Search
Close this search box.

Infinidat and The Future of Enterprise Storage, Cyber Storage Resilience, and Hybrid Multi-cloud Storage

Infinidat and The Future of Enterprise Storage, Cyber Storage Resilience, and Hybrid Multi-cloud Storage

In this episode of The Six Five Webcast, host Paul Nashawaty welcomes Infinidat’s Eric Herzog, CMO to discuss the future of enterprise storage, cyber storage resilience, and hybrid multi-cloud storage.

Their conversation covers:

  • Infinidat G4 Storage platforms
  • Cyber Storage Resilience and Recovery
  • InfiniSafe Advanced Cyber Protection (ACP)
  • InfiniSafe Cyber Detection for VMware Environments
  • InfiniVerse Infrastructure Consumption Software Control Plane
  • InfuzeOS Cloud Edition for Microsoft Azure and Amazon AWS

To learn more, visit Infinidat’s website for details on their upcoming June 5th webinar events: The Future of Enterprise Storage, Cyber Security, and Hybrid Multi-Cloud (EMEA), (Americas) or their Global LinkedIn Live on June 26th.

Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.

Or listen to the audio here:

Disclaimer: The Six Five Webcast is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors and we ask that you do not treat us as such.

Transcript:

Paul Nashawaty: Hello and welcome. My name is Paul Nashawaty, and I’m the Practice Lead for Application Development and Modernization Practice at The Futurum Group. On this webcast, I’m joined by CMO Eric Herzog for a discussion on the future of enterprise storage, cyber storage resiliency, and hybrid multi-cloud storage. Welcome, Eric. On today’s webinar, there’s a lot happening. It’s exciting times in enterprise storage. Can you share with the audience an overview of what Infinidat is announcing today?

Eric Herzog: Sure. Well, firstly, we love being on screen with The Futurum Group, so thank you very much for including us. Basically, we are announcing a number of new products today. As you know, Infinidat is a high-end, enterprise-centric storage solution, including a huge raft of software. The bulk of our customers are in the Fortune 500. In fact, 28% of the Fortune 50 use our technology. So in today’s launch, we’re bringing out a brand new array platform built from the ground up, brand new, new chipsets, all new.

Then everything else is really about our software. Our InfiniVerse infrastructure consumption services software, we’re adding to that. Our InfuzeOS hybrid cloud edition, which has been available on the Amazon Cloud platform, is now available on Microsoft Azure. We’ve also expanded our InfiniSafe cyber detection technology, which allows us to use ML and AI-based technology to scan storage for possible cyber threats such as malware or ransomware. So we’re adding to that the capability of supporting VMware.

We did support files, volumes, individual files or file sets or databases, but now we’re adding VMware support. Lastly, we’re adding to our InfiniSafe technology our automated cyber protection. This will help you shrink your threat windows and integrates with data center-wide cybersecurity software packages such as IBM’s QRadar or Microsoft Sentinel. So really taking it up a notch from traditional cyber storage resilience and cyber storage recovery.

Paul Nashawaty: Eric, that’s been really exciting, and there’s a lot here that you just talked about, and I think you just kind of summed it all up, so I think the webinar is over, right? No, joking aside, look, let’s double click down into these. We look at the Infinidat G4 storage platform, the InfiniBox G4 and the InfiniBox SSA G4, it has new hardware platform built on the AMD EPYC CPUs for performance and the InfiniVerse Mobius controller. Let’s talk a little bit about that. What is that solving for the audience?

Eric Herzog: Sure. So what we’ve done is totally refactor our storage array platforms, still runs our InfuzeOS operating system, which comes on the InfiniBox, the InfiniBox SSA, and even on our purpose-built backup appliance, the InfiniGuard, which is not part of this launch today. So what we’re doing is with that complete refactoring of the underlying hardware sitting underneath our operating system and all of our standard software features are included, our neural cache technology, which allows us to have a 95% hit rate or better on DRAM cache, which is why we get the performance we get, our InfuzeOS operating system, of course, which covers everything, our InfiniVerse consumption services software, all the standard enterprise class data services, snapshot replication.

