Intel Corporation (INTC) Earnings Call Transcript & Summary

Hey. Welcome, everybody to this exciting roundtable discussion at the SecurityWeek 2021 Supply Chain Security Summit. Really honored to have some executives from Intel here to present. There's probably few organizations that are closer to the supply chain issues and challenges than Intel with such a global footprint with organizations and manufacturing and all around the world, so really happy to have you guys here. I'm going to introduce our panelists today. Our moderator is Camille Morhardt. She is Director of Security Initiatives at Intel Corp. She is joined by Tom Garrison, VP and GM of Client Security Strategy and Initiatives at Intel; and Jackie Sturm, VP and General Manager of Global Supply Chain at Intel. So welcome to the conversation. Really looking forward to this. And thanks for joining us today.

Thank you for having us.

Thank you.

Yes, thanks, Mike. We often separate supply chain as incoming from product development which we consider to be outgoing. And there's this invisible point, depending on where you sit within a corporation, where you're either focused to your left on your own supply chain or you're focused to your right on your customers. And I don't think we have enough conversation about the relationship between securing the supply chain and security in product development, so I feel very fortunate that we have both Jackie and Tom here with us today to have that conversation. Both of them have been with Intel for over 25 years, and Tom has a background in the product divisions at Intel. He's run groups in both server and client, and he's now responsible for client security strategy. And Jackie, also with Intel for over 25 years, is -- joined the supply chain 11 years ago and runs global supply chain operations for Intel. And prior to that, she was in finance, most recently Chief Financial Officer for Intel's technology manufacturing group. So welcome, Tom.

Thanks for having me, Camille. It's great to be here.

And welcome, Jackie.

Thank you, Camille. Glad to be here.

So I want to get into how supply chain and supply chain security have changed over the last even couple of decades and more recently, but before we do that, I can't help but ask Jackie one of the biggest disruptors ever to global supply chain in the last year that we've all been living, COVID. What was it like? What is it like? Of course, it's still ongoing.

Well, it's a great question, Camille. And 2020 has felt like this roller coaster that we just can't seem to get off of. COVID has tested our business continuity frameworks and employees at a pretty extreme level around the world. At Intel, fortunately, we have a lot of experience in designing for resilience in the case of the inevitable catastrophes that routinely face supply chains, and that framework and that process have served us very well in the past. I'd just like to give one notable example about a disaster that many in the supply chain may recall because it's almost exactly 10 years ago when I was in Narita airport in Japan as the most powerful earthquake in that country's history struck. And our business continuity program and our training rapidly kicked into gear, and because I was out of the country, my second in command immediately took charge due to a structured rollover process. And I, on the other hand, began phoning our suppliers from the tarmac to ensure that we had access to the epitaxial silicon wafers, of which 50% of the world's supply is manufactured in Japan. We wanted to, both of us, prevent disruptions to our operations; and we had a process and we were prepared, just like boy scouts, to address the issues. Thankfully, we were able to avoid any financial impact as well as any meaningful disruption to our customers. And that was because of the immediate response from our supply chain organization, which was prepared through our standard practices which include detailed plans, routine drills, training and a robust after-action assessment process, but COVID brought a whole new wrinkle to disruptions. And that was the unprecedented set of successive waves that continuously roiled our global supply chains. Normally, although they can be major events, most disasters that supply chains face are bounded in some way or another maybe by geography or commodity category. Maybe it's a trade issue or an economic issue or even time. And that gives teams opportunity to assess and institutionalize the key learnings after the disaster has been resolved so they can be ready for that challenge in the future. What we observed with COVID, though, is although it started in China, it quickly rippled throughout Asia and it didn't stop there. Then it went into Europe, and subsequently it made its way to the Americas. And most supply chains really just weren't able to regain their full equilibrium because we were constantly jumping from one issue to the next. And that included major issues like governments shutting down; determination of whether you and your supplier constituted essential business; commercial travel being canceled en masse, which resulted in about 90% of the world's cargo capacity going offline; suppliers not being able to enter their factories or offices; and so on. And the chase for personal protective equipment was just one example of the unusual nature of this disaster. We sourced worldwide to find the huge quantities of masks and gloves that we needed daily just so our factories could be allowed to operate even at the lower levels. We tracked them down in South America. We thought we had a deal and then somebody else swooped in with cash and picked them up in person, and the chase was on again. I'd have to say COVID has not been your garden-variety disaster.

