Managing Data Growth in the Zettabyte Era
Terabytes have given way to petabytes and now to zettabytes. Artificial intelligence, machine learning, IoT and analytics are all affecting the massive growth of data.
00:00 Dave Raffo: Hello, everyone, and welcome to the Flash Memory Summit 2020 virtual edition.
This is a panel session on data growth and storage planning for a future of zettabytes. We will examine an issue that everyone who deals with storage is familiar with: explosive unabated data growth. This growth is accelerated by technology such as AI, machine learning, IoT and analytics, and we saw even more changes in 2020 due to a pandemic that altered the way almost all of us work.
I'm Dave Raffo, executive news director for TechTarget storage sites, and I'm fortunate today to have four great panelists, some of them well known in the storage industry. And we have Lee Caswell VP of marketing for VMware's cloud computing business unit; Eric Herzog CMO for IBM's Storage Channel; Craig Nunes, COO and co-founder of startup Nebulon; and Brian Schwartz, director of product management for Google Cloud Platform.
So, I'd like to start off by having these four introduce themselves and tell us a little bit about what their roles are at their company. Let's start with Lee.
01:13 Lee Caswell: Yeah, thanks so much, Dave, and a delight to be here, and especially with this elite panel. I'm as VP marketing at VMware. VMware was early on known for abstracting virtualizing servers, which led to the growth really of shared storage. And now through new technologies like HCI, for example, and being able to deliver a common software platform running on servers, we're able to assimilate the latest in flash technologies available both on premises, at the edge and then now into the public cloud, so should be fun.
This article is part of
Flash Memory Summit 2020 Sessions From Day One
01:48 DR: OK, Eric.
01:50 Eric Herzog: Thank you for having IBM at the Flash Memory Summit. So, I always loved to be on these panels. So, IBM as everyone knows, is a large global IT company. We basically invented the storage business. The hard drive was originally invented in San Jose, California. Several of us on the panel are Silicon Valley people. So, we're all familiar with that story. We are the second -argest storage company by revenue counting both storage software and external storage systems.
02:20 DR: Hey, Craig.
02:22 Craig Nunes: Hey, guys. My name is Craig Nunes. I'm co-founder and chief operating officer at Nebulon, probably the one company that might not be a household name on this panel. My company offers a SaaS for infrastructure managers and application owners that provides three things. One is it automates storage operations. It provides a self-service approach for compute and storage provisioning and it turns application server SSDs NVMe into enterprise shared or a local storage for virtualized containerized or bare-metal applications. And we call that cloud-defined storage and it's sold and supported as a server option through Supermicro, Lenovo and HPE.
03:19 DR: And, Brian, I guess you would consider your company cloud-defined storage as well.
03:24 Brian Schwartz: I think that's a fair statement. So, Brian Schwartz -- I'm here from the Google Cloud team. I work on the storage portfolio here at Google Cloud. It's super fun and exciting. I've actually joined the company five months ago. I have a fairly long history myself in enterprise storage kind of prior to coming over to the cloud. So, it's been really interesting to kind of see the dynamics and what's the same and, frankly, what's different and I'm also super-excited to be here as part of the panel. It's a virtual panel and I've only been at Google five months. I've had a virtual onboarding. I still have yet to get to meet one of my colleagues personally. So, that's a 2020 story if there ever was one, but super happy to be here talking to all of you today.
04:05 DR: Great, so, you know, it's no news that data is growing rapidly every year. IDC, other people upgrade these numbers and we're up to the zettabytes now. I remember when it was petabytes, but it just keeps growing. But I think what we're seeing this year, there's been a lot of unique challenges as almost all businesses have changed the way they work with remote work and people staying out of offices as several of you have mentioned.
So, from your companies, how are you guys seeing in the way COVID-19 has changed the way people buy, provision, manage storage and how much of these changes do you think may be permanent? We'll start with Eric since you guys invented storage and you're a good guy to talk about how it's changed this year.