We do multi-site replication snapshots. We do read-write and, of course, immutable and, of course, our InfiniSafe cyber storage resilience and recovery software. So all that comes included on the new InfiniBox and the new InfiniBox SSA. What you get from an end-user perspective, we already had incredible latency. We’re at 35 microseconds latency even on our third generation. No one’s even close to that in the high-end enterprise market space, but what we’ve done is on IOPS and bandwidth, we have up to twice the performance.

In fact, in a few metrics better than twice the performance compared to our third generation. So for those workloads that require IOPS and bandwidth, we now have something that’s twice as fast. Of course, we always have been a fully unified platform of block and file, so you get those performance benefits whether you’re running NFS or SMB or traditional block workloads. It doesn’t matter, the performance goes up on the IOPS and, of course, on the bandwidth compared to our previous generation.

Paul Nashawaty: Eric, really interesting because when we look at the explosion of application development and the cadence of application, there’s a number of things that you touched on with this performance acceleration and getting rapid time to value for agility. You also mentioned the ability of multi-sites, multiple domains. We see in our research that 96% of organizations are using multiple clouds and multiple locations for their production applications. So it makes sense to have a solution that can go across these different domains, but I do want to touch on something else you talked a little bit about, which is cyber storage resiliency and recovery.

When I think of that, I hear a lot in my space about DevSecOps approach to the underlying infrastructure, but very rarely do I hear the level of integration between storage and cybersecurity. It’s not often discussed. It’s just something that is like there are two separate things. What I liked about our briefing that we have when we talked about this, Eric, I was thinking about often cybersecurity does not include in storage, and how is Infinidat really providing a comprehensive approach to the protection? I think the audience can hear about that from the way we talked about it. I think that’d be helpful.

Eric Herzog: Great. So what we do is our InfiniSafe is part of our InfuzeOS operating system. So whether it be our InfiniGuard, again, not part of this launch, whether it be the new G4 platforms, both the hybrid and the all flash, you get InfiniSafe at no charge. So what InfiniSafe does is four real key things. First of all, immutable snapshots. You can’t delete them, you can’t change them, and we guarantee that they are indeed immutable. A couple of our competitors, you can actually call up their tech support and they’ll turn that immutable snapshot into read-write. We don’t allow that at all. We create the capability of logical air-gapping. We can do it remotely, we can do it on-prem or we can do a combination where it’s local and remote. We allow you to create a fenced forensic environment.

The question is not if you’ll be attacked, it’s when and how often. So if you do suffer attack, you want to be able to create a fenced environment because when you do recover that immutable snapshot, you want to make sure it’s a known good copy. Remember, the cyber mafia is not like King Kong pounding his chest and screaming. It is all done like Jason Bourne, right? Before he got caught, Jason Bourne was underneath the radar. That time when he opens up that door, there looks like there’s 20 different passports in all these languages, you hear him talking French and talking Italian and talking English and talking Russian. So that’s what the cyber mafia is. They do that, and so you’re not going to know. So you need to make sure you have a known good copy. Do the recovery. That’s where our fenced forensic environment comes in. Then we guarantee the RTO. So we guarantee recovery times. On our InfiniBox and our InfiniBox SSA, we guarantee recovery time no matter what the data set size is of one minute or less.

In fact, Paul, we did a cyber resilience webinar just a couple of weeks ago on our existing third generation. We recovered 200 terabytes in three seconds. Now, our InfiniGuard, we actually guarantee recovery in 20 minutes or less. The reason this is important, when we did that webinar, and I’m crazy enough, you’ve known me for years. I’m an old guy, I’m almost 70, so we don’t do demos, pre-record anything. They’re all done live. We live did recovery of a Commvault backup repository of 20 petabytes in 12 minutes. No one touched that, but that’s all guaranteed in writing. So that’s what we do with our InfiniSafe.

So now, we’ve bolstered that with automated cyber protection, which now allows us to interface directly with cybersecurity software packages through an API and connector interface. When they sense a threat, we will automatically kick off a snapshot. Sure, we do immutable snapshots, but you know well from your experience with the end user community, they set them up in cadences every four hours, every six hours, twice a day, depending on what they need. What we’re doing is helping reduce the threat window.