So is it too soon? Or since it's still ongoing, are there -- have you had a chance to step back? And do you have any takeaways or key learnings from it? Or is it just kind of an ongoing nightmare that's not -- without an ability to look back and have anything to take away from it?

Well, I actually am keeping a list of learnings because there was quite a lot to learn from the pervasiveness that has been COVID. And we're still learning, but I wouldn't say it was a nightmare. Or it's not -- it doesn't continue to be one either. While we had a ruggedized framework going into COVID, it was really our people who stepped up to the plate. Because they were so prepared and dedicated to enable an urgent response to support our customers, they have moved heaven and earth to deliver. We activated our command center, which is a preexisting framework. And we triggered major charter commitments back in the January and February time frame, I think, before many supply chains recognized the challenges because we saw signals going on in the environment that concerned us and we wanted to get ahead of it. We also have a pandemic leadership team in the corporation, which I doubt many companies have, and we started that 15 years ago during the SARS pandemic. And that was activated and highly focused on ensuring that our employees and our supplier employees could be safe if they came into the office. So we had a number of mechanisms that were already in place, and through the waves that we experienced, our people played a critical role of helping step up to orchestrate our overall ecosystem. And that could have meant we needed to work with our suppliers to drive their specific responses as they were working to understand if they were classified as essential; and what kind of authorizations did they need, for example; or determining whether we -- volume demand was still going to be there. It might mean working with governments around the world to establish the mechanisms that allowed our products to be made, transported or delivered; or other activities that were required to allow us to continue to operate. As well, most of us were working remotely for 10 or 12 months of the year. Our people continuously impressed me with their ingenuity throughout. And the thing you have to have going on in a disaster is employees need to be empowered. They need to be able to act without going through a tremendous amount of hierarchy for approvals. And what they did -- as you know, Intel is an engineering company. Our people are used to solving problems. They cut through bureaucracy to ensure that we could get products to our customers and keep our workers safe. One example that I think is really cool is we enabled artificial reality and virtual reality devices in our factories. And we did this very quickly once we realized that this was an opportunity to have our supplier technical leaders train our team remotely so that we could maintain equipment that otherwise couldn't be maintained because suppliers couldn't travel to our sites. And I'm talking about equipment that might be worth tens or hundreds of millions of dollars and was critical to our operations. By using virtual reality, we could get our worker remotely trained by the expert at the supplier site thousands of miles away; and preserve the warranty agreement on the equipment, which is a pretty big deal if it's expensive equipment. That kept production running and critical maintenance continued. Interestingly, this had been in discussion for relatively long time prior to COVID striking, but in the vein of never letting a good disaster or a good crisis go to waste, we were able to quickly implement this as a mechanism that allowed us to keep operations running effectively. And I am expecting that it will continue even after COVID has become nothing but a memory. So there's a long list of learnings and we continue to document them, but I'd say the people being empowered and ready to go, prepared with good training and infrastructure that supports rapid response, is one of the most important learnings for any supply chain.

Yes. And it sounds like you were willing to test out new kinds of technologies or technology that you hadn't put into full use on the fly as needed to make changes, so I want to ask. You've been working in supply chain for quite a while. And I want to ask how securing the supply chain has actually changed; and what it looked like, we'll just say, a long time ago; and what it's looking like now, some of the more recent trends.

