Every day, CISOs must decide which cyberthreats to prioritize in their organizations. When it comes to choosing which threats are the most concerning, the list from which to choose from is nearly boundless.
At RSA Conference 2020, speakers discussed several of the most concerning threats this year, from ransomware and election hacking to supply chain attacks and beyond. To pursue the topic of concerning threats, SearchSecurity asked several experts at the conference what they considered to be the biggest cybersecurity threat today.
“It has to be ransomware,” CrowdStrike CTO Mike Sentonas said. “It may not be the most complex attack, but what organizations are facing around the world is a huge increase in e-crime activity, specifically around the use of ransomware. The rise over the last twelve months has been incredible, simply because of the amount of money there is to be made.”
Trend Micro vice president of cybersecurity Greg Young agreed.
“It has to be ransomware, definitely. Quick money. We’ve certainly seen a change of focus where the people who are least able to defend themselves, state and local governments, particularly in some of the poorer areas, budgets are low and the bad guys focus on that,” he said. “The other thing is I think there’s much more technological capability than there used to be. There’s fewer toolkits and fewer flavors of attacks but they’re hitting more people and they’re much more effective, so I think there’s much more efficiency and effectiveness with what the bad guys are doing now.”
Sentonas added that he expects the trend of ransomware to continue.
“We’ve seen different ransomware groups or e-crime groups that are delivering ransomware have campaigns that have generated over $5 million, we’ve seen campaigns that have generated over $10 million. So with so much money to be made, in many ways, I don’t like saying it, but in many ways it’s easy for them to do it. So that’s driving the huge increase and focus on ransomware. I think, certainly for the next 12 to 24 months, this trend will continue. The rise of ransomware is showing no signs it’s going to slow down,” Sentonas explained.
“Easy” might just be the key word here. The biggest threat to cybersecurity, according to BitSight vice president of communications and government affairs Jake Olcott, is that companies “are still struggling with doing the basics” when it comes to cybersecurity hygiene.
“Look at all the major examples — Equifax, Baltimore, the list could go on — where it was not the case of a sophisticated adversary targeting an organization with a zero-day malware that no one had seen before. It might have been an adversary targeting an organization with malware that was just exploiting known vulnerabilities. I think the big challenge a lot of companies have is just doing the basics,” Olcott said.
Lastly, Akamai CTO Patrick Sullivan said that the biggest threat in cybersecurity is that to the supply chain, as highlighted at Huawei’s panel discussion at RSAC.
“The big trend is people are looking at their supply chain,” he said. “Like, what is the risk to the third parties you’re partnering with, to the code you’re developing with partners, so I think it’s about looking beyond that first circle to the second circle of your supply chain and your business partners.”
I’ve been gaming with a buddy for a good number of years, but when my PS4 died on me I joined the PCMR middle of last year. He had planned to join at the same time but just as he was about to put something together his financial situation changed.
I was hoping to put together something for him but am now expecting my third so it’s difficult to get the wife to sign off on this.
Sob story out of the way, I have managed to get one or two bits but was wondering if anyone was due to through out any old bits and would instead be willing to donate them?
I know beggers can’t be choosers and I’m not looking for anything amazing. I was hoping to base a build on the 1155 socket.
It’s a lot to ask but if you have anything that you would like to donate, please drop a comment. Happy to make a small donation to a charity of your choice.
Your face tells your story and confirms your identity when you shop. Digitizing all that takes next-generation eye-tracking and facial recognition technology, which retailers and restaurateurs have just begun weaving into the IT mix to improve customer experience.
Stores and restaurants are testing retail facial recognition technology to help speed up checkout and ordering, users and vendors said at the recent NRF 2020 Vision: Retail’s Big Show. Eye-tracking software (see sidebar) helps retailers improve user interfaces on e-commerce sites as well as in physical stores, influencing the planograms that map product placement on store shelves.
Customers in several small restaurant chains in California and Illinois can order meals on kiosks from vendor PopID, a company that integrates NEC facial recognition and Brierly Group digital loyalty programs into the kiosks. The goal for many restaurants with self-service kiosks is to eliminate humans taking orders and running payments, said Yale Goldberg, vice president of strategy and business development at PopID, and facial recognition can speed up the process
These are early days for retail facial recognition to connect loyalty program names and credit cards to customers, and so far, the results have been mixed. At restaurants with PopID kiosks, humans at the cash register can punch in orders and take payments in 30 seconds, while on their own, customers take an average of two and a half minutes, even with instantaneous facial ID.
