Podcast: Enterprise vs. IoT Security
Historically the term “Enterprise-Grade” meant that a technology was part of an elite list of highly robust, highly scalable and highly available technologies. However compute models have changed with the proliferation of Clouds, SaaS and IoT technologies that have crept their way into every network, yet the approaches to security have not evolved. These security approaches remain some variation of on-device and network security. This podcast discusses the major differentiation between Enterprise technologies and IoT-based platforms. These areas include:
- The new enterprise and what it means
- Geographic distribution and mobility
- Technology hardware, OS and software diversity
- We will introduce you to the term dependency computing
- Technology Lifespan differences between the two
- Scale and cost of ownership
Read the Accompanying Article to this Podcast Showdown: Enterprise vs. IoT Security
(Welcome to the showdown; Enterprise versus IoT Security. In this corner wearing aging hardware weighing a combined weight of bohemouths like Cisco, McAfee, Symantec and check point from Silicon Valley California — Enterprise Security.
In the opposite corner, wearing what I could categorize is a suit of many cloths and colors and weighing hardly anything. From parts unknown – IoT!!!!!
Introductory Speaker: Welcome ladies and gentlemen! We are ringside and this is the strangest match up we’ve seen in the industry since the onset of Internet security in the late 1990s. It is a monumental match up happening at a pivotal time. The champion market leader “Enterprise security” is slow, old and lacks agility. It would be fair to say that Enterprise security never had agility and amidst to the call for them to retire, it has persisted due to the lack of viable challengers. Well, a challenger it has with “IoT security” and what an unlikely challenger it is. Out of nowhere IoT emerged and very quickly became the kryptonite to Enterprise security’s fencing gate fight stance. Dismantling it with scale, cost and its distributed nature. Let’s get ready for round one showdown: Enterprise vs IoT Security.
Babak: Hello and welcome to Acreto’s crypto in IoT podcast, a security huddle for all things IoT and crypto. I’m Babak Pasdar, founder and C.E.O. of Acreto, and joining me today is Jennifer Perez Harris, Acreto’s director of market research. Hello Jenn.
Jenn: Hi everybody
Babak: So, I miss you guys. I hardly saw anybody this week, I was traveling all week.
Jenn: I know, it was a real test for the team but we’re all glad to have you back.
Babak: Did you just say that because you had to?
Babak: OK, good.
Jenn: I never do that.
Babak: OK. Let’s talk about the term “Enterprise grade”. So historically, Enterprise grade meant the biggest, baddest, most refined, most scalable application environment and platform environments out there. So you know a lot of folks have probably heard someone talk about an Application Platform, someone talk about a technology piece of gear, but is it Enterprise grade? Historically that had been the standard, the pinnacle of technology that could handle large scale. Well, all of that has changed and today we’re going to talk about the term Enterprise grade and really understand where Enterprise grade fares in comparison to IoT and IoT grade. So you heard our intro; Enterprise versus IoT, as a showdown. So let’s talk about what that showdown really is, make sense?
Babak: We have a lot to cover, so let’s break down the pieces. Are you ready, Jenn?
Jenn: Looks like it. I see you have a long list in front of you.
Babak: I do. So we’re going to touch on 7 areas where IoT and Enterprise technologies differ in a meaningful way. First, the new Enterprise and what that means, geographic distribution and mobility, technology/hardware operating systems and software diversity, we will introduce you to the term Dependency Computing, we’re going to talk about the technology lifespan between the two, and discuss scale and cost of ownership.
Lot of stuff, so let’s get to it. Let’s go back to the beginning of time or compute time, you know you used to have mainframes and the mainframes evolved to desktops and the desktops gave way to virtual instances and to cloud. You know the difference being private cloud versus public cloud and now we’re at IoT. Right, so far those have been the compute model or the evolution of computing as the industry has recognized it. So again, very condensed. And what’s really important to note is that security for the mainframe versus security for the desktop versus security for a private cloud instance or virtual machine or a public cloud instance and security for IoT will all be different. Yet the industry has really been built and has really existed — and by industry I mean security industry — around the same two approaches to securing things.
Securing a network and securing a device — or combination of the two. So what we want to do is talk about why that model and that approach is not necessarily going to be as effective, is not necessarily going to really address the emerging compute models moving forward.
