This Week in Enterprise Tech Episode 500 Transcript
TWIET:This Week in Enterprise Tech Episode 500
This Week in Enterprise Tech
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca:
On This Week in Enterprise Tech, it's our 500th episode. We have Mr. Curtis Franklin and Mr. Brian Chee back on the show today. Now, we talk a lot about how much organizations actually spend on phishing attacks, but what if I told you they actually spend more on cyber attacks from unpatched systems? We're going to get into some of those and how much you can actually catch up. Some ways you can catch up.
Louis Maresca:
Now, plus, this is our 500th episode, so we have a great guest for you. They were on before, but lots have changed in the database as a service market. We have Andrew Davidson, he's SVP of cloud products from MongoDB on the show, and we're going to talk about the evolution of storage technologies and where the market is actually headed. You definitely shouldn't miss it. TWiET on the set.
Announcer:
Podcasts you love.
Announcer:
From people you trust. This is TWiET.
Announcer:
This is TWiET.
Louis Maresca:
This is TWiET, This Week in Enterprise Tech episode 500, recorded July 1st, 2022. Atlas on Cloud Nine.
Louis Maresca:
This episode of This Week in Enterprise Tech is brought to you by userway.org. UserWay is the world's number one accessibility solution, and it's committed to enabling the fundamental human right of digital accessibility for everyone. When you're ready to make your site compliant, deciding which solution to use is an easy choice to make. Go to userway.org/twiet for 30% off UserWay's AI-powered accessibility solution.
Louis Maresca:
And by Nuvei. Say goodbye to abandoned carts, poor approval rates, and high chargebacks with Nuvei, the platform fast-forwarding to the next generation of payments. Turn payments into powerful accelerators for your business at nuvei.com.
Louis Maresca:
And by Compiler, an original podcast from Red Hat discussing tech topics big, small, and strange. Listen to Compiler on Apple Podcasts or anywhere you listen to your podcasts.
Louis Maresca:
Welcome to TWiET, This Week in Enterprise Tech, the show that is dedicated to you, the enterprise professional, the IT pro, and that geek who just wants to know how this world is connected. I am your host Louis Maresca, your guide through the big world of enterprise.
Louis Maresca:
We're so glad you are here because we are celebrating the big 500. That's right, we are at TWiET's 500th episode, and we definitely won't disappoint you because we have quite the show. But I'm going to need to bring in the professionals. That's right, I'm going to bring the professionals and the experts to help me out here, starting with our very own, Mr. Brian Chee. He's net architect at Sky eFiber and all around tech geek.
Louis Maresca:
Cheebert, you've been there since the beginning, how does it feel to be at 500?
Brian Chee:
Yeah, it's pretty awesome. We've had some amazing shows and what's cool is we actually managed to convince Tim Titus I think at the 200 and 300 mark to bring a cake. It was pretty cool.
Louis Maresca:
I missed the cake.
Brian Chee:
PathSolutions was awesome. I've actually talked in their booth a couple of times and it was a lot of fun. We've seen some amazing technology being shown off and we've seen a lot of companies that have since merged. It's kind of cool watching the industry change as time goes on.
Louis Maresca:
What sticks out for you? What do you think sticks out for you from an interview perspective maybe?
Brian Chee:
Well, actually I think my favorite thread, I'm very big into virtual desktop infrastructure, which is now called Managed Desktops. We interviewed Airacom, we interviewed Awingu, we've had a lot of conversations with the VMware folks, and I believe we had Citrix, and the way virtual desktops have changed is really interesting. Especially the gateways. The gateways I think are the biggest change and the coolest trend that we've been tracking over the last decade and how much easier it is than when we started.
Louis Maresca:
Yeah, I agree. I agree. Thanks Cheebert for being here. We couldn't do the show without you.
Louis Maresca:
Now, it's always refreshing to also have our senior analyst at Omdia and our security enterprise expert, Mr. Curtis Franklin. Curtis, it's been quite the journey over the last 10 years on TWiET. What's your favorite moments?
Curtis Franklinn:
Well, I think my favorite moments are probably going to go down as those where we have had some remarkable women on the show. We are in an industry that for all of its virtues still is far more European and male than any of us would like to admit. So for the times that we've been able to play a small role in moving things forward by having some, as I said, incredible women in tech, including our co-host, Mo, I really love those times. Those have been really special. Looking forward to lots more of that in the future.
Louis Maresca:
I agree. I agree. Now I feel like every episode we get a different background. That's a pretty neat background back there. Is there anything you've added so far for this show?
Curtis Franklinn:
Yeah. This is actually no fake. This is what my messy office looks like. I like-
Louis Maresca:
Collection.
Curtis Franklinn:
I like typewriters, and so you see everything. I've got both the oldest and the newest sitting next to each other over here. We've got the 1929 wide carriage next to the Selectric II, a couple of great correspondent model portables here. Then something from my distant past over this shoulder, that brown thing there over the head of the squirrel, that is from a gray iron foundry. That was a tool that was used to pack the sand into the green sand molds. I actually worked in foundries very early in my career and I appreciate having those little reminders of times when I spent my days messing around with liquid metal in large quantities.
Louis Maresca:
Indeed. Thanks Curtis for being here. Well, speaking of reminders today is a very special episode indeed with episode founder. We're going to talk actually celebrate with a great guest and we're going to have some pretty interesting topics as well.
Louis Maresca:
Now we've talked a lot about how much organizations spend on phishing attacks and all ransomware attacks, but what if I told you that more of the cyber attacks that are out there are actually from unpatched systems. That's right. It isn't a drop in the bucket either, from Log4Shell vulnerabilities that continue to be the bane of the organization's existence or some of the other issues out there. We'll definitely go through those and even maybe even provide you some solutions there.
Louis Maresca:
Plus, as I promised for our 500th episode, we have a super great guest. We've had him on before but the market has changed quite a bit in the database as a service market. We have Andrew Davidson, he's SVP of cloud products for MongoDB on the show today. We're going to talk about the evolution of storage technologies and where the market is actually headed.
Louis Maresca:
Lots of stuff to talk about there so definitely stick around. First, like we always do, we do have to go jump in through this week's news blips.
Louis Maresca:
Stealth or sleeper malware is more dangerous than some of the known strains out there. According to researchers from Lumen Technologies' Black Lotus Labs, they've identified at least 80 targets, 80 targets, that have been identified and affected by malware, including Cisco, NETGEAR, Asus, and DrayTek devices. Now given the name [Zarot 00:08:06], the malware is a remote access trojan that's actually part of a broader hacking campaign that dates all the way back to the fourth quarter of 2020. Now, due to stealthiness, the campaign is actually still active.
Louis Maresca:
What makes the malware so unique is the complexity of it. It's really complex. It's actually a custom built malware for the MIPS architecture and compiled for small business and home office routers. The key thing that it's able to do is actually enumerate all the devices connected to the infected router and collect the DNS lookups and the network traffic they send and receive between the two. It can then do this by not actually being detected.