Furthermore, concerns about data privacy Goldberg refers to as the “creep factor” can make some consumers reticent to use the system. So far, about 20% of the restaurants’ customers opt in to PopID facial recognition for ordering and checkout.
That said, older customers — who typically have more reservations about giving up personal data than Millennial-generation and younger customers — are buying into the company’s retail facial recognition systems at about the same rate, Goldberg said.
“People are returning to these restaurants frequently, and they understand they can have a much more frictionless experience when they opt in,” Goldberg said. “Once it’s explained, people start to trust the brand and can see the benefits.”
NCR sees biometrics on rise
Customer privacy concerns about opting into retail facial recognition are a barrier to widespread acceptance, said David Wilkinson, senior vice president and general manager of global retail at NCR Corp., which provides cloud application and infrastructure support for retailers. NCR is partnering with biometric ID vendors to offer convenience and grocery stores checkout kiosks using face ID, but Wilkinson characterized adoption as low, or even in the testing phase among the company’s retail customers for now.
NCR remains agnostic on new tech such as biometric IDs, Wilkinson said, and supports as many as possible to meet its customer demand if and when it comes. NCR also offers computer vision tools for automated age verification for the purchase of age-restricted items, which the company said can be more accurate than humans.
Biometrics in general have much promise, Wilkinson said, for matching customers to loyalty memberships and enabling quicker checkouts. Facial recognition in particular, however, may have a difficult path to acceptance in retail among consumers. Alternatives such as palm recognition for payment may eventually prove more accurate and less intrusive for payments, he said.
“I think there will be some kind of AI-driven, biometric way that we can identify ourselves at retail,” Wilkinson said. “At NCR, we can’t bet our business on a winner or a loser; that’s not the way we’re built.”
Integration woes slow progress
Jon HughesEVP, REPL Group
Integration of facial technologies hasn’t always been smooth. Customers have to relearn familiar processes like checkout. On the back end, new biometric data feeds must work their way into long-standing payment systems, or in the case of eye-tracking data, into planogram applications.
Many retailers are a few years off from getting their systems and data management working in harmony, said Jon Hughes, executive vice president at retail tech consultant REPL Group. A third have it “well sorted out,” a third are just getting started and a third are in what he called “the dark space in the middle.”
“The data’s the big problem,” Hughes said. He added that, in his view, facial recognition comes closer to true AI than many other technologies vendors call AI, but he views as basic automation without intelligence.
“I think there’s a massive opportunity, but there’s a leap of faith needed,” Hughes said. “Taking that leap of faith is really hard for some organizations, but the technology’s there.”
When investing in tech startups, including BI vendors trying to get started, venture capital firms want to see more than just a good idea.
They want to see a realneed for a particular productwhen they consider investing in tech startups, and they want to see founders who have enough management experience that they won’t ruin a company with poor decisions even if what they’re bringing to market could stand out.
There is also a litany of things they don’t want to see when they’re investing in tech startups, warnings that tell investors a particular company is a bad bet.
Vanessa Larco is a partner at New Enterprise Associates, a venture capital firm with over $20 billion in assets under management. From Salesforce and Tableau years ago toSisu just recently, NEA has a history of investing in tech startups, and betting on BI vendors in particular. Larco, meanwhile, has a background in computer science that includes time as director of product management atBoxand leading the speech recognition experience team at Xbox Kinect v1, and she leads some of NEA’s investments in tech startups and participates on deal teams led by colleagues.
Larco recently answered a series of questions about investing in tech startups. In Part Iof a two-part Q&A, she discussed what she looks for in BI startups and what stood out about Sisu. In Part II, she went into detail about what mightprevent an investor from working with a company, and her process for investing in tech startups.
In a given year, how many tech startups — not only BI vendors — might NEA invest in?
Vanessa Larco: It’s anywhere from 15 to 30 new investments per year where we take a board seat — this excludes seed deals.
