This Week in Enterprise Tech 541 Transcript
Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.
Louis Maresca (00:00:00):
On This Week in Enterprise Tech we have the amazing Mr. Brian Chee Jeremy on the show today. Now medical devices are on the short list for vulnerabilities in the cyber threat realm, plus the FDA is stepping in and they're gonna try to force an overhaul. If you're in the modern workforce, odds are you have a large amount of intellectual property and data inside a spreadsheet. Today we have John Brisco, he'sCEO and co-founder of Coherent. And he's gonna take us through just how he can unlock all of that using a SaaS service where you can even build scalable apps all over. It definitely shouldn't miss it. It's quiet on the set.
Podcasts you love from people you trust. This this is TWiT.
Louis Maresca (00:00:48):
This is TWIET, This Week in Enterprise Tech episode 5 41, recorded April 28th, 2023. A spreadsheet tracking your spreadsheets. This episode of This Week in Enterprise Tech is brought to you by Melissa. More than 10,000 clients worldwide in retail education, healthcare, insurance, finance, and government. Rely on Melissa for full spectrum data quality and ID verification software. Make sure your customer contact data is up to date. Get started today with 1000 records cleaned for free at melissa.com/twit. And by lookout, whether on a device or in the cloud, your business data is always on the move. Minimize risk, increase visibility, and ensure compliance with lookouts Unified platform. Visit lookout.com today.
Welcome to TWIET, This Week in Enterprise Tech. This show that is dedicated to you, enterprise professional, the IT pro, and that geek who just wants to know how those rules connected. Hi, I'm your host, Louis Maresca, your guys who are the big world of the enterprise, and what a big and busy world it is. But I can't guide you by myself. I need to bring in a professional and an expert. And while Mr. Curtis Franklin's gallivanting around the Golden City, we're gonna get down to business with our very own network and security expert. Mr. Brian Chee, how are you, my friend? What's been keeping you busy?
Brian Chee (00:02:12):
I'm actually having a lot of fun doing digital signage. Seems the media players and embedded in a lot of TVs are more than a little inadequate. They're very, very picky. They, they won't play the video quite right and even if they do play it, it'll only play through once. And I've gotta manually restart, which, you know, for something that's hanging, you know, 20 feet up in the air, that's probably not gonna work very well. So I'm playing around a lot with Bright Sign and I'm actually really looking forward to meeting with the Bright Sign folks this coming June at the Orlando convention center for the Infocom Show. So that's gonna be fun. And I have been getting fiber in my diet, single mode variety hooking up the Central Florida fairgrounds. Lots of fun.
Louis Maresca (00:03:07):
And when's the, when's the first time you're gonna debut the Bright Sign setup? You already, have you ever used it or?
Brian Chee (00:03:14):
I've been using Bright Sign for a while for lots of different things. But the first time is gonna show up at the fairgrounds is actually more dependent upon the head of sales and the head, the person that does our graphic design. They've gotta get me content and then we need to set up I'm gonna set up a private VLAN just for digital signage so that it's less likely someone's going to muck around with digital signage. I have seen, shall we, shall we say I have seen some embarrassing hacks at some hotels in the Vegas area for people that didn't pay attention to security on their digital signage.
Louis Maresca (00:03:57):
I bet, I bet I see that on a daily basis, so I totally get that. Yeah. <laugh>, well welcome back cheaper. It's great to have you here. Well, we should definitely get started cause we have lots to talk about today. Medical devices are on the shirtless for people in organizations as being very vulnerable to cyber threat. In fact, most hospitals actually hear air gap, most of them while the FDA's stepping in and trying to force an overall haul. Here. We're gonna get into what they're trying to actually do. If you're in a modern business world, odds are you have a large amount of intellectual properly including data analytics in a spreadsheet. That's right. You're using it right now. Well, today we have John Brisco, he's c e and co-founder of Coherent. And he's gonna take us through how you're gonna unlock all of that using their SaaS service, where you can even build scalable apps with it.
So stick around, lots of interesting stuff to talk about, but first, like we always do, we have lots to talk about here in the enterprise week. So let's go ahead and jump into this week's news blips Rob Joyce, the NSA's Cybersecurity Director, is sounding the alarm on the security threats posed by generative ai. According to this Wall Street Journal and wired articles, he's asking us to buckle up and be prepared. The impact of this technology, which is being increasingly sophisticated, Chachi pt, for example, can generate convincing texts that can be used to create deep fakes, fake news articles, and other materials that can spread misinformation or even damage a person's reputation. Now Joyce is concerned that malicious actors could use generative AI to steal sensitive data, disrupt critical infrastructure, or launch other cyber attacks. You, you think you're getting phishing emails today? Well, imagine ones that can actually pass your smell test going forward.
Joyce is calling out on the security community to take these threats seriously and develop new ways to protect against them. The truth is, with any new technology, there's always the good and the bad. Now there's amazing potential for generative AI as well. And there's no question that will also aid in big data analysis and automation going forward. In the meantime, it's up to you to stay safe online. So let's put on our thinking caps and remember to be skeptical of everything we read. Don't click on the links from unknown senders, be careful about the information we share. Keep our software up to date and use strong password managers to today. And together we can definitely as smartt the threats posed by AI and keep ourselves secure.
Brian Chee (00:06:12):
Well, when I did a lot of research at the University of Hawaii, I was considered part of the tree hugger content contingent. And this is definitely right in the wheelhouse of the University of Hawaii because of the work we did on King Tides and how sea levels have been rising. Well, that's not the only part of the question we need to ask ourselves. And this particular ours technical article is headlined as sea levels rise. The East Coast is also sinking anyway. Climate scientists already know that the East coast of the United States could see around a foot of sea level rise by 2050, which will be catastrophic on its own, but they are just beginning to thoroughly measure a hidden vulnerability that will make matters far worse. The coastline is also sinking. It's a phenomenon known as subsidence, and it's poised to make the rising ocean all more dangerous, both for people and coastal ecosystems.