04:54 EH: So, we've seen a couple of things. First of all, the hot buzzword everyone's going to hear is digital transformation. This is a digital basically trade show. I did a webinar for 89 end users yesterday and that was basically a seminar that would have been at a hotel -- Lee would have been there serving a beer just like we did in the old days and that's how it works. So, it's changed.
So, the digital transformation has accelerated dramatically. There are certain aspects to storage, though, that I think remain the same. One is an extra emphasis on being able to manage your storage remotely because not everyone can go in. Many of the larger enterprises were already doing that. They'd have data center A managing the storage in data center B because there's no storage people in data center B -- they were all DevOps guys. But now everyone's doing that from home. Second thing, of course, is the capability of having high availability and reliability. It's even more critical.
05:51 EH: So many companies now that might take a PO or get a fax or have the sales guy go out can't do any of that now, so if the storage goes down and is not available, that's critical to the business and it's become extra critical to the business from what it was . . . And it always was critical and in almost every company. But now it's like uber-critical and you can't fail at all -- got to stay up, got to work, data can't go bad. And then the last thing has been although cybersecurity was critical, I'm sure everyone on this panel working from their house has been attacked at their house. In fact, I may have malware and that's because someone attacked me. So, companies, it's even more critical. So, having cyber-secure and cyber-resilient storage has become another very important aspect with this pandemic and the global recession.
06:45 DR: OK, so Brian, you've gone from an infrastructure company to a cloud company at a time where a lot of people are saying nobody's going into data center, a lot of people are spending up putting their data in the cloud. What are you seeing from this whole . . . during this pandemic?
07:02 BS: Yeah, so certainly, I would echo a couple of the comments that Eric eloquently made. There are certain things about storage that don't change -- you need resiliency, you need performance. I do think there are a couple of things that are different, and certainly it's been an unfortunate story for the pandemic this year, and I hope everyone out there is healthy, and their businesses are also healthy, but clearly one of the trends that we have seen is obviously a lot of growth in cloud services, the systems are up and running. There is capacity available, so how people consume cloud storage is quite a bit different than traditional on-prem storage, you can do with API calls or mouse clicks, but there's capacity available to deploy and configuring, kind of use it inside of that application.
07:44 BS: So, we do think that it's, in some sense, has accelerated some of the digital transformations that people have had, and certainly cloud is kind of a megatrend inside of the industry at this point -- in some senses, it's only been accelerated from the pandemic. But we thought it was a natural end state anyway. Obviously, it's been a big investment for Google over the past couple of years to build out a really rich cloud set of services and particularly in storage to make sure all the options are available either directly from us or through a pretty rich and diverse kind of partner network that runs in the cloud and on top of the cloud.
Certainly, Lee and I have done some work together in the past, and some of the other companies here have the opportunity to build cloud services. So, I think the kind of line between on-prem storage and the cloud, it continues to get blurrier over time, and part of that's because most in our enterprises are adopting more cloud services.
08:41 DR: So, Lee, you're a virtualization company in a virtual world. So, what are you seeing in this year?
08:49 LC: Who knew virtualization would be understood by everyone now, so . . . I think one of the things that we're finding is that people who understand data, really have a relevant opinion in this world, why, because it's turned out the data is hard to move, it's not fast or free to move. It's stateful, right? Which we talked about things like availability, resilience, writing backup DR, these are all elements that have been historically important.
I do . . . While we agree on a lot of things, I disagree with Brian on the end state, somehow being into the cloud is the end state, that's not our view, and that's customers that we talked about, particularly as you look at the edge exploding and data needing to be distributed across the environment for reasons of bandwidth, economics and sovereignty. It's my view that the data is going to be important, not because we do all the things we've historically done, but because we're allowing people to take advantage to get insights from the data itself.