Meanwhile, when looking at investing in tech startups — those 15 to 30 in a given year — how many pitches do you go through before choosing who to work with?
Larco: For me individually, I invest in one or two companies a year — period. I spend 12 months just finding those one or two companies a year. But I talk to at least one or two companies a day, so I’m seeing between 600 and 1,000 companies a year and I invest in one.
So of those other 599 to 999 companies, what is it about them that eliminates them? What are some obvious warning signs and some more subtle things that stop you from investing in a tech startup?
Vanessa LarcoPartner, NEA
Larco: By default, it’s more about what is that special thing that makes me say, ‘Yes.’ When you’re investing in a company in their early startup phase, there are a billion reasons why you shouldn’t invest. I can give you a thousand red flags — the capital-to-revenue ratio doesn’t make sense, the team isn’t experienced in the space, it’s too early for us because they’re pre-product, or it’s too late for us because they’re pre-IPO, the work that they’re going after isn’t big enough, the economics don’t really make sense, and I don’t understand how they’re going to make sense in the future. I can think of hundreds of reasons why you shouldn’t invest, but what you’re actually thinking about is what’s that thing, what’s the spark that makes you suspend disbelief and take that leap of faith, because they’re all leaps of faith.
So what gives you that faith when investing in tech startups?
Larco: On every deal, at least a dozen people are like, ‘That’s the dumbest stuff that I’ve ever seen; how did that person ever think that was a good idea?’ You have way more naysayers than you have people who think something is brilliant. That’s just the nature of investing in startups.
You’re looking for that spark when something just clicks for you about the founding team, whether it’s that they’re incredibly accomplished, or have some unique insights, or there’s something incredibly special that even if something doesn’t make sense you feel like the team will figure it out and you just really want to work with them. There’s enough stuff there that’s interesting that you believe they’ll make something work and their initial hypothesis is something I can get behind. Or it’s, ‘Holy cow, I’ve never seen such an innovative product. It meets a need that no one is paying attention to, and it leads to their vision of how they’ll become an independent company… that expand its vision.’ Or it can be that you don’t really get it, but holy smokes, look at the customers they have attracted in a short amount of time — these are hard customers and we know they don’t just buy anything, so we know something is there, and if these people see it a bunch of other people will see it and they’ll be successful.
And what’s the process – how does the relationship start and progress to the point where NEA commits capital?
Larco: It’s different for everybody. Some people are super data driven, some people are very relationship driven. I’m personally a hybrid of being space driven and relationship driven. There are some spaces I really like, data being one of them, HR tech being another. And then I want to get to know the people and find out if they’re people I’ll click with, so then we’ll just spend time together over months, and then when they’re ready I’m just like, ‘I’m here.’ We’ve done all the work, I know I want to invest. And from there you talk to your partnership and do a financial analysis and a returns analysis, and do the actual quantitative work. That’s the easier part. The harder part is to get the conviction to take a leap of faith. For me that’s about the relationship, and I really believe in the founders — I see the need.
How long might it take from the point when you first meet with someone to the point when you close the deal?
Larco: For me it’s longer than most. I like to get to know someone because ideally we’re going to spend the next 10 years of our lives working together, through the ups and the downs, so I want to get to know the founders a year before they actually want to take funding from us. And once they say they’re ready to go, it can take us two to four weeks to make the investment as a partnership.
BI startups, like all companies when they’re getting started, need money to get off the ground.
BI startups need to show thatthey have a good idea, and are not simply repackaging analytics software platforms already on the market. They need to show that they can build a strong product, and that their founders have the expertise to build and sustain something commercially viable.
And with that, they need to attract investors to fund the company in the years it takes between the time an idea forms and a company becomes financially solvent.
Vanessa Larco is a partner at New Enterprise Associates, a venture capital firm with over $20 billion assets under management. NEA was an early investor in companies such as Tableau and Salesforce when they were tech startups, and, among many other types of companies, continues to invest in BI startups. Recently,NEA was part of an investment round in Sisu, a startup BI vendor founded in 2018 and based in San Francisco.