New research published in the Journal of Nature Communications finds that the Atlantic Coast home to more than a third of the US population is dropping by several millimeters per year in Charleston, South Carolina and Chesapeake Bay. It's up to five millimeters, about a fifth of an inch in some areas of Delaware. It's as much as twice as that. Well, the story goes on to say, in addition to that, as much as 12 feet has been lost in the San Jose area and is being attributed to overuse of groundwater in island areas like to Rico and Hawaii, this overuse of available groundwater is also causing water shortages. The enterprise spin on this is that organizations need to pay attention to ecological changes that could lead to flooding in coastal areas. Sinkholes and sea water back flooding up river estuaries. So a warning to urban planners and city governments. You may may want to think very carefully about approving that bottled water plant or other types of manufacturing that have large fresh water needs. For our enterprise planners, perhaps basement data centers in coastal areas might have to be rethought.
Louis Maresca (00:08:32):
There are a number of sovereign CLO clouds around the world that means across different geo locations, generative AI technology is, is not possible. And this Reuters article and a move that could shake up the artificial intelligence market, Russia's largest bank, spear bank, has released its own chatbot called Giga Chat. Now the chatbot is designed a rival chat, G B T Popular Chat bot developed by Microsoft backed open ai. Now, giga Chat is still in an invite only testing mode, but it will release broadly by the end of the year. Now the chatbot is available in Russian and English and it's gonna be used to perform a variety of tasks such as booking appointments, making reservations, and providing customer support. Cibank says that this what what it sets is what it sets apart for Giga Giga chat is that the fact that it has the ability to communicate more intelligently in Russian directly.
Now the bank has invested heavily in artificial intelligence in recent years, and it's hoping that Giga CHATT will help it to reduce its reliance on foreign technology. Now, the reason of Giga chat comes at a time when Russia's facing an increasing set of sanctions from the West. The sanctions have made it difficult for Russian companies to actually import technologies, and they've made it also difficult for Russian consumers to access foreign products and services. Giga CHATT can actually help to mitigate some of those effects of the sanctions, and the chatbot can provide Russian consumers with access to services that they would otherwise have to do without. It could also help Russian companies to reduce the reliance on, of course, foreign technologies. Now China seems to be taking similar approach and a number of companies are working on homegrown alternatives, shat G P T with examples, including Ernie Bott developed by Bayou and MOAs developed by NLP Lab at Fudan University. What this does prove is the impact of large language models and generative AI across the globe and different markets. What's for dinner
Brian Chee (00:10:22):
All? So we have been on a soapbox for good knows how long, and we're we've, you know, said, please, please, please at the very least, use password vaults. And I will say Bit Warden is one of the sponsors of TWI twit tv, but this one is actually about Google and it is more about the syncing between services than the actual password vault functions. So this particular CNET article is about their cloud authentication system and how it cas. So the Google Authenticator app, which was updated earlier this week, to allow for cloud-based to factor authentication via your Google account, isn't end to end encrypted yet, according to software company misk quote, we analyze the network traffic when the app syncs the secrets and it turns out the traffic is not end-to-end encrypted said Miss via TWiTter as reported by Gizmoto earlier Wednesday as shown in the screenshots.
This is talking about the article. This means that Google can see the secrets likely even while they're stored on their servers. And currently there is no option to add passphrase to protect the secrets. Well, the article does go on to state that Google's authenticator at the writing of the article does not support end-to-end encryption when you turn on the features that would allow you to recover if your phone is lost or stolen. So that's the syncing portion. Google says it is coming, but for now, Google's cloud authentication system is flawed and I do stress the cloud authentication system is flawed and should be used carefully until this two, a syncing feature is fixed. And I will say, everybody, please, please, please, if you are still using passwords and you know, most of us are for goodness sake, use a password fault that does a good job of encrypting and you can generate really big random passwords, please. Pretty please,
Louis Maresca (00:12:46):
Amen to that. Well folks, that does it for the blips. Next up we have the news bytes. But before we get to the news bytes, we do have to thank a really great sponsor of This Week in Enterprise Tech, and that's Melissa Digital Onboarding and ID verification is a necessary tool to reduce fraud, improve customer engagement, and ensure you have peace of mind. Melissa verifies the authenticity of an ID documents and allows customers to securely submit their identity information anytime from anywhere and on their preferred device. From an easy to use mobile app, there are four things to consider when looking for a digital onboarding and ID verification service ID checks today, machine readable zone, or Mr. Zs and optical character recognition technologies instantly identify document types such as passports, driver's licenses, and other country IDs. In this step, your solution should also extract client data and populate data into your relevant systems like C R M platforms with no manual entry.
You also want biometric checks to make sure your perspective customer is who they say they are. Biometric checks can use facial recognition and comparison algorithms to recognize and match between a selfie and an ID image. This check should distinguish changes like facial hair, makeup, hairstyle, and even more. You also want liveness checks. That's why along with biometric checks, liveness checks should also be present. This check determines if the person behind the device they're using to onboard is live instead of, you know, static image distinguishes eye movement and other small changes to ensure the user's authenticity. Compliance reporting is also very important. Make sure that your digital onboarding partner keeps full audit trails and customer due diligence reports. Now these reports are critical for your business and should be organization controlled with the ability to evaluate any time you want, along with compliance reporting, you should be able to review and approve customer submissions with ease.
Get all of this and more With Melissa's digital onboarding and verification. Since 1985, Melissa has specialized in global intelligence solutions and continually undergoes independent security audits to reinforce its commitment to data security, privacy and compliance requirements. They are SOC two, HIPAA and G D P R compliance. So you know, your data is in the best hands. Make sure your customer contact data is up to date. Get started today with 1000 records cleaned for free at melissa.com/twit. That's melissa.com/twit. And we thank Melissa for their support of this week in enterprise tech. Well folks, it is time for the bites. Now we have a couple to talk about today now, but look, medical devices are a great way to save lives, but not so great for actually protecting your data. In fact, we talked about this, some hospitals actually have those devices in air gap environments. Now, according to this dark reading article, that's why the FDA has issued a new set of rules to make sure these devices don't become easy targets for hackers and cyber criminals.
Now, from now on, medical device makers must show the FDA how they plan to keep their devices updated and secure from digital threats. They also must provide a list of all software components using a software bill of materials that go into their devices so they can, any vulnerabilities can be quickly spotted and fixed right away. Now these new rules are part of the law that Congress actually passed in 2023, which sets some basic cybersecurity standards from medical devices. Now, the FDA is also looking for into how to actually make sure the medical devices are serviced securely and safely and is asking for feedback on this topic. So you actually provide some of that. The FDA's actions are part of a larger effort to actually boost the security and resilience of health it, but experts actually warn that there's still a lot of work to be done here and to prevent hackers from compromising those medical devices and putting your patients at risk. Now the FDA's new guidance is an important step in the right direction, but it's just one piece of the puzzle. Now I'm gonna bring cheaper back in here because you know, what are your recommend your network guy, what are your recommendations here on how to protect medical devices from cyber threats?