So when you look at Enterprise and Enterprise grade and how Enterprise had functioned, historically, with Enterprise you had to secure offices and data centers, that was really the big thing, and typically you only had to secure the data centers, so all your points of ingress and egress were at the data center and you had what’s called the containment network, private lines and P.L.S. So all of the communications for the offices drove through the data center.
That’s historically how they had functioned, and you really just secured the data center. But we’ve started to evolve, so you no longer have an office and data center. Today you have offices, data centers, clouds, SaaS, mobile devices, remote users and certainly now IoTs, so far so good Jen?
Jenn: Yeah absolutely. So in a way we’re kind of moving away from securing the physical to securing something else — which is something that could exist far beyond where your business physically is.
Babak: That’s correct, I think that was a great way of putting it. You know, you should talk more often.
Jenn: You should tell my mom that, I’m sure she would have a good laugh.
Babak: So, just another factor here is when I used the term cloud, there is no single cloud right? You can have multiple offices, you can have multiple data centers in that same light, you can have multiple cloud instances and they may have nothing to do with each other. You can have multiple SaaS applications or Salesforce, Dropbox, Go to Meeting, etc. So the model is changed and fundamentally what’s really different about the new model that cloud introduced was “distributed nature of it.” Just like you said it did not operate within the boundaries of a data center, it did not operate within the boundaries of an office, you have clouds all over the place, you have application SaaS applications all over the place. And what was interesting — this is probably four or five years old — but they did this survey and they asked organizations mid-size and higher how many cloud applications day had. And on average they responded we’re using you know seventeen or eighteen but when they really sat down and took to told the average was something like seven hundred sixty five.
Jenn: yeah, I have to say as someone who’s worked in corporate for a long time. Every company regardless, unless you’re talking at a super huge company with hundreds of thousands of people and even then uses almost like a patchwork. You know cloud applications for work and there’s no suite, just suite that covers everything. So they are using like Dropbox and Sugar C.R.M. or sales force but they’re also have some of their foot in Microsoft and I think that has made it so complicated for businesses to actually secure anything in that realm.
Babak: Well, that’s correct and what it’s done is that it has created the necessity, it has driven the demand for the distributed platforms to have a distributed security infrastructure. However there are two models we originally talked about network security and on device security, we have not evolved very much past that. So when you really look at it network security and on device security, they each require many different functions, access control, application control, content control, threat management, visibility, privacy, identity. So there’s a lot of pieces to it and you know the approach is hey I’m going to have a very specific product that satisfy its each one of these requirements and I’m also going to take the many products that make up this security infrastructure and I’m going to rebuild it for each silo, for each data center, for each cloud instance, for SaaS application and I’m really not sure how to deal with it on mobile devices, so I’m going to try to go on device with that, don’t really have a good answer for remote users, so am going to try to slap something on device for that.
I haven’t even thought about IoTs.
Babak: So that’s the challenge. So the first challenge we’re dealing with between Enterprise vs IoT is that Enterprise operates in these close-knit concentric circles, that for the most part all have a common core and the new Enterprise is much more distributed, there is no common core. You can have users regardless of if they’re sitting within the Enterprise office space, if they’re sitting in a coffee shop, if they’re working from home, if they’re working on the road — it doesn’t matter. No one is really close to application, if you’re sitting in the office your application could be just as distributed as if you’re on the road. The model itself has changed, especially when you’re talking about applications that operate in the cloud.
Jenn: Absolutely. And I think there’s kind of a chicken versus egg approach here. Did the companies want people to start working remotely in different places or was it the technology that moved to allow people to do that?
Babak: Well, while the approach to computing has evolved. The advantage of being able to get a SaaS application, like Salesforce where you don’t need to buy hardware, you don’t need to buy software, you don’t need implementation, you don’t need integration, you don’t need operationalization, you don’t need to monitor it or troubleshoot it or do refresh cycles. That has a lot of benefits, benefits in terms of agility, getting up and running very quickly, benefits in terms of both short and long-term costs and benefit in terms of having a platform that at any point if it doesn’t suit your needs you can more easily migrate to something else than the traditional models you know are very data center-centric.
Jenn: Right. Now it’s even just a matter of canceling a subscription, we don’t like this, this isn’t working for us, cancel the subscription to the service.