Larco, meanwhile, has an extensive background in computer science, and before joining NEA was director of product management atBox. Prior to that, she worked in the gaming industry, leading the speech recognition experience team at Xbox Kinnect v1. She leads deals investing in tech companies, including BI startups, and participates in others led by colleagues.
Larco recently took time to answer questions about investing in BI startups.
In Part I of a two-part Q&A, she discusses what she looks for in a BI startup and what she loved about Sisu. In Part II, Larco talks about the process of investing in BI startups, including thewarning signs that arisethat may keep her from investing.
When you’re considering investing in BI startups, what are some of the characteristics you want to see in a vendor that tell you it might make a good investment?
Vanessa Larco: I think every partner has their own journey when trying to figure out where to invest. For me, I draw a lot on my experience having been a product manager. When I think about what the challenges were that I had or that my team had in building, launching, supporting, maintaining products and then when you see a solution — whether it’s in data or any other vertical — that makes sense and you can say, ‘Wow, if this had existed when I was doing things it would have made my life easier, my team’s life easier,’ it’s something that resonates right off the bat.
Vanessa LarcoPartner, NEA
You then validate it against actual teams that are still building things and ask them if this would be helpful, and that validates the real need for it.
In the case of Sisu, what stood out about them and led NEA to decide it was a company worth betting on?
Larco: Every process, as much as we like it to be standardized, turns out to be its own unique snowflake, and in the case of Sisu, Pete Sonsini led the deal team and I joined the deal team, meaning I helped him evaluate the opportunity and spent time with the team. I am super excited about Sisu. I ran it by some of my portfolio companies, particularly the ones who [complain that] board meetings take forever because they show a bunch of data and people ask, ‘Well why did this happen, why did that happen?’ And to get those answers it takes at least week. So when I saw the Sisu value proposition I wondered if this will solve that problem.
Even back when I led a product team in the past and we would present to CEOs, we’d show numbers going up and down and they’d ask, ‘Well, why did that happen?’ We’d have to get back to them. It’s just super painful when you know they’re going to ask you why, and that is what takes forever. Sometimes you spend all that time trying to figure out why, and then nothing comes of it, so when I saw the Sisu value proposition I thought that if this actually works it could be game changing.
What happened after you saw Sisu’s value proposition?
Larco: I took it to a good friend at a portfolio company to kick the tires, and they were like, ‘Yes. Yes, this awesome. Thank you so much.’ They said their data person would be so happy they wouldn’t be bogged down answering some very simple questions and doing the manual work to answer why, so from that perspective it was super exciting.
Once NEA invests in BI startups, how much influence does it want going forward — does it seek a spot on the board of directors, leave the company alone or something in between?
Larco: Each case in venture is different. It’s not a high-volume type of industry — we’re not doing hundreds of deals a year — so each deal is very unique and each financing round is unique. But in general, the earlier in the company’s lifecycle you invest in, the founders want you on their board because they want the attention and support, the advice, the feedback, the connection. VCs, in most cases, have been on many boards and seen a lot of stories play out, and you have a lot of connections to potential customers, and so to be able to understand what a company’s needs are as they change is really valuable. Most of the time, both parties want a seat on the board.
But if it’s super, super early and someone else leads the financing round and you’re just participating, someone else takes the board seat. Or if it’s the late stages then the board is already pretty filled out and it has less unknowns than in the early formation years, in those cases you may not take a seat on the board. If an investor is acquiring a significant amount of equity and you’re between 15 and 30 percent, they will typically take a board seat. Anything less than that, it may not make a ton of sense to take a board seat — there’s a limit to how many board seats we can take.
Besides Sisu, who are some startups in the BI/analytics space NEA has recently invested in?
Larco: My colleague Julia Schottenstein led the investment in Metabase, which is in the data space in the open-source project world. I was on the deal team and attended the board meetings for a company called OmniSci. The real value proposition there is they do some really cool geospatial [analysis], and it’s lightning fast. If you need data and need to visualize it across any type of map, I haven’t seen anything like it. From my gaming and advertising days that would have been a massive help. It’s a category that historically if you were investors in Tableau and other data companies that have done really well — it’s a category NEA has performed really well in in the past. It’s a massive category for IT spends, so it’s an area we actively invest in year over year.