Yes, that's a great question because, frankly, to secure a supply chain, you need to be prepared for any kind of disruption that might occur. And over time, that has changed, but in some ways it's remained the same. If I think back 25 years ago, one of the biggest concerns for Intel was just physical security. Microprocessors are small. They're easily stored and transported. They were expensive; and they were a high, high-value target. And as a company, we had to figure out how can we protect our shipments because they were being highjacked on the road by bandits, even armed with machetes in the mountains near Québec, just as an example. We were having them stolen at international borders or being stolen and then substituted with inferior counterfeit parts that we didn't realize until they got to our customers. And these are real examples just among a few. At that time, we looked at the root causes. I mentioned we like to do engineering problem solving. So we looked at root causes. And after we understood the underlying limiters, we started designing a variety of protocols borrowing from military, borrowing from other proven methods; and put them into our logistics security program. And because those methods were so effective, other like-minded industry partners started talking with us about how they could implement those as well. And working with those partners as well as the transportation industry, we formed the Transported Asset Protection Association, also called TAPA, whose mission is to drive actions and standards to minimize cargo losses from supply chains. Those standards still exist today and are very much in use in transportation circles to enable that physical security that we all need. Now in the past 5 years, we've seen the focus shift from the physical domain much more to the digital, and we're seeing new threats emerging daily around cybersecurity. Bad actors are clearly increasing in their sophistication, and they're also targeting larger institutions and companies and looking for portals to access. One area that suppliers are vulnerable with is we have a lot of digital interchange with our suppliers and those access points can become targets for malware, IP theft or spoofing attacks. And not only can that enable access to the critical information of the supplier, but it can potentially give access to customer data as well, so we're seeing a lot of companies trying to insulate themselves from cyber risks due to malware or ransomware, for example, by placing an increased focus on using trusted and validated components to ensure that the complex integrated systems that run the digital infrastructure are protected from compromised hardware at one stage. And over the past 52 years at Intel, we've developed an ongoing ruggedized operating model so that we can address general security threats. And what we found is, whether it's physical or cyber, supply chain risk management still comes down to the same practices. You need to do risk assessment. You need to align on expectations with suppliers, what's the response going to look like, how quickly must they notify us, for example. You need to monitor and reinforce where there might need to be additional rigor or root cause analysis. And then we need to do the diligent sharing of what we learn and build those solutions into our processes. These efforts drive actions to enable security at multiple levels through our supply chain, and we document requirements in our contracts and in detailed playbooks for how to respond to threats. And to ensure that we can also get the end-to-end supply chain, we work closely with our counterparts across the company, in the product groups, in the factories, closely with IT and HR, so that we can ensure that supplier-based issues don't become the weak link for Intel's overall security profile, whether they're physical, logical or digital.

So I'm going to ask Tom a question because he's in the product portion of Intel getting product out the door and has a lot of experience working with customers. And I'm just wondering, Tom, who cares? Do you -- is this -- do you pay attention to the supply chain side of the house, everything that's going on, managing? Or as long as that's flowing, you don't need to worry about it.

Well, I wish it was that simple. The reality is, of course, we care because, without a supply chain that's productive, you can't build product. So that's, first and foremost, one of our concerns, but beyond that, if you listen to the concepts of what Jackie is talking about, there's no reason why the supply chain stops with us. So as a product, what we want to do is take all of the learnings that we've had in our supply chain and extend those now through our products out to customers, end-customers. And so we extend the supply chain literally all the way to the end customer, if we think about it that way as an industry. That presents a significant amount of value actually. By now you understand that the CPU, of course, is important. And the individual ingredients are important into a platform, but now how do you think about the platform itself? And is it safe? Are -- the components that are on that platform, are they actually the components that you expect to be there? We've heard about cases where devices were substituted out, whether they're being for counterfeit reasons, which introduce quality risks and security risks; or for just blatant security attacks. So how do you know? And then also, once the device makes its way to a customer, that device needs to be continually updated to make sure that it's protected against the latest, greatest attacks. And that update mechanism is something that has existed now for years but isn't necessarily in practice by customers, and so we're working to make it easier to understand what is the security posture of the device to make sure that it's been updated, to make sure that people really know what is going on with the machine. If you think back. As an industry, we spend a lot of time and energy making sure that the human sitting at these devices are real. We do multi-factor authentication. We do biometrics, those kinds of things, to make sure the person really is who they say they are. What we need to do is realize that that's only half the equation. There is the other half, which is, is that device really the device you think it is. Is it safe? Has it been updated? Are we sure that it hasn't been tampered with in any way? And that's where a supply chain comes into effect. And that's what we at Intel are doing with the industry, to provide tools and easy-to-use solutions so that you understand what is the state of the device at any point in time.