Brian Chee (00:17:02):
Well actually I think this is a really, really good first step, mostly because Kurt has actually brought this up when we talk about this theme. And the problem is right now, or at least until these rules take effect, a change even in say something like modifying say a CT machine, you actually have to get it re-certified even though you're just patching bugs. Well, I, this might be blowing it a little bit out of proportion, but there has been horror stories about medical instrument people saying they can't change X because it was approved with y. It's, it's frustrating and I am, this is just me, you know, talking out loud and thinking out loud that the F D A I think is trying to close those loopholes and make it easier to do things like major bug fixes. You know, adding this and that, maybe changing libraries if a d lll or something has been found that's compromised, make it easier and faster for medical instrument developers to make intelligent changes that we all know should be done.
But their hands have been tied. And if you've ever really looked hard at the regula regulatory issues surrounding a medical instrument maker, you would throw up your hands and disgust and walk away because they are convoluted with a capital C. So I think this is a great move in the right direction. I think some of the things that are changing are in the about time category and, you know, anyone with a good software background has been throwing up their hands going, why hasn't this been done sooner? And it's because when you have a large governmental agency involved with making rules, they're going to try and, you know, kill an at with a sledgehammer and
Louis Maresca (00:19:16):
<Laugh>. It's true, it's really true. Now, I, I think it's definitely a good step in the right direction because obviously you always tend to look at organizations, especially they go and look at the medical devices that they're purchasing and they want things that are FDA approved. And so if this means that these devices and these you know, these iot devices, whatever they are, are not marked as as FDA approved because they are not following the guidelines that FDA provides, I I think that's gonna be a, that's gonna be a ding on people's bottom line. Like, the people not gonna buy them because of that. And I think, you know, that means that organizations are gonna have to step up and start following these things. It's almost a forcing function for them to do so. But I think there's still, the problem is there's still a ton, a ton of devices in this world right now that are already out there.
They're already insecure and they're already having problems. We've talked about this before. You obviously make sure things are patched, make sure you're using, you're updating passwords regularly. Make sure things are not ACC access, have access to the internet if they don't need it. Be, be careful of, you know, making sure that your information on those devices are secure. You know, look for signs obviously of, of cybersecurity access. Obviously this is assumed breach scenarios where if you, if fact people are trying to access the, the un the device unexpectedly, you should know that. Keep track of that. So there's, there's lots of things that you can do to at least assist yourself in your organization on, on making sure that you keep these things secure cheaper. Does anything else you use, you recommend to people to, to make sure that they're managing what they already have in their, in their inventory?
Brian Chee (00:20:50):
Air gaps are truly wonderful things, you know it's not hard to set up, say for instance, an isolated V L A N just for these things and don't give it internet access. Don't really, don't make it so that the c the CT scan operator can check their email on the console. That that's not a good combination. But I do wanna bring up one other issue as we start getting medical equipment that are not f d A approved because of these new rules, what's going to happen to them? The used medical equipment market I think is going to explode and I keep wondering where they're gonna go. So if we have nice strong rules in the us are they going to go to second and third world nations? You know, I, I don't like those labels cuz they're they connotate the wrong things, but there are several have not organizations that would probably be real interested in buying used medical equipment, but I'm hoping they exercise some intelligence on how they use that equipment and also protect their patient's privacy. Just because we change our rules doesn't mean it's going to make it affordable for everybody else. Right.
Louis Maresca (00:22:15):
Yeah, I wish there was a grandfathered rule where, you know, a pre-existing devices, even if you buy them, are required to still provide software bill materials. They're also required you to provide, you know, when, how long they're gonna be, how often, and how long they're gonna be, you know, serviced and, and brought up to date. I feel like this still needs to be a requirement. There's still a bunch of things missing there. And yeah, I do agree, like this is definitely gonna force organizations if they have the money to upgrade and move these things out into the secondary market which, you know, there'll definitely be a flood out there of people trying to make back that cost, but that also means that manufacturers are gonna wanna make back their costs, right? Like they, this this is gonna make it, this is a cost them even more money to manage what they ship.
Brian Chee (00:23:00):
Yeah, and I, I guess this is, again, my personal opinion is what happened folks? This is actually doing things that make sense. If nothing else, that software bill of materials should have been something you had internal, you know, if, well, you know, if wishes were fishes, you know, there's, there's a lot of wishful thinking going on here. And I'm, I'm hoping and praying that the DevOps people, well development folks for a lot of these medical issu companies have paid attention. And that software bill of materials really should have been part of their original documentation, even if it's only internal. So if you guys have been paying attention, maybe just, maybe this would be a new set of rules that are easy to comply with or should be easy to comply with, or I wish were easy to comply with. Choose your, you know, a, B, or C. There's a lot of things that can be done, should be done, but have they been done
Louis Maresca (00:24:12):
Right? All right. I think they'll put, put that the one to bed here. But we, we wanna talk about the next cause there's a vulnerability that's pretty interesting here that I want to get into. Now. There's a new vulnerability out there that's making hackers drew like hungry wolves. According to this dark reading article. It's the service location protocol SLP flaw, and it's a doozy. That's right. It allows attackers to turn a tiny DDoS attack into a massive one that can actually knock out an entire network. Now how massive, you may ask, well, about 2,200 times bigger than normal. That's right. It's not a typo. That's like taking a water gun and turning into a fire hose or a slingshot into a rocket launcher. You get the idea. And we might be wondering what s p is and why it matters. Well, s l P is really old protocol that actually helps devices find each other on a network.
And it's like essentially a dating app for machines except instead of swiping right or left, they actually send messages to other, other, each other actually saying things like, hi, I'm here, I can do this. And now it sounds harmless, but the fact is it's not because s l P is really old and outdated and it's a lot of, actually has a lot of security holes that hackers can exploit. And one of them is actually this nasty flaw that lets them access any file on the system without admin or with admin privileges. With the Alan privilege context, the bad news here is the SLP is still used by a lot of enterprise products, which means they're actually vulnerable to this attack. Now the good news is some of 'em have patches available to fix them, but the not so good news is that some of them don't.
