 Live from Boston, Massachusetts, it's theCUBE. Covering AWS Reinforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. We're going to welcome back to theCUBE's live coverage here in Boston for AWS Reinforce Amazon Web Services inaugural event. I'm John Furrier with my co-host Dave Vellante. Two days of wall-to-wall covering. Christian Bacon is the CTO and co-founder of Sumo Logic, a company we've covered on theCUBE. Many times as well as on our SiliconANGLE.com. Great to see you. Thanks for coming, Dave Vellante. Thanks for having me. Being the co-founder, you've seen it. You guys are celebrating your 10th year. Congratulations. Thank you very much. theCUBE is now 10 years old this year too, so we're kind of in school together, growing up. Yeah. We're starting right here. We're going to graduate together right now. We're going to have a cocktail later. Maybe talk about some tech, we'll have talking tech. Let's get into it. As the co-founder of CTO, you've seen your journey. You guys have been doing great. You've seen the waves of big data. You've seen the evolution of cloud coming in. The infrastructure standing up more and more efficient, more effective. Game is changing, stakes are higher. What's your view of this industry right now? I think it's on fire really, right? So on one level we have this, I think it's fairly well known at this point that the data now today follows Moore's law. So we have basically data growth, roughly two X year over year. That's exponential growth, right? And that's pretty incredible, right? I think every business now knows, or they either know and already act on it, or they sort of know at least subconsciously, right? That they are essentially in a race to sort of optimize their own business, mostly based on data. In your opinion, Christian, what was the inflection point of the past few years? When did the data market really change for the highly accelerated we're seeing now? Because back in 2010 when you guys started, when we started, we saw Hadoop just getting out of the blocks, people were standing up at Duke clusters to be proud of it, but then cloud came. Was there a point in time when you say, that was really the flash point where things start tipping over? Was it cloud adoption? Was it AI machine? Was it machine learning? Where did you see that kick up on the growth of emphasis? So you know that Hadoop stuff basically came out of the ad optimization, you know, businesses, and there was like a small set of companies that really had to do that, and in order to basically compete with each other. And then we got sort of open source versions of that, and then Google got behind the MapReduce model and like teaching people how to do that. You know, I think, so in my mind, that's why I observed two things. One was the whole log management space that I came out of, and where I'm still am today. Coming out of the security information event management, a lot of log management underneath, semi-structured data, nasty data that doesn't fit into a relational database. You know, there are sort of, and then lots and lots of that data as you put all the firewall data in there, and we saw that back at ArcSight where I spent a considerable amount of time. You know, that becoming a problem that like enterprise software that was kind of delivered, you know, on a CD, you know, and then, oh, now go scale Oracle behind it, you know, as an event data warehouse. I got kind of how I experienced it. It just didn't really work very well, and we were kind of doing big data or trying to do big data there with like various levels of success, right? Without even knowing about the term, and then, you know, obviously picked up on Hadoop and those types of things, and then, you know, but if you want to do big data with something like Hadoop, then you're suddenly running into having to run, you know, I don't know, I'm already saying instances. 100 boxes, right? You know, back then, or like maybe 500 boxes, and you know, now you're running into all of the management, you know, challenges that like distributed infrastructure brings, and in my mind, you know, since you're like asking for an inflection point, I think, like, I think Amazon EMR, you know, and like, my friends at like Cloudera, they're not going to like me saying that because of course that's a long story, but you know, I think having something like Hadoop, you know, you know, put on an infrastructure service platform like Amazon, and I think they did that fairly early on, right? I think it's still a great product, you know. Cloud scales it up faster, it emphasizes it more. You can do more with it, IOT comes around, now your connected devices are coming in, natural place, just put that data lake as they now called it, and work with it, that's the nasty data. Exactly, so I think that's one inflection point, and then the second one, I think clearly was sort of the AAD advancements, especially like around deep learning and so forth, right? Where, you know, I think a lot of that would, you know, the deep mind stuff and so forth, where now, you know, along with the sort of kind of exponential growth of data, where there's also now much more sophisticated analysis that people want to run, I think that's another inflection point. Yeah, so 2010 you saw Cloud and data coming together, and then obviously you guys saw the need to secure that. What are the challenges of securing these massively distributed systems? Oh, there's a number of challenges, but you know, it starts with sort of this basic law that says that, you know, processing data creates more data, right? And if you look at what business systems do, they're basically, you know, just like very fancy pocket calculators at large scale, right? But it's all about processing data, that's what computing means, right? And then as you do that, it actually turns out that you create more data, which is all the logs, you know, all the telemetry, the metrics tracing, all of this type of stuff. And so these data sets become their own