Challenges of AI in Cloud Computing with Justin Brodley

Episode Summary

In this episode of Screaming in the Cloud, Corey Quinn reconnects with Justin Brodley, Senior Vice President of Cloud and Technology at Blackline and host of the CloudPod podcast, to discuss the ongoing changes within cloud computing, specifically the intense focus on artificial intelligence (AI) and its repercussions on traditional cloud infrastructure. Justin shares insights from his recent experience at Google Cloud Next, discussing how the AI hype is reshaping cloud service strategies. Additionally, their conversation explores the cultural and strategic shifts within Google and Microsoft, examining their impact on the broader cloud computing landscape.

Episode Video

Episode Show Notes & Transcript

Show Highlights: 

(00:00) - Introduction 
(01:45) - Justin's take on Google Cloud Next 
(03:56) - The investor-focused nature of the recent Google Cloud Next conference
(06:16) - How multi-cloud strategies are forming enterprise tech decisions
(08:18) - Over-reliance on AI in critical business functions
(15:08) - The lack of foundational cloud services and the risk of overemphasizing AI 
(19:36) - Leadership changes at Amazon and their impact on the company's direction
(21:50) - Growth of Amazon's ad revenue
(27:16) - The importance of cloud services in today’s tech world
(30:51) - Concerns about security practices and responsiveness in cloud services
(37:19) - The need for Security in user training and corporate policies
(41:13) - Closing remarks and where to find Justin

About Justin: 

Justin Brodley is the Senior Vice President of Cloud and Technology at Blackline and the host of the CloudPod podcast. With a strong background in building innovative DevOps teams and enhancing revenue growth through strategic compliance and innovation, Justin is adept at driving customer satisfaction and operational efficiency. He has extensive experience designing and deploying scalable systems, managing costs effectively, and implementing positive cultural changes across various sectors, including cloud computing, ITIL, infrastructure, and more. Justin is also an engaging mentor and a recognized voice in the cloud community through his podcast, found at

Links referenced: 



Justin: You know, you can't have a single role that uses a bunch of services. You run out of, you run out of ability to add that to the policy. It just doesn't work.

Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn, and I am joined by a guest who it's been a while since I've spoken to. Justin Brodley is now the SVP of Cloud and Technology at Blackline and also the host of the CloudPod. Justin, it feels like it's been a month of Sundays since we've spoken formally.

How are you?

Justin: Uh, I'm doing great. You know, I remember your early days of streaming in the cloud, I think it was episode six or seven or maybe even eight. And you had me on and we talked about, uh, you know, being a corporate prisoner in the world of cloud, which was a fun conversation, but, uh, still a corporate prisoner in the world of cloud.

Corey: But now it's become normalized.

Justin: Yeah. Now it's normal. Now everyone's in the cloud and stuck there.

Corey: Meet Prowler Open Source. Designed for the hands on professional, Prowler empowers you with an open, transparent platform to conduct detailed security assessments and compliance audits across AWS, Azure, GCP, and Kubernetes.

Say goodbye to black box solutions and hello to a customizable security tool that grows with your infrastructure. Start with confidence knowing you're using the tool trusted by industry leaders. Visit frowler. com to get your first security scan in minutes. Now it's like, what's it like to be an ancient dinosaur who runs physical computers?

Like, yeah, turns out that that is not, strictly speaking, accurate. But it is the, the, the Overton window, the perceptual position has changed on society, from society on this thing.

Justin: Yeah, for sure. Uh, and you know, also if you're on the old dinosaur datacenter world, you're now paying extortionate prices to VMware, who I think you rightfully called the payday lender of technology for a long time.

And now it feels that way for sure with Broadcom. Thank you for that.

Corey: I'd forgotten I made that joke, but you're absolutely right. My comment nowadays is when we were younger and more foolish, we all used to pirate VMware, and then we all grew up and the pirates bought VMware.

Justin: Yeah, that's what happened, for sure, but yeah, that's a travesty in the making for a lot of companies I think this year as they're all dealing with macro climate and their VMware bills are about to go up.

In a dramatic way, uh, unfortunately.

Corey: For a few years, I've been a fan of Google Cloud Next because as I will frequently say, it is a great place to go hang out with AWS customers. And I got to hang out with you at Google Cloud Next in Las Vegas. This time though, because you are an actual Google Cloud customer, which is probably why I haven't seen you quite as much opining on AWS things, which.

Oh my God, you must feel so free and amazing, but let's start with talking about Next. How was it?

Justin: This is my second year going to Next. I did the one in San Francisco the year before, uh, at Moscone, which, you know, as all conferences now in San Francisco is terrible. And so moving it to Vegas, you know, you had to worry about, is it re invent, you know, small or cousin?

Uh, and it was, it was surprisingly good. It's a, you know, for their first attempt at Mandalay Bay and doing a conference in Vegas, they did a relatively good job. They have, you know, the growing pains and teething pains of the problems of that. Uh, you know, they use an arena for their keynote, which, you know, novel concept.

Amazon, could you please just book, you know, the Oracle Raider Stadium, Oracle and Raider Stadium, and just use that for your keynote instead of trying to shove everyone into a small room. So. Yeah, some things they did well, some things they did poorly. They'll make improvements. Yeah, an

Corey: example is that the arena staff were very clearly used to working with drunk sports fans.