So if you're using any products that use S L P, you better check if they have updates and patches already. And if they don't, you better start praying hackers don't find you <laugh>. The new vulnerability is just another example of why cybersecurity is pretty important in today's world as technology has evolved. So do the risks that come with it. Now the truth is there's actually some modern alternatives out there to this particular protocol. There's U U PMPs, there's mnd dns, there's zero config, there's also WS discovery. Now a number of commercial products still offer this protocol. Only Now researchers have identified more than 2000, 2000 global organizations and more than 54,000 s l p instances, including VMware, esx, I hypervisor, hunka, Olta printers, LENUX routers, IBM Integrated management modules, and super micro I P M I. Now I'm gonna bring cheaper back in because obviously this is a big deal, the fact that lots of services, lots of devices still are using S L P. What can, what can organizations do to protect themselves here?
Brian Chee (00:26:42):
Well, here, here's, here's one more, you know, toss of gasoline onto the fire. S L P is part of the Cups Linux print server. And so if you are running an older version of cups, and this is why this became a cascade effect. Lots and lots of older routers, lots and lots of older webcams and so forth are all based on old versions of Linux. This is that same rant that I've been going on. We'll, all of us been going on over and over again. You're developing a product, why haven't you used the latest version of Linux? Well, okay, you have to freeze your config, get it ready, but there's sh you know, one would hope there was some sort of upgrade path or upgrade plan so they can get onto something a little more modern. Well, that wonderful feature that your marketing people said would be great, having a printer hung off the USB port on a router is probably implemented with cups and is probably implemented with Slap well, s l p all of us tend to call it slap.
Slap has been around for a very, very long time. And it is a great thing, you know, when you go and say, oh, what, what are the printers near me? And things like that. Or I want to go and find a all the webcams, you know, if we have a webcam, you plug it in and it grabs an address from the DHCP server. How do you find it afterwards? Well, a lot of people don't, like, don't know or won't go or don't know how to go into the DHCP server and look up the MAC addresses. You know, that, that's small skill. So what these manufacturers have done is they say, let's go and take advantage of a well established well debugged quote unquote protocol called service location protocol so that we can go and have an app, say on a phone and discover all the webcams and do their thing.
I'm not going to name names, but a heck of a lot of web security cameras use slap. And that's why those numbers are so ginormous. And here's the other thing that kind of makes me a little angry is SLAP does support single key encryption so that at least you can't go and sniff for that. But even in my experience just going around doing different things, I have almost never seen an encrypted SLAP connection. So makes you kind of wonder who got lazy because the protocol allows it, but the developers didn't. So anyway, slack is something I, it's not necessarily a bad thing but in this case, I think just badly implemented.
Louis Maresca (00:30:00):
It's, it's true for a lot of of protocols out there. I love the chatter that's going on in the chat room night right now, especially the comment that says, slap serious lazy programmers. I love that <laugh>. I love that Keith five 12. It's true. I think that just like Brian said, if we, if we, if of device manufacturers would get on their, on their, on their updates here, they would actually be able to update this and start using some more secure protocols, obviously. Yeah. Now I obviously, this goes back to making sure that you secure your devices behind a, what's a VLAN or whatnot, not having access, not have, allow people to actually have access to this, this chatter that's going across the network. But what do you think? What else? Something else said cheaper. I,
Brian Chee (00:30:41):
I actually want to defend my beaten down developer brethren, <laugh>.
I've, I've seen some bad choices implemented and it wasn't driven by the developers. It was you guys, you guys and girls, you're late. Get it done, get it done under budget. We're we're not making enough money. You need to get this done. We need to get the product out. Now, now, now. And I've heard this coming from marketing people and salespeople over and over and over again and I've seen bad products driven by people that don't understand the decisions and I will draw an analogy. It's kind of like someone saying, I'm going to tell fighter pilots that they need to go and do this, that, or the other thing. And it's being done by someone that was a supply sergeant.
Louis Maresca (00:31:43):
Great analogy. Well, thank you. Cheaper. Well, next up we have our guests, but before we get to the guests, we do have to thank another great sponsor of This Week in Enterprise Tech and that's Lookout Business has changed four ever. Boundaries to where we work or even how we work have literally disappeared. Whether on a device in the cloud, across networks, or at the local coffee shop, your data is always on the move. While that is great for your workforce, that's a challenge for any IT Pro or IT security Personnel Lookout helps you control your data and free your workforce. That means with Lookout, you'll gain complete visibility into all your data so you can minimize risk from external and internal threats. Plus ensure compliance by seamlessly securing your hybrid work organization doesn't have to sacrifice productivity or security. And Lookout makes it security a lot simpler.
Working with multi-point solutions and legacy tools in today's environment is just too complex. With its single unified platform Lookout reduces it complexity, giving you more time to focus on whatever else comes your way. Good data protection is in a cage. It's a springboard letting you and your organization bound toward a future of your making. Visit lookout.com today to learn how to safeguard data, secure hybrid work and reduce it complexity. That's lookout.com and we thank Lookout for their support of this week, an enterprise tech. Well folks, it's my favorite part of the show. We actually get to bring in a guest to drop some knowledge on the TWI Ryan. Today we have John Brisco, he's CEO and co-founder of Coherent. Welcome to show John.
John Brisco (00:33:31):
Pleasure to be here.
Louis Maresca (00:33:33):
Now, our audience has is a wide range of professionals, whether they're starting out or they're CISOs, CTOs, CEOs and some of them love to hear people's origins stories. So can you take us through an abridge journey through tech and what brought you to Coherent.
John Brisco (00:33:48):
[Inaudible]? So first and foremost there's a Scottish accent and that accent never goes away. Even though I've been away from Scotland for nearly 25 years my career has, has basically been mostly in technology corporate technology to begin with. Traveled the world u UK then Asia, Australia, back to Asia. And then about five years ago created this little business co coherent, which over the last five years had started in Hong Kong where I was living is now kind of growing in a 11 different offices globally and servicing over 150 organizations. So it's been a journey of, of global pandemic kinda challenges and global sort of culture, sort of diversity. But it's been something which has been very fulfilling to date.
