 Live from Washington D.C., it's theCUBE, covering AWS Public Sector Summit 2018, brought to you by Amazon Web Services and its ecosystem partners. Welcome back to the district, everybody. We're here covering the AWS Public Sector Summit, hashtag AWS PS Summit. You're watching theCUBE, the leader in live tech coverage. My name is Dave Vellante and I'm here with my co-host, Stuart Miniman, Gus Hunt is here. He's the Managing Director of Accenture. Great to see you. Great, thanks, Dave. Stu, appreciate being here. Yeah, thanks for coming on. Last night, we were at the Accenture event. It was hosted by Teresa Carlson and Accenture, a jam-packed, high-level audience. It was really, really fabulous. You couldn't make it because you got stuck. Weather-wise, attracted to Atlanta. Unfortunately, Gus, you missed a lot. It was very good, but bring us up to speed on just sort of the state of where we're at with Accenture. You guys are heavily involved with the CIA implementation. We can talk about that a little bit, but start with Accenture, what you guys got going on in the government. So Accenture Federal Services, which is the part I'm within, supports all of our federal agencies across the board, and we do an enormous amount of work in cloud services. And in fact, Accenture itself is the largest partner of AWS in the world, right? Providing cloud services directly engaged with Amazon. We have our Accenture Amazon business group, for example, that we leverage across the board. So we are really heavily steeped, both in what it takes to help companies and our federal clients move to the cloud, but also how to take real advantage of it, how to gain the efficiencies that they need, and how to do this very securely, right? Because so much of, I think, the concerns that get expressed by people are a misunderstanding about whether or not the cloud is secure versus how to do it securely in the cloud if you understand the nuance difference there. Right, right, so well, explain that. Let's double-click on that nuance there. There are a lot of people, so early on it was concerns about the cloud, and then it kind of flipped and said, well, obviously the cloud's going to be more secure than what I could do as an organization. We heard what the CIA said today. They said on the worst day in the public cloud, security's far better than it is in my client's service systems. I mean, so help us unpack that a little bit. So I'll take you back a few years, right? So I spent 20 years in federal government working for CIA, I retired from there as their chief technology officer, and I led basically the C2S deal that we put together in order to bring cloud services into the agency. And we did that fundamentally for four reasons, right? One was velocity. We had to get our speed of ability to deliver capabilities up to match that what was happening in the private sector, right in the cloud. The second was efficiencies. We had to find a way to really tap into the extraordinary efficiencies being driven by the cloud world and the cloud environment with this continuous drop in price and storage and computing and things like that. How do we leverage that to our advantage and enable us now instead of to keep pace in the world where we knew that data was doing like this and that the ability to exploit data is what the business is all about, right? That was going like that. Yeah, right, yeah, well, the cost, what we didn't want was the cost to do this, right? And so this is where the cloud was going to play a critical role to enable us to really keep pace with the explosion of data and big data and yet through storage and compute in the cloud be able to do this at a fairly level cost curve, right? That was the objective. The third was to drive innovation, right? So we had to be able to innovate as fast as the private sector was able to innovate to live in new capabilities, contingency all the time and do those things. And the final reason really was about security, right? To your point, getting back to what the question was originally asked was that the cloud when we investigated the cloud, it turned out that the cloud was much more secure as a basic platform than almost anything that anybody could deliver inside their own data center across the board. And if you leverage the cloud in particular way, security, it becomes a much more secure environment for people that operate in and do work in than you can possibly achieve inside of your own data center and there's no data center environment. So I'm hearing things like speed, innovation and security. I'm thinking, can you tell us a little bit about developers inside the agency? Do they have a DevOps initiative as part of it kind of achieving those goals? Absolutely. So we actually got started doing agile development back in 2005. And what happened was curious to know for that agile development, using scrum techniques is what we applied. We were able to build software capabilities much faster than we could actually get them hosted. So we had an impedance mismatch, a velocity mismatch between the ability to build capabilities with agile development and to go, right? Now, when we got started in the cloud world here, DevOps was a relatively new term, right? But now, of course, DevOps is permeates everything that gets done. Accenture Federal Services, we teach DevOps for the intelligence community across the board. We teach agile development. We're heavily engaged, but our big move now is into DevSecOps, right? So the new impedance mismatch is the fact that I can deliver and build software very quickly. I can host it very, very quickly in the cloud. But my problem is that my security, people who have to credit and approve the ability to run these things are not working in sync very well with what happens in the space there. And it's not that they're not, they're great people. It's just that the methodologies that have been applied now are causing a delay. So this is where DevSecOps comes into play. And this is our big push at Accenture and Accenture Federal Services, all of our clients in the cloud is to adopt DevSecOps so that we can have security tied directly into the entire development cycle all the way through so that there are no surprises, right? We know exactly what the status is all along. And if you know anything about cybersecurity in particular, bolting security on at the end is the worst possible thing you can do. And fixing