And they, uh, like, I don't, like, my comment was at one point, I wondered if they wound up hiring specifically for people who were surly or if they had a training program to get them there in the, on the upfront. Uh, they also had logistical challenges, like, huh, when the keynote lets out, suddenly it's going to be impossible to get anywhere for 45 minutes.

So the next session starting five minutes later in the analyst summit, wasn't the best schedule attended thing as a result. But it was a, but these are growing pains and it's easy to get through. My concern, I had a suspicion this might be the case, in TK's keynote, he started off talking about AI and I kept waiting for him to talk about other things and it never really happened.

So I started dressing myself with a clown nose and a clown wig and a clown vest and a clown bow tie, just because by the, by the end I didn't want him to feel unsupported as the only clown in the room who wouldn't stop talking about AI. The funny stories I heard after the fact are that, uh, like it was a security found out that, Oh, this might be a challenge of, is this going to be something that, uh, that we have to worry about?

No, no, no. I'm not going to rush the stage. I'm just going to be unfortunately observant about a number of trends. And I was annoyed and confused by this until someone pointed out quite rightly that these performances, and that's what they are, are increasingly for investors, not for customers.

Justin: Well, and this is the second year that Google Next has been just overly focused on the investors and making the investors happy from an AI perspective.

I think last year was 160 some odd times he said AI on stage. This year was 111, you know, times that he said it. And so, you know, Google's very focused on where the investors care, which is not where I care as a customer about what they're investing in as much. But, uh, you know, I get those, you know, you're right.

There's stage performance. It's, it's all about investors making them happy and that, that. You know, Google's serious about cloud, if you didn't know.

Corey: Yes, which is why they spent very little time talking about cloud and a lot more talking about AI. I mean, the concern that I have, and maybe this is unfounded, maybe I'm not giving customers enough credit for sophistication, but they had giant billboards everywhere talking about the new way to cloud.

And my, my thought is, well, if you're one of the large organizations that has just signed one of their highly publicized 10 year cloud deals, which is kind of built definitionally on the old way to cloud. Is this a concern? I mean, it's not like Google has a track record of losing interest in things and dropping the thing that they're currently selling in favor of the thing that they're building or anything.

Like, does it, is this an actual concern for you as a serious company doing serious things on Google Cloud?

Justin: You know, it comes up, you know, customers will ask me about it, you know, when they find out we're on Google cloud and, you know, go, well, aren't you worried they're going to cancel it? And, you know, they just have their earnings this last week, you know, they 25 billion in revenue from the Google cloud business.

It's a hundred billion dollar run rate business. It would be surprising to me at this point in time, if they were to back away from it, but, you know, you always want to have some contingencies, you know, we do have a bit of a multi cloud strategy, you know, through acquisitions, we've picked up, you know, Amazon web services.

We picked up Azure. Uh, and so, you know, we have our foot in all three clouds, even though our majority of our spend and majority of our workload runs on GCP, we have options. And as we think about more multi cloud, we're thinking more in the right way at a multi cloud is. You know, pick the right cloud for the problem you're trying to solve and use that one.

And if you're using Google for big data and AI and, and Kubernetes, you're probably having a pretty good time on, on Google Cloud. Uh, if you're trying to do managed services or you're trying to do Microsoft licensing, maybe less so.

Corey: The enterprise story functionally is regardless of the interesting experiments that you're doing in, in the cloud environment, in the overwhelmingly common case, you still have a giant mountain.

of EC2 and, or VM equivalent, and our database, RDS, and data transfer, and S3, or object store, and great. And then there's a long tail of other stuff, and, I mean, AWS does the same thing. Even before they got this AI addiction to talking about things that they aren't shipping yet. They, uh, They did not give a whole lot of time to EC2 just because running VMs in a provider's environment is no longer top of mind interesting to most people.

I mean, I find it fascinating. One of my absolute favorite parts of reInvent every year is the Monday night live with Peter DeSantis, which is improperly named. It should properly be named Surprise Late Night Computer Science Lecture with Professor DeSantis. And I am totally there for it. I come out of that thing three times smarter than I went in, which is odd because they often serve beer in it.

Like, that is the stuff I care about, that is the stuff that is substantive and interesting and I can learn wonderful new things. But then the machine learning stuff has always been a little on the strange side. And don't get me wrong, customers are using AI in a bunch of different ways, they're just not necessarily going as all in on it as the hype would have people believe.

Justin: Yeah, I think we're, how often now can you recognize ad copy that is clearly written by AI?

Corey: I actually do have trouble with that, uh, because I, it turns out that I cannot, just like, it's, it's like the park ranger story where it's so hard to build bear proof containers, bear proof trash cans, because there's significant overlap between the smartest bears and the dumbest tourists, and I feel that same way with the best AI marketing and the worst human marketing also have significant overlap.

Where I, like, I don't know if it's because a computer wrote it, or it's just bad copy, but I don't like it regardless. Uh, but if there, frankly, I guess what that means, if there is great, there are great things being written by AI, it's sneaking past my filter and I'm not aware of it.

Justin: Yeah, I don't think it exists.

I think that's the problem. I think the AI generated content sticks out like a sore thumb.

Corey: I've been using it myself for the newsletter, but when I say that, everyone gets very nervous, until I complete the thought, which is, I use it to generate the, the placeholder text. For any given event. And sometimes it has a very funny turn of phrase that I'll use either there or somewhere else.

Uh, once or twice it has come back with something objectively horrifying. Like there was one, um, AWS blog post about two months ago where it mentioned a woman who was doing an interesting work and its comment was and it took a while to get my prompt dialed in so it mostly sounds like me But you want to talk million mile miss, good news, the thing that's about to spike massively are Google image searches for, and then they put the woman's name in there, and it's no, no, no, no, no.