On that, I think we'll all agree, it's the value of how do you get insights into data? Our view is that that has to be distributed across the hybrid cloud, and that we're going to have customers looking at how they get the easiest experience across that and in a multi-cloud world, how do they do that without refactoring re-platforming. So, I think our view is the applications are driving the need for a distributed hybrid infrastructure that supports data.
10:19 DR: So, Craig, you guys started up during a pandemic, and how has that been received and what are people looking to do with this new technology you're offering?
10:31 CN: Yeah, the . . . So, I think one lesson we can all take away and it jives with a lot of what the folks here are saying, which is, if you look at consumer tech, and so I'm a home enthusiast for smart home technology, and if you look at the case of Nest thermostats, for example, a Nest thermostat will change temperature in your house 1,500 times a year. So, big house like Lee has with three thermostats, 5,000 temperature changes a year and all of that's driven out of the Nest Cloud or Google Cloud to pay homage and that enables a whole bunch of capabilities, not just keeping your house at the right temperature. When was the last time you knew about a thermostat software update versus in storage today? How much you spend time updating software device by device around the data center.
11:41 CN: With Nest, you get remote monitoring and alerts and remote administration when you need, and simple automation. If you can consider those capabilities as part of your storage infrastructure, imagine the operational savings that you can put in place, you know Gmail, Nest-like storage software updates, AI-assisted, remote monitoring and administration, one programmable endpoint in the cloud, and I'm talking about doing this for your on-prem data. There's a lot of stuff you can already do with your cloud-based data, but for on-prem data and data shows that mission-critical data is still massive on-prem. These are a way to support a remote IT workforce during crazy times like we have today.
12:37 DR: So, we know, the last couple of years the trend has been that unstructured data seems to be the fastest growing data. And so conventional wisdom is that for unstructured data, it's bulk storage, file data, and object storage, you're picking up the slack of traditional SAN . . . How is that changing the way people store and manage data? We'll start with Brian, since you guys see a little bit of every kind of data.
13:09 BS: Yeah, we certainly do see all types of data, but one of the interesting things in the cloud is just the prevalence of object storage. It's used for a lot of primary storage applications. I think it's a well-known fact at this point, big analytic systems often run in object storage in the cloud, so I do think there's some interesting changes and evolutions and a higher growth in object storage. And I know a couple of other folks in this call make megabit storage and appreciate the trends. One of the things I think that's really different about it is, if you just think about how capacity planning and management is done, it's not that you don't need to think about it in the cloud, you still do. Particularly from a cost perspective and things like this. But some of the . . . I'll say, to go back to some of the comments Craig made, there's some of the operational tasks that, as a customer, you're kind of free from a little bit in the cloud. And it's like actually deploying the capacity, OK, you don't really need to worry about that. There is capacity in the cloud; it's not infinite, of course, but for most people it's available at the click of a couple of buttons. So, you still need to think about capacity planning, but there's some subtle differences in terms of the focus in the task, so I think that's an interesting dynamic that will continue to play out.
14:16 DR: Eric, your IBM also sells all kinds of storage out there. Are you seeing more people go to objects to deal with unstructured data?
14:29 EH: Well, we make sure with what we do that we support file block in object. We have arrays where the software is pre-embedded -- we sell all three as software-defined storage only, where we don't sell any infrastructure at all and they would get their own infrastructure with our software. And we make sure that it can all talk to each other. So, for example, since many people use Kubernetes and containers to create their hybrid clouds, we just added a container native access point so that our large file store, which can be exabytes and exabytes of data, can be accessed from a container environment, a bare-metal environment, or a virtualized environment.
So, making sure that everything can speak to each other, our Spectrum Scale, our Elastic Storage System, which your file can seamlessly move data to S3, can seamlessly move data to IBM Cloud Object Storage, our file software is available from AWS. We recently announced our modern data protection software can now tier to Google Cloud; it was already able to tier to the other major clouds, IBM, AWS and Azar, so now all the four largest clouds by revenue, we can just automatically see it as a tier and move data back and forth.
