 Live from Boston, Massachusetts, it's theCUBE. Covering ZertoCon 2018, brought to you by Zerto. This is theCUBE, I'm Paul Gillin. We're here at ZertoCon 2018 in Boston. Final day of ZertoCon, a beautiful May day. And the keynote we heard this morning by John Marenzi, Gartner analyst talking about resilience and something that you've been doing for the last 11 years at Gartner, I understand. Yeah, that's right, Paul. My career at Gartner has really been focused primarily in recovery, continuity, resilience. I've had the good fortune to have done well over 10,000 inquiries with about 3,300 organizations across the world. And if nothing else, it's given me a good opportunity to see what's happening, what's not happening in that area, how it's services and how the technology's evolving. So it's been a lot of fun. You said something that struck me this morning. You said that two years ago you were sort of the voice in the wilderness talking about resilience. Today it's a mainstream topic. What has changed in that time? I think the, so I think a couple of things, number one is that with, so what's happened with resilience in the past couple of years, what's changed? Number one, the impact of digital business. And with digital business given that it's always on operation that it spans both production data centers and public clouds, the trying to apply some older technologies of methodologies like disaster recovery to a digital business and always on digital business doesn't make a whole lot of sense. I think what happened was that we began to see both internally as well as externally a significant rise in customer inquiries specific to resilience. So for example, from calendar year 2017 to 2018, year over year, we've seen a 30, 35% increase in customer related inquiries. It actually, we began to sense that something was really going on at our infrastructure and operations data center some of it back in 2015. I had about 40 inquiries during that conference and resilience came up in about 75%. And it wasn't just financial services, it wasn't just healthcare, it wasn't just telecom providers, it was lots of different verticals. And so at that time, my conclusion was something interesting is going on here, but I don't think sometimes that what's happening at a lot of individual clients sometimes always translates or flows back into what Gartner covers for a research standpoint. But I think with the business, with the focus, especially around cyber resilience, threat attack, mitigation, if nothing else cyber attack resilience has probably been one of the most significant drivers to create the need for resilience. And I think what's happened there is it's actually pulled through some of the operations availability, some of the data integrity management and so on. So I think without a doubt, cyber resilience has been probably the most significant driver what's really changed. When you think back six or eight years ago, it wasn't uncommon for Amazon to go down or Twitter, the fail whale. That's right. Some big services would go offline sometimes for hours. We really don't hear about that anymore. And is that because it's a common place or are these organizations now so good at resilience that they virtually eliminated downtime? Downtime never gets eliminated. We had an interesting discussion with the Amazon a few years back. And the perspective that they shared with us was look, we're getting better at sustaining continuity and availability, but we'll be the first to admit that things happen, unexpected things happen. It can be the result of an external event which you can't control. It can be the result of an internal event. But what's happened is that there's a separation of duties that's interesting to note. So if you look at Amazon and Microsoft and Google, they do a great job at keeping the infrastructure, the cloud services, the infrastructure as a service alive and humming and scalable and elastic and so on. However, when you look at what's going on in the context of either a virtual machine or a container or some other type of compute instance, that's where the provider's responsibilities end from an availability point of view, from a data integrity point of view. And so that's where even though the providers themselves have great service levels. So Amazon may report five nines, six nines, whatever it happens to be in terms of unplanned downtime, you can still have disruptions for specific customers within virtual private clouds that may be the result of, it may be it could be an external attack, it could be a misapplied change. And so there's this duality in terms of unplanned downtime from the cloud provider's perspective but from the cloud customer's perspective. And the two quite often are very different. Interesting point. Now we're now also seeing the emergence of some new computing paradigms. Container is a huge phenomenon right now. Serverless computing, microservices in which there are, which computers instances may be spun up for literally milliseconds for connections. Is that going to contribute, is that going to create a resilience problem or does that in fact solve resilience problems? I think it could be a little of both. Certainly when you make the compute service less complex and there are fewer moving parts and you leave the orchestration of the service fulfillment function in the hands of the provider who can do a better job at that, that could certainly have an impact on improving the level of resilience, not just from the provider's point of view obviously but from the provider's customer point of view. But with microservices or containers or what have you, there's still the issue of sustainable data integrity. How do I know that my data is what I expected to be, where I expected to be? Has there been any unplanned change? Because some of the changes in the data can be the result of things that have happened internally as well as externally with a given service provider customer. And so from that point of view, certainly the fewer moving parts, the reduced complexity, the orchestration automation the provider provides, no doubt that will help. I think at the same time, there's still some issues, especially around data integrity, cyber attack mitigation, data protection that I think will still be specific issues and opportunities for cloud provider customers to focus on. Now we're about to see companies are very excited about the internet of things and the possibility of getting into streaming data, really large scale data collection about to come online. What kind of new resilience challenges will that present? I think getting back to what we were talking about earlier when you look at streaming services or internet of things, it's the additional complexity, it's the value chain, if you will, the service delivery value chain between the source and the destination. So more moving parts creates opportunity for greater complexity. There's no one entity that is responsible from a service assurance point of view for each and every component part. So certainly there's a huge opportunity from a new business opportunity and a service fulfillment point of view, but from a resilience point of view, given that you have more moving parts that you have distributed entities that are responsible for managing that, it does create some new risks, new issues, but also new opportunities. Have we as an industry solved all of those yet? Not really? I think this is very much a work in progress. We've got also the tremendous focus now on information governance, particularly with new regulations coming online, companies trying to get a better handle on the data that they've got. Do these disciplines merge at some point, resilience and governance? Very much so, very much so. It gets back to the question, but one of the key questions around resilience is who is responsible and accountable for making business and operations resilience within an organization happens? And one of the things that we've seen, if you look at it from a senior management point of view, really the responsibility I think is co-owned by both the chief risk officer and the chief information officer. And probably you could add the chief information security officer on top of that. But since resilience in many ways is top-down, it's not just at the infrastructure level. It has culture implications. It has business process implications. It even has implications on what the individuals within the organization need to know about, what they need to be aware of. All of that is related to effective top-down governance. And in the keynote this morning when I spoke about that bank that I'd work with, they had that problem in spades in terms of, in terms of different businesses, different geographies, where to start in terms of the governance model, where to start, with what services and what geographies, with what business opportunities. But even with that initial focus, had the bank entirely addressed its resilience challenge? Not really. And that's a process that likely will take several years to complete. And plenty for you to talk about with your clients, those inquiries after the coming year. Absolutely, absolutely. No shortage of changes there. John Marency, thanks very much for joining us. My pleasure, Paul. We're from, we're here in Zerokon 2018 in Boston. I'm Paul Gellin, this is The Cube.