We do not sexualize people because they happen to be a woman. This is a professional space. No. Now, if that had gone out in the newsletter, I would not have a newsletter anymore and probably not a company either, rightfully so. But it didn't because I don't send AI output on filtered to the outside world.

Because I am not a fool. And that is, I think, where some of the worst expressions of AI are getting it wrong.

Justin: I agree with you. I think people are overly confident in it. And, you know, I think Amazon Q, they just had in their announcement, they were talking about National Australian Bank, you know, accepting 50 percent of the recommendations from Q developer.

And I was like, well, that's a bank that I don't necessarily want to use a business with right now. Because if you're accepting 50 percent of the code suggestions. That are being written by AI right now. I think you're in a lot of trouble because the code that's generating is not great.

Corey: And let's be very clear on something here, that their metric for accepting of a suggestion from AI and what that actually looks like are not what people think they are.

Very often, when I'll tell it, it'll automatically generate out an IAM role in the CDK when I'm building something out. Great. It is hilariously and comically wrong. I mean, Horribly so. Like, there are things that, there are condition keys that don't exist, for example. But you know what it did get correct?

Bracket symmetry, parenthesis symmetry, the indentation is right there, and yeah, then I can accept the dumb suggestion, but then change the actual words to be something that isn't absurd. That is, I think, a very different thing than, Yeah, I'm just gonna tab complete my way through my job.

Justin: Uh, but I, you know, again, take the time, build the personality into your AI like you're doing at the newsletter, and then filter and edit and be a strong editor.

You know, you're probably one of the 1 percent people doing that. Most people are taking AI at face value in the wrong way. And the resulting, and I think where we're heading, I think we're on a rocket ship to the trough of disillusionment on a bunch of this AI stuff.

Corey: I live in the trough of disillusionment about everything.

Like, I'm the guy still waiting for the, uh, year of Linux on the desktop. I'm still waiting for containers. I'm still waiting for, um, For cloud, I'm still waiting for this and AI. This one is like AI and Linux containers on Linux desktop in the cloud. It's going to be year 2025. I'm sure of it, but it's, it's a, I'm used to being disappointed because I am cynical.

That's what running, or I'm not being, I'm not disappointed because I am cynical. I expect the least. So all my surprises are pleasant. That comes from being an ops person.

Justin: So I think it's gonna be interesting to see as these companies, like, you know, realize how limited what we have is. I mean, ML's been around for 10, 10, 15 years now at this point.

And my joke on the CloudPod all the time is, uh, you know, AI is how ML makes money. That's the, that's our running gag about this is that it's the only way they've been able to make money on ML for years is by now rebranding it as AI and Gen AI. Um, but the same limitations are there. The cool stuff that you can do, like recognizing cancer and images and those things.

Those are very strong pattern recognition matches. But when you get into like truly creating software, truly creating, uh, you know, words on a page and these things, it's so limited and how it interprets it that you see the limitations in the transformer model so quickly that I think people will see those issues.

And that's how, like, I recognize AI generated content now, because It uses certain phrases and certain things that no, no person uses in a common conversation, you know, like, oh, you know, the candor of the gentleman at the table was amazingly bright. Like, you know, it's just like, no one talks that way. Like, this doesn't make sense.

So unless you take the time like you're doing to tune it, You're going to have people who are constantly dealing with that.

Corey: Yeah, I'll use odd words here. Someone said Delve. Like, I use the word Delve periodically, but it's not going to be three times in a paragraph. Like, that is where it starts. The wheels fall off.

Uh, it feels almost like it's a modified form of Gell Man amnesia with Gen AI across the board. Which, for those who aren't aware, is when you read a newspaper article about something you know well, and you spot all the mistakes and how little the journalist understands about the area that you know a lot about, but then you completely forget that the next time you're reading about International relations or the Middle East crisis, and suddenly you're taking everything they say at face value.

AI is very good at filler and surface level content, but as soon as you start delving into it, see, there I go, you wind up with a, you wind up with a, oh, this thing doesn't actually make sense and know what it's talking about. Now, a disturbing amount of the world gets by on surface level nonsense for things, and that is true.

That is the way the world works. I'm not crapping on that. I use it to give me templates for reports and policies and things that might not necessarily be the most important. Uh, I somewhat recently for a billing thing I was doing, had to come up with a example of a DR policy. Like, great. How do you do it for billing stuff?

Well, the data is originally sourced from Curr, which lives in S3 buckets that Amazon places there. If that data goes away, the cloud has become free for you for that month. So, I think that there's a very different story going on then. You don't actually need to back that up to a third party. Explaining that in a way that makes sense for just a, basically, check the box for an insurance policy thing.

Great. Here's the baseline thing. I explained the constraints and it put it into policy framework because they like policy. Long documents and not bullet points. And we iterate on that going forward. But I don't have it write the thing and then email it on my behalf. That is insane.

Justin: Yeah, that's crazy time.

Don't do that. I use it this year to help me write my reviews, which then I then had to edit quite heavily because, you know, you give it a list of like, here's what the person does well, and here's the person does bad, and like, write me a review on that. And it produces, you know, a bunch of filler content, which is fine, but then you have to make it, you know, sound like you, which is always sort of the fun part.

