>>Hello. And welcome back to the cubes coverage here. Live in Las Vegas for 80 bucks. Re-invent 2021. We're in person been two years since the cube has been on the ground here at a live event, it's a hybrid event. Check them out online. AWS has got to reinvent site as well as cube online. I'm Jennifer, your host got a great guest here from Latin America. Honeywell is VP of Latin America for AWS, a lot of global change, but the regions, a lot of great stuff, cultural integration. If you will, a skills people all around the world using cloud compute. Jaime's great, but coming on the cube. Thanks for coming on. >>Thank you, John. Thank you. It's a pleasure to be >>Here with you. Um, I wish I could speak in the native tongue, but I can't. I ended it, but I know online there's some special rooms that people have on the cube sites. So a lot of tech, a lot of cloud native in the world, I'm seeing Latin America and all the events we've done had great participation in the cloud ecosystem in Latin America, a lot of young talent, a lot of things happening. What's what's going on. >>Well, as you can see around us today, a lot of things are happening in the cloud. We are in this inflection point in the industry of technology that is accelerating innovation, accelerating transformation all over the world. And obviously Latin America is not an exception. We're seeing this momentum. We're seeing large enterprise companies leveraging the cloud to transform their customer experiences, to drive innovation. We're seeing startups to drive competitiveness and try to compete with the world. And that's also enabling a lot of younger generations to move faster, to innovate, to dream big and drive new ideas. So you're seeing that same momentum in Latin America, all across the region. But this is the one John and we, and we are seeing this happening for many years ahead. >>You know, I love inflection points and I've been saying this and just wrote a blog post about it on siliconangle.com that we are now at another inflection point where cloud is going next gen, where in any kind of revolution, every inflection point, this cultural revolution starts with the young people. And I've never seen an impact with Kubernetes and microservices and the modern approach of the younger generation. It's like if I was 20, that'd be a kid in the candy store. What I don't have to build land is there for me. I got to don't have to provision any servers. So the I'm seeing an impact for the younger generation around cloud and it's global phenomenon. What's what's going on in the younger talent in Latin America. Well, >>Let's just say, I mean, generations see inflection as opportunity, opportunity to make new things happen to, as I said to dream big and actually enabled their ideas to become a reality. And that's where you're seeing all across the region. You see this in Brazil, you see these in Argentina, you see this Columbia, Mexico, largest startup communities that are competing with the world. And you have, you know, we have an example like Newman that was here this morning, like started seven years ago, 2014 with a view transforming the financial services experience. That's where we're seeing all across Latin America, because >>The young kids slinging APIs around with containers. Now you've got the container movement. We had a great showing from Brazil and our DockerCon event. Um, net, very notable, um, intelligence coming out of that area. Amazing young talent. I'm just blown away by the, by the work, but in the region itself is still transformation. So I know you're, you're well known for doing really big deals at AWS. Uh, I can say that big banks, multimillion dollar deals. So there's growth there there's existing business transforming while new entrepreneurs are coming in. It's kind of a best of both worlds. What's the, what's the growth look like. >>Uh, as you mentioned, very large enterprises understand that the cloud and a transformation of culture is going to allow them to innovate them, to have loyal customers, every large enterprise customer. We're thinking about different ways to contact their customers, transforming the experience you're seeing customers like like Bancolombia that are migrating their legacy systems into the cloud in order to make faster decisions, to increase agility, to increase innovation and lead their people. Because at the end journey is all about the people that their people build on behalf of their customers and transform their experiences. >>You know, one of the things I noticed during the pandemic, and I'd love to get your reaction to this because I know you're living that as well every day, even before the pandemic, but since everything went virtual now hybrid, you're seeing a very low friction point to get in and collaborate. There's almost a new social construct, connective tissue between no boundaries. So you can have an event like here at reinvent, we're in person, but yet there's an online community digitally engaging. So we're starting to see cell formation where people around the world are getting together. How has it impacted how you manage and how you engage with your customers in your region? >>Well, as I said, it's a combination of many things. Our customers are still like people in person. That's why we have our business in Brazil. We have obviously in Argentina, Colombia, Mexico, Costa Rica, Peru, we still have presses. There we are where we work very close with our customers. We understand they need and what they want to do. But now, for example, during the last two years, I've had the opportunity to leverage in technology, be present in what we call virtual trips in most of our countries full day experiences. And I have to tell you at the beginning, I was concerned. I didn't have the opportunity to meet some of these people before today. When I see them in person here in re-invent this like, as if we had met from four. So as you say is the hybrid experience that allows us to be in-person with our customers, with