Louis Maresca (00:34:36):
That's fantastic. I love hearing these journeys like that. Especially, I'm actually very excited about today because this is definitely in my wheel wheelhouse. I wanna start first with no code because it's a huge trend in the market where people are just building solutions and they're able to build solutions because they're not specialized developers, IT people and they need some tools to do that. And that's really what lo no code's really helping them do. Now you might be where I'm, I work for the Microsoft Office product group and I work on the Excel engineering team and my team builds things like office scripts to actually help people realize their potential on their data. It actually help them unlock their spreadsheets and their data for more analytics. But Coherent is really having another spin here where actually you're generating apps out of this data and logic. I wanna hear more about this. What's, what's, what's going on? How, how's coherent helping there?
John Brisco (00:35:20):
Yeah, so I think that essentially, maybe take it one step further, we're actually codifying spreadsheets, which is existing within companies. So the problem that I saw when I was working in corporate was essentially regardless of how much money was getting spent on systems, new platforms, process changes spreadsheets existed everywhere, as you probably know, right? So the, the, the, the gap seemed to be that the business teams or business personnel would be constantly using spreadsheets to try and interpret how they wanted products or business rules to be functioning. But obviously IT teams essentially couldn't ingest that in a way which could then connect through to systems. So the idea being, imagine you could essentially codify spreadsheet logic calculations, formally validations, run it into an a, an API capability, which can then be essentially connected anywhere to any system. You then unlock 750 million Excel users and at the same time probably making a lot of programmers across the world, much happier as well. So that was essentially the genesis of understanding that this problem precipitated across nearly every sort of company worldwide. Could we create a bridge? And I think we've been starting to be able to do that.
Louis Maresca (00:36:42):
I agree, agree. Now, let's talk tech for a moment cuz Excel obviously isn't a database, but although people like to use it sometimes that way and they can come closer to database with a lot of the extended features out there, but what are you guys doing with data that's, you're essentially semantically generating code and the app off the data and formulas in one package?
John Brisco (00:36:59):
Yeah, it's a, it's a good description. So essentially re recompiling into c plus plus the logic, and then from there it's probably starting to run a hundred to a thousand times faster than Excel. And then I think some of the other sort of capabilities we're starting to add then, which are some, sometimes some of the, the most common misconceptions that may exist around Excel is how do you build much more persistency plus also essentially security inversion control around the, the original Native XL so that it can be become a codified asset, which can be utilized in your environment, right? So that in itself is probably the kind of the, the main sort of technical features of how we compile the solution for, for obviously IT teams and then it comes with all the publishable API documentation and capabilities so that you can run whatever sort of formats and code snippets that you want to be implement implementing into different platforms that you have. And that again, gives a lot of flexibility to different programming teams in order to take that capability, which has been produced in spreadsheets and then unleash it elsewhere.
Louis Maresca (00:38:06):
Amazing. So what, what if footage, what if users have things like linked worksheets, external data sources that they're pulling in, they have macros attached to their sheets. Say some of people, some organizations have really complex worksheets and workbooks. How is this handled? Are you able to handle all of that?
John Brisco (00:38:22):
So we've dealt with spreadsheets, which are gigs in size, basically millions of four mils millions of logic in them. Some of these spreadsheets take 12 to 15 hours to run. Some of them take four hours to open. Yeah. They're critical to actually how the operation of that business runs in a day-to-day business, right? So the reality is financial services, I came from financial services background. The, the reality is that spreadsheets are obviously very important to the day-to-day kind of running of, of how the business operates. So we, we realized from the very start, if we had, were gonna see what we're gonna do on the 10, we had to make sure that we're gonna be able to compile all type different types of models, all different types of logic and validations, which exist deal with, you mentioned that chaining of spreadsheets happens all over, right? As well as also dealing with data source ingestion, which comes into platforms as well. It's amazingly creative how business and IT teams are with, with spreadsheets. As you know, <laugh>, I'm sure some of your listeners know as well about the amount of data that is getting ingested into kind of spreadsheets in order to compile analysis. We handle that as well. But again, obviously putting much more of that performance around how they can do that at Greater Skill.
Louis Maresca (00:39:35):
Now I worked with SDKs before and obviously, so I, we've done a bunch of semantic code generation before and it can be a challenge because obviously the market's moving really fast, obviously languages and, and things are up and down. How many languages do you actually support? Nasty? So,
John Brisco (00:39:51):
So we, we, we do have a few different, like we call 'em code snippets. So I think there's about four or five that we are, we're supporting, like clearly I think the ones that we constantly cast on on more enterprise c plus plus Python, et cetera, are probably the kind of predominant ones that we support. But there are a couple of other kinda key areas which we, we do offer, but in general I would certain say they're the ones that we, we offer the most on.
Louis Maresca (00:40:17):
So to bring it, to bring the barrier a little bit downstream, obviously, are they, are they supported in a packaged way? Like obviously programming languages like C plus Boss or she Sharp or Java, they're compiled languages and they take some time to set up sometimes for the novice, how is that handled?
John Brisco (00:40:32):
Yeah, so essentially it's a, it's essentially a code snippet package which they can then essentially take and then insert and load with the, the relevant documentation around that. So that, that's what's made, we think both business and IT teams essentially like our platform cuz we're trying to make life as easy for, for those different teams in order to, to kind of essentially automate as much of that kind of compilation as possible.
Louis Maresca (00:40:57):
Well, I do wanna bring my cos in a second, but I have one other question about the fact that the data, obviously you're taking data from Excel, you're wrapping and you're creating an app. Where's the data going? Where is it? Is it, obviously some organizations might say, well obviously now I have data in two places or we'll get outta sync, or is it stored in a compliant way? Mm-Hmm. What, what's happening there? Maybe you could provide some insights for that.
John Brisco (00:41:18):
Yeah, so like we are obviously dealing with some of the largest financial services organizations, the world. So data movement, data's kind of management as well as obviously data security is very important. I think often clearly the kind of questions we get asked are where's the data gonna be hosted? What different types of deployment options do you have? As well as obviously ensuring the accuracy of, of obviously the, the data as well. So we support basically cloud hosting via unsurprisingly Azure, AWS and others. We have a hybrid deployment opportunity or we have on-prem and the on-prem is pretty cool. It's a kinda wam web assembly insert which is probably much more modern than traditional on-prem. And it means that upgrading the platform becomes a lot easier as well for our clients. And I think particularly in banking that's very, very sort of attractive to the, to the banks and then included in the platforms a fairly sophisticated testing and simulation capability.