Corey: There are times where I want to write an email, but I don't want to be bothered to write the eight paragraphs that the, that it requires to do it right. Uh, for example, one of my better prompts is, Respond to this email with the following sentiment, uh, in a tone that is either wildly enthusiastic or witheringly sarcastic, but is difficult, or if not impossible, to figure out which.

And it understands the assignment more often than not. I, I tweak it a little bit, but it's a But that's the sort of thing where in certain circumstances, but that's the effect I want to get across. It's terrific.

Justin: Well, you know, going back to Google Next, you know, there was AI at Google Next, but you know, there was other things that matter to you as a cloud practitioner.

Not in the keynote, there weren't. Not in the keynote, not in the developer conference, not in any of the things. And I think this is the big problem that Google has in particular, because they've got AI at us. And then you also have got, you know, Amazon trying to chase that as well. Azure is a little bit more metered in this, although they have the same problem.

Corey: Well, Azure is partnering with OpenAI, who is clearly the industry leader. So Microsoft's problem is stomping back from the wild over the top nonsense. Their GitHub division is refounding the company on AI, which is a scary thing to hear from the company that owns all of your corporate IP or holds their corporate IP and think they own it.

Uh, the, like, this is going to change the nature of humanity. And frankly, they're changing the keyboards that the 104 key keyboards can be 105 now, and with a dedicated copilot key. And that doesn't bug me in the least because it turns out that everything can remap it. Now I have one more button to tie to some meta function or whatnot through my keyboard remapping.

Great. I'll live with that.

Justin: The key is the, yeah, just everything wrong with Microsoft strategy on that. But, uh, you know, but my point, I think, is Uh, you know, as you look at these cloud providers, you know, Google's got a lot of, a lot of foundational pieces and fundamentals to rebuild still in their cloud.

You know, they're, they're still heavily partner focused. Uh, that they, you know, they don't have some of the basic things, like if you want to go get CIFS file servers, for example, to support your Windows workload on GCP, your answer is partner with NetApp, uh, whereas, you know, those of us in the data center business who want to get out of the data center business don't want to keep using NetApp or Palo Alto or these other vendors that they continue down this path with.

And so there, there's this issue with Next, I think, where we had to start talking about, like, It can't all be AI because if it's only AI and then AI falters or has bigger major issues or we run out of training data or any of the other things that we hear about AI. What else does Google have? What else does Amazon have?

And right now, that's all they're doing. That's not a lot of innovation beyond AI. And I think that's a risk for the cloud market in general.

Corey: It is. And the challenge is, especially with the one I deal with the most is obviously AWS. And suddenly you have a chatbot that pops up on its website that is LLM powered.

And it, if you ask it questions, it gives answers that occasionally are the sort of thing that if any AWS employee were to say them to me, Andy Jassy would personally drop out of a parachute out of a helicopter to fire them on the spot. Because that is so off brand and the rest. It makes up, it hallucinates, there's a polite way of lying.

And it, it just very convincingly talks about things that aren't real. And when you're not conversant with a thing, you don't necessarily catch it. When I ask it for a list of regions and it mentions the one in Greece, it's like, okay, that's interesting. I don't believe there is one in Greece because most people don't have a visceral awareness of where all the AWS regions are.

31, I believe now. Like, could I list them all off the top of my head? No. But when you tell me that there's going to be one in Duluth, I'm, that sounds suspicious. I don't recall there being one there. Let me look it up. And that is the stuff that can be dangerously misleading.

Justin: It's always weird too when you catch it in those lies.

Like I was, I was dealing with it the other day and I was trying to find out if this annoyance I had with some software, there was a feature request to fix my pain point. And so I asked and it's like, yeah, there's a GitHub issue related to your, your thing. And I'm like, cool, can you send me the link to that GitHub issue?

And then it comes back and goes like, well, actually, there's not a GitHub issue. But I'm like, but you just told me confidently that there was. And, uh, you know, those little things like, you know, you just lose confidence so quickly in the AI because of those type of gotchas and the hallucinations. And it's like, how do I trust you ever when I, you know, when it matters?

Uh, and I think that's, that's a risk for these companies. You know, you mentioned Andy Jassy, uh, and I, you're actually probably the best person I could ask about this. You know, it's, it's now been a couple of years since he's, uh, moved on from being the CEO of AWS to being the CEO of Amazon. And Adam Slipsky's come on to board.

I'm not sure that I would say that this isn't the bomber of Amazon. Like I, I'm not seeing the big picture for him about how he's going to drive that company to the future. And then, you know, coupled that with Adam being kind of, you know, less visible than Andy ever was. It makes me wonder, coupled with all the employee dissent there, like, are they on the, on the wrong side of a lot of stuff?

And are they going to be able to get out of this? Or do they need their Satya Nadella moment?

Corey: Uh, a lot in there. Let me begin by saying that I don't know that there was any way to avoid Amazon going from where it was when Andy took over, to where it is now. Bezos is not a fool. I suspect he saw some of the writing on the wall and decided that he would effectively, on some level, I don't, I don't mean to cast aspersions, I've never met the man.

But I wonder if it was, I'm gonna toss my good buddy Andy of 20 years under the bus to take the fall for this. The job of Amazon CEO is one of those jobs that is both impossible to do, And to someone in Andy Jassy's position, impossible to turn down. It's a, there is no way to win, there are only different ways to lose.