our partners across the region, but also in a remote base, having the opportunity to build the same relations. And that's what technology is enabling better experience, faster innovation and moral agility and growth all across Latin America. >>So it's one of the things I talked to Adams Leschi about before reinvent a week ago, um, on a bank exclusive interview with him was he was very adamant about the clouds expanding everywhere. Honestly, you've got the edge in manufacturing, ADP percent everywhere, but he mentioned the regions, the continued growth of regions. It's been 10 years since Latin America. How's that impacted what you got going on there. And what's next from a region perspective. And how has that changed the landscape >>While you're touching? John is probably the most important thing we're seeing. You're absolutely right. We started 10 years ago, December 14 in Brazil with an office and a region there Caesar will launch offices in most of our countries. Now the important thing here is how our technology is enabling our companies, Latin American companies. We have 17 million companies in Latin America be more competitive. You know, some examples, I just mentioned Nubank, but we have that is competing with very large companies. You have Bancolombia you have GBM in Mexico. So what we're seeing is our companies be able by leveraging the latest and best technology to compete with the world and to drive that competitiveness that we need. The other thing about talent. If we enable and empower our Latin American talent or builders to build these new experiences, that's, what's going to allow the region to accelerate their growth, their competitiveness, and their social benefits. >>It was interesting too, is that you can see from the trends to do that. You can do it really fast now instantly. So it's, it's an amazing opportunity. Um, I gotta ask you while you're here, cause I'm really curious. I'm sure the viewers will be as well. What's what's going on in Latin America from a trend stamp. What's the vibe like? What's the, what's the environment like what's the, what's the mindset like there in those regions, from an entrepreneurship perspective, from a cloud enablement perspective, a cultural perspective, what's your report? How would you report on that? >>First of all, we're seeing the cloud accelerate all across Latin America. And I, and as I said, it's really day one for all of us. The other thing is that our customers are understanding that digital transformation is not a technology transformation. It's a cultural transformation leverage by leveraging technology for that to happen. It's about people. It's about mechanisms in the company. It's about the way companies make decisions. And that's why, why the power of the cloud is so important in impact to empower these people, to make things happen. In fact, what we're seeing in Latin America is CEOs of some of these companies like Bancolombia CEO is very engaged in this transformation where he's reviewing technology, he's understanding the cloud because that's how they realize or how they understand the importance of, you know, changing their companies, focused on their customers. The other thing is Latin American companies understand that they need to understand their customer needs work backwards from that and leverage that their technology, the cloud in order to improve the experiences of the >>Costumes. So I had to put you on the spot on a question. I gotta ask you, you know, if this is 10 years of re-invent, we've been here for nine. And I remember the first one we went with the second one. Wasn't many people here were like getting guests from the hallway. Hey, come on up on the cube. And now we can't, there's no open spots. Um, 15 years is how old Amazon is Amazon web services. So, so as Adam takes over and you have Amazon going in the next 15 years, what's your vision on how that evolves? Because you know, you're looking at the pandemic ending and pandemic has proven to a lot of people that digital works here, but as exposed what doesn't work, you can't hide the ball anymore if your business, but you're exposed. If you're in the cloud or you've got modern software, if no one's using it, it's not working change it. You can do it fast. So the whole hiding behind, you know, I bought this project, what this software, old guard, new guard, I mean, you can't hide the volume where, so that changes things, but also the creativity of refactoring business is also there. So you got, you got fear. I don't can't hide the ball and you're exposed to opportunity. >>What's your reaction to that? In fact, what I was going to say is where we see some opportunity. I mean, if you see 15 years side where you see, first of all, is all customers in Latin America or everywhere else leveraging the cloud. That's the most important thing. Number two, people leveraging technology to make things happen. It's about building. It's about me. And we talk about this before is when you realize that people are looking for better ways to improve their experience, launching the startups. And this is in finance, in the financial services. This is in manufacturing. This is in all the different industries across Latin America. We see opportunity. The other one, John is a region like Latin America understands that with people you need to enable them. It's about talent. And in order to enable talent, you need to educate them. So in AWS, we're actually investing a lot of time and effort to what to give them the best training content in their local language to launch programs that allow them to innovate like activate that enables to start off to launch. So what we're doing is giving Vilders younger generation tools to be more successful and again, dream big and make things happen now. So the next 15 years, Saba opportunity transforming faster decision-making agility in the way companies move and also driving competitiveness in Latin America to be able to compete in a globalized environment