15:45 EH: So, for us, what we've seen is, you've got to make everything transparent, everything movable back and forth between file and object, object being able to see files. We announced actually that capability for the file structure in a container environment just this past Tuesday. So, that's what we're seeing, and we're seeing most companies deploying a little bit of everything. No one's all block anymore, no one's all file, no one is all object, and as long as you've got the right solutions can move the data back and forth to a hybrid cloud configuration and can always keep the data protected with the right backup and modern data protection software, then . . . People will pick the right configuration file blocker object based on the application workload and use case that they have. And in many, such as big data, AI and analytics, they often use file and object extensively, which is why we make sure that we can work with S3 and work with IBM Cloud Object Storage with our file side and vice versa.
16:43 EH: So that's what we're seeing is all three still in use, file and object growing much faster, block is still growing but not a lot. And just make sure it all works with each other, and especially since all of us sell to big Fortune 500 companies, they expect that. So, if you can't do it, then you're not going to do business with those companies, and even small companies probably use a little bit of everything quite honestly. So, that's why you make sure we've got support for everything and that things can seamlessly talk and traverse and always go back and forth to a cloud configuration.
17:15 DR: Craig, what are you seeing? What are your customers doing? Are you mostly one or the other?
17:24 CN: So, we're generally talking to folks who are managing the whole of the infrastructure, storage, network, and compute. And when you talk with them about storage that they . . . Being familiar with the network side, they just kind of wish it was sort of a property of the fabric, that there weren't quite so many knobs and so much pain in the overhead.
And we were talking to one of the managing directors of one of the large banks and he's got this vision for his next version of their data center, is something he calls self-service infrastructure. And what he means by that is he kind of used himself and an IT leader as sort of the man in the middle between his application users and the infrastructure that they need. And in the cloud, that IT person is hidden, but on-prem, there's whole teams of people that curate and serve that stuff to application owners, and his kind of view of the world, independent of the growth of various types of storage, is how to enable his application owners to get what they need themselves in a more self-service way. Cycle times will be faster, so the ROI's go up; IT's scope or their span of control goes up because a lot of the mundane provisioning and things like that are then handled by the application owners. But certain things need to give in what goes on within the storage infrastructure and its relation to compute network.
19:29 CN: So, I think if you believe that application owners and infrastructure is going to kind of drive our requirements and storage, we're going to have to make it much more just a property of the fabric. It's there when the application owner spins up containerized Mongo, and there's really nothing for them to do. They hit a service catalog, hit a template, provision their servers, and storage is there for them. That's kind of how we have to think about storage going forward, and the systems we all make are smart. They're computers. They can figure out what kind of storage an application needs and serve it, and not rely on individuals to have to guess what an application owner needs for their next project.
20:29 DR: And Lee, I guess you see all kinds of data in VMware. What's changing with the growth of unstructured data?
20:38 LC: Yeah, yeah, we have a strong center of gravity in the on-premises world, of course, right? Whereas now, through our hybrid cloud partnerships, including Google through Google Cloud, of course, Azure, and AWS, what we're finding is that people want to think less about storage. In fact, they want to think less about infrastructure. If you think back five years ago, 10 years ago, the applications weren't changing very fast, and I think it's interesting that as we're talking to storage people here, increasingly, you're hearing about the applications, the applications, the applications, because really, it is about the applications, at the end of the day.
We're using applications, and so the things I'm noticing are applications are changing more quickly because they are, especially in this virtual world, they are the bridge, the brand loyalty that you have from a customer to a vendor, is along applications now, is what's creating that bond, that bridge.
21:33 LC: Secondly, as the pace of application goes up, we've seen the use of containers go up. Now, VMware, of course, was developing and supporting VMs. What we're seeing, what we hope to be true and is actually turning out to be true, which is that containers are increasingly being run and largely been run in VMs because of the enterprise resilience that we have beneath those containers and we've integrated Kubernetes into our flagship product vSphere as a way to basically apply the same security policies, and management policies, and resilience that you got from VMs or from VMware for VM management into now Kubernetes orchestrated container-based applications.