And do you think that end customers care about this now?

Well, we know that the one -- the people that have been educated about it do care. So we know the level of importance of security in general, cybersecurity and also supply chain security when it comes to the devices is high on those people's minds. What we do see in the industry, though, is a bit of a feeling of being overwhelmed, right, where there's so much talk about security in general. And there are so many companies out there promising to solve every problem, that there is a bit of fatigue. In our case, when we talk through the value of understanding the state of the device and things like firmware -- has the firmware been updated? Is it the firmware that you expect on these components that are in your PC or in your server? Customers say, "Yes, that makes sense to me, but I'm really busy. I need it to be simple." And so yes, on one hand, they care, but on the other hand, they're really, really busy, so this is the opportunity we have to provide tools that allow them very easily to see the state of the device, understand, if it is vulnerable, what is it vulnerable to. Do I even care about that vulnerability? That's number one. And then number two, if I do care about that vulnerability, how do I fix it? Can you get me to the point where I can just easily grab the fix and be on my way? And we also want to do that on an aggregated level. So you don't want to -- as an IT person, you don't want to be solving Camille Morhardt's PC security challenge or Jackie Sturm's PC. You want to be doing this at a fleet level, and so being able to plug in to existing management solutions that -- fleet management solutions that can do this in an automated way is another important aspect. So yes, they care, but there is an awareness angle as well because there's so much fatigue around security. So we need them to be aware that these tools do exist. It's something that is relatively easy to implement. And when they do that, of course, they're raising the security posture of their entire fleet.

So I want to ask also about corporate responsibility and a little bit of a shift here. And Jackie, you've spent many years in finance as a controller in the high-tech industry, so I'm sure that you come at things with a financial lens as well. And so I'm wondering. Does that adage actually hold, doing good means doing well?

Absolutely, Camille. Doing the right thing, to me, is just plain, old good business because it's how you anticipate and deliver what your customers need and want. Sometimes it's before they know they need it and want it, but it's just a good practice to be proactively trying to understand what those needs of the future will be. And I think it generates returns. One example that I would cite in our history: Before we started talking about responsibility per se, we began a focus on quality maybe 30 years ago. And some people said, boy, that's too expensive. Or it wouldn't be important to customers, or the big point was that people wouldn't pay extra for it. Today, I think, for all of our companies, we know that quality is an absolute expectation from all of our customers, and the same is beginning to hold true for responsibility. I think of a responsible company as someone that the customer can rely on to deliver the products they expect, just as Tom was describing, and ensure that it was manufactured in a way that incorporates all of the highest standards of quality, security, human rights and sustainability. People want to be proud of what they own and what they buy, and that definitely holds true for our major customers and our stakeholders. And I would describe responsibility now as not a nice to have or a charitable thing but a mandate from our stakeholders. And to give you an example. About 80% of Intel's revenue comes from direct customers who are fellow members of the responsible business alliance, which Intel helped cofound. In the past year alone, just from those customers alone, we've had to field well over 100 questions about Intel's security profile and practices, our sustainability efforts and our commitments to human rights, among others. And these expectations are not limited to our customers. We have shareholders. We have employees, the communities we operate in. We also engage with regulators and suppliers, and all of them are having similar expectations for how a responsible company must operate to maintain its license to operate and to serve its customers. I think it's kind of interesting too that there is an increasing number of socially responsible investors who are highly activists in working with companies to ensure that they are responding to need that in the world. And for companies who are looking for access to capital, for example, it would be important to make sure that their practices are compliant with what those SRIs are looking for. If you're selling product to 18- to 24-year-old customers, they believe it is a critical factor that the products that they buy have been responsibly manufactured. So I look at it as, by doing the right thing and translating those things into what's good for your business, we serve our shareholders. We provide environmental stewardship and we positively impact society. One of the founding principles that our founders made back in 1968 was that Intel wants to be a great corporate citizen while also being a great profit-making enterprise for our shareholders. Companies who figure out that balancing act are able to compete at a higher level, and they really differentiate themselves in the eyes of their customers. Probably the biggest trick is to get the tone from the top, as we did from our founders, that recognizes that not only can these things be done together. They must be done together if we're going to continue to be viewed as the industry leaders that we aspire to be.