So that essentially the logic which has been generated in the spreadsheet, almost like source of truth, essentially you can test and run to make sure that the outputs are exactly what the model is essentially saying. And to be honest, a lot of the time we're finding data inconsistencies in the model itself via the testing center where errors within the spreadsheet weren't known. And our simulation center is effectively identified non-linear or essentially kind of non-linear sort of practices in terms of the model. And then our clients can then update that model accordingly. So that deals with a lot of audit and compliance challenges, which a lot of these institutions face.
Brian Chee (00:43:03):
Nice. Well I do wanna bring Brian back in Ji you have some questions. Actually, I wanna describe a project that I was involved with that centered around a spreadsheet and I was wondering how would we do it today with something like your product? So this is preference, this is almost a 20 year old project. The spreadsheet actually linked through C iic s onto an I B M mainframe because the student information had to sit there mm-hmm. <Affirmative> and you know, we're dealing with millions of student records. Yep. But what we did was the cashier's office had a huge challenge and that was validating against the student database. Different rates cuz different types of students, they had different rates per credit, whether you're a grad student, whether you're a med student, law student, so forth. So there's a lot, there's a really, really huge set of rules associated with per credit charges.
And then we had to go and also balance all the cash drawers for the in-person registration and compare that also to what we're doing with the online credit card transactions. Yeah. Our biggest problem in that was those rules were god awful mm-hmm. <Affirmative> and I imagined 20 years ago that gee, an artificial intelligence would be perfect, but is it, can we are is the chat G P t large language models, ai, whatevers getting sophisticated enough so we can start replacing all those lookups that we used to have to do to go and check did we charge the correct rates? Are we charging the right students and so forth.
John Brisco (00:44:55):
It's, it is a, it is a really interesting question. So the use case you were talking about is a classic kind of combination of obviously calculation logic, business rules, kind of logic as well as reconciliation logic all in one. Mm-Hmm <affirmative> and believe it or not, that's very common across a lot of different institutions as they're trying to compile different data and insights from different source systems in order to try and understand patterns as well as decisions that they need to make. So I would say quite a large proportion of the use cases we are dealing with are dealing with those types of problems. And why spreadsheets get used is because they are a ubiquitous and probably most pervasive way of kind of compiling and, and the flexible kind of nature of, of piecing together those different kind of data points.
I think the generative AI space then sta takes a, a step further that we've created I'm sure like many businesses their generative AI sort of offering and where we've started to kind of really focus on is, interestingly you've mentioned 20 year sort of challenger problem, but just think about how many spreadsheets an institution has over the creation of, of since Excel, right? And they have no idea what that spreadsheet is. And it would take thousands of mandates or even man years to go through every spreadsheet to try and figure out what it is we've been working on. How can you create a capability that basically automatically analyzes the spreadsheet and gives essentially an overview of what that spreadsheet is intended to do, where essentially the gaps in the spreadsheet may be, or, or in terms of where formulate can be updated to improve the model. Cuz I just think that's a massive sort of value attribution to enterprises moving forward because ultimately you're never gonna be able to kind of solve that problem just essentially by human sort of effort or just take too long. There has to be a better way. And I think if you really want to unlock that sort of web of, of spreadsheet ip, generative AI probably has to be one of the ways to do that moving forward.
Brian Chee (00:47:02):
Oh, wow. That, that was much more than I thought I'd get. That's awesome. Thank you. Anyway I do wanna point out to our viewers that keep in mind PCs really and truly got started because the SuperCalc spreadsheets literally were day zero of this revolution, but we're now starting to look at, let's call it day zero or year zero of generative ai and there's an awful lot of people that are playing Chicken little, it's going to be a disaster. It's going to take over the world. Skynet's coming <laugh>, you name it, I've I've heard it. But I'd like you to go and, you know, peer into your crystal ball time to soapbox a little bit. What do you see, obviously your, your corporations based around generative ai, but how do you think, what kinds of things should we be doing? What kinds of things can be done and do we, are there some things that we might want to be careful with?
John Brisco (00:48:14):
Hmm. So I think the careful thing first, right? Sure. Because it's very easy to jump to always the, the kind of the sexy stuff first, right? I just think in terms of there is, there is still an element of control and rigor that I think everyone needs some decision sort of generation. I don't think any sort of regulator or any sort of authority is going to be convinced on, hey, because chat g p t said then it's right. And I just think that there will, there will have to be some sort of improvement in validation scalability around how do you check around the source of information, which is generating the answer. Because over time they could be representing financial decisions, which are worth billions of dollars could be, or medical decisions, which essentially are getting de determined on that type of information set.
So I think there's gonna be a lot of probing as well as a lot of demand around the validation side of generative ai. So I think that's still a long way to go before it becomes fully mainstream. But on the opportunity side, like the, the volume of basically assimilating so many different sorts of information sources in order to provide new ways to look at essentially product concepts. Even looking at I would say ways to how to tackle potentially diseases I think's gonna be game changing for society, right? Cuz I think there's so much medical information, for example, that she just can't assimilate it or you can't compare and ingest it all. And using hopefully the power of chat GBT in the future, even with some spreadsheets on the side I think there could be some incredible sort of recovery of, of ways of how we can actually improve resistance to some diseases which exist out there. So I'm hoping it's gonna be used for things like that which is kind of fast track sort of human intelligence that way, as well as obviously just automating a lot of mundane tasks which exist across life, right? And if it can do that, then it makes our life's a lot easier just as a society
Louis Maresca (00:50:35):
Now, obviously no code, low-code platforms can definitely benefit from the generative ai kind of generation of things. What, what's coherent thinking here, right? Is it, is it possible to, to make things easier and to be able to manage these applications using, using gen AI technologies like chat G P T?
John Brisco (00:50:53):
So I think like we see ourselves as no code DevOps automation as well as data as as kind of a, a capability in one platform. So therefore, if you look at all those elements, generative AI should essentially improve all, all components of it there, right? So reality should help us drive further automation improvements and performance improvements. It should enable us to ingest and do more of the data that we have and provide insights to our customers. I think it'll produce waste that we do process improvement on the whole DevOps cycle, finding that way to tune, and then essentially I think it'll explore new ways of how you can create kind of a codified objects and codified capability to further enhance the products and, and, and, and services that you provide. So I think it's gonna be game changing for us and clearly we've been starting to assign team members over the past six, nine months about how we can take advantage of some of these capabilities and it's been frightening to me to see like the, obviously the, the progress our team's made over the course of that period, but also what you're seeing elsewhere.