Uh, one of the better examples was when they killed their Amazon Smile charity donation program. I am certain there were reasons internal, and good ones, to do that. And there is context that cannot be shared publicly around that for a certainty. But the world never sees that, so to all the world, all it looks like is, well, Andy's here now, so he's gonna, first thing he's gonna do is stomp out that pesky philanthropy, which is absurd if you just accept that on its face.

Andy does a lot of philanthropic work. I admire the man deeply on a personal and professional level, let's be clear here. I know I dunk on the thing he built an awful lot that should not be misconstrued as anything other than More or less meet storytelling there. I have, he is, he's admirable. And the couple of times I've gotten to ask him questions, I have always come away with my head spinning at the implications of what he has said in response.

He's, he's, the man is brilliant. There's no way around that.

Justin: Yeah, I, I, he's brilliant on his own. I agree. It's just, it feels like Amazon is sort of in this, They're in the middle of the ocean without a paddle in a lot of ways on a bunch of areas from employee engagement, from Amazon, the store. I mean, the revenue doesn't say the story, but it, and Microsoft's revenue never was bad either.

Like in the Balmer era, you know, their revenues were fine. The stockholders were happy, but like they lost their identity between the Gates era and the Satya era. And I feel like we're sort of going through that same process with Amazon at this moment and not nothing against Andy, nothing against Adam.

They're boasting very smart, but they. They seem lost in a bigger picture of something other than we're chasing AI and hope AI is going to be the future.

Corey: If you've ever felt boxed in by your security tools, it's time to break free with Prowler Open Source. Tailored for security and cloud architects who demand control and transparency.

Prowler delivers with a robust suite of security checks and the flexibility to adjust them as you see fit. From CIS benchmarks to GDPR compliance, handle it all with a tool that lets you see under the hood. Join a community of experts making cloud security accessible and, as a bonus, understandable.

Don't just monitor your cloud environment, master it now at prowler. com. At this scale, Amazon's market cap far exceeds the GDP of I believe the majority of countries now. Ridiculous, but also true. They are effectively heads of state. And part of the challenge as well is that, you know this probably better than I do, but the, when you're at a certain level of executive seniority, you only really do two things.

You hire people to run different orgs who report to you. And then you set context. Everything else is done by power of that delegation. And some people are spectacular at it, some people are not. I, from my engineering background, I just think, well, I, I write code all the time and I could just jump in and do that job too by writing stuff.

They don't write a lot themselves. They, they have things written for them. They wind up weighing in and corresponding. They're literate, don't get me wrong. And they, they write, yes, but that, that is, that artifact output is not the core of what they do. And. I don't know what it takes to succeed in a role like that.

I would never be in a position to be offered a job like that, which is why I would never get so far as being able to turn it down. It wouldn't be presented to me, and that's a good thing for everyone. But it's a It's, I don't know what the right, what the right thing to do is, but some of these things are inevitabilities.

The market demands growth at all size, at all costs. And at Amazon's scale, there are precious few new worlds left to conquer. You can do things around the margins that I think are foolish. The fact that Google search, the Google search results have been decimated by ads. The Amazon search search list for products has completely gone the way of garbage because of the way people game these things in Amazon themselves.

And now we're starting to see ad experiments run in the AWS marketplace, which I'm sure is going to simply be more of the same. It makes a lot of money to do it. Advertising is, to big tech companies, past a certain point, a absolutely corrosive force. And I don't know how we fix it.

Justin: Yeah, that was, that was my big thing from the, this week, this month's earnings for Amazon was, I think it was ad revenue grew to 18 billion, something like that in the quarter.

Like, I mean, it's, it's a massive amount of growth for them. It's growing faster than Amazon web services is for them at this point. And that is fundamentally detrimental to the long term customer obsession that they say as part of their leadership principles. And so it's, it's just sort of, again, these.

It's an interesting inflection point. I think we're going to look back at this era of Amazon and Apple, and maybe even some of the other companies out there and say, like, they were really on the wrong side of a bunch of stuff.

Corey: If you were to spin off AWS as its own company, And then ask me to reason about that company.

There are a hell of a lot of worlds left to conquer. I can come up with ideas for days, and I am not particularly creative in that particular way. I can think of a bunch of things that they would do, that they could do that day, that would revolutionize the way that they are perceived in a number of ways.

But, as part of Amazon, a lot of those doors are closed to them. And as well as that, I, it doesn't move the needle on Amazon, the entity, because AWS, the business unit is important and increasingly so, but the earnings calls, I mostly start ignoring just because everyone instead wants to focus on how many boxes they're shipping and to where.

Justin: A very large Fortune, fortune 10 company the other day. And we were talking about a project they were talking about doing, uh, with my day job. And, you know, they were like, well, this project will save us about $8 million. And you're like, well, great. That's amazing. We should do that. You know, this, this makes all the sense.

And they're like, yeah, we won't even touch that. 'cause at our scale and and size, $8 million doesn't do anything. And it's just, it's a level of scale. You just don't understand where. You know, at the day job, if I saved 8 million, I'd be a hero. Uh, if you saved 8 million, Duckville Group, you know, they'd be super happy with you as well.

Mike would love you. You know, it's just a different scale and it's hard to fathom that scale unless you're at a company of that size where, you know, we're not even going to touch that unless it moves the needle by 500 million.

Corey: What's wild is I deal with my personal finances. I mean, I do okay, don't get me wrong, but I still rent in San Francisco because if you want to buy a house in the city, you need to exit a company twice.