If The Futurum Group had an Infinidat G4 SSA and you set up to go every six hours, you just finished your snapshot for safe environment half hour ago, and then IBM curator or Microsoft Sentinel or Splunk detection intrusion, do you really want to wait another five hours for the next snap? Of course not. We’ll do one automatically. We can even set it up where once it gets done, we’ll actually take our InfiniSafe cyber detection and scan that brand new snapshot you just took to see if there’s malware or ransomware there. So that’s something that’s completely unique.

None of your storage vendors are integrating it that way, and this gets to your earlier point. A comprehensive cybersecurity strategy requires not just the servers, not just the edge, not just the network, not just the application layer, but requires storage. In the enterprise as you know, the most valuable business critical and mission critical data is sitting on that enterprise storage. So if you don’t take care of it from a cyber protection capability, then guess what? You’re leaving yourself exposed, and that is not a comprehensive cybersecurity strategy.

Paul Nashawaty: Eric, I mean, this couldn’t be any more real. I just heard of a scenario where a person was trying to buy a house and they had a cyber attack, and the bank that they were working with had a cyber attack. It delayed the closing of the house almost six weeks because the cyber, they couldn’t recover fast enough. So what you’re touching on is incredibly important here because this is real-world examples. It’s impacting people every single day, whether it’s banking, financial, retail, whatever it may be. The impacts of cyber attacks are there and they’re real. So I want to double click down on another piece here. You talk about InfiniSafe Advanced Cybersecurity Protection, ACP. What I like about what we were talking about as part of this launch is data needs to be protected at the speed of compute. When I heard that and when I thought of that, I was thinking about our data points.

We see that there’s an incredible acceleration to release applications very rapidly. In fact, what we see in our latest research, 24% of respondents indicate that they want to release new applications on an hourly basis, yet only 8% are able to do so. So when I think about cyber protection though, in order to go faster, you need to go slower in order to understand what’s happening with the cyber protection. You can’t just push stuff out there and expect it to just work and not be attacked. So let’s talk a little bit about advanced cyber protection and what that means to the audience.

Eric Herzog: Well, that’s the reason we did the integration with this cybersecurity packages. When you take a look at what the end-users are buying, they’re not buying. They’ve got backup and data protection, great. We integrate with that, and that’s great, but you can’t just rely on backup because guess what? The smart cyber mafia is going after your backup copy too. Initially, the intrusion point might not be storage. It could be the edge, could be the servers, could be the networks. So by interfacing with ACP and connecting to those cyber security packages and then creating that immutable snapshot, you get that immediacy that you were just talking about.

You’re not being reactive, right? You get a warning. By the way, you could do the snapshot and do our cyber detection after you’ve done the snap. There may be no malware or ransomware yet. Remember, data centers are huge, especially for us. We’re focused really on the Fortune 1000, the thousand biggest companies or big, giant government agencies. So our average customer, by the way, has almost 16 petabytes of storage. That’s our average. We have some with way, way, way more than that at the 100 petabytes or more. So the intrusion might not be there, but you know what? Do you really want to take the risk? Remember, it’s all about the threat window, and by using security software and then coordinating it with our InfiniSafe Automated Cyber Protection, we’re automatically going to create that snap.

You decide what you want to do with it. By the way, maybe the attack is over set of servers and hasn’t hit the Infinidat storage yet. Don’t you want to know that? That’s what that snap and then scanning of the snap after can help you do, reduce that threat window. It’s a big deal. Obviously, we’ve seen, as you know, United States federal government now requires public companies to file when there’s an incident. There’ve been several famous cases. One recently in last quarter, when they filed their document with the SEC, it was $1.8 billion. The European Union has the DORA standard, which is a cyber security standard, that’s very similar, and you have to do certain things, particularly with financial institutions and healthcare. So this is a global issue, and it’s a $9.5 trillion enterprise problem in 2024, up from 8.5 trillion last year. So this impacts people all over the place. What you saw with your friend, obviously, the bank was hurt.

Paul Nashawaty: Yeah absolutely, you’re spot on. Your point is taken that there’s no slowing down of cyber attacks. I think, Eric, when I think about my practice, and I think about when I’m talking to CIOs and these real world examples, I talk about the context of past, present, future, where applications are going and how they’re getting there, and there’s bridging the gap between the past, present, and future is important, right? A lot of times, organizations are encapsulating heritage applications into VMs and virtual machine environments. So when you were talking about cyber detection, you also, I believe in this announcement for InfiniSafe, there is the VMware environment protection to reduce that threat window. Do you want to talk a little bit about that? Because I think that’s an important part to talk about that past, present, and future.