So I think we've got to leverage it in order to stay ahead of competition as well as obviously continue to maximize where we could be as a business.
Louis Maresca (00:52:07):
Now you, you did mention competition, so I'm gonna say that you you did open the door to that one. I'm gonna ask you just one quick question about that. Now, obviously there's some competitors out there. There's I've, I've seen spreadsheet web, there's Mendix obviously there's also, you combine power apps using Excel as a data source. There's also those kinda low-code solutions. What's coherent here? Like what are they, what advantages does Coherent have on top of those?
John Brisco (00:52:31):
Yeah, I, a good question. I I think almost think of us like Intel and insight for spreadsheets, right? We're we are effectively this kind of secret processing capability which can power no-code apps, power legacy platforms generate natively ways of how you to kind of create new sort of solutions and concepts. So I think our applicabilities like excel like almost ubiquitous, right? In terms of where Excel is. We can play a kind of capability to, to improve and empower things. And I think because of the fact it can be native or it can be plugged in to different solutions, that's what provides that sort of unique differentiator. Like you can get going within the space of two hours and you can have a result within five minutes. Very few software solutions are able that capability and that ROI is incredible. And, and that's what most of our clients have loved so far.
Louis Maresca (00:53:30):
So the, the last thing I want to ask, I wanna, church Trooper has some more questions here is, is around the fact that, you know, obviously we talked a little bit about where the data's going and I'm just curious, I, you know, in fact people in the chat room asking about this because people will continue to use spreadsheets and they'll continue to use and, you know, they'll continue to export data in a spreadsheets they'll continue to do and now analytics in there. How does this kind of work in tandem with this new app that you've created or this new environment that you've created that you're hosting, whether it's an on-prem or it's a, it's a hybrid. How, how do we keep that in sync?
John Brisco (00:54:02):
Yeah, so think of the spreadsheets, the source code. So this, one of the, one of the unique aspects here is that we don't think people are ever getting off spreadsheets. I'm sure you wouldn't be working on Excel if you date, if you thought they were <laugh>
Louis Maresca (00:54:20):
Job security. Yeah, <laugh>.
John Brisco (00:54:21):
But the real, the reality is it's got one of the largest captive user bases in the worlds. You guys are clearly creating new functionality and capability, which is making it better and better. So use that as a source code and therefore what we've inserted is much more of robust version controlling so that any, anytime that source case we get change, then the data transition also changes through into the source systems moving forward. And I think that's part of the magic of, of obviously the capability where the business user or whoever the user is, could be a technical user continues to do what they're doing, but the source of transition of the any logic change formula, change calculation, data change flows through as well as part of that version update. So therefore the amount of time you're, you're saving through obviously software updates internally or even data sort of ingestion into our platforms, that's why we're able to do native integrations into things like snowflake, et cetera, because that sort of flow through is, is is automatic and seamless and again, like we've always been thinking about the end user, but also how do you make sure that you don't have to then go and recompile elsewhere to make it all kind of sync otherwise you're creating pain for your customers.
So again, that's been something which we've thought about from the start. It's been, it's been something which wire product took a number of years to build because we realized it had to be like that in order to succeed.
Brian Chee (00:55:44):
Well, let me take a stab at, I think our last question before we run out of time is when someone wants to use Coherent to help deal with this ball of yarn that is their spreadsheet environment, is there some sort of homework that they should do before they give you a call? And the second half is, do you folks have a global services component to coherent to help people unwind that ball of yarn?
John Brisco (00:56:17):
So ball of yarn, a web web of complexity, we hear different terms, there's some more vulgar terms that some executives may use in firms, but we'll go with the bowl of ya bowl of yarn. So ultimately it's, I think again, when you're advising a a SaaS product, you've gotta be thinking about how do you make it intuitive and easy for your user or customer to be able to embed. So we essentially in simple ways are asking the user to continue to use the spreadsheets, which they're using today. All they're having to do is essentially tag inputs and outputs in their model. And once they do that through a naming range convention that we provide, the rest is magic, right? That's basically, that's all the user has to do. And then once it gets uploaded, then obviously there's certain actions around testing and things along those lines, which users do.
But that simple task of automating the tagging or doing the tagging of your spreadsheet is step one. And then that's why some clients are basically trained and deployed within the space of four hours because that's how effective it can be to kinda get going in the platform. So that's always been part of our U s P about that, that simplicity to kind of train up people. The services side is, is a very good question. When I started the business, like this is like essentially a completely new concept if you think about the codification of spreadsheets in an enterprise grade scale. So we had to offer some services as a team to begin with to help see this through in some of our initial clients. But now that we don't have essentially a services arm we leverage some of the largest consultants or boutique consultancies who will work with our clients to essentially install and deploy the platform as wide and advance as they want to. Right So it tends not to be that the installation, it tends to be when they're trying to connect all these models are logic through to lots of different types of systems. That's where they'll get some of those partners involved. So yeah, we are, we kind of pride ourselves now in being a, a very sort of SaaS focused company with services done by partners.
Louis Maresca (00:58:27):
Well, folks, time flies when you're having fun. Lots of great information here. John. Thank you so much for being here. We're running obviously low on time, but before we close out, I do want to give you a chance to maybe tell the folks at home where they can find more about Coherent, how they can get started, how they can maybe, is there a try for before you buy kind of scenario?
John Brisco (00:58:44):
Yeah, so on our website, which is www.coherent.global it's essentially there's a lot of information around the product, but also there's there is a way to kind of understand from a, a light version of the product to start to get a look and feel of how the product works on a, on a basically trial basis. And then we've always love to get, obviously different kind of feedback from our customers or, or even trialers around how we can improve the product. So and our GitHub and society and community as well. A number of ways of to how to get access to us.
Louis Maresca (00:59:20):
Fantastic. Well, folks, you've done it again. You sat through another out of the best thing, enterprise and IT podcast in the universe, so definitely tune your podcaster to twt. I wanna thank everyone who makes this show possible, especially to my co-host. I wanna start with our very own, Mr. Brian Chee. Brian, amazing seeing you as always. Can you tell the folks at home where you're gonna be in the coming weeks? So working, can people find your work?