When. When I'm dealing with the Dunk Bill Group's finances, the numbers are a different order, not order of magnitude necessarily, but there's a significant difference there. But then, when I deal with customer AWS bills and words like, more revenue than the Dunk Bill Group makes in a year, uh, is what you're spending on that service, so it might not make sense to optimize that yet, is one of those weird things that, like, objectively, if you were to, like, optimize that, that, that dollar figure, And write it to me as a check, I could retire comfortably today.

And that is just a, you have to make sure you're not thinking about the wrong order of magnitude on these things. And then I talk to my almost 7 year old now about her allowance and what not, and I have to come down to a different order of magnitude, lest I inflict a bunch of inflation related problems solely on myself.

Clean my room, that's 20. Like, not at this age. There is functionally no difference between 20 and a quarter. Yeah, it, it keeps things interesting.

Justin: Yeah. As a thing in my forties, I, I still cringe when I break a 20 and now, you know, like that's what someone's dollar is these days

Corey: when I was growing up. My parents always had an emergency 20 tucked away in their wallet.

And now I have an emergency a hundred tucked away in my wallet. It's like, well, a lot of the places won't accept that. It's like, no, no. If I need to break into that for a problem. Keep the change is not a problem because it's like either that or I don't have gas to get home. There's a, there's always, it's just nice having that, that back pocket get out of jail free thing if I need it.

And I'm sure my kids will find a comp, at some point they're gonna have to have bigger bills than hundreds for that sort of plan to work.

Justin: That's a scary thought, isn't it?

Corey: Something you mentioned a little while back. Was that, uh, Google Cloud is now at a $25 billion a quarter revenue side, which is on par with AWS just hitting a hundred billion in annual run rate as well.

And that threw me for a second. Then I realized, oh wait, this is the same thing as what I saw on a sign advertising at Google Cloud next, that 90% of AI startups are on Google Cloud. And that struck me as first as wildly high. And then I remembered, oh. That is super interesting, but not because of the reason that they want me to think.

Instead, it's because I really want to talk to the 10 percent of companies that somehow are not using Google Workspace. Who doesn't use Google Docs and Gmail for this stuff? What are they doing in a company founded today? I want to know what they see and how they get there. Because Google Workspace is a behemoth.

I used to say that that wasn't really fair as being part of, kind of part of cloud revenue, but I was wrong on that because as killed last week, AWS has WorkDocs or this week or whenever it is, as of recording it is in the past. I just don't remember the time. It's a flat circle, but yeah. So they, Amazon had one, they killed it.

It's fair. But what I care about is infrastructure, not those business application side of it.

Justin: Yeah. I mean, that's a very common path where people get to Azure because they're a big Office 365 subscriber. And that's a big path of how they get to Google as they were a Google Workspace customer first. And there, and in both cases, Office 365 less so, but in Google Workspace, it's tightly embedded into Google Cloud.

Like it, if you want to be able to use it, you need to have a Google Workspace account to do basic functions. Um, and so it does, it does lead you there directly because it's easy. Click the button. And now I have Google Cloud resources tied to my workspaces. And, uh, and I'm off to the races. You know, it's sort of interesting, the, the BigQuery component of GCP, and then their support of Kubernetes, is the biggest driver for initial cloud workloads coming into GCP, uh, when you talk to customers who are in the space.

From there, you then jump into, they stole the SageMaker product manager who basically created SageMaker 2. 0 and Vertex. Um, it would fix a lot of the deficiencies of SageMaker that SageMaker still has not fixed.

Corey: Dangerous to steal that person because honestly SageMaker started being a shorthand or the uh, the parent service for felt like 200 different subservices under it.

So clearly that person's an empire builder and effective at navigating the bureaucracy to do it. Like what's the difference between a feature and a product in AWS? Oh, quite simply how charismatic the product owner is.

Justin: So, you know, but Vertex itself is, is got a lot of great things going for it. And so I think it just naturally makes sense.

They're also investing a ton of money in startups in the, in the AI space as well. And, you know, trying to copy chat GPT, if that's right. You mentioned earlier GitHub, uh, co pilot a little bit on chat GPT. And it's interesting because I think of both at Google Next. Um, and now with the new Amazon Q developer announcement they just had this last week.

Um, they both have now gone to the point where they're now indexing your entire code repository to then give you insights into your code so you can actually now like, well, I need to call that other service, which is a different API, and just call it by name and gives you basically the API commands you need to make that call on the web endpoints that are defined in your code.

Um, ChatGPT and OpenAI and what they're doing with GitHub Copilot is actually behind right now, I think. So I'm actually curious to see, you know, are they going to leapfrog at Build, which is happening I think in two or three weeks now.

Corey: Yeah. I've been invited to it. I'm trying to figure out if I go. The, the honest problem I've got is this show.

Specifically because I have beaten up Azure for a while on not, not necessarily their security issues as such, but rather the lack of public response to them because I think their customers deserve better. What is going on? When Google or AWS have vulnerabilities, as they do from time to time, their response is uniformly excellent and rapid.

And the problem is, is I don't want, I don't have a rule. I don't make people regret inviting me to things and helping give me a platform to do it. But there's no way for me to have conversations with people there and not ask that as the first question. I, I owe that to my own integrity, if nothing else.

And if they're just going to avoid the topic or give non answers, Then I don't care what they're doing with AI if I can't trust the security of the data that feeds it and the response I get from it if it's critical to me.

Justin: Yeah, I mean, I, you mentioned Wiz, I think, at one point in the show, and every time they write a blog post about an Azure vulnerability and you read through the details, it's just like, how did you not think of this?