Eric Herzog: Absolutely. The bottom line, it is clearly embedded in the biggest companies in the world. So there’s tons of data that’s in a VMware environment. You need to make sure that that VMware environment is fully protected. We could do volumes, we could do files, we could do file systems, we could do databases, but a ton of that information is sitting in a VMware datastores. So now, we can use InfiniSafe cyber Detection with its AI and machine learning-based technology to examine VMware datastores. By the way, you don’t have to do all your VMware datastores. The beauty of InfiniSafe cyber detection is you pick what you want. So as an example, Paul, let’s assume that The Futurum Group had bought our 17.1 petabyte regular InfiniBox G4, 17.1 petabytes.

You don’t have to scan all 17.1. You could decide that you want a finance immutable snapshot, another one on certain key databases. Maybe that’s 200 terabytes. We only charge you for the 200 terabytes. Then now that we have VMware support, let’s say you add 100 terabytes of VMware datastores. That still is only 300 terabytes out of the 17.1 petabytes that we’re going to bill you for. We deliver, by the way, InfiniSafe cyber detection as a software as a service play.

So it’s very easy for you to consume. We bill you on a regular basis, so it spreads out the payments, if you will. None of this upfront old world ELA software spend. So we help you with all that stuff and having it in a VMware environment, giving how ubiquitous VMware is, having this capability for VMware datastores is very important to the largest enterprises in the world.

Paul Nashawaty: Also, Eric, it sounds like it’s very much part of a monetization strategy. You need to have the visibility and lens. Part of that, it takes me to that next part of this discussion, which aligns nicely to our recent observability research that we just put out, and we just got back from the field, so there’s a lot of interesting findings there. That observability research was showing that actionable insights and data that really helps drive towards results is important. That’s an obvious statement, but we see data around this that’s saying SLAs are incredibly important to drive towards. Then when we look at how that relates to this announcement, the InfiniVerse infrastructure consumption software control plane really provides those actionable insights and then the data that helps drive towards those SLAs.

So what I was liking in our briefing, in our discussion was the alignment between your value proposition for this statement and the research that was coming from the field. We were seeing that 64% of organizations are utilizing this insights and data that drives towards their SLAs, and I’m more than happy to share that with the audience here as well, but that’s an very important distinction when it comes to observability. What are your thoughts and what do you think that how Infinidat can kind of help with the audience on that state?

Eric Herzog: So we see the InfiniVerse consumption platform as a central control plane. We gather tons and tons of telemetry data, performance capability, every snapshot. We track everything. So the idea is having this centralized control plane will allow us to spew out reports. So instead of launching InfiniVerse, which you can still do to see all your telemetry information, we’ll send Futurum a report on all their snapshots, what’s immutable, what’s read-write, what is the schedule you have it set for, and you’ll be able to see all that in a proactive fashion. That’s what we’ll be doing with the InfiniVerse platform. We already are gathering all this data. Right now, the plan is it will be all proactive.

Now, by the way, some enterprises may want to turn that off. They’ve got security concerns or they’re worried about putting all their information out across their entire IT infrastructure. That’s up to them, but the point is creating reports that you could have your immutable snapshots once a week or once a month, give you this big report of what’s going on. We also have a consumption model called our capacity on-demand where you basically buy the array fully loaded. You buy it upfront, but you don’t pay the whole amount. It’s not a full CapEx play. You do own it at the end. Basically, you put 50% upfront, but the array is full. So as you need more capacity, it’s already there. You don’t have to order it and install it. It’s there, so we bill you for it.

Well, guess what? We do all this performance planning, but right now, you go into InfiniVerse to see it. With this change to the platform, there’ll be a report coming out and you’ll know, “Hey, we’re using 100 extra terabytes.” By the way, since we do bill for that, you’re going to expect a bill for that. You own it, but you’ll expect a bill, and we’ll do the same thing with our pure storage as a service, what we call FLX, where we own the asset and we bill you. Every month goes up or goes down based on what you’re consuming. So again, same thing. The InfiniVerse platform, be able to track all of that, let you know proactively what’s going on, “Oh, guess what? You used less storage this month. Well, your billing is going to go down.” You’ll know that, but it’ll all be proactive.