because everything is interconnected and it's about global reach today. And that's why we need our talent to invest, educate, to drive the transformation of the region. >>The global connectedness is a real point there. Great insight. I think the cultural revolutions here, the younger generations engaged existing businesses transforming, which means if they don't do it right, they're going to lose it to the other guy, other people. So I have, okay. Final question for you. Thanks for coming on. Appreciate your time. I know you're busy looking at the pandemic ending. What's the major patterns that you're seeing in Latin America, around companies strategies to transform out of the pandemic, a growth strategy, because everyone I talked to was like, we're going to come out with a tailwind and we're going to be on the upward slope. Obviously they're using cloud of course, but is there a pattern of that coming out of the pandemic with an upward growth? So >>We're seeing all across Latin America companies looking for better ways to reach our customers. That is the fact traditional touch points are not enough. Now they are building on top of that. So we are seeing Latin American companies invested, transform their legacy systems in order to look for different ways to approach the customers. Number two, we're seeing Latin American companies to leverage data in order to make better, more informed and faster decisions and to scale their business and accelerate and empower their teams. We're seeing companies in Latin America, investing in tools to let their people make things happen. As I said before, cultural transformation, digital transformation is about people. It's about fast decision making and it's about leveraging the technology to make it happen. We're seeing a lot of startup communities across our countries, new ideas, taking place. And as you know, AWS has always been focused on let known supporting startups and those new ideas. So we're seeing a lot of things happen in the region. A lot of momentum, a lot of growth. And what we're seeing is the cloud enabling that growth, that opportunity that you were talking about with our view that 15 years out, a lot of new business models are going to be late making hat. They can have >>Great point. I think just to highlight that one key thing, talent, you just add talent to the cloud capabilities. You can get there faster, you do it with a team, even better. Um, collaborations changing. Just the ability to capture opportunities are now faster than when we were growing up. They have a better don't think literally that you wish you were 20. Again, I do with all this code out there. >>And that's where we say it's about the people. And I can tell you from one of our biggest investments, my biggest investments is given the talent that opportunity, given our best training content in local language so they can learn new and better ways of making things happen. So again, as I said, leveraging supporting startups to grow. So all the problems around talent for Latin American cities, for our customers and our partners, because at the end, we understand that our partners expand our solutions to the market. And these are partners that allow us to be present in the many countries that are part of Latin America. >>Well, we'd love your vision, love your, love, your, your insight. And we will have a cube region in your area, and we're going to contact you. The cube will open their doors for the Latin America community. So look for that this year. Thanks for coming on. Now, >>joining you and hosting you in our countries. You're going to see a lot of enthusiasm, passion, and growth and opportunity Latina, >>A lot of great action. The younger generations engaged the older generations transforming the business models. The cloud is going next, gen. This is the cube bringing all the live action. You're watching the queue, the leader in global tech coverage. I'm John Farrow, your host. Thanks for watching.

>>from >>around the globe. >>It's the cube >>covering Data Citizens >>21 brought to you by culebra. >>Well how everybody john Wallace here as we continue our coverage here on the cube of Data Citizens 21 it is a pleasure of ours to welcome in an award winner here at Data Citizens 21 were with Jacqueline Osborne who is the Managing Director and risk and Finance technology executive at Bank of America and she is also the data citizen of the Year, one of the culebra Excellence Award winners. And Jacqueline congratulations on the honor. Well deserved, I'm sure. >>Thank you so much. It is a true honor and I am so happy to be here and I'm looking forward to our conversation today. Yeah, what is it? >>It's all about just the concept of being a data citizen um in your mind um what is all that about? What are those pillars in terms of being a good data sets? And that gets to the point that you are the data citizen of the year? >>I think that's such a good question and actually is something that I don't even know if I know everything because it's constantly evolving. Being a data citizen yesterday is not what it is today and it's not what it means tomorrow because this field is evolving but with that said I think to me being a data citizen is being is having that awareness that data matters is driving to that data as an asset and really trying to lay the foundation to ensure its the right data in the right place at the right time. >>Yeah, let's talk about that high wire act because it's becoming increasingly more complex as you know, you've been in This realm if you will for what 15 years now? I believe it has evolved dramatically right in terms of capabilities but also complexity. So let's talk about that, about making finding the relevance of data and delivering it on time to the right people within your organization. >>How much >>More challenging is that now than it was maybe five or just you know, 10 years ago? >>I mean it's kind of crazy. There are some areas that make it so much easier and then for your