Corey: It's totally secure unless you like hit a packet against a high port or, you know. Try another password. And when Wiz talks about other things about finding exploits with Google or with AWS, and I've talked to the researchers about it, midway through these explorations, usually they get a phone call from those cloud security teams going, so what's going on, buddy?

Uh, anything you want to talk to us about? Whereas with Microsoft, they report the issue and a month goes by with no response. They report it again, six weeks go by and then they begrudgingly acknowledge receipt. Yeah, I mean, because security is hard. They are better than I would be at their scale. I get it.

But I would not be doing security at their scale. I would have a crack team of people, not just who are good at it, but who understand how to communicate about it, how to drive it holistically. Hiring Charlie Bell to run security was on its face a great idea, except for the part where I strongly suspect it.

His 27 or whatever it was, years at Amazon, almost certainly taught him the Amazon way, which is very much not the Microsoft way. You cannot export culture between giant companies like that, to my experience.

Justin: Well, and also you, you have to have enough security knowledge to be effective. And, you know, you talked about SVP level hiring and, you know, yeah, it's partly about him being able to set a strategy and hire people who can execute it, but.

You know, it's, it's more than that. Like you have to have fundamental strategic thinking in the space and thought leadership in that space to be effective at scale. And I think, you know, reading through the CISA report that came out on that exchange attack, you know, it was pretty damning. I mean, as bad as the SolarWinds attack in many ways and the outcome of what happened there, Uh, in the supply chain breaches that happened.

Um, you know, they've got to change their way and I'm seeing it already. Satya has spent a lot of time at the, at the earnings call talking about security and how important it is. It sounds like they're making it now part of OKRs for every executive at the company to be security focused, but. It's upsetting to me when it's like, well, the only reason why you're doing that is because you got embarrassed by the CISA.

That's the wrong reason to do it. That's a bad reaction. Yeah. Well, Cloud Next. Versus, it should have been part of your culture. The

Corey: topic was fascinating to me. They said that I was banging on about Azure security being scary and bad, uh, two years ago. And they thought I was being over the top, histrionic.

Sometimes, sure. But then all this came out and their big question for me was, how did I know? And the simple answer was, look, when, when things come to light, as they do, I look at the response and how it was handled. When there was a AWS glue, cross tenant vulnerability discovered, I may have been by Wiz, may have been by Orca, may have been by Datadog Security, but, no.

Yeah, it was, the response was simply we have, they did analysis on this, they fixed the issue and said that we have examined the audit logs for the service dating back to its launch seven years ago. And as a result, we've returned conclusively the only time this has ever been done was when the security researcher did it.

The Azure vulnerability, we have no indication that this has been exploited. That reads to me as what even are logs, philosophically speaking?

Justin: Yeah, it clearly there's a gap in their culture on that, but you know, the logs are just the being a piece of it. You need to have so much more threat intelligence now, threat hunting activities, red teaming.

There's just things I don't really hear about a lot at Microsoft. It's not part of, you know, I've hired lots of Microsoft developers in my career. I've hired Microsoft executives, just security is not on the forefront of what they talk about when they, when they think about these things, and that's just a cultural change that they have to make.

They get there. Yeah.

Corey: Security is not the forefront of what AWS talks about either. But it is the forefront of how they approach these things, how they think about things, and how they operate. I've been saying for a while they should talk more about it, because everyone runs their mouth about security.

They don't seem to very much, but they have a better story than almost anyone. The only folks who are better at it, to my experience, has been Google Cloud, which sounds controversial. But the actual implementation of their security programs comes down to which one is better depends on who had what for breakfast on any given day.

For me, though, it's a simple change, which is that inside of a Google Cloud project, to my understanding, and please correct me if I'm wrong on this, by default, almost every resource can talk to almost every resource within the bounds of that project. Does that align with your understanding as well? And then at some point, if you work in, I don't know, a regular industry like you, you can disable that and restrict that down further.

Great. By the time you want to do that, you generally have a security apparatus that does that for you. Whereas, by default, AWS's, nothing can talk to anything and must be explicitly allowed. Which leads to the very human problem of, I'll try it, oh it failed, I'll broaden the role. Try it, fail, broaden the role.

And after a few times of that, screw it, allow everything. And I still have a load bearing to do from six years ago in one of my lesser accounts, uh, with, uh, CodeBuild, saying go back and remove administrator access. I haven't gotten around to it because it's annoying.

Justin: I mean, one of the things about GCP when you think about that particular aspect is there, you know, it's the difference between IAM, you know, in Amazon, and GCP is the equivalent of Novell, Rootware, directories, and AD directories.

Like, it's a completely inverse thought process. So from Amazon's perspective, you get very broad and you go narrow. And from Google's perspective, you go very narrow and you go broad. And so that single decision of how you think about it really dramatically changes the way, entire way you approach the security model for that.

Cause you know, you can't have a single role that uses a bunch of services. You run out of, you run out of ability to add that to the policy. It just doesn't work. You have to create more smaller policies. You have to attach more policies to things to make things work. And it's just a different fundamental choice.

And they, you know, being a third mover, they have the ability to see what Azure did wrong and what Amazon did wrong, and they made different mistakes.

Corey: Your usability is a security issue. People miss that. The, like, I hate the security awareness training every year. That, oh yeah, remember, if you click the wrong link in an email, you could destroy the company.