Right now, you’d have to go into InfiniVerse once a month and check, and then you’ll know whether we’re billing you or we’re not billing you or how much we’re billing, I should say. So that’s all going to be proactive. So the InfiniVerse platform is designed to simplify IT operations, simplify management of storage and infrastructure and gets them. As you know, one of the key things people are worried about is the cost of IT. As you guys have written about, there’s an IT skills gap. So the easier we make it for storage to be managed, and we’ve done that already. We have one customer, a global Fortune 500 based in Europe. Before they bought InfiniBox, they had 15 storage admins running 75 petabytes. Now, they’re just under 100 petabytes and they have four.

Talk about helping with the IT skills gap. InfiniVerse is going to take that up a notch because now, maybe that same infrastructure could be managed with three admins or two. Again, with an IT skills gap, the whole point with the InfiniVerse consumption platform is to make sure that we can optimize what they need to spend and optimize how much money they’re spending on regular OpEx, AKA storage personnel to manage the storage, making it easier and helping them cut that dramatically back.

Paul Nashawaty: Eric, it sounds like you hit on a couple of major points. Reducing complexity is definitely an area that comes up. Skill gaps, so reducing the amount of tedious tasks that people have to do and they can focus on innovation, that’s really a key point, especially when you’re looking at these organizations that are trying to modernize and move forward to the next generation. They have to innovate. They have to move forward with the next thing, and they can’t be just turning the crank every day and doing the maintenance mode. Our last point on this as we come to ending the session, I brought up a stat earlier about 96% of organizations are running their production applications on two or more clouds.

Last year, you announced InfuzeOS cloud edition for AWS. With this announcement, you’re bringing on a new platform. You’re bringing on Microsoft Azure. The extent of the InfiniBox experience and using InfuzeOS as a multi-cloud solution that allows for that same functionality across public clouds really helps with harmonization across those environments. When we look at that portability and application across your core to edge to cloud and application deployments across cloud native ecosystems, InfuzeOS cloud edition for Azure as well as AWS really sounds like it’s an advantage. What are your thoughts?

Eric Herzog: Well, we made sure that we’re supporting the two biggest clouds. When you look at the people who track the numbers and who’s got the biggest cloud by revenue, the two biggest ones are Amazon and Microsoft. Want to make sure we support that, and it’s a seamless integration. It is a full version of our operating system sitting in Microsoft or sitting in AWS. So all the features I talked about, InfiniSafe, InfiniVerse, our neural cache technology, our replication, it’s exactly the same thing. So now, there’s four key use cases we see for this. One, disaster recovery and business continuity. I’m coming to you from Silicon Valley and we really do have earthquakes here. I wasn’t in the 1906 earthquake, but I was in the 1989 earthquake. See, I’m only almost 70. I’m not 170.

Anyway, that really happens. So you could replicate to Microsoft or replicate to AWS. Second would be test and POC. Obviously, that’s a good experience. People started to use that after the cloud. Well, guess what? If you’re creating an Oracle application, how about making sure when you’re testing it, you’re doing it on the InfiniBox, which is exactly how you’re going to deploy it, not doing it in some other environment, but you’re doing it on the exact same operating system that is on our device so you’ll know here’s how it’s going to be behave. Now, obviously, when it’s on-prem it’ll be faster, but the works option, making sure it’s work, it’s bug free, you’re doing it right on our operating system, which is, of course, on all our on-prem. Clearly burst capacity, of course, and backup.

We have over 150 customers right now who use our InfiniBox as a backup target device, whether it be Veeam, Commvault, Veritas, et cetera. Now, instead of backing up onto that InfiniBox on-prem, they’re basically backing up to an InfiniBox that’s sitting in AWS or sitting in Microsoft. So we allow that as well. Then of course, to cut costs, it’s the same exact operating system. There’s no learning anything. So if you already have InfiniBox, you’ve got an InfiniBox in the cloud. If you don’t, and we love Microsoft and we love Amazon, but they have their own user interfaces. So if you go with theirs, you have to use their interface. Obviously, because of how their focus is, which is on the cloud, features like InfiniSafe for cyber detection, what we do of course with our performance with neural cache, that’s not something most cloud providers focus on. So you’re getting more feature function benefits and you’re simplifying the learning curve.