Well -- and I imagine a lot of the goals that you need to set within corporate responsibility can't, by their nature, be unilateral because, if you take it even at the individual level, if you decide that your own household is going to recycle, it's not going to make a global difference unless you can get a bunch of households to participate in that, maybe even the vast majority. So can you talk about the role of transparency when it comes to corporate responsibility? Because I imagine, once you put out your goals, you're going to have -- you're going to be held accountable by the rest of the world and not only just to the progress but also to the level of goals that you're setting for yourself.

Yes. Transparency is actually a huge enabler in achieving big goals for us, and it plays a large role in achieving our corporate responsibility initiatives. In the challenges that we're taking on in CSR, just for example, and similar to what we did with quality, we know what we want the end state to look like, but sometimes the path to get there isn't quite as obvious. But when your CEO gets on stage at CES and pronounces that we're going to eliminate all conflict minerals from our microprocessors or that we're going to achieve full gender parity in the company, that transparency and visibility really helps inspire and motivate employees. And it empowers us to innovate in new directions that we haven't attempted before so that we can build momentum and drive those results. Now one thing I want to say about transparency is it can also be uncomfortable. When you show your data openly, if you haven't made the type of progress that you anticipated, it can be very uncomfortable, but what we found is as that engineering mentality kicks in, if we can embrace the data and publicly illustrate it, it helps us because then we can start to solve the problem based on the real data. And transparency forces us to think about things in that way, so then we can identify the right root causes that come from the issue. And from that unflinching evaluation of the data, we can improve. And our progress can be measured against something that we put forward, and that helps create a positive tension between our goals and our specific actions. Transparency and corporate responsibility applies to not just ourselves. We also apply it to our suppliers. We expect them to adhere to our CSR requirements that we lay out. And we also work with them to train them on how to comply, what compliance looks like; and help them along the path. Sometimes, though, you find that you have a reluctant supplier. And so we work with them as well to develop targeted action plans, get well planned so that they can resolve the gaps around that shared data. Sometimes, though, if we find that ultimately they aren't improving through this structured process, we have protocol to transparently name those noncompliant suppliers in our CSR report, which is a pretty widely read document. And when we started this process, we had in the 10 to 11 number of suppliers who actually wound up being listed in our CSR. It's been at about the 9 level 5 years ago, but I'm glad to say, through some of the positive tension that this transparency has provided, we've been at 0 suppliers who had to be named in this report over the last 2 years. And I'm expecting it to look something like that in the 2021 report. When I talk about our goals for responsibility and inclusion and sustainability, we're aiming at global challenges like health care, climate change and education. And just as you described about recycling, no single company, no matter how well intentioned or resourced, can solve these kinds of issues of this scale on their own. It's going to require an ecosystem-wide approach, which is another reason transparency is helpful. When we helped cofound the Responsible Business Alliance, we brought like-minded companies together because we had transparently shared the human rights challenges that we were all collectively facing and we thought it made sense to get together. And that coalition enabled standard setting, open sharing of best practices. And by doing that, we helped create an improved path for our supply base so that they could adopt more consistent, responsible and sustainable approaches; and reach more companies because we were working together rather than each of our companies inventing our own approach. So I think transparency is a mechanism that allows you to showcase where you're going, create positive tension and support engaging others who care about some of the same issues.