22:14 LC: And lastly, it comes back to flash, right? Flash because the cost per bit has gone down so drastically and the capacities are increasing, combined with one interesting fact -- that people write data a lot less than we thought. They're reading data a lot. So, a lot of the early endurance curious . . . endurance issues were kind of faded to black, if you noticed, because we're able to go and basically know that we're reading data to get more insights from the data itself, use flash to build these scale-out architectures that are server-based. And, so, I think as you look there, people are trying to worry less about the data. They want it to work across files, blocks, and objects, and which we support, of course, but you're finding that people want to look down at the infrastructure less and up at the apps.
23:15 DR: So, Brian, several people have mentioned the cloud, more data moving to the cloud. What applications are you seeing the most moving out to a public cloud? Is it still just backup and data that people want to protect or . . .
23:32 BS: Certainly, we do see data protection data, and I think Eric mentioned that earlier, I do think the cloud is commonly used as a target for data protection and DR. But obviously, there's an increasing number of primary applications that run in the cloud, obviously a ton of consumer apps are already there, but increasingly, you see customers moving whole data centers and more classic enterprise apps, databases, and core line-of-business applications. So, we really see all the major food groups -- block, file, object -- they all exist in the cloud and they all get a prevalence of adoption.
In particular, obviously, AI and analytics, are some of the newer apps out there, and some of the real high-growth areas, there's been a high growth in those areas in particular, and obviously those are areas . . . Google investing directly and it has a lot of partners that contribute a lot of valuable software and capabilities. So, we really see this high growth in primary applications kind of running in the cloud, major enterprise apps, ERP systems, databases, that's really a high area of growth these days, not just the more traditional consumer apps that people use every day and are already familiar and comfortable with.
24:46 DR: Eric, what kind of data, what kind of applications are your users moving out to the cloud?
24:53 EH: So, obviously, for the storage, traditionally, it's absolutely disaster recovery, business continuity and backup. You see people moving data out there, especially from an object store perspective, so when you've got a large data lake, you can have some of it in file, some of it in object. Our Spectrum Scale can be a globally distributed cluster, both on and off prem. In fact, AWS, IBM Cloud, and Google all support it. You could have part of the cluster sitting in the cloud and part of the cluster sitting on prem creating a hybrid-ness, which means, in that case, those applications are AI, big data and analytics, where part of it is actually in the cloud and part of it is on prem, and we are accessing the data lake. We provide a piece of software called Spectrum Discover that works with our storage, it works with the EMC storage, it works with NetApp storage, it works with AWS, anything that supports S3, so almost all the major cloud suppliers clearly support that and so do hundreds of small ones.
25:55 EH: From the container environment, Red Hat OpenShift and SaaS, so what we can do is basically have this software that will traverse all of those data sources and tell your AI software, your analytics software, your big data software through an API where to go grab it. And it could be on our storage, it could be on IBM store, EMC storage, it could be on NetApp, it could be sitting in any cloud provider that supports the S3 protocol.
So, we make sure that people want it for AI, big data analytics, it's often a very distributed model. And often what you're doing is, again, hundreds of petabytes, and we have probably 25 customers now that have an exabyte in production, an exabyte. That's a lot of storage to search, and some of it's out in the cloud with Google, IBM Cloud, Amazon and Azure, and some of . . . Because the way the distributed file and object is sitting on prem.
26:51 EH: And, so, that's what we see, those kind of workloads out there, traditional high-performance transactional, no way. What we have seen is some of our large financial institution customers for a high-velocity training app will actually make a duplicate copy, real-data copy. They'll put it in the cloud, the dev team will develop that highly transactional piece of software to run high-velocity trading, to run credit card fraud detection, and then what they do is they move the app back on prem, but they actually develop the app in the cloud, but the performance in the peer performance of cloud flows high-transactional workloads is not there.