Babak: Right. And in the past, you make these monster Enterprise-level decisions that really committed the organization for realistically, five to ten years. Now there’s a lot more agility and it has its advantages and disadvantages, but I think the advantages in terms of being able to get the agility you need, get the simplicity you need, get the get somebody else to worry about all the minutiae, so you can focus on getting the results from your application. That’s all there and that’s one of the benefits of cloud and SaaS applications, but what it translates into, just by its very nature, by the fact that it’s not running in your own data center, by that very nature means that it’s distributed right, your applications are distributed and your users will be distributed and that’s the first difference.
The second is how diverse things are, if you think about the old days you have to mainframe and talk 30 to 70 communication protocols, and that was really it you know, you just had the mainframes. You know in the mid to late 1990’s essentially everybody started to get Internet connected and by early 2000’s and it was just a necessity. In fact the biggest transition the industry had made that evolved very quickly was the introduction of the smartphones, right? Android and iOS.
Babak: So realistically, since the dawn of modern computing from a business perspective, we’ve really had maybe five major operating systems that organizations have to secure their associated applications and many of which are cross compiled. But let’s say there are associated applications and then realistically running on one of major hardware platforms, “Intel.” So the industry had to secure just a handful of things that were fairly standardized.
Now you come to today and you not only have those five major operating systems, their related applications, but now you’ve got a staggering number that is exponentially growing of these purpose built devices, they’d use many different operating systems, many different purpose built applications, a lot of these are really limited only by the imagination of the folks who develop them, right? And when you stop and consider how marginal we have been at securing a handful of standards- based technologies, five operating systems related applications running on one major hardware platform, to look at what we face ahead of us with regard to what IoTs bring.
Just tons of purpose-built technologies, tons of unique operating systems with tons of unique applications, there’s a huge delta between that and they had really begs the question, how are we going to be more effective because we have to be more effective how are we going to be more effective in securing IoTs than we have been with traditional compute technologies?
Jenn: Yeah, that’s actually really an interesting and an important question. As a matter of fact, as a thing really scary is there were some surveys recently and surveys found that, for instance one said only 54% of people surveyed were completely confident that they had full visibility of their system and could identify every device on the network and we have people who are working in IT and security, they’re not even sure where all these devices are, they have no tracking system, starting there so how do you secure a system that you can’t even see completely?
Babak: Well, that’s a really good point that survey was done at a time where or when IT was responsible to approve every decision around what comes in to the network. They have to approve and they’re engaged. Nowadays with IoTs, these are all operational technologies, right? The building management folks buy the system and it comes in with tons of IoTs, a lot of times ITs do not even involved in that, so IT doesn’t even have awareness that a lot of this stuff is rolling and I give you an example.
One of our clients ended up buying a whole bunch of the standing desks. And you know it was motor driven — you press a button and the desk raises to whatever height you want, press another button it lowers. Well, each of these came with an IP address, so their office people, the office management came in and they just connected all to wireless network and what their desk did is provide information as to who is standing how long and then you can compare that to what their product productivity is on a month over month basis to determine if standing improved productivity and all the analytics crowd that’s out there.
Well, the IT folks had absolutely no idea that there were 4 or 500 connected to the network. So that actually makes your point. In comparison to what IT was just a handful of years ago, there is an order of magnitude or multiple orders of magnitude difference in diversification over what we had to deal with not so long ago. So that actually makes security a much scarier prospect.
Babak: Second point — so now you’re looking at these technologies that are very diverse. Another unique factor on Enterprise versus IoT is that for Enterprise technologies, you see these technologies have more juice, right. It brings the old analogy where they were talking about the lunar module, that landed on the moon, had big calculations capability of old Timex watch these days.
Babak: And in many instances it would get overwhelmed while the average, you know, mobile phone was many times the processing power of everything that NASA and government had at their disposal, so what’s interesting is that the IoTs are purpose-built technologies that you have to put out there on a distributed basis, there is a ton of them out there, so these purpose-built technologies typically have the juice and by juice I mean capability. Capacity, you know, C.P.U., RAM, network, connection storage, all of that good stuff, have the capacity to do just what they were designed to do and not necessarily more than that.
So when you look at you know your average laptop today, your I-5, I-7, the fact that my laptop’s got 16 gig of ram and it, but even at 4 gig, even at 8 gig, that’s rather significant compared to technologies like Smart T.V.s or thermostats or door locks or water heaters.