question in some areas that make it so much harder. But if I can, let's start with the easier because I think this is something that really is important is when I started this, I've been in data my entire professional career, I've been achieved data officer since 2013. Um and when I started, I used to joke that I was a used car salesman. I was selling selling something this idea of data quality, data governance that nobody wanted. But now, so the shift of your question is the good if I am now a luxury car salesman selling a product that everybody wants, but shift to the bad nobody wants to pay for. So the complexity of it as data becomes bigger as we talk about big data and unstructured data and social media and facebook feeds. That is hard. It is complex. And the ability to truly manage and govern data to the degree of that perfection is really hard. So the more data we get, the more complexity, the more challenge, the more there is a need to really prioritize align with business strategy and ensure that you are embedding into the culture and the DNA of the corporate and not do it in the silos. >>You know, delivering that data to in the secure environment obviously, critically important for any enterprise, but even more so to put a finer point on financial services in terms of your work in that regard. So, so let's add that layer into this to not only internal, all the communication you have to do in the collaboration, you have to have but you have these external stakeholders to write, you have me, you know, a boa client if you will um that you've got to be aware of and have to communicate with. So so let's talk about that, that kind of merger if you will of not only having to work internally but also externally and making sure that with all the data you've got now that it works >>indeed. And you're kind of moving towards this new one of the newer dimensions, which is privacy, I mean G D p R was the first regulation in the UK, but now you have the C C P A and the California and it's coming and that that right to be forgotten or more importantly, as you said, as a customer of financial issues, that right to understand where your data is is very important because customers do want to know that their information is understood, trusted protected and going to be taken care of. So that ability to really transform back that you have a solid basis and that you are taking the measures and the necessary steps to ensure that that data is air quotes govern is so important. And it really again that shift from that used car salesman to a luxury car salesman. Your question is another example of how that shift is happening. It's no longer a should do or could do. Data governance is really becoming a must do and why you are seeing so many more. Chief data officers. Chief analytics officers, data management professionals. The profession is growing. I mean, incrementally every single day. >>What about the balancing act that you do? Let's just do with the internal audiences that you have to contend with. I shouldn't say content, content has that pejorative term to that you that you that you deal with, you collaborate with. Um you know, governance is also critically important because you want to make data available to the right people at the right time, but only the right people. Right. So what kind of practices or procedures are you putting in a place at B. O. A to make sure that that data is delivered to the right folks, but only to the right people and trying I guess to educate people within your organization as to the need for these strict governance processes. >>Sure. I tend to refer to them as the foundational pillars and if I was to take a step back and say what they are and how we use them. So the first one is metadata management and it is really around that. What data do you have? It's that understanding the information. So I used to refer to it or I still refer to it as when we were going to the library and you used to have to look at the card catalog That metadata manages very similar to the card catalogue for books. It tells you all the information. What's the genre? Who's the author, what the section is, where it is in the library and that is a core pieces. If you don't understand your data you can govern it. So that's kind of Pillar one. Metadata management. Pillar two is what's often referred to his data lineage. But I do think the new buzzword is that a providence? It's really that access low. It's understanding where data comes from the movement along the journey and where it's going. If you don't understand that horizontal front to back you can't govern the information as well because it can be changing hands, it can be altering and so it's that that end to end look at things. This pillar to pillar three is data quality and that's really that measurement of is it the right data and it is made up of a series of data quality dimensions, accuracy, completeness, validity, timeliness, conformity, reasonable nous etcetera. And it's really that fit freezes the data that I have the right data as I said earlier and then last but not least is issue management. At the end of the day there will be problems, there is too much data. It is in too many hands. So it's not we're not trying to remove all data issues but having a process where you can actually log prioritized and ultimately remediate is that that last and final pillar of the data management I would call circle because it has to all come back together and it's rinse and repeat. >>Yeah. And and so you you raise a point, a great point about things are going to go wrong. You know, eventually something happens. We know nothing is foolproof, nothing is bulletproof. Uh and we're certainly seeing that in terms of security now right with breaches pretty well publicized with invasions, ransom, where you name it, right, all kinds of flavors of that. Unfortunately. So from your perspective in terms of being that this data data guardian, if you will um how much of your concerns now