Louis Maresca:
Now the campaign is actually compromised of at least four pieces of malware put together by four pieces of malware. Now three of them are actually custom written. The first piece is a MIPS based Zarot, which actually resembles a Mirai internet of things malware. Now Zarot actually often gets installed by exploiting unpatched vulnerabilities in the soho devices. Once installed, it uses DNS hijacking and a HDTV hijacking to cause devices on the network to install other malware. Remember I said it is really sophisticated. Really sophisticated.
Louis Maresca:
Now two of those malware pieces dubbed C-bacon and go-bacon, or go-beacon, C-beacon and go-beacon, not bacon, are actually custom made. The first one's written in C++ for Windows and the other one's written for Go for cross compiling for Linux and macro S devices. Now for flexibility, Zarot can also, in fact, connected devices with the widely used Cobalt Strike hacking tool.
Louis Maresca:
You may be asking, how do I get rid of this thing once I have it? Well, even if you reboot the device, this malware can survive. Simply restarting the infected devices will actually remove the Zarot exploit partially because the files are actually stored in temp directories. But to fully recover infected devices should be factory reset at the very least. That's if the device hasn't been infected with other malware. Now, I would say if your device is infected with this particular one, your best bet might be the trash.
Curtis Franklinn:
Hey, did your new candidate for that software dev job look really good? Was their interview on Zoom pretty much? Perfect. Are you sure? This week the FBI Internet Crime Complaint Center or IC3, warned of increased activity from fraudsters trying to game the online interview process for remote work positions. According to this advisory, criminals are using a combination of deep fake videos and stolen personal data to misrepresent themselves and get jobs in a range of work from home positions, including information technology, computer programming, database maintenance, and other software related positions.
Curtis Franklinn:
Since getting the job does mean doing the work. The advisory was a little fuzzy on what they hoped to gain from the subterfuge, though it did note that almost all the positions applied for by these criminals had some level of corporate access to sensitive data or systems. Given that, the experts believe that one of the more obvious goals is to get a criminal into a position to infiltrate an organization for anything from corporate espionage to common theft.
Curtis Franklinn:
It's worth noting that criminals are using stolen personal information to help improve the believability of the faked video. Even so, the deep fakes aren't perfect yet. The advisory notes that the actions and lip movements of the persons seen interviewed on camera don't always completely coordinate it with the audio of the personal speaking and at times there are big actions like coughing, sneezing, or other auditory actions that aren't aligned with what you see visually.
Curtis Franklinn:
Now those glitches are good news for the good guys. In the future, researchers hope to use the progress that they're making coming up with detection and countermeasures for deep fakes. For example, in May a team developed a framework for detecting manipulated facial expressions in deep fake videos, a framework the team hopes can be part of commercial security products on the market within the next two years.
Brian Chee:
Hackster.io brought up a really interesting new device. I'm really big into embedded systems and the IP40 standard for embedded systems basically is environmental in nature. I've had more than my fair share of embedded computer systems, ,single board computers burn up because they're exposed to the bright Hawaiian sun all day and they overheat and die.
Brian Chee:
Anyway, this is a new Edge Control board. Arduino has launched a kit designed to make its Edge Control board a little more robust, offering an IP40 rated enclosure with an onboard LCD and button interface for quick status updates.
Brian Chee:
Arduino unveiled the Edge Control last year, aiming the board at agricultural automation and other industrial control tasks. The heart of the Edge Control is a Nordic semiconductor nRF528040 system on chip powered by an ARM Cortex-M4F CPU running at 64 megahertz with a meg of onboard flash, two meg of external QSPI flash and Bluetooth connectivity.
Brian Chee:
Now IP40 and [inaudible 00:13:44] mounts are the bread and butter of industrial control systems and getting away from the older register based PLC systems into true micro code will hopefully help create a much more secure industrial control environment and make it a whole lot easier to update firmware to patch vulnerabilities.
Brian Chee:
When I was involved with photovoltaic monitoring project, the biggest challenge was IP40 compliant devices that could take customer software for features that didn't exist yet. We ended up with raspberry pies at first, but with the high heat of the Hawaii sun, our failure rate was massive. What we needed was a more robust computing platform capability in a true IP40 system. What this type of system can mean is dramatically more robust and flexible systems for farmers, factories, energy control, you name it. Combined with long range communication systems like LoRa we may very well see a renaissance of command and control systems out in the field.
Louis Maresca:
Now I thought our 500th episode needed some more forward looking technology as well. According to Harvard John A. Paulson School of Engineering and Applied sciences, they have had a breakthrough in sound waves where they were able to control and modulate sound waves using an electric field inside a computer chip.
Louis Maresca:
Now, what does this mean for the real world applications? Well, the breakthrough could have a broad impact on the fields of actually quantum computing and classical computing which normally relies on electrons for data to be actually transmitted.
Louis Maresca:
Now, typically classical computer chips transmit and process data by modulating electrons. This is done via transistors, of course, and encoded data in the computer language of ones and zeros. Now they are normally represented by either high current or the other by low current.
Louis Maresca:
Now acoustic waves are slower than electromagnetic waves of even the same frequency, but that's not necessarily a bad thing according to the team behind the new device. That's because short acoustic waves actually are easy to confine in nanoscale structures and they have strong interactions with the system in which they are confined. Now, this could make them very valuable for both classical and quantum applications.
Louis Maresca:
Now what the team uses is lithium niobate to build an on chip electroacoustic modulator that's very sophisticated that controls the acoustic waves on the chip. Now the modulator applies an electric field to control the phase and amplitude and the frequency of the sound waves. Previous acoustic devices were passive, but now this is an electrical modulation to actively tune to actually acoustic devices.
Louis Maresca:
Now this might sound like science fiction to you, but you might be surprised how close this is to becoming a reality. Now watch out in the next five years, this is becoming a reality for high performance acoustic wave circuits for next generation microwave signal processing on a chip.
Louis Maresca:
Well, folks that does it for the blips. Next up, the bites. Before we get to the bites, we do have to take a really great sponsor of This Week in Enterprise Tech and that's UserWay.org. Now every website without exception needs to be accessible. I have made it my mission to ensure all applications and sites are accessible and it makes it so every person out there can actually use it equally.
Louis Maresca:
Now it's not always an easy task because there are many things you actually have to focus on to get it right. Well, UserWay is amazing. UserWay is an incredible AI powered solution, tirelessly enforces the hundreds of WCAG guidelines for you. In a matter of seconds, UserWay AI can achieve more than the entire team of developers can in months.
Louis Maresca:
At first, it may seem overwhelming to make your website accessible, but UserWay solutions make it simple, easy, and cost effective. Now you can use their free scanning tool to see if your website is ADA compliant. If you have an enterprise level website with thousands of pages, UserWay offers a managed solution where their team can handle everything for you.
Louis Maresca:
Now, UserWay's AI and machine learning solutions ha powered accessibility for over a million websites, trusted by Coca-Cola Disney, eBay, FedEx, and many other leading brands out there. Now UserWay is making its best in class enterprise level accessibility tools available to small and medium sized businesses as well and they can scale with you. In fact, UserWay is the leading accessibility solution in the market today with a market share of 61%. That's the biggest in the world.