Brian Chee (00:59:41):
I am going to be hiding <laugh> <laugh>. I, I've, I've got a bunch of different things I gotta get done. Not the least of which the being I discovered a task or a duty, shall we say, of being on a board of directors for a charity. And that's, I actually have to quantify my donations in kind and my hours. I thought I was done with time sheets, <laugh>, but
Louis Maresca (01:00:15):
Never done with spreadsheet. Yeah,
Brian Chee (01:00:17):
Well apparently there is quite a few grants that do play games with donation matching, and apparently their favorite target is the board of directors. So, one new things about being a board of director and gee, it's a lot of work, <laugh>,
Louis Maresca (01:00:42):
That it is that it is. Any, any, any good way for people to get in touch with you if they have show ideas?
Brian Chee (01:00:47):
Oh, I'm sorry. Yeah. my TWiTter, which I still use, I'm, I'm not that big on Mastodon quite yet but my TWiTter is a D V N E t l a b advanced net lab. And I tend to kind of lean towards the oceanographic world on that. I also posted some pictures of the kebabs I made for dinner the other night. But realistically, yes, kebabs, I, I, that's actually a that's actually a grill that can do charcoal or wood, which is kind of cool. Anyway I would love to hear show ideas. We are booked, we book pretty far in advance, but we do love to hear your show ideas. You can also send me email. I am cheever, spelled C H E E B E R T twit tv and you're also welcome to throw email at twi twi tv, which will hit all the hosts. We'd love to hear your ideas. I don't, we don't mind, you know, constructive criticism and just feel like you can share with us and stay safe.
Louis Maresca (01:02:02):
Thank you, Jim. It's always great having you here. Well folks, we also thank you as well. You're the person who drops in each and every week to watch and listen to our show to get your enterprise goodness. We wanna make it easy for you to watch and listen to catch up on your enterprise and IT news. So go to our show page right now, twit tv slash twi, then you'll find all of our amazing back episodes. Of course, the show notes, the cos information and the guest information. Of course, more importantly, next to those videos, you'll get those helpful. Subscribe and download links. That's right. Support the show by getting your audio version or the video version of your choice. And listen on any one of your devices, any one of your podcast applications cuz we're on all of them. So definitely subscribe and support the show.
Plus, you may have also heard another way to support the show of all of our shows is Club TWiT. That's right. Some members only ad free podcast service with a bonus TWIT plus feed that you can't get anywhere else and it's a $7 a month. There's a lot of great things about the Club twit. In fact, one of them is exclusive access to this ama amazing men members only Discord server. Now you can chat with hosts, producers, there's a lot of separate discussion channels in there. Oh my gosh, there's, there's endless amounts. There's cooking in there, it's amazing. Plus they also have some special events as well. So definitely join Clump TWiTch, be part of that movement. Go to twit.tv/club twit. Now, club TWiT also offers corporate group plans as well. It's a great way to give your team access to our ad free tag podcast.
The plans start with just five members at a discounted rate of just $6 each per month. And you can add as many seats as you like. And really this is a great way for your IT department, your developers, your tech teams, your sre, anyone, anyone to really stay up to date and access to all of our podcasts. And just like that regular membership, they can join the TWIT Discord server and get that TWI TWIT plus bonus feed as well. So join club twit, twit.tv/club twit. Now after you subscribe, you can impress your friends, your family, your coworkers, whoever with the gift of TWI because we, we have a lot of fun on this show. We talk about some interesting tech topics and I guarantee they will find them fun industry as well. So definitely ask them to subscribe and join the show now after you've subscribed and you're available.
1:30 PM Pacific. That's right, we do this show live, live right now. Go to live.twit.tv. We have all of our streams there ju each one of them you could see. Come see how the pizza's made. All the behind the scenes, all the banter before and after the show. Lots of fun stuff. So definitely join and watch the show live cuz it's, it's a lot more fun like that too as well. And of course, you know, we also have our infamous IRC channels as well at IRC twit tv. It takes you into the TWiT live channel and they have some amazing characters in there right now. In fact, they're giving us some amazing show titles that I'm, I can't help but almost laughing during my segment here. But I do want to say thank you guys for all your support and of course you wanna join that chat room if you can.
So definitely check that out and see how you can really make it more productive for you. I wanna thank everyone who makes this show possible, especially to Leo and Lisa. They continue to support This Week in Enterprise Tech each and every week and really, we really couldn't do the show without them. So thank you to Leo and Lisa for all their support over the years. And of course thank you to all the engineers at TWIT and the staff cuz again, they make it a reality for us to do this show. And of course, thank you to Mr. Brian Chee. Right one more time cuz he's not only our co-host because but he's also our Titleist or producer as well. He's just talking about it. He's doing all the bookings and trying to get everything in line and he's doing all the playings for the show. So Zeibert, thank you for all your support. Of course before we sat out, I gonna take our editor for today, Mr. Anthony. Anthony, you make us look good after the fact. You take all my mistakes out. Thank you, sir. And of course, our editor, I'm sorry, our technical director for today are TD, the Talented Mr. Am Pruit, which also does an amazing show called Hands on Photography, which I watch religiously each and every week. And, and I, I need to know what's, what's going on this week, weekend, that show.
Ant Pruitt (01:06:52):
Well, thank you Mr. Lou. I appreciate the support. This week I had the chance to sit down with a friend of mine, Ms. Susie Patello, as we talked about the mobile fem festival that's coming up this weekend. And then my camera went weird during the broadcast, so Mr. Victor had fun with the edit and yeah, I'm just gonna leave it that. So go watch it. TWIT tv slash h o p. Thank you there.
Louis Maresca (01:07:18):
Thank you Ant . Well, until next time, I'm Louis Maresca just reminding you if you wanna know what's going on the enterprise, just keep twi.
Jonathan Bennett (01:07:27):
Hey, we should talk Linux. It's the operating system that runs the internet, bunch of game consoles, cell phones, and maybe even the machine on your desk. You already knew all that. What you may not know is that TWiT now is a show dedicated to it, the Untitled Linux Show. Whether you're a Linux Pro, a burgeoning csit man, or just curious what the big deal is, you should join us on the Club TWiT Discord every Saturday afternoon for news analysis and tips to sharpen your Linux skills. And then make sure you subscribe to the Club twit exclusive Untitled Linux Show. Wait, you're not a Club TWiT member yet. We'll go to twit.tv/club twit and sign up. Hope to see you there.