cybersecurity holes at the end is 30 times more expensive than having just done it upfront in the beginning across the board. So we are heavily invested in driving both agile development and DevSecOps now in support of our cloud customers. You talked to us about the, just as an observer, I'm obviously deep into federal, but just the sort of delta between sort of commercial and federal, certainly within federal you see pockets of highly advanced, whether it's security or analytics, et cetera. But across the board, the federal government's systems are obviously a lot of money is spent on maintenance, a lot of time and effort. Is federal still learning? You know, the public sector still learning from the commercial sector? Is it flipping? What's your take on that? So it's interesting. So we're now retired and went out to work from the public sector into the private sector. Right. You know, there's this really interesting point of view that's out there, right? In the, when I was in the federal government we really thought that the private sector was way ahead of us, okay? And so we spent a lot of time working with the financial service people who are brilliant and working with Amazon and all the people and all the things that we're doing because they were brilliant and all, you know, so it was really interesting engagement. But when I got to the other side, it's looked at the other way, right? They want to know what's going on because from a, particularly from a cybersecurity optic, from a security optic, the federal government is viewed in many ways, in particular the intelligence community itself is viewed as being far ahead of what goes on in the rest of the world and in terms of analytics and things, you know, the federal government has terrific capabilities and has built terrific systems to do these things. So it's kind of an interesting optic. Each one looking at the other from the outside in is observing things and the reality is, is that like anything in life, you have this distribution, right? There are those that are terrific on one end of the spectrum and those that are nascent on the other end of the spectrum, right? And this is true in the public sector, it's true in the private sector across the board. And it's just getting people together. I think the most important thing is to find a way to get us together so that we share information really effectively so that we understand what's going on and we can educate and we can all elevate ourselves up the chain, right? To deliver better capabilities, both for our clients and our customers and to the citizens of our country. Yeah, and that public-private partnership really isn't formalized exactly. Frankly, it's companies like Accenture that are the glue there, I mean, what do you think? Oh yeah, yes, exactly, right. I think that that's a key point, right? It's companies like Accenture, companies like Amazon who have engagements across the spectrum and on a global basis that are able to see and experience things that most companies can't do, right? Because they don't have that global perspective. And so one of the biggest issues we see is that most companies view the world through their narrow optic of their local sets of problems and issues. And this is what catches up with them, particularly in the cyber realm, right, for example. Which is they're looking at the world through their own little narrow soda straw. And the global view of AWS and the global view of Accenture can be brought to bear to help us with our federal clients, for example, to see the issues more broadly and engage more effectively in a public, private sector discourse. There are threats everywhere, obviously. Increasingly, people are talking about the weaponization of social media. Obviously there's critical infrastructure which we've talked about for years. Where do you see the priorities going? Where is the sort of focus, the spending? Is it on response? Is it on just keeping the bad guys out? What do you sense? So I would say that most of the spending today is focused on trying to keep bad guys out, right? And that model, while critically important, has got to change, right? Because as you notice, while important to do and absolutely essential, it has been wholly insufficient and actually you aren't the problem. We have to move ourselves into a completely different posture in the world today. We have to adopt very much proactive capabilities, hunt for things, do critical reviews and pen testing, discover your vulnerabilities for the adversary does. Adopt cloud services because they can change the security game, right? If we write cloud native code and distribute it in multiple availability zones and fully leverage elasticity and software to find networking, we can turn it into a shell game where the adversary has to find me, not the other way around, right? We can become what I call the polymorphic attack surface as opposed to us having to do with polymorphic viruses and things like that, that we then have to find that are constantly trying to hide themselves from us, right? And so it's adopting those things that then drive us to a state of resilience that you have to get to. And resilience is the ability to have an event and keep on operating, okay? As opposed to what happens today where you have an event and everything gets shut down all hands on deck and panic ensues. All right, so, Gus, we've talked a little bit about some of the constraints and why some people might be concerned. I wonder if we could talk about some of the opportunities. What kind of innovation are you seeing from partners and customers that you're working with that they're driving when they do adopt cloud? So, innovation just across the board, or? Yeah, any cool things they're doing is edge technology, IoT. I would say that the big driver's innovation, of course, are the ones that everybody else talks about, which is really what's happening in the machine learning and AI space. And that is really critical, because those are the things that will enable us to both deal and act with issues, particularly in my realm, the cyber realm, at machine speed, okay, across the board. And then stop things before they can actually become problematic. But it's also going to be the mechanism by which we can enable the human population across the board to better themselves, right? So you take that and you combine it with the internet of things which is