Louis Maresca:
The private financial news and investor advisor The Motley Fool had 1,911 pages on their website and over 20 million page views. They were already structured for accessibility, but their development team was spending a lot of time keeping the site up, updated to the current standards. Now they use UserWay to add an extra layer of accessibility to ensure their browsing experience is accessible to everyone.
Louis Maresca:
Now for years, UserWay has been on the cutting edge creating innovative accessibility technologies that push the envelope of what's possible with AI, machine learning, and computer vision. Now UserWay's AI automatically fixes, automatically fixes, violations at the code level. Here are some of the things they can do. They can actually autogenerate image alts. It writes image descriptions for you. Remediates complex nav menus and ensures that all popups are accessible. Fixes really vague link violations and fixes any broken links. Plus it ensures your website makes use of accessible colors while remaining true to your brand. UserWay gives you a detailed report of it all of all the violations that were fixed on your website.
Louis Maresca:
UserWay is a platform agnostic and integrates seamlessly with WordPress, Shopify, Wick, Sitecore, SharePoint and many more. Now let UserWay help your business meet its compliance goals and improve the experience for your users.
Louis Maresca:
The voice of Siri, Susan Bennett, has a message about UserWay.
Susan Bennett:
Hi, I'm Susan Bennett, the original voice of Siri. You won't hear me say something like this too often, "I'm sorry. I don't understand what you're looking for," but every day that's what the internet is like for millions of people with disabilities. UserWay fixes all of that with just one line of code.
Louis Maresca:
UserWay can make any website fully accessible and ADA compliant. With UserWay everyone who visits your site can browse seamlessly and customize it to fit their needs. It's also a perfect way to showcase your brand's commitment to millions of people with disabilities.
Louis Maresca:
Go to UserWay.org/twiet and get 30% off UserWay's AI powered accessibility solution. UserWay, making the internet accessible for everyone. Visit UserWay.org/twiet today. We thank UserWay for their support of This Week in Enterprise Tech.
Louis Maresca:
Well folks, it's time for the bites of our 500th episodes. Now organizations are constantly trying to find ways to battle phishing attacks, whether it's ransomware or other vulnerabilities out there as well. However, a lot of the vulnerabilities in their systems and network just may come from something else. That's right, it might actually stem from unpatched systems.
Louis Maresca:
Now Dark Reading wrote about a new report by a security firm, Tetra Defense, and they analyzed incident data from the first quarter this year and found that actually 82% of successful attacks came from unpatched vulnerabilities and exposed services like RDP.
Louis Maresca:
Now only 18% were actually from social engineering techniques where employees ended up being the entry point. Now that's a little less interesting, unfortunately, but it's still the means for the entry points. Now, unfortunately, their data also showed that proxy shell exploit on the Microsoft exchange services accounted for actually a third of the external breaches while RDP accounted for a quarter. That's a lot. Now these are all known vectors. That's right. Remind you of these are actually known vectors.
Louis Maresca:
Now, in addition to all of this, there's also the log4shell bug, which actually received a ton of media coverage out there, we've talked about it a bunch, which actually counted for 22% of the breaches.
Louis Maresca:
Now targets in the industry did show that healthcare was at the top of the list. In fact, there were 20% of the compromise that were out there. Finance and education was second at just 13%, and 12% for manufacturing. So the usual suspects that we talked about before.
Louis Maresca:
However, that doesn't mean that your business isn't a target too. In fact, the firm also found that the usual suspects as threat actors were out there as well, ones that have normally attacked regular businesses as well. That's LockBit 2.0, BlackHat, Conti, and Hive, which are responsible for almost half, if not half, of all compromises infected by the firm.
Louis Maresca:
Now there's lots to talk about here, like for instance, misconfiguration, default user name and password, vulnerable device in the system, so I'm going to bring my co-host in in a second. But I do want to bring out some very interesting statistic here that they brought out.
Louis Maresca:
The one thing that struck me as a saving grace here that was nearly 80% of the incidents actually could have been prevented by instituting MFA. Maybe they should have taken our advices from previous episodes. I don't know, just saying.
Louis Maresca:
All right, guys, I want to bring you in because this is a very interesting article that brings out some high level statistics that show that organizations are still living in the wild with vulnerabilities even though they've been warned a hundred, maybe a thousand, maybe 10,000 times.
Louis Maresca:
I want to bring in Cheebert first. Cheebert, this is a very good example of how organizations need to obviously pay attention more to patching, but is there any help out there for them? Can they be helped?
Brian Chee:
This is actually not as hard as a lot of people think. In wandering around and doing a lot of different work around the industry, my personal opinion, this is a thumbnail, is the biggest excuse is we can't afford to take the system down to patch. It's like, "Excuse me, have you even heard of things like Layer 4 load balancing? Heck a lot the Linux Apache MySQL PHP stack, the LAMP stack, actually has load balancing built right in. So there really isn't a whole lot of excuses on why you can't take down one of the web servers, maybe it's an ecommerce site or something, take one down, do the patching, bring it back up, make sure the patches work, make sure they're acceptable, and then rotate through all the different machines that are load balancing. Well, not so hard.
Brian Chee:
Heck, way, way, way back, probably 20-plus years ago, I reviewed a bunch of Layer 4 load balancing switches from Foundry Networks, and That allowed me to load balance across multiple web servers very easily.
Brian Chee:
The reality is they are excuses. You can architect this in so that you can take machines down and do your patching. It's not that hard. It takes planning, it takes some purchasing, but is it better than getting a breach? I personally think this can be prevented. MFA is a good one, but load balancing is not rocket science anymore.
Brian Chee:
Anyway, I'm going to throw it back to you guys. What do you think?
Louis Maresca:
Yeah, I think this is a tough one. I think we hear a lot about organizations. In fact, I've worked with organizations, they sit on old servers, old technology till it's either right at the end of life or end of service or it's sometimes over that. Organizations, they don't even look or even try to patch those things, so sometimes they catch it just in time, but sometimes they don't. I think this is an interesting problem that we see all over the industry.
Louis Maresca:
Now Curtis, I'm going to throw this to you because you work in security all the time, there's got to be some solutions out there for these organizations that are exposing these machines, these devices that are unpatched, right? There's got to be something?
Curtis Franklinn:
Oh, there are tons of solutions out there for patch management. I would say there'd have to be somewhere between 25 and 200 different solutions that are available to organizations.
Curtis Franklinn:
Here's the thing, we're not talking about people who have not patched a zero day in the last two weeks. When you dig into a lot of these unpatched system breaches, you're finding that the criminals are exploiting unpatched vulnerabilities that are five, seven, ten years old. So not only are the companies running 10 year old software, they're running unpatched known vulnerable 10 year old software. Frankly, there really isn't an excuse for that.
Curtis Franklinn:
Now I will note that there's one category of application that was on the list that is its own thing and that's medical devices. In the case of medical devices, the software that runs on the device is part of the FDA certification for the device. So if they make a significant change in the software, they have to go through a complete FDA process again, and that's enormously expensive. It's not surprising that a lot of companies, a lot of the vendors, don't want to do that.
