? I think they will. I've only been exposed to Splunk 6 today from what I've seen so far. It looks really nice. Obviously there is going to be a small period of adjustment and we will start looking at moving to Splunk 6 in the near future, but we will wait for any more. The security teams in general are pretty keen on Splunk. Yeah, they like the benefits that it can offer and it moves away from your traditional SIM model. And I was chatting to someone a while ago within our organization and it was referred to a competitive product as it scales until it doesn't. Yeah, that's when you need the most, right? Everything that is based on a SQL backend only can go to a finite size. Yeah, you throw memcache at stuff all you want and that's the problem. People when they need it, the most is when this breaks, that scale. So is it because of the search and the indexing? We just had another alpha geek on earlier talking about the indexes and search. Is it the search or just ease of use? What's your take on why people like it? It's a combination of both, but it's from the infrastructure point of view to support the system, it's the scalability. I guess if the searches start to run slowly, you can put another piece of hardware at the problem and it's easy to put that piece of hardware in, you don't have to reinvent the wheel. From the usage point of view, we can have someone who is a relatively non-technical person, we can pre-prepare some searches for them. They don't have to have the full Google style search interface, they can just have type this in here and it doesn't even give them the log data back, it gives them something nice and pretty that they can use to do their job which makes their lives easier. So Darren, you mentioned that you've been following, you were following Splunk early on, you followed the project early, you got in early. There wasn't probably a lot back then, but now you're seeing everywhere we go, John and I here, oh yeah, Splunk, we do that too and we can do that, we've got the Splunk killer, there's open source alternatives coming out, so why Splunk, what else did you look at? Maybe there wasn't anything there, but I'm sure as any technologist you're constantly looking at things, why Splunk? We looked at some of the open source alternatives and yes, they're free, but you have to make, you've got three or four different products to give you the same as Splunk. So Elasticsearch, Logstash would be another one, and some startups lately, but yeah, and the open source alternatives, you start to put the tools together and you've then got to support three or four different tools rather than one where you can go to one person and you've got one throat to choke. It's not a solution. It's not a solution, it's a bunch of products. And the support experience is not there, but over time, it could be. It will be, yeah. Now, so what would your advice be to Splunk with regard to open source? To keep an eye on it, to see what features that's offering and if it is bringing good stuff to the table. Embrace it. Yeah, embrace it, don't resist change. If you resist change, you'll die in this industry. How about other practitioners that may not be as familiar with Splunk, may be hearing about it for the first time. What's your advice in terms of bringing it into the organization? You said you started small and then grew any other landmines that you might want to try to avoid? Yeah, we still have people within our organization that still see Splunk as just a log archiving engine where traditionally we've taken data in, we've kept it for our audit retention periods and then it's been thrown in the bin. And there's so much information that is in that, in that data that we can use to enhance the experience for our customers, increase stability, reduce downtime. It's all there, we just need to embrace it and mine it and make use of it. What about the cloud platform? Were you using Storm or no? No, we're not using Storm. Okay, so what about cloud in general? Is that something that you guys, I mean, we, from a security point of view, we're a little bit hesitant about it. Just a little bit? We do have parts of our organization which are using cloud services while we get ourselves up to standalone strength. And we will be bringing those into our data centers if appropriate. Okay, so maybe those are sort of less risky applications, things that you're not as concerned about, but what about an organization that, let's say a commercial organization, maybe they're smaller, they don't have the resources to manage their own environment that's going to the cloud. As somebody who follows this world, understands the security, the threats, the risks, and some of the privacy issues, what kind of advice would you give to those people that are actually looking to get into the cloud specifically as it relates to security? If you can manage the risk and if the risk is acceptable to your organization, then the cloud is a great way to go. And if the risk is not acceptable, then you are unfortunately bound and have to invest in the infrastructure yourself. Do you agree or disagree with this statement that for the vast majority of organizations, a cloud service provider's security is going to be better than the organization's? True or false in your view? I disagree. No way, right? Okay, so talk about why. Cloud service providers are all about enabling people to get stuff done quickly. And part of that enabling means not restricting stuff. For example, you go to many virtual server providers and you will get a GUI. You will get loads of stuff, which is inherently insecure. Everything we do is stripped down. We take away anything that is not required to reduce the scope of attack and the surface of attack. So how do you balance that natural tension between flexibility and agility, making things easier to do and the need to secure your organization? I mean, they're almost completely counter poised. They are. So at one point you end up with someone's got to make a decision whether you go for a solution that is really secure but costs a lot more to support. And because you've got, say, the increased management overheads, because you've got to do more things, you've got to have more skilled engineers, you've got, if you're putting a new application live, you've got more relaxation that you have to do on your security measures to allow that application to function. And there is a balance to be had there with your developers, which just have a go heroes and they want it to work. It works absolutely fine in development and they can't work out why it doesn't work in a production area. Have a go heroes, I like that. Now, so how is that decision made? Specifically that balance between risk and value. Within our organization, we actually have people that are sat there managing the risk and working out which way is the appropriate solution to go? Should we be relaxing security measures or should we be keeping high security for that particular application? Right, because as a practitioner, you don't want to own that decision, but you obviously want to have input. Yeah, we provide input and we pass along our concerns and why we would want to do something in a certain way. And then we pass that up the chain of commands and they pass back down which direction they would like us to take. So what's on Splunk's to-do list? So, talk to management, what would make your life easier? And with regards to features or? Yeah, either features or policies or business practices or new products that you think they should introduce. Yeah, I think there is room for growth within Splunk. I think they could do some brilliant stuff going forward. And I think with Splunk 6 and where they've got rid of the advanced XML interface and the introduction of the pivot tables and the new engine to make everything go a lot quicker and easier, it reduces the need to have to train people on the search interface as much, which means you've got a quicker time to delivery for your lower skilled staff. We've been talking about that as sort of the holy grail, particularly in big data. A lot of initiatives, I'll say, whether it's the old decision support, the business intelligence crowd, the data warehousing crowd, there's been a lot of promises put forth that we're going to put tools in the hands of business users. Are we there? I really think we're at the point in our industry where that is becoming a reality. We're getting there. There are products such as Splunk which are enabling the business users to start to take control of the data that is sat in the IT infrastructure. Some of the competitive products that I've seen are very much focused towards security, for example. They're very much focused towards fixing IT issues. We haven't quite got there with all the products on allowing the business users to embrace their own destiny. Excellent. All right, Darren, thanks very much for coming on theCUBE and sharing the world-pay story. Really appreciate it. Thank you very much. We'll be right back. This is SiliconANGLE in Mukibon's exclusive coverage of Splunk.conference 2013. I'm John Furrier with SiliconANGLE, showing Dave Vellante. We'll be right back after this break with more exclusive coverage. Day one of two days of live streaming here in Las Vegas. We'll be right back.