27:27 EH: That said, their own data centers are private clouds, if you will. It's just you can't traverse a private to hybrid for those highly transactional workloads, but private clouds, which VMware does a lot in that space, and so do we in the private cloud space, those high-velocity transactional workloads often are in their private cloud. And a few things, Dave, to surprise everybody, are still actually bare-metal, certain apps still are bare-metal, and they'll never go to VMware or containers, let alone to a hybrid cloud, let alone to full cloud because they just need that performance. That said, that's a niche-y market. So, the bulk of it is big data, AI and analytics, and it's really, really taking off and these hybrid cloud configs.
28:10 DR: So, Lee, you'll be happy to hear the bare-metal is still, is only niche-y now, is that not too many people use . . . I know you got scared when Eric said people are going bare-metal. What are your customers doing with the cloud? What are they putting out in the public cloud?
28:27 LC: Listen, the thing I love about VMware is whenever there's a threat, we lean in, because if a customer wants it, we're going to find a way to help them do it. If a customer wants to exit their data centers and move all into the public cloud, we're going to help them. We're going to help them and do it where they can take their existing applications, move them and preserve their existing consistent operational field and security models importantly. So, we'll help them with that.
As far as bare-metal goes, pretty interesting. We just announced something called Project Monterey. This is basically through the use of SmartNICs . . . Some SmartNIC, sorry, sometimes called the DPUs, sometimes called function accelerators. This technology basically allows you to preserve precious CPU cycles so we're basically allocating silicon cycles so that we can offload some of the infrastructure management and, for the first time, extend VM or infrastructure management, wait for it, to bare-metal. [chuckle] And so this is something we just announced at VMware.
29:25 LC: So, listen. I think customers are looking for us to abstract everything. Why? Because they don't know what they're going to do next. They want to be future-proofed to know that, hey, just like we're talking about file, block and object, they also want to know that, "Hey, I could go into play on prem, if I want to do DR to the cloud." We acquired a company called Datrium, you organized recently to go and deploy something we call VMware Cloud Disaster Recovery. That's a great way to go and rent cloud resources when you have it.
29:56 LC: But the message overall is this. It wouldn't be smart to ignore the incredible investment and the value of the public clouds. And so as you find as to a customer, either workloads that you want to move or workloads that you want to have to be distributed or that you want to manage across it, my hope and expectation is that we as an industry allow movement of applications, including the storage, to happen as seamlessly as vMotion made basically maintenance across servers totally capable in a way that became basically friction-free.
And I think with that we're going to be able to do things like have coresident analytics next to data. That's going to allow us to basically not move the data but move the analytics. [chuckle] You start thinking that if the data is the hard part, these become new, interesting ways to think about how to provide customers the most flexibility going forward. And I think that's how customers are viewing this right now is in uncertain times, make sure you've got the degrees of freedom you're most likely to exercise.
31:03 DR: Craig, I know your storage provides a lot of the intelligence from the cloud, but what are your customers doing with . . . Are they putting much on the public cloud?
31:13 CN: Yeah, so I would . . . So, I take a step back and I look at . . . I'm kind of a numbers guy. And you look at our pals at IDC, how they sort of break down the world, and they would say the bulk of storage in the cloud today is object, about $13.6 billion in 2019. Public cloud, what they call basic storage, block and file infrastructure as a service about $8.8 billion. The on-prem block and file-based applications represents about $30.9 billion, depending on how you slice hyper-converged. And, so, you can kind of take away from that about 78% of all mission-critical applications are on prem or in hosted data centers, and about 22% in hyper-scale data centers.
Why is that? Because cost, service-level or compliance requirements don't quite line up with what's going on in the cloud, folks decide to run things on prem. But what folks can pivot to is disaggregating the data and the control plane. We saw it in networking 10 years ago with companies like Meraki networks, and now all the networking companies do it. The operational control of your on-prem assets moves to the cloud. Why? Because there's a lot of benefits in management and operations to do that.