Curtis Franklinn:
The trick there is to come in and when healthcare organizations know this is the case they have to provide additional software, things that are on a layer outside the devices within the network architecture.
Curtis Franklinn:
We're talking about in many cases vulnerabilities that can be found through a moderately competent Shodan search. This is not something that criminal masterminds are finding. If you're in something like the medical world, you know what your challenges are. If you're not, if you're in normal run of the mill IT, patch your bloody systems. This isn't hard. It's a known process. There are known tools to make it easier. The people who know how to take advantage of it are sitting there just waiting for you to continue to be lazy. Don't do that.
Louis Maresca:
Yeah. I've seen organizations, lots of posts about different organizations out there, using services that will take, for instance, they'll scan for services and open devices for technology build materials, they'll go and catalog all their versions, and they'll determine if things are behind, if they need to be patched or if there's patches out there, but I can't imagine they're able to find everything. But again, I think these types of services need to be used by organizations, or these pieces software need to be used by organizations, because it forces their hand to do something. It gives them at least a starting point, a jump off point to do it.
Louis Maresca:
I think most of them are sitting on things, using things for years, where they just say it works, so why fix it? I think that's a common theme amongst organizations.
Louis Maresca:
Now Cheebert, you've talked a little bit about the potential that there are some services out there that are on the list that can really help with things. Is there anything that comes to mind that might be like, oh yeah, I've seen people use this or that that really helped them along the way for this?
Brian Chee:
I don't know. Do a Google search. There's so many out there.
Louis Maresca:
25 to 200 sounds like a pretty good selection there so they should at least try do something.
Brian Chee:
Yeah. You know it can't be mega expensive because the university I used to work for, the University of Hawaii, actually forces this. If you have a publicly facing service of any sort, you are actually required at least annually to do a vulnerability test. It's going to go on probe to see if it can open things up. If a university can afford to do it, why can't you? That's what I keep asking. Because universities are notoriously cheap.
Louis Maresca:
Right.
Brian Chee:
I got forced into it, I wasn't very good at it, but I did usually make my annual deadline to make sure of the service. Even though I knew there wasn't any PII on the server and I knew there wasn't any other things on the servers, we scanned them anyway just because we actually had one case where we had a very early server, it was actually running on a Silicon Graphics machine, and someone managed to get in and start hosting all kinds of stolen, basically pirated, movies on it, and we didn't know about it.
Louis Maresca:
Geez.
Brian Chee:
Just because it was a science machine didn't mean it couldn't have been someone get in and start putting other stuff on it. So you really ought to be scanning anything, even if you're just doing one to one NAT or something like that and you're going through a firewall with an IDS IPS, it still is a good practice, scan it and make sure.
Louis Maresca:
Right. Right.
Louis Maresca:
Curtis, I want to throw this to you before we close up here, because you made a good point here in the chat and I wanted to bring it out. Obviously a lot of people are thinking, "You know what? I need to stop managing this myself because, one, it's too expensive, one, I know how to do it well, and finally, I need to be compliant. I need to do something that's compliant and the only way to do that is potentially not do it myself." Is this just the whole purpose to move to some managed providers that are out there?
Curtis Franklinn:
Well, this is certainly one of the big arguments in favor of managed service providers. They take care of keeping the software up to date, both the software that they may write for the application that's doing and all of the underlying software. Third party dependencies on software is one of those rabbit holes that can lead you into topsy-turvy land real quickly. It can very quickly and easily become the case where you can justify going to a cloud service provider solely on the basis of their maintenance of the code base and keeping the software up to date. There may be others, but for a lot of companies just pulling the updating out of the my employee bucket is plenty of justification for letting someone in the cloud take over.
Louis Maresca:
Indeed. Indeed. Good advice. Thank you, guys. Well, I think that does it for the bites, because we do want to get to our guest, but before we get to our guest, we do have to thank another great sponsor of This Week in Enterprise Tech, and that's Nuvei, tomorrow's payment platform designed to accelerate your business.
Louis Maresca:
Is your payment provider holding your business back? Well, Nuvei's next generation payment technology not only boosts conversions, reduces fraud, and increases approval rates, but works seamlessly with your existing tech stack. You can easily connect to Nuvei's platform via a single API integration, really easy now. With Nuvei's agile platform, it will enable your business to add new payment methods, enter more markets, and meet evolving customer demands so you can stay ahead of the curve.
Louis Maresca:
Nuvei offers more than 550 alternative payment methods, including crypto currency with local payment solutions around the world in 150 currencies. Nuvei offers local acquiring in 46 countries in more than 200 global markets. The customers also benefit from payout options, card issuing, banking, and fraud management services as well.
Louis Maresca:
Nuvei can handle any high demand peak event. They're always on approach ensures 99.999% uptime and they offer flexible ala carte solutions that are tailored to your needs.
Louis Maresca:
Nuvei is the payment partner for some of the world's leading brands, global brands out there. Wicks, Valve, Draft Kings, General Motors, Valentino, Crypto.com, and many, many more.
Louis Maresca:
Now with future proof technology and dedicated team of 24/7 365 human support professionals, Nuvei prepares your business for whatever comes next. Say goodbye to the abandoned carts, poor approval rates, and high chargebacks with Nuvei, the platform fast forwarding to the next generation of payments. Turn payments into powerful accelerators for your business at Nuvei.com. That's N-U-V-E-i.com. Nuvei, tomorrow's payment platform.
Louis Maresca:
We thank Nuvei for their support of This Week in Enterprise Tech.
Louis Maresca:
Well folks, we have a fantastic guest for the 500th episode to share some knowledge with the TWiET riot. Today we have Andrew Davidson ,he's SVP of cloud products from MongoDB.
Louis Maresca:
Welcome to the 500th episode, andrew.
Andrew Davidson:
Thank you so much, Lou. Good to be here. I couldn't be more proud to be joining on your 500th episode. I've watched most of them over the years. Almost every single one, if you can believe it. I didn't make a cake though now I'm regretting.
Louis Maresca:
Where's the cake, Andrew? Where's the cake? Thanks for being here.
Andrew Davidson:
Totally. Totally.
Louis Maresca:
We've talked with Mongo before. It brings a bunch of interesting topics along and we have a lot more to talk about there. But before we get to that, we have quite the diverse audience out there. It's made up of people from all different experience levels. They love to hear people's origin stories. Can you take maybe a short journey through tech and what brought you to MongoDB?
Andrew Davidson:
Totally. Yeah, so I have an unusual story in that here I am in MongoDB's world headquarters in New York City, but I'm actually originally from Silicon Valley, so I've done the reverse. Of course, the Silicon Valley that I grew up in was a very different one than today. When I was growing up, it was a hardware valley, it was all about semiconductors. I followed that, I studied physics and I saw this transition to software starting to eat the world and, guess what, followed that trend.
Andrew Davidson:
When I was trying to figure out where's my journey in software going to go, I spent some time at Google, but it just wasn't... It was a great experience, but it was too high up in the stack for me, frankly. I was thinking, "How do I find something that is more physical but still in the software world a little bit?"