kind of, you know, big data nightmares potentially, right? But at the same time, they're a, you know, they're full of, you know, really useful information to maintain availability performance, you know, to secure your systems and so forth. And I think the main challenge, you know, that we are seeing today with systems like ours and what's out there in the market is, you know, actually being able to scale. And it becomes almost a recursive thing. It's kind of funny. You know, I got to ask you about the digital transformation equation that's out there, people, process technology. I think people generally would agree that, hey, cloud's great, love deep learning. I mean, how could you not, you know, get intoxicated on large scale resources? That's almost free. And AI around the corner with all this good stuff. I mean, it's pretty cool, right? And then the reality sits in, like you can't just hand wave it in. You got to hire people. You got to have the tech to do it. And then the process, and used to be a profound comment before we came on camera, process is a reflection of culture. This is really a big deal in the digital transformation. So there are people out there and people are getting trained. This course you can take. You can buy technology. It's getting better every day. Process seems to be where everyone's getting caught up on it. And there's new ways to break through it and just, it's just a reality. What's your thoughts on process as a reflection of culture and how people can handle that and what people should think about? That's a good question. So I think what I'm seeing is that when we see a lot of companies at various stages of, you know, their sort of, you know, journey into the cloud, you know, and like we come from the Bay Area. So we have a lot of like born in, like a bunch of born in the cloud guys like ourselves and, you know, there's a sort of a new culture that's kind of baked in from the beginning. But, you know, that's interesting. The even more interesting bits in my mind are when we are looking at companies that have been around for a long time. They're basically, you know, they're starting to realize that cloud transformation is almost more about, you know, basically picking up, you know, culture of, you know, agile dev ops and then, you know, you know, dev sec ops or whatever you want to call it. Apparently somebody at the keynote today made a nasty comment about it which unfortunately I didn't see it. Again, you know, the whole shift left paradigm but it's essentially a culture where, you know, you bring, you actually, you know, remove the silos that have been in place between departments, you know, keeping people from working closely together, you know, throwing stuff over the wall and we all know how well that works. You know, trying to keep your fiefdoms and I find that all the successful, you know, cloud transformation stories that we've seen are really at their core, you know, cultural transformation stories, you know, along the sort of plus minus dev ops route. So you talked about the big challenge being scale. So two things you just said, well, one is bringing together the mindset of infrastructure as code, we were talking about security as code and the other is automation, right? So, so that seems to be big focus of security practitioners. My question is, what's a good day look like to a security practitioner? Oh, I think that's another really good question and, you know, I think there's an obvious answer, you know, but I think that one doesn't, the obvious answer would be, you know, I'm still in business, right? And, you know, I haven't leaked, you know, like millions of social security numbers. Nothing happened. Good day. And so I think that is definitely a good day, but I think, you know, we, you know, the sort of like slightly more, you know, I think, you know, interesting answer is that, I think a good day is the day where you as a security practitioner have a bunch of good interactions with the rest of the folks in the company that are part of building products, right? On the operational side, on the, you know, development side, you know, giving good feedback on, you know, maybe to a bunch of developers on, you know, secure coding practices, you know, plugging in additional video monitoring or, you know, code monitoring, vulnerability scanning tools into the build pipeline and so forth. And then also, you know, actually getting a bunch of alerts from all your monitoring systems and being able to very quickly figure out whether those are, you know, true positives or false positives. And when they are true positives, being able to quickly react on them. Right, so you guys, obviously cloud focused, that's a huge, you know, area for you. But I'm interested in how you say you differentiate. It's an extremely competitive market. Yes. What's your big differentiator? When you win, why do you win? So it goes back to some of the very fundamental kind of, you know, things that, like, let us to start the company. It's a little philosophy heavy, I guess, but like it actually plays its way out in every single customer conversation, every displacement, you know, in every time we end up, you know, expanding in a customer. And it's fundamentally that, you know, our philosophy is that this needs to be delivered as a service, that, you know, our philosophy is that, you know, enterprise software is just not a thing anymore, you know, and our philosophy has always been. No, it's true, you know, it's a great philosophy. It sometimes feels like, man, Christine, you've been saying the same thing, you know, for the last 10 years. And you know, here we are, right? And, you know, our philosophy is that, you know, you need monitoring, you need troubleshooting tools, you need security tools. Those tools themselves should not become, you know, behemoths in their self, where you're going to sink, you know, endless amount of resources and, you know, and then money and, you know, scaling and building them out. And then, you