Amazon is a powerhouse when it comes to recruiting. It hires at an incredible pace and may be shaping how other firms hire, pay and find workers. But it also offers a cautionary tale, especially in the use of AI.
Amazon HR faces a daunting task. The firm is adding thousands of employees each quarter through direct hiring and acquisitions. In the first quarter of 2019, it reported having 630,000 full and part-time employees. By the third quarter, that number rose 19% to 750,000 employees.
Amazon’s hiring strategy includes heavy use of remote workers or flex jobs, including a program called CamperForce. The program was designed for nomadic people who live full or part-time in recreational vehicles. They help staff warehouses during peak retail seasons.
Amazon’s leadership in remote jobs can be measured by FlexJobs, a site that specializes in connecting professionals to remote work. Amazon ranked sixth this year out of the 100 top companies with remote jobs. FlexJobs’ rankings are based on data from some 51,000 firms. The volume of job ads determines ranking.
The influence of large employers
Amazon’s use of remote work is influential, said Brie Reynolds, career development manager and coach at FlexJobs. There is “a lot of value in seeing a large, well-known company — a successful company — employing remote workers,” she said.
In April, Amazon CEO Jeff Bezos challenged other retailers to raise their minimum wage to $15, which is what Amazon did in 2018. “Better yet, go to $16 and throw the gauntlet back at us,” said Bezos, in his annual letter to shareholders.
But the impact of Amazon’s wage increase also raises questions.
“Amazon is such a large employer that increases for Amazon’s warehouse employees could easily have a large spillover effect raising wage norms among employers in similar industries and the same local area,” said Michael Reich, a labor market expert and a professor of economics at the University of California at Berkeley. But without more data from Amazon and other companies in the warehouse sector, he said it’s difficult to tell where the evidence falls.
Amazon HR’s experience with AI in recruiting may also be influential, but as a warning.
The warning from Amazon
In late 2018, Reuters reported that Amazon HR developed an algorithm for hiring technical workers. But because of its training, the algorithm was recommending men over women. The technical workforce suffers from a large gender gap.
The Amazon experience “shows that all historical data contains an observable bias,” said John Sumser, principal analyst at HRExaminer. “In the Amazon case, utilizing historical data perpetuated the historical norm — a largely male technical workforce.”
Any AI built on anything other than historical data runs the distinct risk of corrupting the culture of the client, Sumser said.
In July, Amazon said it would spend $700 million to upskill 100,000 U.S. workers through 2025. The training program amounts to about $1,000 a year per employee, which may be well less than Amazon HR’s cost of hiring new employees.
Josh BersinIndependent HR analyst
In late 2018, Amazon HR’s talent acquisition team had more than 3,500 people. The company is interested in new HR tech and takes time to meet with vendors, said an Amazon recruiting official at the HR Technology Conference and Expo.
But Amazon, overall, doesn’t say much about its HR practices and that may be tempering the company’s influence, said Josh Bersin, an independent HR analyst.
Bersin doesn’t believe the industry is following Amazon. And part of his belief is due to the company’s Apple-like secrecy on internal operations, he said.
“I think people are interested in what they’re doing, and they probably are doing some really good things,” Bersin said. “But they’re not taking advantage of the opportunity to be a role model.”
WASHINGTON, D.C. — Government agencies face the same problems as enterprises when it comes to turning their vast data stores into useful information. In the case of government, that information is used to provide services such as healthcare, scientific research, legal protections and even to fight wars.
Public sector IT pros at the Veritas Public Sector Vision Day this week talked about their challenges in making data useful and keeping it secure. A major part of their work currently involves finding the right people to fill data analytical roles, including hiring data scientists. They described data science skills as a combination of roles that require technical, as well as subject matter expertise, which often requires a diverse team to become successful.
Tiffany Julian, data scientist at the National Science Foundation, said she recently sat in on a focus group involved with the Office of Personnel Management’s initiative to define data scientist.
“One of the big messages from that was, there’s no such thing as a unicorn. You don’t hire a data scientist. You create a team of people who do data science together,” Julian said.
Julian said data science includes more than programmers and technical experts. Subject experts who know their company or agency mission also play a role.