Andrew Davidson:
I feel really lucky, frankly, that about 10 years ago I moved to New York and I found this wonderful company, MongoDB. Very early days in MongoDB's journey then. A company that is dealing with state for developers. State of course being fundamentally something that pushes down to the metal and is ultimately physical, and it's distributed system too, which makes it even more physical.
Andrew Davidson:
It's been a wonderful journey for me since that time. I've been front and center on our move into fully managed database service in the cloud, something called MongoDB Atlas. It makes me think of what Curtis was just saying. A perfect segue as we talk about the value of managed services.
Louis Maresca:
Yeah, we do want to get to Atlas because I think it's a very interesting service and it actually provides a lot of things to organizations.
Louis Maresca:
Let's talk about database as a service first, because I think it's a hot market in there, right? I want to get to some stats really quick. There's some stats recently from one of the big stack companies out there. The US cloud database market for databases as a service is estimated at 3 billion for 2021, 3.8 for this year, but it's actually projected, has a compound annual growth rate of 21.7% to be 10 billion by 2027. That's a big growth rate just for the US market.
Louis Maresca:
For the global market, we're right around 18 billion this year, has a 19.7% growth rate. That means 45 or 44.5 billion by 2027. That's a huge market. That's sending us a lot of signals about where the trend is going with database as a service.
Louis Maresca:
Now if you look at it, there are actually some big players in this market, right? Obviously MongoDB being one of them. There's AWS. There's Azure. There's Google Bigtable SAP. I can go on for a while. What I'm getting at here is it's really hard for anyone out there that's building an application or migrating their data to really determine where they need to go and what they need to do.
Louis Maresca:
I want to throw that to you first is just maybe talk about if I'm an organization, let's say I'm a bank called Pseudo Bank or something, and I have millions of customers and I do lots of transactions and I have some data already, maybe on some of the traditional SQL relational databases, and I want to move to a cloud database. What do I look for? What do I do first?
Andrew Davidson:
Great question. Yeah, look, we conceptualize MongaDB Atlas as a developer data platform. We think it's so important to center on developers because the needs of developers are really what's driving costs and complexity of building software today, and software today is the lifeblood of every company.
Andrew Davidson:
If you think about those legacy relational databases, that technology actually goes back to the 1970s at a time in which there was a different bottleneck in computing. The bottleneck was actually the cost of storage. You could throw lots of people at the problem because you needed to have this extremely expensive machine that was taking up a large chunk of a room. When you flash forward to today, I always ask people, "What do you think the key cost bottleneck in computing is today?" I would argue it's fundamentally developers' minds.
Andrew Davidson:
That thesis, this idea that developers should feel like sorcerers and be able to project the data that they conceptualize in their code, which is always going to be object style and documents, to have a data platform that treats that in a first class way, that's what MongoDB's core thesis has always been about.
Andrew Davidson:
Atlas takes that in the fully managed manifestation across the big three clouds and brings in a lot of extra capabilities. The support for a wide variety of workloads, operational, transactional, analytical, and search all ubiquitous use cases so that you can build any type of application and power the features of your applications natively in the same platform. Not needing to bolt on other systems or laboriously move data to other systems, et cetera.
Andrew Davidson:
So it's a whole different model that flips it on its head that's fundamentally anchored on that developer ability to move fast and preserve. Not everyone knows this, but MongoDB, since about four to five years ago, introduced multi document asset transactions. So we're powering now some of the largest transactional workloads in the world.
Andrew Davidson:
We've got these great digital native companies like Auth0 and Avalara doing authentication and tax management, respectively, but we've also got traditional legacy enterprises doing massive things on our platform. Wonderful companies in telecom like Vodafone and financial services players like Wells Fargo, all speaking publicly at our MongoDB world event that just happened in New York City.
Louis Maresca:
So you brought up some good technologies there. I think I've followed Mongo for a while, several years, and I love that it's an extensible platform. It allows the developers to have integrated with a diverse set of applications that are already out there. There's lots of different application types, like I was talking about a bank software or something like that.
Louis Maresca:
I think one of the biggest things is you have native support built in, there's the time series data support for IOT. Brian would really like that. There's some change streams for supporting use cases for ecommerce apps, that kind of thing. We just talked a little bit about it, blending developer tools with the cloud service experience, that's Atlas.
Louis Maresca:
I want to ask, where are you guys heading? We're seeing a lot of great things, I'm just curious where it's going.
Andrew Davidson:
Yeah. I mean, to me, this developer data platform vision is all about ensuring that we keep expanding the aperture of what's possible. What that means is what people are building with and the expectations of modern applications and modern software are rising and rising. We have 150,000 registrations every month, to keep it in perspective.
Andrew Davidson:
So think about these mind boggling hundreds of thousands of applications being built, all powering experiences and software on top of software that none of us can imagine yet. The idea there is we're going to keep getting pulled by our customers to solve more and more problems for them so that they can move faster and faster and stay governed and move fast.
Andrew Davidson:
So you'll see us keep leaning in. With search, we just launched faceting capabilities with time series densification and gap filling, with data visualization going deeper and deeper in our embedded MongoDB ready data visualizations that you can put those right into your applications, and the ability to synchronize data from mobile and edge devices all the way back up to MongoDB Atlas seamlessly without having to deal with all this laborious network management in the mix. It's all about moving up to the right level of abstraction for these builders and you'll see us just keep pushing on that.
Andrew Davidson:
In the enterprise they need to go beyond that. In the enterprise, it's how do you do this in a governed way and enable the build out of this app dev assembly line that stays within a controlled and reasonable baseline? That's where having a really secure foundation, great security defaults built in so people can't shoot themselves in the foot, authentication everywhere, TLS network encryption everywhere. Why let people do anything that could turn any of things off? Encryption at rest everywhere.
Andrew Davidson:
Then the big thing that we announced at MongoDB World is queryable encryption, something that's truly a first in industry thanks to the cryptography research that we've brought in house from Brown University, which is a really exciting one.
Louis Maresca:
Cool. Brown is right up the street. Very cool.
Louis Maresca:
I'm going to leave security because I know that Curtis and Brian are jumping at the bit here. I'm going to get to them in just a moment. One question before I get to ad and then bring those guys in. I want to talk a little bit about analytics. I know from analytics, having worked on Cosmos DB, actually I am the owner of Access at Microsoft, I worked on SQL before, I know for a fact that when you do analytics it takes a lot of compute power and you want to try to avoid these huge queries and these joins to because they cause a lot of load on the server.
Louis Maresca:
What's what's Mongo doing here? Because I know a lot of analytics is important to organizations to be able to produce really good insights, whether it's for the C-suite or if it's just a business who has just put their data up there for their application and they don't want to have to go build them themselves, essentially. What's what's going on on Mongo's side?
Andrew Davidson:
Great question. We like to conceptualize this in sort of two buckets. The first is in application analytics or applications that are real time powering experiences for consumers or end users or software on top of software, which is more MongoDB's traditional bread and butter. Here, we've got a very rich aggregation framework that pushes down. You can think of it as almost writing a function that pushes down to the database that's built for the MongoDB data model that can take advantage of all the rich indexes that are in place.