32:54 CN: So, I would tell you 100% of our customers are going to the cloud by virtue of moving operations there, however, their mission-critical data stays on prem. And, in fact, to please point about Project Monterey, to do this, to separate data and control like that, we've moved to an approach where we have an endpoint that runs in the customer's application server, that runs the full enterprise data services stack on that PCIe device, and then it's controlled by the cloud, and that's something that we are doing today.
So, this isn't something that the data center could pivot to, this is something to keep an eye on. I think with what VMware is doing with Project Monterey -- huge endorsement of these new computing models -- and this approach allows this shift to cloud-based management for storage, which otherwise can be hard on both the monitoring and administration sides. So, I think that we're in the midst of a big shift, and again, I think what's going on in the world right now is only accelerating that.
34:22 DR: OK, so Eric, you mentioned this as a first-hand experience, being having malware and somebody attacking you, so with all of this extra data, what do you guys do to keep it safe?
34:38 EH: Well, the smart storage company is building a cyber-resilience into the storage. So, we encrypt everything, and in fact, with several of our storage arrays, we've built in hardware encryption, so when you're encrypting and decrypt-ing there is no performance penalty, the application runs as if it was never encrypted.
So, the CSOs, the CLOs, the CFOs, the CEOs, all know about this. It's all over the newspaper, those of you who don't know, he was in California, San Francisco engaged in COVID research in the medical university for Northern California. But part of the University California system, they had a ransomware attack, the week before July 4th. It was in the local papers, and I think it made national news. And guess what? Because some of the research was COVID, they paid it right away. So, it doesn't matter whether your big, medium or small, it's not if you'll get attacked, it's when. And especially for midsize companies up to the global Fortune 1000, it's how many times a day.
So, if you don't have cyber-resiliency built into the storage, the one thing I think I would really like to caution all of the viewers to virtual FMS is most companies do not think of storage as anything to do with security, and they think about keeping the bad guy out and when the bad guy gets in, tracking them down. OK, that's great.
36:01 EH: Well, I've had several CIOs tell me point blank when most of the people left the room that they didn't know they had an attack for two or three weeks. So, if you don't have cyber-resilient storage, you got a problem, and we have malware or ransomware attacks, you need to be able to quickly A, identify it. Our Spectrum Protect product actually has an AI-based warning system that detects anomalies, and since I am the master cybercriminal, I am going to attack VMware's backup, they're archiving their replicas and their snapshots first. Then I attack the prime, and then I go to Pat Gelsinger, who I used to work for at EMC, and say, "Pat, I need a billion dollars, otherwise I'm not unleashing it." And I'm not a cybercriminal, and I could figure that out.
So, they're getting very sophisticated. I hate to say it, they're almost like organized crime. In fact, I wouldn't be surprised if organized crime is involved with cybercriminals. So, you really, really, really have to protect it, and unfortunately, most companies don't think storage matters and they're crazy, they are really crazy, it's really important.
37:04 EH: And, so, at IBM, we're building in everything we got. And, in fact, one of the other analyst firms know that we have the most cybersecure storage of any storage company in the world last Q4. So, it's super-critical, and I'm sure all of us are going to say the same thing -- You don't think about security, your customers will just walk away in 2 nanoseconds.
37:26 DR: So, Brian, you guys have so many data from millions of companies, and I remember the early days of the public cloud that security seemed to be a big . . . gave people pause. So, what do you guys do for cybersecurity?
37:42 BS: Yeah, it's a super-important topic, and I would echo a couple of the comments Eric made. It's kind of everybody's responsibility at some level, there are security professionals, and certainly we have more than our fair share here at Google. We run obviously, some of the biggest multi-tenant systems in the world and get attacked every day, so we obviously invest a huge amount in it and do a lot of work to make sure we get appropriate third-party visibility.