But by the way I just bought a water heater that came with the wifi connection, which makes the other point that it’s just rolling in but I know I mentioned a bunch of consumer technologies but ultimately the point is the same as it relates to Enterprise. So, these devices are purpose built, they don’t have a lot of juice and a lot of times these devices do really simple functions, on /off, open/ close right, but just because they don’t have a lot of juice, just because they perform simple functions, it does not mean that the functions they perform, are any less important right, think about pacemaker.
Pacemaker is ultimately an on/off device right but it can it’s really designed to help someone live or regulator valve in a nuclear power plant for a water regulator, it may be just an open and close function but those are all critically important functions. So just because IoTs perform simple functions does not mean that those functions are unimportant which means that you really have to secure this stuff, rather than say , wow, you know, like, I think I told this story last week podcast, that C.E.O. of the IoT company said :my devices aren’t smart enough to be hacked.”
And they were devices that talked on the Internet, so that is another factor that you know doesn’t matter if you’ve got a five dollar sensor or a several hundred thousand dollar Tesla or a multi-million dollar mining machine, ultimately you need to secure them very much the same and it turns out that they’re distributed and they all have different levels of processing.
Jenn: So if I understand this correctly, it really doesn’t matter how sophisticated or what the device does, they’re all equally at risk?
Babak: absolutely. and just because their function is simple doesn’t mean that they’re less vulnerable less exposed or less susceptible. So when you look at and compare Enterprise technologies versus like servers, desktops, laptops or even mobile phone that have a ton of juice and then you compare it to IoTs out there, IoTs may have limited capacity capability but their function is equally as important and needs to be secured.
So, Yes they may not be able to calculate this space shuttle’s re-entry trajectory but it does not mean that the function they serve is unimportant, when you look at how distributed things are, when you look at how diverse these technologies are and how purpose built they are and their capacity and capability, this introduces a new type of computing that I call Dependency Computing.
Ultimately, Dependency Computing is a form of computing where your IoTs and your applications have a co-dependency on each other. Your IoTs cannot service and perform their job if they did not have the application and the application cannot fulfil its role if it did not have the IoTs. So you’ve got this dependency model except the IoTs are distributed across many public and private networks and they fulfil a variety of functions and that application by virtue of how the cloud operates, and by virtue of the fact that these IoTs may be highly distributed is always remote. So this builds a type of dependency. So far so good?
Babak: the fact that the applications run somewhere else, means that the technologies that are fulfilling their purpose built function and the technologies that are delivering the application functional or managing interface with those are co-dependent.
So that’s the really one of the big differences in that your laptop can edit video, can play multimedia, you can create you know word processing or spread sheets, you could do a ton of things on your laptop, your IoT won’t do that, your laptop you can take to the coffee shop and shutout the world and do what you gotta do, it certainly could benefit from being connected but it does not have to be connected, IoTs do. That’s another big difference, so let’s look at lifespan.
The Enterprise lifespan is typically three to five years, every three to five years they kind of refreshed their technologies, but that’s a good solid average for Enterprise and that’s pretty much accepted. IoTs have a lifespan of eight to twenty years and a lot of these operate and a lot of these technologies operate on a single battery for that eight to twenty years and the objective is that look when you’re rolling out. You know, think of Maersk and Shipping containers right, that shipping container may have five, ten, twenty, different IoT’s in it, you know from temperature sensors to light sensors to you know motion sensors to chemical sensors, you know all of that stuff can be packed into the shipping container.
They’re not going to want to go back and deal with this stuff after a couple years and update or upgrade and all of that good stuff. They’re going to want to put it out there and get whatever use they get out of that container for the life of that container.
Eight to 20 year life is the standard for IoT. Three to five year life is the standard for Enterprise and there’s a big difference between the two. You know sometimes an IoT may be rolled out for a pretty decent chunk of somebody’s career and you don’t have to deal with that. Now compare that to how often we get new laptops for work, certainly a lot of time — I know for me you know I get it much more often than three years. So that’s a factor and where that really comes into play and this perhaps is a little bit of a nuanced point, perhaps where that comes in to really play is as it relates to on device security.