Andrew Davidson:
MongoDB is a distributed system for high availability, but that also allows us to have these special replicas, we call them analytics nodes, that you can drive those analytics queries on without disrupting your operational workload. We call that the workload isolation.
Andrew Davidson:
We go further than that, though, beyond sort of the traditional in-app analytics. We've announced at MongoDB World that we're going to be introducing column store indexes later this year. This is going to lead to 20x speed up for those classes of queries.
Andrew Davidson:
We also expand the aperture and think about the broader data life cycle too. It's not just about the application, it's not just about developers, there's business analysts and others that expect to query data that might be a little bit colder or snapshots of data that are being exported. We just launched our fully managed Atlas Data Lake which takes extracts on a schedule and pulls that into object storage economics. You can do ad hoc querying. We launched our data federation capability for querying across different clusters, being able to pull together and build these read only views.
Andrew Davidson:
Finally, we launched something called Atlas SQL, which actually allows you to provide those people that aren't developers, don't want to be thinking in this true document native model, and really want to bring those traditional business intelligence style ways of interacting with data with a translation layer that does a pretty dog-gone on good job of translating SQL down into MongoDB's native data model for read only experiences.
Louis Maresca:
Right. Right. I love that. I love that. I love translation systems, reusing knowledge that you have, being able to still be able to do similar things that... Familiarity, but still using a technology that's scalable on the back end. I love that. That's great.
Louis Maresca:
I do want to bring my co-hosts back in soon, but before I do, I do want to thank another great sponsor of This Week in Enterprise Tech, and that's Compiler, an original podcast from Red Hat discussing tech topics big, small, and strange.
Louis Maresca:
Now Compiler comes to you from the makers of Command Line Heroes, another of our sponsors, and is hosted by Angela Andrews and Brent Simoneaux. Now the technology can be big, bold, and bizarre and complicated, and Compiler unravels industry topics, trends, and the things you've always wanted to know about tech through interviews with the people who know it best.
Louis Maresca:
Now on their show, you'll hear a chorus of perspectives from the diverse communities behind the code. Compiler brings together a curious team of Red Hatters to tackle big questions in tech like what's a technical debt, or what are tech hiring managers actually looking for, and do you have to know how to code to get started in open source?
Louis Maresca:
Now, episode two covers what can video games teach us about edge computing? Now the internet is a patchwork of international agreements and varying infrastructure, but there's something coming to change the ways we connect. Now in the episode, Compiler hosts explore what edge computing could mean for people who actually enjoy video games and what this form of entertainment can teach us about the technology.
Louis Maresca:
Now, episode nine, how are tech hubs changing? Traditionally, if someone wanted a career in tech they had to make it and move it to a tech hub or a city packed with startups and talent, but things are starting to change and the hosts of Compiler speak to a few of the change makers who are thinking outside of the physical and social dimensions we've come to associate with innovation.
Louis Maresca:
I really enjoyed the edge computing episode. I've listened to it and they did an amazing job actually distilling down what edge computing is and just how practical applications make it seem more accessible. So really great episode.
Louis Maresca:
Learn more about Compiler at red.ht/twiet. New episodes are out now. Go and download them at any time and be sure to check back for new shows. Listen to Compiler on Apple Podcasts or anywhere you listen to your podcasts. We'll also include a link on this episode's show page.
Louis Maresca:
My thanks to Compiler for their support of This Week in Enterprise Tech.
Louis Maresca:
Well folks, we've been talking to Andrew Davidson. He's SVP of cloud products from MongoDB. Thank you so much for being here, andrew. I want to bring my co-hosts back in. They, of course, security, I saw them pep up right away. I want to listen to you guys direct.
Louis Maresca:
Curtis, first security question?
Curtis Franklinn:
Sure. One of the things that we've seen cause a lot of problems is databases that are created and left open to the internet or databases that are open to the internet for a specific purpose and then left open. On the one hand, you want to increase the power of a system by allowing the developers to do pretty much anything that they have in their little heart's desires. On the other hand, you can build some guide rails in which help them keep things safe but may limit them in some circumstances.
Curtis Franklinn:
So how is MongoDB negotiating the path between those two extremes helping people to write applications that don't just hand over all of their data and still allowing them to create the powerful applications that they want and need to create?
Andrew Davidson:
That's a great question, Curtis. Over the years when MongoDB was predominantly software that you downloaded and ran yourself, we definitely learned that lesson, that folks would download MongoDB in incredible numbers, I mean, hundreds of millions of downloads over time, and some of the time they would put those databases up in situations in which they weren't following all the best practices.
Andrew Davidson:
Over the years, we've enhanced the way the software defaults are configured to ensure that, for example, the database only listens locally when configured that way. Now as a general rule when it comes to our MongoDB enterprise software, and certainly in the context of MongoDB Atlas that I was saying before, we've never had, as far as I'm aware, a customer that left themselves open. Atlas makes it impossible for you to disable authentication, to disable encryption at rest, and disable encryption over the wire, and to disable built in auditing capabilities. There's a built in network firewall, et cetera.
Andrew Davidson:
In the self-managed software paradigm there's simply no denying that there's more on the user. Just like we were talking about at the beginning of your show today, the user has to be able to manage. Now MongoDB, being a distributed system, going back to what Brian was talking about, since it's a distributed system, you can do the rolling replacements of the software and not have to ever experience downtime, which makes it very patch ready, configuration ready. But again, so many customers that we've experienced are moving up that level of abstraction and saying, "I want all of that managed for me." State is the hardest part to manage, hardest part to deal with, why not go up a level of abstraction. We're seeing that trend over time as they adopt Atlas and the managed service.
Curtis Franklinn:
Well with that managed service are you finding that the application building model is changing to one of assembling applications more than writing applications? To the extent that you are seeing that, in your opinion, does that tend to make for more secure apps because it's being built of modules that have been vetted or does it just create more potential software dependencies that lead us down security rabbit holes?
Andrew Davidson:
It's a super interesting question because I wouldn't say it's that people are like using a GUI and assembling apps in a sense that isn't being written. Almost on the contrary, the nature of something like Atlas is while you can use the user interface to deploy and then you can go write your application, you can also now through a single API call or a Terraform call or a CLI manage your stateful infrastructure so easily. You can set up those workflows like restoring a production environment into a staging environment and then changing the data there to run your staging environment.
Andrew Davidson:
I think what you're seeing is you can now put more and more of the whole app dev assembly line in code. So you're writing more software than ever, but what that does is it brings in the full value of change management code reviews. So you can up level I think just the level that is manually configured and move to a level that's more governed as a general rule.
Andrew Davidson:
But of course, that also means you might be assembling in more and more managed service components. You might use Atlas for the data tier and something like EKS or AKS or GKE for a fully managed Kubernetes stateless app tier from one of the hyperscalers, and having each of those be managed and used together and being able to declare it all in APIs is very powerful abstraction.
Louis Maresca:
Thanks. Brian?