“You want your software engineers, you want your programmers, you want your database engineers,” she said. “But you also want your common sense social scientists involved. You can’t just prioritize one of those fields. Let’s say you’re really good at Python, you’re really good at R. You’re still going to have to come up with data and processes, test it out, draw a conclusion. No one person you hire is going to have all of those skills that you really need to make data-driven decisions.”
Wanted: People who know they don’t know it all
Because she is a data scientist, Julian said others in her agency ask what skills they should seek when hiring data scientists.
Tiffany JulianData scientist, National Science Foundation
“I’m looking for that wisdom that comes from knowing that I don’t know everything,” she said. “You’re not a data scientist, you’re a programmer, you’re an analyst, you’re one of these roles.”
Tom Beach, chief data strategist and portfolio manager for the U.S. Patent and Trademark Office (USPTO), said he takes a similar approach when looking for data scientists.
“These are folks that know enough to know that they don’t know everything, but are very creative,” he said.
Beach added that when hiring data scientists, he looks for people “who have the desire to solve a really challenging problem. There is a big disconnect between an abstract problem and a piece of code. In our organization, a regulatory agency dealing with patents and trademarks, there’s a lot of legalese and legal frameworks. Those don’t code well. Court decisions are not readily codable into a framework.”
‘Cloud not enough’
Like enterprises, government agencies also need to get the right tools to help facilitate data science. Peter Ranks, deputy CIO for information enterprise at the Department of Defense, said data is key to his department, even if DoD IT people often talk more about technologies such as cloud, AI, cybersecurity and the three Cs (command, control and communications) when they discuss digital modernization.
“What’s not on the list is anything about data,” he said. “And that’s unfortunate because data is really woven into every one of those. None of those activities are going to succeed without a focused effort to get more utility out of the data that we’ve got.”
Ranks said future battles will depend on the ability of forces on land, air, sea, space and cyber to interoperate in a coordinated fashion.
“That’s a data problem,” he said. “We need to be able to communicate and share intelligence with our partners. We need to be able to share situational awareness data with coalitions that may be created on demand and respond to a particular crisis.”
Ranks cautioned against putting too much emphasis on leaning on the cloud for data science. He described cloud as the foundation on the bottom of a pyramid, with software in the middle and data on top.
“Cloud is not enough,” he said. “Cloud is not a strategy. Cloud is not a destination. Cloud is not an objective. Cloud is a tool, and it’s one tool among many to achieve the outcomes that your agency is trying to get after. We find that if all we do is adopt cloud, if we don’t modernize software, all we get is the same old software in somebody else’s data center. If we modernize software processes but don’t tackle the data … we find that bad data becomes a huge boat anchor or that all those modernized software applications have to drive around. It’s hard to do good analytics with bad data. It’s hard to do good AI.”
Beach agreed. He said cloud is “100%” part of USPTO’s data strategy, but so is recognition of people’s roles and responsibilities.
“We’re looking at not just governance behavior as a compliance exercise, but talking about people, process and technology,” he said. “We’re not just going to tech our way out of a situation. Cloud is just a foundational step. It’s also important to understand the recognition of roles and responsibilities around data stewards, data custodians.”
This includes helping ensure that people can find the data they need, as well as denying access to people who do not need that data.
Nick Marinos, director of cybersecurity and data protection at the Government Accountability Office, said understanding your data is a key step in ensuring data protection and security.
“Thinking upfront about what data do we actually have, and what do we use the data for are really the most important piece questions to ask from a security or privacy perspective,” he said. “Ultimately, having an awareness of the full inventory within the federal agencies is really all the way that you can even start to approach protecting the enterprise as a whole.”
Marinos said data protection audits at government agencies often start with looking at the agency’s mission and its flow of data.
“Only from there can we as auditors — and the agency itself — have a strong awareness of how many touch points there are on these data pieces,” he said. “From a best practice perspective, that’s one of the first steps.”
LAS VEGAS –There appears to be no end in sight to the ambitious vision of AWS storage, especially when it comes to file systems.
During an interview with TechTarget, Amazon VP of technology Bill Vass said AWS aims to “enable every customer to be able to move to the cloud.” For example, Amazon could offer any of the approximately 35 file systems that its enterprise customers use, under the FSx product name, based on customer demand, Vass said. FSx stands for File System x, where the “x” can be any file system. AWS launched the first two FSx options, for Lustre and Windows file systems, at its November 2018 Re:Invent conference.