growing explosively across the board to begin to automate and drive efficiencies and enable remote healthcare and all those things like that. We're really at the cusp, I believe, of a true renaissance, if you will, of enabling society in ways that we can't possibly begin to imagine just looking at it from where we are today. A lot of talk about machine intelligence. I didn't say AI, you know, that was, we don't have to do a shot. Where do you see that fitting in generally and it may be specifically in cyber? And the second part of that question is, you're seeing the sort of DevOps and SecOps worlds coming together. Yeah, right. So we talked previously about DevSecOps, just to go back to that real quickly. That's an absolute essential, right? We have to get the business, the beauty of agile development and DevOps was it got the business and the infrastructure people who had to run things successfully all the time and the developers who needed to do things very quickly all at the table to engage and ensuring they could do that. The gap in there was the security people, right? So with DevSecOps, you got the security people brought in right up front across the board there, right? You know, and so that move into DevSecOps is more than just essential. It's a must-do, I believe, for all organizations here as they move themselves into the future, right? And to find a way to adopt it. From the, how did you phrase it? You didn't use the word AI, you said- Machine intelligence. Machine intelligence, I think that those capabilities are maturing very, very rapidly. And I think that what you're going to see is a rapid shift in two ways. One is that while machine intelligence is great, machine is only as smart as the data and the information that are fed to it, right? And so if you feed a machine a bunch of information that's highly biased, you're going to get highly biased information out. So there's two things that have to happen. One, the intelligence is going to grow inside the machines, but two, there's going to be and must be a parallel thread where you have some form of social consciousness and social awareness that ensures that the machine themselves don't develop unconscious biases that are then leveraged and used to the disadvantage of citizens and society or other people and things like that, right? And so machine intelligence is going to grow, but that same ability is emerging, and in fact it's something we talk about at Accenture and I've written papers on about the fact that we have to have this social conscious or social awareness around artificial intelligence, the machine learning to ensure that it is most effectively used to the benefit of the citizens of the country. Right, well in this notion of polymorphic attack service, presumably it just can't be humans moving stuff around. No, that's where machine learning automation and they come into play. They have to act at machine speed. That's the only thing you can act at machine speed. Humans will always be involved. Okay, you're never going to get away from the human factor. What these things do is they do the heavy lifting and then enable humans to focus what their brains are really, really good at, which is making hard decisions about what's actually going on and what they actually need to do in many cases, right? We can automate some things, but a lot of it is still going to require really smart people to engage. So when you look back at your sort of original four objectives with respect to the cloud velocity, efficiencies, try to keep in cost where they are or lower them, driving innovation and security, how would you grade? Maybe the agency, the industry, whatever you feel comfortable attaching to. You know, great question. I'm going to avoid giving you a specific answer like this. Fair enough, but. I would, again, this is a spectrum of engagement, okay, across the board. Some agencies are doing really well and have been leaders in the space and I would argue that my old agency is one of those, clearly, okay? There are others that are also leaders in the space and are engaging and adopting cloud services. They're pushing very heavily down these pathways we talked about. They're embracing these technologies because they realize what they can do. And then there are others that are lagging behind, but they lag behind for any number of several reasons. Okay, they're out there, right? So first and foremost is the fact that there's a lot, there's a massive legacy set of workloads and capabilities out there and it's very hard to figure out what are those I want to engage in to move to the cloud and do things, right? So IT modernization dollars were put into play by the federal government in order to help federal agencies do this, right? Modernize IT with the goal of moving themselves to the cloud so that they can be able to drive the efficiencies and adopt the things that are going to be there, right? There's also the concerns we mentioned about security, right? There's too much fear, uncertainty, and doubt and I think misunderstanding about the cloud and that was great. I missed the talk today from my old agency but I'm glad to hear them talk about the fact that we've said this, I've said this for the longest time. The basic cloud is much more secure than almost everybody can do and if I apply and build and develop cloud native capabilities I can actually leverage the cloud to my advantage to dramatically change the game and deliver cyber resilience into my customer set. And so this is the messaging that we want to be able to do and the only way that people are going to do this in the end because of this big backlog of capabilities is they have to remember that they got into where their current state is one application, one system at a time, right? Okay, and the only way they're going to get out of it is one application, one system at a time. They just have to begin to think about what are the ones that matter and how they want to go about that, okay? No quick fixes there, but a lot of hard work and thoughtfulness. Gus, thanks so much for coming to theCUBE. Really great to have you, appreciate your sharing, your insight and your knowledge. Delighted, that Dave. All right, pleasure. Thanks so much. Okay, keep it right there, everybody. Stu and I will be back. John Furrier is here as well with our next guest. We're live at the AWS Public Sector Summit. You're watching theCUBE. Thanks, guys.