Brian Chee:
Well, I'm really big into IOT and we've deployed lots and lots of things and one of the challenges we had was we always ended up having to write some middleware so we could have an encrypted link back to a server in a data center which would then talk to the database. I've seen so many instances where people are talking directly to the database and they're just using something that's relatively weak. TCP Wrappers was really, really common.
Brian Chee:
I heard you talking a little bit about some work you're doing with Brown University and I'd love to hear more about what you are thinking as far as getting access to the database, but in a secure manner.
Andrew Davidson:
Sure. I mean, there's so many different levels to this. Before I talk about the queryable encryption concept that you were just getting at, the fact that you're talking about devices makes me want to talk about the fact that we have this device sync capability which allows you to write an application using something that we have called Realm, which is our device database, and actually have that data synchronized back with end to end TLS out of the box TLS network encryption and to be able to basically do read or writes on either end and have that client device have the same state. Irrespective of whether there's connectivity, it'll all get back in sync later on.
Andrew Davidson:
But totally different from that, which is more of a device use case, to answer your question on what we're doing with Brown University, this queryable encryption, the whole idea there is I should be able to in 2022, at least for parts of my data, the data of the highest classification level, and this could be subsets of my schemas, it doesn't have to be the entire document by any means, for those subsets or sub documents or fields in my document schemas that are the highest classification level where I don't want to even trust the provider, I don't want to trust the managed service provider, I don't want to trust the cloud provider, I don't have to if I can encrypt it before it goes into the managed service into the database service in Atlas.
Andrew Davidson:
So with queryable encryption the idea is you're encrypting it in your application tier before it goes into the database, but you can still push down a subset of the query capabilities of a normal database query that are now expressed using this concept of queryable encryption.
Andrew Davidson:
Now, I want to be clear, this is a multi-year undertaking to continue to evolve the classes of queries that can be done. Today, we could do point queries. You'll see us over time start being able to do range and predicate match queries, all taking advantage of this groundbreaking research that is coming out of that lab at Brown University in the field that's referred to as structured encryption.
Brian Chee:
Wow, that sounds awesome. In fact, that would be amazing for a project I worked on for the Department of Defense. Before the CAC card came out, the concept was have a military ID and have the ability to do encryption on various pieces as someone goes through a gate, as someone goes into an office building, as someone opens doors.
Brian Chee:
Now, all super cool, I'd love to see more of this, I'm going to do some looking, but why don't we talk a little bit about best practices? There are lots and lots of people with databases that can be directly queried. There's lots and lots of people that write middleware. In your mind, from especially talking to your customers, what are the best practices for remotely accessing databases, whether it's in the cloud or on-prem?
Andrew Davidson:
Sure. Yeah. I mean, as a general rule, it's all about security in depth. I loved hearing you guys mention MFA. Obviously that's more for a control plane, but it goes without saying that that makes perfect sense. For the data plane itself, it's so important that you have the firewall in the mix, but you should never feel like that alone is what's protecting you.
Andrew Davidson:
I think a lot of the legacy security mentality was sort of this idea that once I got through the walls of the city I'm now off to the races. No, we're in this be beyond corporate or trustless security model now where you want to hope that you do have the wall there, but if something gets through, you're still doing the access checking every step of the way. So database authentication is so critical. You need to have the database authentication.
Andrew Davidson:
Ideally you have a modern way of rotating those credentials. We have a HASICorp Vault Integration, for example, but you can also do things any number of other ways, but you just need to make sure you're using database authentication. Of course, you also need to be using TLS network encryption over the wire. You never want someone who can see your network traffic to make sense of it.
Andrew Davidson:
It isn't as though with SCRAM authentication, for example, a password ever gets sent over the wire, but still if you're not using TLS people can look at what data you're transferring over the internet. So my suggestion is you shouldn't even have to be thinking about these words. You shouldn't need to think about TLS. You shouldn't have to think about SCRAM. Ideally you're using a technology that just forces you to use those things so that all of the ecosystem around it just makes that easy.
Andrew Davidson:
That's what we do in Atlas. There's just no question, you have to use the database user and a password or a certificate of some kind to authenticate, and you have to use TLS and it's fully managed with certs that are generated from a trusted certificate authority for use. You don't even have to think about it. That to me is the future is to move to a model in which it's just out of the box there.
Andrew Davidson:
Because you guys earlier were talking about these sophisticated companies that are not patching. Well, think about when you have hundreds of thousands of new applications being built by new developers coming up today, they're not going to be able to have that sophistication to even get the chance to spend time at University of Hawaii to learn how to do that patching necessarily. The only way that can really work for I think our society is if these services make it so that we can all feel relatively secure in context of that all happening,
Louis Maresca:
Right. Man, time flies when you're having fun. I'll tell you, it just flew past. Andrew, thank you so much for being on our amazing 500th episode. Super super interesting stuff. Unfortunately, we're running low on time. I did want to give you maybe a chance to tell the folks at home where they can learn more about Mongo, Atlas, maybe even where they can get started.
Andrew Davidson:
Absolutely. You can sign up for MongoDB Atlas today. We have a free forever free tier for you to build your next idea. I think the whole idea is you just get in there and start writing your applications and having a lot of fun. It's a great canvas for you to build on. We look forward to having you.
Louis Maresca:
Fantastic. Thanks for being on our 500th episode.
Andrew Davidson:
Couldn't be more proud to be on the 500th. Thanks so much, everybody.
Louis Maresca:
Take care.
Louis Maresca:
Well, folks, you've done it again. 500 times. That's right, you've done it again, sat for another hour of the best thing in enterprise and IT podcast in the universe. Definitely tune your podcaster to TWiET. We're so proud of 500.
Louis Maresca:
I want to thank everyone who makes this show possible, especially these guys, the amazing co-hosts and my friends, starting with the very Mr. Curtis Franklin. Curtis, tell the folks at home where they can find all of your work and maybe what's going on for you the coming week.
Curtis Franklinn:
Well, if you're looking for me the next couple of weeks I'm going to be heads down because I've got a large piece of research that's going to be coming out at Omdia. It's a market tracker for cybersecurity awareness training. Then after that, I'm going to be launching into research on risk quantification and management. That's going to be fun.
Curtis Franklinn:
In and around all of that, I'm going to be attending AWS Reinforce in Boston this month. I'm going to be at Black Hat and DEFCON for either of those. I'd love to see the good folks in the TWiET riot. You can always find me over at Dark Reading in the Omdia tab, on Twitter at KG4GWA, and feel free to follow me on LinkedIn where I write some articles, do some videos, have all kinds of fun. I'd love to see you there.
Curtis Franklinn:
Thanks for watching. Thanks for keeping us able to do this for 500 episodes and counting.
Louis Maresca:
That's right. Thank you, Curtis.
Louis Maresca:
Well, we also have to thank Mr. Brian Chee. He's not only our co-host, but our producer as well. Cheebert, we couldn't do the show without you. Can you tell the folks at home where they can get in touch with you and maybe where people can find you and what you're up to?