(Editor’s note: Vass said during the original interview that AWS will offer all 35 file systems over time. After the article published, Vass contacted us via email to clarify his statement. He wrote: “FSx is built to offer any type of file system from any vendor. I don’t want it to seem that we have committed to all 35, just that we can if customers want it.”)
AWS cannot support nearly three dozen file systems overnight, but Vass highlighted a new storage feature coming in 2020: a central storage management console similar to the AWS Backup option that unifies backups.
Vass has decision-making oversight over all AWS storage products (except Elastic Block Storage), as well as quantum computing, IoT, robotics, CloudFormation, CloudWatch monitoring, system management, and software-defined infrastructure. Vass has held CEO, COO, CIO, CISO and CTO positions for startups and Fortune 100 companies, as well as the federal government. Before joining Amazon more than five years ago, Vass was president and CEO of Liquid Robotics, which designs and builds autonomous robots for the energy, shipping, defense, communications, scientific, intelligence and environmental industries.
How has the vision for AWS storage changed since the object-based Simple Storage Service (S3) launched in 2006?
Bill Vass: Originally, it was very much focused on startups, developers and what we call webscale or web-facing storage. That’s what S3 was all about. Then as we grew in the governments and enterprises, we added things like [write once read many] WORM, [recovery point objective] RPO for cross-region replication, lifecycle management, intelligent tiering, deep archive. We were the first to have high-performance, multi-[availability zone] AZ file systems. Block storage has continued to be a mainstay for databases and things like that. We launched the first high-performance file system that will rival anything on prem with FSx for [high-performance computing] HPC. So, we ran Lustre in there. And Lustre gives you microsecond latency, 100 gigabits per thread, connected directly to your CPU.
The other thing we did at Re:Invent  was the FSx for SMB NTFS Windows. At Re:Invent this year, we launched the ability to replicate that to one, two or three AZs. They added a bunch of extra features to it. But, you can expect us with FSx to offer other file systems as well. There’s about 35 different file systems that enterprises use. We can support many – really anything with FSx. But we will roll them out in order of priority by customer demand.
What about Amazon Elastic File System?
Vass: Elastic File System, which is our NFS 4 file system, has got single-digit millisecond response. That is actually replicating across three separate buildings with three different segments, striping it multiple times. EFS is an elastic multi-tenant file system. FSx is a single-tenant file system. To get microsecond latency, you have to be right there next to the CPU. You can’t have microsecond latency if you’re striping across three different buildings and then acknowledging that.
Do you plan to unify file storage? Or, do you plan to offer a myriad of choices?
Vass: Certainly, they’re all unified and can interoperate with each other. FSx, S3, intelligent tiering, all that kind of stuff, and EFS all work together. That’s already there. However, we don’t think file systems are one size fits all. There’s 35 different file systems, and the point of FSx is to let people have many choices, just like we have with databases or with CPUs or anything like this. You can’t move a load that’s running on GPFS into AWS without making changes for it. So you’d want to offer that as a file system. You can’t move an HPC load without something like FSx Lustre. You can’t move your Windows Home directories into AWS without FSx for Windows. And I would just expect more and more features around EFS, more and more features on S3, more and more features around FSx with more and more options for file systems.
So, you don’t envision unifying file storage.
Vass: There will be a central storage management system coming out where you’ll see it just like we have a central backup system now. So, they’ll be unified at that level. There’ll be a time when you’ll be able to access things with SMB, NFS and object in the same management console and on the same storage in the future. But that’s not really unified, right? Because you still want to have the single-tenant operating environment for your Windows. Microsoft does proprietary extensions on top of SMB, so you’ll need to run Windows underneath that. You can run something like [NetApp] OnTap, which also runs on AWS, by the way. And it does a great job of emulating NFS 4, 3, and SMB. But it’s never going to be 100% Windows compatible. So for that, you’re still going to want to run the Windows-native environment underneath.