So, you roll out these IoTs and you try to install security on the device. Well, security needs to be updated and upgraded very often, updated on a very regular basis and upgraded at minimum every few years and you’ve got a device that has eight to twenty year life and limited horsepower, so you may be rolling out if you go with the on device security, you may be rolling out security for your technology that may be out there eight to twenty years, that may have a quarter to a half of the life of the actual device. So your security solution has a 1/4 to half the life of the device itself and you probably have absolutely no clue if an upgrade of that security solution is even feasible given the dynamic threat landscape we’re dealing with.
Jenn: Absolutely — and I think what you’re starting to hear about is companies that have all these IoTs out there and they can’t update, they can’t give the software upgrade or security upgrade. So they basically just discard them, just completely throwing money away rather than trying to tackle the problem.
Babak: Yeah, you’re absolutely right. I think that’s just going to be the norm. I think the cost of ownership factors as it relates to security and well as it relates to any aspect of the IoT, that’s distributed and may not necessarily be easily or cost effectively accessible. So the cost of ownership is probably going to be the most expensive part of dealing with that IoT that’s out there. Touching the IoT even if it’s touching it remotely is going to be expensive and upgrading, updating, managing that device is a rather resource intensive effort.
So again, cost of ownership, not just in terms of monetary value but in terms of time and expertise and risk, right What if you update, what if you upgrade, what if you touch that device and you break it where you’re going to have to go back and expend more energy to fix it, or what if you touch that device and you break it? What can we do with that break — it means you create this game, yeah you know that’s a really good idea — break it or break it. And we know you just came up with a new segment. Break it or break it, you know, tell stories about how somebody broke or break their IoTs.
Anyway, so that’s going to be a big factor and that’s going to be a really expensive factor in terms of dollars, in terms of expertise, in terms of time, in terms of agility in terms of simplifying your environment and being able to make it a sustainable environment, all of these factors weigh in and impact cost of ownership and or I should say the opposite, cost of ownership impacts all of those factors.
So that’s another big difference between Enterprise and IoT. Now. The one thing we’ve talked about is and the one thing I think everybody’s really heard some number about is the scale of IoT. Technologies scale of IoT.
Technologies are going to dwarf the scale of Enterprise and again, going back to the Enterprise grade. Enterprise used to really represent one of the biggest — if not the biggest — while IoTs are going to be significantly greater in number. So you know just like the analogy we drew up, you know Enterprise security is the gorilla that’s fighting IoT, which is a swarm of bees. It’s going to be tough to apply and price security IoT technology, and a lot of that is because of the scale of IoT. And I just want to maybe throw a little analogy right now, there is I believe roughly eight billion mobile phones out there.
And mobile phones are really ubiquitous, as everybody’s got one and you know when you look at tablets and mobile phones, and I think there’s an average of like 3.5 computing devices, I don’t know how old that stat is but people have multiple computing devices. Well you know IoTs are slated by between 2020 and 2022 to be at 50 billion. That is so many orders of magnitude, greater than what we today deem as ubiquitous, the mobile phone.
So that’s a big factor and the scale is significant and the way it’s happening is just like I said, it’s just rolling in, you buy a water heater it’s got a wifi connection, you buy a table, the table has a wifi connection or an IP address, essentially everything’s going to come with that IP address and you’re going to have to deal with that. So everything develops an attack surface, everything needs to be protected, everything can be a point of access into your platform or platforms so again, you need to deal with that and just dovetailing right into the scale factor is cost, right?
Given how much more complex IoT is versus Enterprise technologies versus the old way of doing things, Enterprises, by virtue of the fact that they’ve got so many devices in comparison to the traditional Enterprise tools, that they had are not going to be willing to pay Enterprise prices for technologies. There’s just so many more IoTs out there that, it’s just going to break the bank for even the most profitable organizations out there. So the new IoT scale is going to demand a new IoT Cost structure.
Babak: So let’s rehash today because we talked about a lot of stuff.
Jenn: Yeah we did.
Babak: Let’s sum it up for everybody. We talked about the new Enterprise and how it represents a completely different model for compute, it is no longer an office and data center environment and it’s even different from the cloud environment where only the applications are distributed.
We’re introducing a scenario where the IoT devices are also distributed, they may be mobile and even if they’re sitting behind a firewall, they’re still exposed there because you have some third-party application that’s reaching into the network.