Brian Chee:
If you don't mind listening to my rants every once in a while, you're more than welcome to find me on Twitter. I am A-D-V-N-E-T-L-A-B, AdvanceNet Lab, on the Twitter. You can actually see the underwater observatory that I work on. It's three miles underwater.
Brian Chee:
It's been lots of fun. I've done some rants. You can see a great picture of the four musketeers there. Oliver was not able to make it on this show today, but that's all right, we'll have him back. We always like having our TWiET curmudgeon, right?
Brian Chee:
Anyway, life is good. You're also more than welcome to toss me some email if you've got some questions or some suggestions. I am Cheebert, spelled C-H-E-E-B-E-R-T, @twit.tv. You're also welcome to throw email twiet@twit.tv, and that'll hit all the hosts. We'd love to hear from you and all kinds of good stuff.
Louis Maresca:
Thank you, Cheebert.
Louis Maresca:
It's great to have you guys as always. Well, we also have to thank you as well. We have to thank you because you allowed us to go to 500 episodes. You were the ones that support us each and every week. You drop in, you get your enterprise and IT goodness.
Louis Maresca:
We want to make it easy for you to watch and listen, to catch up on your enterprise and IT news, so go to our show page right now, twit.tv/twiet. There you will find all the amazing backups. There's all 500 of them over there. You'll find all the show notes, the co-host information, and the guest information, of course, and of course the links to the stories that we do in the show.
Louis Maresca:
More importantly, next to those videos, you'll also find the subscribe and download links. The important ones there. Support the show by getting your audio version or your video version of your choice and listen on any one of your podcast applications. Podcatchers, Apple Podcasts, YouTube, you name it, we're on there. Subscribe. Support the show.
Louis Maresca:
Plus you also may have heard Club TWIT. We also have Club TWiT. It's a members only ad free podcast service with a bonus TWiT plus feed that you can't get anywhere else and it's only $7 a month. I mean, come on, it's cheap. You get all these podcasts with no ads.
Louis Maresca:
There's a lot of great things about Club TWIT. One of them is the exclusive access to the members only discord server. Plus you can chat with hosts and producers, you can have separate discussions with channels, plus special events are on there. Cool events. Really fun stuff. Lots of great discussions. Definitely join Club TWiT, be part of that movement at twit.tv/clubtwit.
Louis Maresca:
Now you guys also know Club TWiT has corporate group plans as well. That's right. It's a great way to keep your team access to our ad free top tech podcast, plus the plans start with five members at a discount rate of $6 each per month and you can get as many seats as you'd like. It's really a great way for your IT department, your developers, your sales team, your tech team to stay up to date with access to all of our podcasts. It's just like regular memberships, you join the twit discord server and you also get that TWiT plus bonus feed as well. So definitely join Club TWiT at twit.tv/clubtwit.
Louis Maresca:
Now, after you subscribe, you can impress your friends, your family members, your coworkers, with the gift of TWiET. We talk about a lot of fun tech topics on the show and I guarantee they will find it fun and interesting as well. I've shared it plenty of times with lots of people, whether it's conferences, at work, at family meetups, you name it. Subscribe, share it, and we'll definitely get them on there as well.
Louis Maresca:
Now, if you've already subscribed and you're available on Fridays at 1:30 PM Pacific time, we do the show live, that's right, live, at twit.tv. All the streams are there. Come see how the pizza is made. Come see how the show is run. Come see all the behind the scenes, the banter before and after the show. Lots of fun stuff we do here, so definitely join the show live.
Louis Maresca:
If you're going to watch the show live, you might as well jump into the chat room live as well. It's irc.twit.tv. We have amazing people in there. We love our chat room. Lots of great discussions, lots of great characters. Some reoccurs, some new ones every week, so definitely come in and join the chat if you're going to watch the show live at irc.twit.tv. Thank you, everybody, really appreciate all your support.
Louis Maresca:
Now definitely hit me up at twitter.com/loumm. There I post all my enterprise tidbits, some rants, just like Brian said, so definitely check me out there. But also direct message me, send me some show ideas. We have some great conversations.
Louis Maresca:
In fact, I just had great conversation on direct message today about hacking health. In fact, I found a guy that's close to me up here that's thinking about doing something similar so might just have to put together a team. But we have a lot of great conversations and you should definitely hit me up there.
Louis Maresca:
Plus, if you want to know what I do at my normal Workday at Microsoft, you can check that at developers@microsoft.com/office. There it is, lots of great ways to customize your Office experience to make it more scalable and more performant and more productive for you to definitely build applications, build macros, you name it, build add-ins right there on that page. Definitely check that out and all the ways you can do that.
Louis Maresca:
I want to thank everyone who makes this show possible. It's hard to name everybody, but I'm going to try. I want to especially thank Leo and Lisa, they continue to support This Weekend in Enterprise Tech each and every week and we couldn't do the show without them, so thank you for all your support over the years. I want to thank all the engineers and staff, marketing people at TWiT. Thank you guys for all your support.
Louis Maresca:
Also, thank you to Mr. Brian Chee one more time. He's not only our co-host, but he's our producer. He does all the show bookings and the plannings for the show and we really couldn't do it without him, so thank you Cheebert for all your support.
Louis Maresca:
Of course, I want to throw this over to Ant, too, because Ant, he's our TB for today, but he's also a talented host at TWiT. We've done a lot of episodes together already. Anything that stands out to you from an episode perspective?
Ant Pruitt:
Well, Mr. Lou, the more I listen to you guys talk about the enterprise, the more I'm so glad I'm not dealing with all of the security stuff that y'all battle. Holy moly, man. I do not miss that. But again, congratulations to you all on 500 episodes. It's been fun being a part of this and I got your whiskey for you.
Louis Maresca:
Oh. Ooh, what's that? Oh, that's a pretty glass. Is it like this one?
Ant Pruitt:
That's a Glencairn. Beautiful stuff. Congratulations, gents. Here's too many more.
Louis Maresca:
Full, yeah. I need to get something in there. But that's cool. That's cool.
Louis Maresca:
Well, I wanted to think Anthony, who's our editor, as well. He's the guy that helps us behind the scenes. Kevin, Anthony, Victor, thank you guys for over the years.
Louis Maresca:
Ant, I wanted give you a chance because I love your show, Hands-On Photography. I learn something every week. What's going on this week on the show?
Ant Pruitt:
Well, this week, sir, we were talking about starting your photography business. People, they're picking up their phones, picking up their cameras because photography is so much more accessible now and some are curious about starting the business. So I walked through some of the ins and outs and the headaches of getting started, but it can be totally worth it if you put in the work.
Louis Maresca:
Fantastic. I definitely have to watch that episode.
Louis Maresca:
Well, thank you, and until next time, I'm Louis Maresca just reminding you if you want to know what's going on in the enterprise, just keep TWiET.
Jason Howell:
The world is changing rapidly. So rapidly, in fact, that it's hard to keep up. That's why Mikah Sargent and I, Jason Howell, talk with the people making and breaking the tech news on Tech News Weekly every Thursday. They know these stories better than anyone, so why not get them to talk about it in their own words. Subscribe to Tech News Weekly and you won't miss a beat every Thursday at twit.tv.