know, who's going to monitor those? It's kind of, you have a huge installation of, you know, vendor X. And then how does that get monitored? Because if you don't monitor it, then that thing will blow up, right? And then you're blind again. And, you know, so we just felt that this idea, what was really appealing to us from our experience was the idea that, you know, build the code, but also run the code, was ultimately, you know, get the customer back to actually using the tool, rather than worrying about, you know, how the tool works underneath and having to worry about how to make it works. And we're all nerds and I love it. And I wish I could understand all the stuff that happens in AWS underneath. And every once in a while, I meet some of these guys and it's very cool, but like, you know, that's where they deliver differentiation, right? And, you know, for us, you know, we can basically focus on, you know, delivering value to the customer. I think the cloud model, I think shows everyone that you can deliver stuff at service, you have horizontal integration points, you need to keep aware of some of the data. You need horizontally scalability and freedom of access to data. And that brings up the goodness. I think that's a great philosophy. We subscribe certainly with you on that. You'd mentioned earlier about alerts and one of the conversations that we're hearing around workforce and people is, you know, how making sure people are being deployed properly because if everything's at a service, then you could, if automation kicks in and things are at service, you can eliminate things. So one of the trends that we're hearing is the move from threat detection to alerts. Okay. Threat detections, you can automate that. You can share data, so the shared stuff kicks in. So that's a new kind of trend we're seeing. Alerts, quality alerts. Having your people work on those kinds of problems, what to pay attention to on the monitoring side becomes super important. So move, two years ago, you couldn't walk down the street without threat detection, threat detection, threat detection. Although important, these mechanisms for that now. So what's your thoughts on the ongoing evolution from threat detection to alerts? I think it's about the human in the end, right? And all the machines are just sitting there creating signals and we can have the discussion about AI and general AI and all these types of things. I don't really believe that that's going to happen anytime soon, but I do like algorithmic approaches. I like the power of data analytics. Sometimes it's simple analytics that give good signals. Sometimes it's complicated and in a very sophisticated analytics. But in the end, none of these things can really capture any sort of objective truth, right? And so it ends up in somebody's queue and then they got to burn through it, right? And that is fundamentally again, a human problem in the best sense because I think that's we as humans, we have processing capabilities that have not been matched, right? And also humans want to hoard the data too. They want to protect data. If you share the data more transparency, better algorithms, better visibility, better alerts. I do think to your point, I think in the security space now, of course, there's still a lot of hype around, just add AI and you're going to be better, but the reality is that this can only go so far and it ends up in somebody's queue and analyst workflow, how do you triage incidents and so forth? How much time do you spend trying to figure out whether it's a true fault, a true positive or a false positive? That all matters, right? Because no detection system will be perfect at only alerting you on true positives. I heard a comment the other night in the bar area, someone was commenting around security analytics and they said, yeah, if you don't really know what you're looking for and you rely too heavily on these metrics, you end up with Chernobyl, which the Netflix series that's out about how they just following data and... 18-5. So if you're looking at the data too hard, not zooming out and taking a human heuristic approach, why are you measuring something? Why are you monitoring something? What is a quality signal? Look, I think it's fundamentally, this is all just tools. I'm a strong believer and I don't know whether... I'm sort of a strong believer in, like, the humans run the show, right? And I think that's what makes us human, right? I think outsourcing everything to an algorithm, especially when algorithms start making decisions about humans, that's like a wider topic. It gets very tricky and usually backfires pretty quickly. So the security marketing narrative for decades has been fear, you're in trouble, you're in trouble, you got to be sure. Amazon put forth today in the keynote that the state of cloud security, the state of the union is actually quite good and the focus should be on how to implement new tooling and we're actually really doing a great job. Can you buy that? To some degree. I do think that they're paying a lot of attention. I do like stuff that they've done from the beginning, like security groups being denied all and all of those things, right? And they have a bunch of really smart guys over there that really care and worry about this type of stuff. I think they've also learned over the years, in their own move towards selling, from they started selling to a bunch of hipsters and it started becoming a real enterprise play, that all of these things are important, including having really good audit trail data and cloud trail and these types of things. I think a lot of the part that I like and we've argued this from the very beginning and with our prospects when they basically kept saying, oh but you're putting the data in the cloud and how can I trust that, right? And we walked them through carefully and how we had designed our own security processes and a lot about that was about automation and basically leveraging the APIs that we had. So basically at its core AWS has