I think that should be the topic of a whole podcast that represents thoroughly one of the big threats where people think they’re protected and they’re really not. The new Enterprise is distributed IoTs, distributed applications, distributed people. It also represents a much more diverse compute environment. You’re not dealing with a handful of, you know IOSs, in a handful of Standards-based hardware. You’re talking about imagination-driven hardware and operating system software and there’s really no limits to that, which creates a real challenge for organization.
Babak: But what it also does, is that since you have all these diverse environments, since you have all these different compute models, it requires organizations to build different silos of security, right? So if you have your offices and data centers you have to put your firewalls and threat management and content controls and all of that built to that whole security silo, then you have to build another one for each and every cloud instance, for each and every SaaS application, for each and every IoT infrastructure and all of these are different sets of tools, so it can be very overwhelming for even the most seasoned security teams — much less organizations that are resource-challenged or just can’t afford to, you know, buy all the tools that are necessary.
Right, so we’re basically talking about dozens of silos, it could really add up. It could really add up, and it does and for every new silo you add there’s an exponential level of complexity, by the way that should be another podcast topic. I hope you’re taking notes Jen,
Jenn: I am, we’re creating products are people.
Babak: So the different IoTs, the different clouds, the different SaaS, the different platforms, really represent a new challenge. We discussed resource capacity and capability of the various technologies especially IoT. IoTs typically don’t run Intel or at least not the Intel that we’re used to, their purpose built hardware and they have a specific function they serve. A lot of IoTs just do one thing as we discussed, it could be on or off, it could be open or close, but that’s still a very important on or off as we talked about, a pacemaker for example.
Babak: All of this put together, represents a new approach to computing we call a dependency compute model, which means that the application and the IoTs are co-dependent on one another, the dependency model really changes the game. We also touched on the lifespan of technologies, how Enterprise technologies are three to five year lifespan and the IoTs are a whopping eight to twenty years.
We address scale factors, the scale of IoTs is many orders of magnitude greater than anything we’ve seen in the Enterprise side and that is one of the most prolific differentiators between IoT and Enterprise, just the sheer volume. We touched on power and energy consumption and how some of these devices that are battery operated can function for their entire life span on a battery, but Enterprise technologies and up, you know having access to unlimited power, in relation to security the challenge that this poses is that if you have devices that are constantly attacked, that are part of a system you use that consists of many devices, the devices that are constantly attacked are going to burn through a lot of power. Security is one of the most expensive– if not the most expensive– utilizers of resources on the computer or under the IoT and it causes it to burn through a lot of resources and this creates a challenge where some of your eye IoTs may end up having a significantly shorter lifespan then other IoT..
Jenn: So the actual security, if like defending the IoT is more resource intensive than the actual task the IoTs do in many ways.
Babak: Well, it depends on what the task is, we don’t want to make some hard and fast statement, but in general when you have to defend yourself. You have to protect yourself, that’s a very resource-intensive process and ultimately IoTs cannot do a very good job of it because they are resource constrained, they can only do so much before they keel over. So what that means is that the IoTs that have the shortened lifespan, you either have to do without them and assume that OK, they’re gone and you considered a throwaway and if your application can handle that.
Then you’re going to have to do a planned maintenance and if you’re dealing with distributed IoTs, that could be a very expensive process.
So the next challenge was cost of ownership, where you have to touch the device, update, upgrade and this represents probably the most challenging factor that organizations have to deal with, which is OK, what happens if I have to touch the device. We created the term break it or break it which I really like that term).
But cost of ownership touching the device is very expensive. So that creates a whole new challenge especially for distributed IoTs. Net of the conversation today is that the term Enterprise grade has to step aside and make way for the term IoT grade.
IoT is the new Big Daddy and it’s completely different, it’s made up of billions of little devices but it poses a much more complex set of challenges than Enterprise security does. So you can learn more about this topic by reading our blog “showdown Enterprise versus security” in the blog section of our website at “acreto.io” A C R E T O dot IO.
When you go on to site, you’ll also be able to download an Enterprise vs IoT infographic and then visualize a lot of the things we’ve talked about in this conversation. So that’s it for the show, stay tuned for our next show on how an increased security spend often leads to less secure environments. Be sure to look us up on the web on acreto.io, on Twitter at acreto-IO. and on Medium at medium.com/acreto.
Thank you for joining us on behalf on Jennifer Perez Harris, I’m Babak Pasdar and we look forward to catching you on the next show.