Yes. And I want to ask Tom about sort of a similar or maybe parallel kind of transparency. I know, last week, Intel released a product security report. And this is disclosing essentially the types of vulnerabilities that are found and how they're found. So Tom, what's your perspective on that kind of transparency, transparency of vulnerability?

Well, we think it's fundamental to having safe platforms you can trust. So we invest within the company. We invest significantly in our own internal researchers, and our security researchers are among the best in the entire world. And they go after every one of our platforms and they try to find security vulnerabilities. And when we find them, we fix them; or we mitigate them, to use the term. We mitigate those vulnerabilities and then we validate the fact that those mitigations work properly. And we partner with the OEMs, the device manufacturers. And then we push that out to customers. We don't hide them. And so we invest significantly because we know that we need to try and stay ahead of where attackers might be going after our platforms. So that's number one, but number two, we invite the industry to do the same with their products as well. So we publish. As you said, last week, we just published our annual security report, where we disclosed how many vulnerabilities that we find. And also not just our own -- with our own researchers, but we work collaboratively with ethical researchers and around the world, in universities and other companies around the world through our Bug Bounty program. We will actually pay people to bring vulnerabilities to us and work with us through the process so we can disclose them in a responsible manner back out to customers. So we think it's a really important aspect of being responsible when it comes to security. You need to continue to invest in security, make your product as good as you can. You need to also communicate out. When you find things, communicate that out to customers so that they know that there are potential vulnerabilities that are out there; and of course, the mitigations that go along with that, so that they make sure that their platform has been updated and they're safe and secure. But in the end, companies that are investing like we are give the consumer -- and the corporations that buy our products, they give them a better, safer product. And that's what we think is so important. Through this transparency, we can show with real data that we're investing here and that these platforms are being updated in a way that keeps them safe.

Yes. It's interesting. And coming back to supply chain security, Jackie, what over the next decade or maybe even just the next 3 to 5 years do you think that those of us in industry should be focused on or paying attention to when it comes to securing the supply chain?

Well, I think the next decade is going to be significantly riskier than the last several. And all of us are going to really need to be on our toes as smart hackers leverage increasingly powerful tools to outsmart our protections. As individual companies, we need to do it as we've always done in managing risks. We need to leverage our strong operational frameworks. We need to have an empowered team with a learning mindset and to be resilient and to respond quickly as new threats emerge. I think we'll need to focus on 3 key areas. This is what Intel is doing: our prevention as our first line of defense. And that's where we can protect ourselves against the known vulnerabilities using firewalls or existing security standards as they evolve, but bad actors are constantly working to outsmart those systems, so rapid detection is the next layer of defense to identify novel attack vectors. Using sensing tools to parse through structured and unstructured data, using advanced analytics and artificial intelligence to recognize anomalies and emerging threats to the supply chain will be key elements. And ideally, once we identify those things, we'll be able to patch and protect against them before they negatively affect or infiltrate our systems, but if we're not able to do so, we all need to have that last line of defense, which is an urgent response mechanism. And with the growing complexity of threats, cross-company actions are going to be needed with the product groups, with engineering, with IT, with HR and corporate emergency responses so that we apply all of these techniques together so that we prepare ourselves for potential attacks. We need to use drills. We need to do robust training for how to detect issues; and then be very, very disciplined in those after-action assessments. This is not rocket science. It's not a new set of techniques. And you certainly can't protect yourself from everything, but you can be prepared to respond. And smart supply chains are already doing that today, and they're shifting their focus to encompass more around cyber and learn from what's happening in the marketplace. Also, it is important to collaborate. While each of us can do our part to secure our own supply chains, we know from the challenges that we've observed in 2020 that there's a great level of interdependence and reliance on our collective set of supply chains around the world. And so some level of standardization along the lines of Compute Lifecycle Assurance, the program Tom and I introduced last year at this event, is one critical element to ensure that we're using high-integrity infrastructure tools that can tell us if they've been compromised before they affect our ability to deliver products or generate additional vulnerabilities. Further, strong collaboration frameworks so that we can quickly share and report security events and the methods that we're using to our key stakeholders or counterparts so that we can have faster responses and recoveries from cyberattacks will help streamline our collective ability to harden vulnerabilities that we identify. And I think security methods and expectations have to be aligned with our suppliers, just like we've done in responsibility, so that we can eliminate some of the weak spots in our end-to-end supply chains. And last, continued public-private partnerships are vital to safeguarding the overall sovereign digital infrastructure. So if we take these actions together, corporate and ecosystem performance will enable a much stronger, faster response; and allow companies to operate with the speed and confidence that will be required of the supply chains of tomorrow.