Great. If you're an accountant or a marketing person or an admin assistant, you click a wrong link and it takes the entire company down, maybe that's not your problem. Maybe that is a problem with the entire way that we, both as a company and collectively as an industry. Have addressed where the buck stops with regard to cyber security.

Justin: I mean, it's got to be in a board level thing. It's got to be an executive level thing on security. It's part, it's part of your entire organization. It might not be what you're talking about, but it has to be part of the practices that you see in the organization. I'm curious to see how Microsoft does evolve from here.

I mean, it was a little bit interesting Azure, which always annoys me when vendors do that. You know, they had a security blog post, or, you know, directly responding to the CSRB report. And then they, you know, they wrote a couple thousand words on You know, how the unique culture of security at AWS makes it different, you know, in direct response to Azure getting just bludgeoned by the government.

Corey: Did they name check Azure or Microsoft on that, or was it just the timing?

Justin: No, they call out the, you know, a recent report from the Cyber Safety Review Board makes it clear that deficient security culture can be a root cause for avoidable errors. I mean, it just, you know, yes, you didn't say it. They said it

Corey: without saying it.

Yeah. Close to the edge. It's a, they are It's strange because in other areas, Azure could be punching down at them. Uh, easy, sensitive example of them, AI. And Microsoft is doing a better job with AI than Google and then, and Google is doing a better job than Amazon. Amazon is horribly sensitive to the perception that they're behind, so they're doing everything in their power to affirm that they are behind by releasing things too early that aren't really fit for purpose and then discussing them in ways that do not align with what their customers want them to do.

Microsoft Mechanics

Justin: But even, even giving you a cohesive vision of AI on Amazon would be a big step. Cause like I, I get lost between. Okay, you've got this queue thing, you've got SageMaker, you've got Bedrock, and then you've got a bunch of other ML AI capabilities you've done as point solutions, but none of it seems connected, none of it is aligned, and ultimately it feels like it's all just, you know, throw it at the wall, see what sticks, and whatever sticks is what we're gonna talk about at reInvent.

And, uh, hope for the best in the future, but it's super disconnected in its strategy. It

Corey: really is. And I hope for the best, but we'll see. ReInvent, I want to say, is nigh. It's not. Don't worry, it's still in, um, December this year, first week of December, which, great, oh, easy enough, we're recording now, and it's still April.

Oh no, it's May. It's coming. And, will you be there this year, or are you going to make good choices?

Justin: Uh, I have not. It's been for the last couple years and I think I'm going to continue to make that choice just it's uh, you know It's too big. I've for years now. I've said they need to break reinvent and to be regional They should have a European reinvent They should have a Asia pack reinvent and make it smaller make it more focused and until they do that I don't know if I want to go back I did to go the first year post pandemic because I was just sort of curious and it was nice because it was like going To reinvent from six years prior Which was really great when it was, you know, 40, 000 people versus the hundred and some odd thousand people that it is now and the craziness of buses and transportation and all the problems.

So it, you know, when it's all on YouTube a week or two later, just catch what I want to watch on YouTube.

Corey: I, I wish I could make those choices.

Justin: Yeah, you know, it's, uh, the decisions you make, you know, and what you do for a living, uh, drive these things. So, uh, I'll, I'm hoping Google Next doesn't get too big, uh, too quickly.

But, uh, you know, the next couple of years are supposed to be at Mandalay. So I'm, I'm excited about that because I, I think it was a good conference and excited to see what they do going forward. But, uh, if I have to reinvent and to do all that mess when not, not being my primary cloud provider, I'm going to watch from afar.

I think that's the right answer.

Corey: Yeah. I keep forgetting sometimes that you can't love companies. They'll never love you back. I want to thank you for taking the time to speak with me today. If people want to learn more, where's the best place for them to find you these days?

Justin: Yeah. So, uh, we're dropping a weekly episode, uh, of the CloudPod at the cloudpod.

net where we cover all three cloud providers. Plus we make fun of Oracle occasionally. Cause. You know, if anyone deserves to be punched down at, it's Oracle all the time.

Corey: We talk about cloud providers, and Oracle is kind of a great tagline.

Justin: Yeah, exactly. So, yeah, we're there every week, uh, talking about the news.

You know, we, uh, try to talk about why you actually might want to use this, this crap they're announcing. Getting more and more difficult with some of the AI announcements, admittedly, but, uh, you know, that's what we're doing every week. And then, of course, I'm on Twitter and the Mastodons and all the places, uh, at jbroadly.

You can find me pretty quickly with a simple search. So, love to, uh, connect with the audience and, uh, hear more about what you guys are doing in the cloud.

Corey: We will put a link to that in the show notes. Thank you so much for taking the time to speak with me. I appreciate it. Yeah, thanks

Justin: Corey.

Corey: Justin Broli, SVP of Cloud Engineering and Operations at Blackline.

I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you enjoyed this podcast, please leave a 5 star review on your podcast platform of choice. Whereas if you hated this podcast, please leave a 5 star review on your podcast platform of choice. And, be sure to leave an angry, insulting comment making sure whether it is AWS security complaining about my Google reference, or Azure security complaining about how great the crayons you're eating for lunch taste, uh, and which one of those you are in that insulting comment.

Newsletter Footer

Get the Newsletter

Reach over 30,000 discerning engineers, managers, enthusiasts who actually care about the state of Amazon’s cloud ecosystems.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Sponsor Icon Footer

Sponsor an Episode

Get your message in front of people who care enough to keep current about the cloud phenomenon and its business impacts.