turned the data center into an API, right? And an API is something that I can automate, right? And I can do a good job or I can do a bad job at that. That depends on the individual and so forth, but it's fundamentally a very powerful abstraction that allows one guy to do the work of potentially hundreds of people running around checking network connections, right? For me as a customer that I can build a secure system on top of AWS. So they've turned the data center into an API which is a very powerful metaphor, but they've turned it into a lot of APIs. How does that affect the complexity and the impact on security? Yeah, I know they look, you know, the reality is complex, right? And, you know, I feel like their approach has been, you know, very carefully, you know, built from the bottom up, like Lego by Lego and then put other Legos on top of that. And I can very much appreciate that approach. I don't believe in like, you know, one button security. I think it's just over, I think it's just basically, everybody in the space knows that that's not a reality. Well, we've asked Andy Jassy about this, John, and he said we want fine grained access to primitives because when the market moves, we can move with it. If we don't have that, we put in all these abstraction layers that has implications on performance and, you know, down the line, our agility. Power to the people, man. I think, you know, ultimately, you know, so many guys at Amazon, you know, they're always reasonable, but, you know, they shouldn't make all the decisions, right? And, you know, everybody's use case is fundamentally a little bit different, right? And at the same time, you know, they're adding additional things because they realize that, like, there's a lot of complexity here, even just looking at IAM and these types of things, where it's like, wow, okay, you can, you know, there's a lot of foot guns built into this, right? But, you know, the reality is that the entire industry is a giant foot gun, right, on some level. So, you know, I like the fact that they ended up doing stuff like CloudTrail and then they pull out a CloudTrail and VPC logs, let's say, FlowLogs into something like GuardDuty, for example, which they then try to sort of do some correlation on there and, you know, they're trying to automate some of the sort of detection on as far as they can see it, as well. So, I overall think they have a good approach to that. I think it's bottoms up, I think that works. I'm a builder type, so, you know, for me, that works. I just think they're here in their profile. So, Christian, final question. What are you looking at, CTO and the industry right now? What are some of the things that you're looking at in the industry that's getting you excited and you guys are integrating into the vision? Well, it's really two things. I think, you know, one of the things that we are seeing is that as far as, you know, just general, like, how people deploy software, you know, we had containers and then nobody knew what to do with containers and it was orchestration. And, you know, we now have Kubernetes basically, you know, having won all of the sort of orchestration wars and I think that's going to be an industry standard that everybody has to deal with for the next couple of years. A lot of people think, you know, a lot of enterprise folks is what I'm seeing are now starting, you know, to kind of, you know, land on Kubernetes as part of sort of their cloud transformation. You know, even if it's just pulling over monoliths and then, you know, refactoring them afterwards. So I think that there's a lot of stuff going on there that, you know, Kubernetes like adds its own layer of complexity, right? And there's opportunity for us there, you know, as a monitoring vendor. I think, you know, I'm extremely, I am probably, you know, more excited, you know, more like almost irrationally excited about all the serverless stuff. You know, I think I am a big proponent of not having to do undifferentiated heavy lifting. And it feels to me that, you know, the sort of serverless track will get people to build better applications even faster in time to market, so everything that counts. And then on the security side, I think that's an evergreen thing. You know, you called it fear, you know, and then of course, you know, I've always said it's basically insurance, right? On some level, that's why the security market continues to be essentially evergreen, right? And, you know, our customers are using us for their own security monitoring. You know, we are building out a lot of additional, a lot of additional functionality there. And I think that's going to continue to be, you know, a big, an ongoing discussion because the underlying primitives, you know, now you have Kubernetes, how do you secure that? How do you even do security in a serverless space and whatever comes next after that? And I think also that point, I think you're seeing new brands are emerging as suppliers because they have that architectural horizontal view. They're thinking holistically around the tech stacks and thinking about the role of data. I'm just, IOT is just a mind-blowing conversation around, okay, we're going to store that data. Okay, so again, all of this is kind of moving into a whole nother generational shift. And you're either on the wrong side of the street or the right side of the street. This is like a really binary, it doesn't matter. And it's accelerating, right? I mean, you know, like folks probably had like one or two transformations in the last 30 years and now they're running, you know, through a transformation every three years. It's like getting whiplash, right? Buckle up. Yep, yep. Gersh, thanks for coming on theCUBE. Great insights. Thanks again for having me. Great insights here on theCUBE. Bringing you all the action in Boston for AWS Reinforce. Amazon Webster's inaugural event around security. Security developers, the new security pros and engineers out there. CUBE coverage continues after this short break.