So as we move into this kind of cyber protection of the supply chain, I want to ask. Tom, I know you've -- I know on our Cyber Security Inside podcast you've mentioned that sometimes -- even when partners or customers understand completely the importance and value of cybersecurity, that there's still another gate, right? The rest of the C suite or the Board of Directors needs to also appreciate that value. And that's not always an easy story to translate, so do you have any advice or anything that you've heard that's kind of been working in terms of passing along that story and helping it stick?

Well, unfortunately, there's no silver bullet here. What works for one company doesn't necessarily work for the other, but it is a sad statement when you talk to people and they express that what we're delivering to the industry is valuable and yet they can't get it through their company. And when we ask, "Well, what would need to happen for you to change what you buy or how you buy it?" their answer is, "Well, we have -- first, we'd have to get hacked because then we would get the attention of the Board. Or we will get attention of the C suite." And that's a pretty sad statement, so what we're trying to do now is just communicating that other companies are in fact going down this journey with us of transparency; and understanding their platforms, whether they be server platforms or whether they be client platforms; and sharing that this is something that is responsible and leading companies are doing it. And the more companies that come onboard that will talk about the fact that, yes, they are in fact thinking about security in the way that we're talking about it here; and understanding devices down to the level of details about what components are in there, what's let's say the firmware and other elements of the software on the platform -- once they understand that the company down the street or their competitors are doing this, we think there will be more and more momentum around this trend. And the good thing that I would say is that, for me, it feels like we are making progress, although it's not as fast as we would all like. We would all like this to be going much, much faster, but we see -- on the data center side of our business in Intel, we see a vast number of cloud service providers that are mandating Transparent Supply Chain tools that we deliver as a requirement for their infrastructure. You cannot put a server in their data center unless it has Intel Transparent Supply Chain tools because they know the value. They know how important it is. And similarly, on the client side of the business, the client side now, we have production available solutions that are out there in the market today that, people, if they care, they can go and buy this. It's not just an idea for the future. These solutions exist today. So we are definitely making progress. It's something that I'm confident we're doing the right thing and that this will become just an expectation in the future, but as we go through this together -- I personally walk away -- and I know, you and I, we do -- when we do the podcasts together, we're talking about all different angles of security, but this is an area where people's understanding is continuing to grow. And I think, as people become smarter and smarter about it, it will become, "Of course, I want this. Of course," and that's where we're at right now.

So this has been just really a fascinating conversation. And I think that we're going to need to get Jackie on some podcasts because I have about 35 more questions, but I just want to thank you both for...

No, it's true. That is true. And I think podcast is one of those things too where we can get into some of the stories as well. And there are some -- I've worked with Jackie for a long time; just amazing, amazing woman. And -- but the things that she's had to go through from the supply chain perspective is incredible, and I agree with you. It would be great to get her on, and we can -- I think we can learn a lot from what she's been through.

Well, sign me up.

Thank you both for joining today. I really appreciated your insight and had fun having a conversation with you today.

Thanks, Camille.

[ Thank you very much ], Camille.

[indiscernible], everybody. And Jackie, thank you. Tom, thank you. And Camille, thank you. We really enjoyed it. On behalf of SecurityWeek, thanks. And we'd love to keep you in mind for podcasts as well, so keep in touch. And we hope everybody in the audience got some good insights and ideas and visibility into some of these things that happen. So thank you all. We look forward to future discussions.

Thank you.