Paul Nashawaty: Eric, this is amazing stuff. Really, simplification is key. Reducing complexity, that will help that skill gap issue that you mentioned. There’s a whole slew of advantages by having that harmonized across the multiple cloud environments in the operating environment that makes it work. Simplicity, and that’s key. Eric, we’re coming to the end. It is an exciting time in this space. I mean, we see that the future of enterprise storage, cyber storage resiliency and hybrid multi-cloud storage environments is really kind of an exciting time, especially as we’re looking at modernization. As we come to a close, is there any final thoughts you’d like to lead the audience with?

Eric Herzog: Sure. We’d like to let everyone know all this is available at www.infinidat.com. We actually have two upcoming webinars, which of course will be recorded, actually, three. Two of them are on June 5th. So again, please go to our website, you can see them. We also, on June 26th, we’ll be doing a LinkedIn live. If for some reason you can’t make it, all of them will be recorded so you’ll be able to see them, and then we’re even going to do something new to Infinidat, but things I’ve done at other companies where you and I have worked before, we’re actually going to do a global road show and take this out on the road, and we’ll be doing that in Q3 and Q4. Details to follow on our website.

So we really appreciate the time and, of course, our partnership with The Futurum Group, and there’s a lot of incredible things in this launch. Again, it’s not if you’ll be attacked, it’s when and how often. So don’t forget that cyber storage resilience and cyber storage recovery because if you do, you’re not having a comprehensive cybersecurity strategy for your company.

Paul Nashawaty: Eric, it’s amazing. There’s a lot going on here. I want to thank you for your time and your insights and your perspective. It’s really a powerful statement to see all the different areas that Infinidat is doing in the market space. So addressing those challenges is key. I also want to thank the audience for watching our session today. There’s a lot to consider, and this is really just the tip of the iceberg. So feel free to reach out, www.infinidat.com, as well as The Futurum Group. Thank you and have a great day.

Other Insights from The Futurum Group:

Infinidat and The Futurum Group Discuss Infinidat’s New Solutions

The Evolving Role of Developers in the AI Revolution

CMO Eric Herzog on The Art & Science of The Sales-Marketing Relationship

Author Information

Paul Nashawaty

At The Futurum Group, Paul Nashawaty, Practice Leader and Lead Principal Analyst, specializes in application modernization across build, release and operations. With a wealth of expertise in digital transformation initiatives spanning front-end and back-end systems, he also possesses comprehensive knowledge of the underlying infrastructure ecosystem crucial for supporting modernization endeavors. With over 25 years of experience, Paul has a proven track record in implementing effective go-to-market strategies, including the identification of new market channels, the growth and cultivation of partner ecosystems, and the successful execution of strategic plans resulting in positive business outcomes for his clients.

SHARE:

Latest Insights:

Steven Dickens, Paul Nashawaty, Camberley Bates, Keith Townsend, Guy Currier, and Dion Hinchcliffe, analysts at The Futurum Group, share their insights on the evolving virtualization landscape, discussing how containers and hybrid cloud strategies are reshaping enterprise IT. Learn how VMs, Kubernetes, and hybrid models are driving the next wave of infrastructure innovation.
AI and Data Take the Stage at Tech Field Days to Cover the Issues and Solutions Surrounding AI Deployments
Camberley Bates at The Futurum Group reflects on the AI Data Infrastructure Field Days and what to take away from the gathering of experts and the vendors including MinIO, Google, HPE, Infinidat, Solidigm, and Pure Storage.
Company’s ENGAGE Announcements Focus on New Platform Features, AI Tools, and Integrations
Keith Kirkpatrick, Research Director at The Futurum Group shares his insights into the new announcements from Smartsheet, and discusses the benefits for its customers. He also discusses the company’s embrace of a new pricing model.
Sonatype Reveals the High-Profile Keynote Lineup for ADDO 2024, the World’s Largest Virtual DevOps Conference, Showcasing AI, Open-Source Innovation, and Secure Software Development
Paul Nashawaty, Practice Leader and Principal Analyst at The Futurum Group, shares his insights on Sonatype’s 9th ADDO Conference, highlighting the keynote speakers and their focus on AI, open source, and securing the software supply chain.