38:11 DR: I hope Brian wasn't hacked in malware. [laughter] So, Craig, why don't you tell us a little bit about -- your company's technology is fairly new, where does cybersecurity play for you guys?
38:33 CN: Because you do have a cloud that's effectively managing your most critical on-prem data, security is at the heart of what we do, and I think the notion of encryption everywhere end to end at rest is just baseline. I think one of the things we also believe is that security has to be made simple. The higher the complexity, the more you have to learn and do stuff, the more likely your users are not going to take advantage of things they should in the storage layer, and so built-in key storage and management, so you don't have to manage external devices.
The same thing applies for your permission management and authorization. It has to be made easy because as soon as there's too many knobs, people are going to go the all-or-nothing approach and with security that can get you into trouble. And the other thing I would say is, I think the edge came up a time or two with the growth of edge and what's going on with 5G and deployment of IoT, the more you have this distributed organization that's trying to secure itself, it's problematic if you have these distributed consoles and systems.
40:19 CN: You want a way to centralize the monitoring of security and those breaches. In fact, the harder this becomes, the easier we have to make it. And that's a big part of what we do in our offering is kind of security is extreme, but just part of the offer because we don't really want to give folks a choice whether or not to turn on encryption -- it's just on -- or to establish a role-based access control -- it's going to be set. So, I think that's for sure the direction. It goes with anything, especially an enterprise cloud that's got on-prem hosted and hyperscale environments all as part of that one cloud.
41:18 DR: Hey, Lee, what are you seeing? VMware has data stored, public clouds, private clouds, traditional on prem, what are you guys doing for security? And what are you seeing out there new?
41:31 LC: Our view is that security is irrevocably broken. People are spending more, they're getting hacked more. We're in a . . . It's like thermal runaway. It's just not converging right now. And the challenge is, I don't know if you remember the old joke about standards are great, and that's why everyone has one.
Well, the problem here is that everyone is putting different security metrics into individual point products, including storage by the way. And what we really need to get to is the idea that you need to get security attributes closer back to the app owner. The app owner actually knows the most about where the security resides by apps. And if you presume that applications along with their storage are going to move across the hybrid cloud, as soon as you recognize that, and you recognize that in containers, you've got containers being spun up more frequently, destroyed more quickly, shared across the hybrid cloud more often, and no inherent security model. What we're doing is building in an intrinsic security model that goes all the way from the core of the infrastructure out to the endpoints themselves.
42:35 LC: We just acquired a company called Carbon Black, of course. And you can see this integrated model. Some of the new architectures, by the way, are presenting security models that as Eric alluded to, are different than the traditional perimeter model. Perimeter used to be like, if I contain the parameter, then I'll try and look at what's inside. But these new scale-out distributed architectures basically enable by flash where you could build a scale-out distributed architecture that approximates the performance of a scale-up system. What you've got now is a system where east-west traffic becomes as important as north-south traffic, which used to be from the app down into the storage itself. And, so, the ability to go and have this east-west traffic distributed firewalls, for example, zero-trust environments, how do you have secure boot?
43:26 LC: How do you do and deliver all of that and presume that it's going to work across the hybrid cloud? This means you have to basically have a core reactor some place where you have intrinsic security built in. And that's our architecture is one where you're applying security policies by VM, by container and then allowing them to basically move across the hybrid cloud with this consistent model. We believe that there's no way that today's enterprise can manage 240 or however many the average number of security project is. And no matter how easy any one of them is, it can't be easy enough to go and ensure an end-secure system. And we think this is really, fundamentally a new re-architecture that the industry is going to have to come to.
44:14 DR: All right, guys. Well, this has been a great session. You've covered a lot of ground. A lot of interesting views. One of many great sessions at the Flash Memory Summit.
So, I thank everybody for participating, everybody watching. And now that I've asked all my questions and haven't been able to stump any one of you, it's time to open it up and see if we have any other questions from our viewers out there.