I’d love to have one solution that did it all, but when you do that, what you usually end up with is something that does everything, but none of it well. So, you’re still going to want to have your high-performance object storage, block storage, elastic file systems and your single-tenant file systems for the foreseeable future. They’ll all interoperate with each other. They all get 11 nines durability by snapshotting or direct storing. You’re still going to have your archive storage. You don’t really want an archive system that operates the same as the file system or an object system.
How will the management console work to manage all the systems?
Vass: Since we unified backups with AWS Backup, you can take a look at that one place where we’re backing everything up in AWS. Now, we haven’t turned every service on. There’s actually 29 stateful stores in AWS. So, what we’re doing with backup is adding them one after another until they’re all there. You go to one place to back everything up.
We’ll add a storage management console. Today, you would go to an S3 console, an FSx console, an EFS console and a relational database console, then an Aurora console, then an EBS console. There’ll be one system management console that will let you see everything in one place and one place where you’ll be able to manage all of it as well. That’s scheduled for some time next year.
I’ve been hearing from enterprise customers that it can get confusing and overwhelming to keep track of the breadth of AWS storage offerings.
Vass: Let me counter that. We listen to our customers, and I guarantee you at Re:Invent this year, each customer I met with, one of those services that we added was really important to them, because remember, we’re moving everything from on prem to the cloud. … There are customers that want NFS 3 still. There’s customers that want NFS 4. There’s customers that want SMB and NTFS. There’s customers that want object storage. There’s customers that want block storage. There’s customers that want backups. If we did just one, and we told everyone rewrite your apps, it would take forever for people to move.
The best things people can do is get our roadmaps. We disclose our roadmaps under NDA to any customer that asks, and we’ll show them what’s coming and when it’s going to come so that they can have some idea if they’re planning and when we’re going to solve all of their problems. We’ve got 2.2 million customers, and all of them need something. And they have quite a variability of needs that we work to meet. So, it’s necessary to have that kind of innovation. And of course, we see things our customers do all the time.
So, AWS storage is basically going for the ocean and aiming to get every customer away from a traditional storage vendor.
Vass: I wouldn’t say it that way. I’d say we want to enable every customer to be able to use the cloud and Outpost and Snowball and Storage Gateway and all of our products so they can save money, be elastically scaling, have higher durability and better security than they usually do on prem.
When you think of coding, your first thoughts might be about highly specialized technical know-how. But did you know that effective coding requires skills like creativity, innovation and collaboration too – all of which will be hugely important for the workforce of tomorrow?
According to Microsoft research with McKinsey, the fastest growing occupations, such as technology professionals and healthcare providers, will require a combination of digital and cognitive skills such as digital literacy, problem solving and critical thinking. Young people having access to learning tools to improve both these sets of skills is crucial – a fact non-profit organizations like JA Europe recognize through their work to get young people ready for the future of work. If young people are given the opportunity to develop their digital skills, the European Labor Market will see significant benefits when they move into the workforce. According to a LinkedIn Economic Graph report, AI Talent in the European Labour Market, training and upskilling ‘near-AI’ talent could double the size of the current AI workforce in the EU. It also found that AI skills are concentrated in a small number of countries and that this must be addressed to reduce the digital skills gap in Europe.
In conjunction with Computer Science Education Week which began yesterday and extends to December 15, Microsoft continues its multi-year commitment to Hour of Code, a global movement that introduces students to computer science and demystifies what coding is all about. Activities are running across Europe to fuel imagination and demonstrate how these skills could be used to solve some of the world’s biggest problems. As such, code has the power to turn anyone into an everyday superhero.
To bring this to life, Microsoft is inviting young people to ‘save the day’ through Computer Science. Created in partnership with MakeCode, a new Minecraft tutorial combines code, Artificial Intelligence and problem solving skills. It is inspired by various Microsoft AI for Earth projects and encourages students to use their critical thinking skills to plot where forest fires could happen, put plans in place to stop them with AI and ultimately save the Minecraft village!
Since 2012, Microsoft has helped more than 137,000 young people and educators in Europe through Hour of Code events and programs. And, as the end of the decade draws near, we are keen to support even more people to get into coding and show how it can change the world. If you’re looking to help your children or students become coding superheroes, we have developed two training guides – one for students and one aimed at educators – no cape needed!