have been amplified in terms of security and privacy and and that kind of internal uh communication you have to have or or I guess by in you know to understand the need to make this data ultra secure and ultra private, especially in this environment where the bad actors you know are are prolific, so kind of talk about that it's a struggle but maybe that challenge That you have in this environment here in 2021. >>Yeah, I think what you know the way I would do it is the struggle is again that that need or the desire to to protect everything and at the end of the day that's hard. And so the struggle right now that I have ri faces the prioritization. How do we differentiate what we call the critical few some call it cds chris critical data elements that they call it Katie key dad elements there, there's there's a term but really as that need and that demand grows whether it's for security or privacy or even data democratization, which hopefully we do talk about at some point, all these things are reliance on the right data because like statistics garbage in garbage out. So whether it's because you need the right information because of your analytics and your models or as you talked about its prevention and defensive security reasons that defensive and offensive isn't going away. So the real struggle is not around the driver, but the prioritization. How do you focus to ensure you're spending your time on the right areas and more importantly in alignment with the business priorities? Because one of the things that's critically important for me is ensuring that it's not metadata or data governance or data quality for the sake of it, it is in alignment with that business priority. >>And and and a big part of that is is strategy for the future, right strategy going forward. you know, where you're going to go in the next 18, 24 months and so from uh without, you know, revealing state secrets here. How do you how do you see this playing out in terms of this continual digital transformation? If you will from the B O a side of the fence? Um, you know, what what do you see as being important or in terms of what you would like to accomplish over the next year and a half, two years >>for me? I think it's that and I'm glad you asked that question, cause I wanted to mention that that data democratization I think. And if we if we debunk that or look into that, what do I mean by democratization? It's that real time access, but it's not real time access to the wrong information or to the wrong people as we talked about, it really is ensuring almost like an amazon model that I can simply search for the information I need, I can put it in my shopping cart and I can check out and I am able to that's that data driven, I'm able to use that information knowing it's the right data in the right hands for the right reasons and that's really my future mind where I'm getting to is how do I enable that? How do I democratize it? So data is truly and does become that enterprise asset that everybody and anybody can access, but they can do so in a way that has all of those defensive controls in place, going back to that right data, right place the right time because the shiny toys of ai machine learning all those things is if you're building models off of the wrong data from the wrong place or in the wrong hands, it's going to bite you in about whether it's today, tomorrow, the future. >>Well, exactly. I love that analogy and on that I'm going to thank you for the time. So I'm gonna call you a luxury data salesperson, not a car car salesman. But uh it certainly has paid off and we certainly congratulate you as well on the award that you wanna hear from calabria. >>Thank you so much and thank you for the time. Hopefully you've enjoyed our conversations as much as I have. >>I certainly have. Thank you very much Jacqueline Osborn, joining us on the Bank of America, the data citizen of the Year. Her data citizens 2021. I'm john walls and you've been watching the cube >>mm

>> live from Miami Beach, Florida It's the que covering demon 2019. Brought to you, by the way, >> Welcome back to Vima on 2019 in Miami. Everybody, we're here at the Fountain Blue Hotel. This is Day two of our coverage of the Cube, the leader in live Tech. And I'm David Dante with Peter Bors. Pippen. Jay Raj is here. He's the vice president and CEO of Make A Wish America. Just that awesome foundation nonprofit people. Thanks for coming on the Cube. >> Thank you for having me appreciate it. >> So make a wish. Children with wishes and have terminal illnesses. You guys make them come true. It's just a great organizations. Been around for a long time, I think, since the early eighties, right, >> 39 years and going >> years and hundreds of thousands of wishes made. So just how did you get Teo make a wish that all come about >> it? It wasn't interesting journey. I was consulting in I t for multiple big companies. And, you know, two years back, it was through a recruiting channel that I got an opportunity to start some conversations as the CIA and make a wish. Uh, the thing that got me in the opportunity was predominately about enterprises and just to give you a little bit off, make official operations. Make a Wish was Founded and Phoenix, Arizona. And but we also operate a 60 chapters across the United States that it is 60 chapters each of the chapter there 501 C three companies themselves with the CEO and abort. Essentially, it is 60 plus one. The national team kind of managing. All of the chapters are helping the chapters. National does not do any wish. Granting all the wish planning happens to the chapters. But National helps the chapters with the distribution of funding models brand. And thanks for That's a couple of years back in the national board talked about in our dream and mission, which is granting every eligible child the notion ofthe enterprise. You know, working as an enterprise came into four and it being a great piece off providing shared services and thanks for that. So I was brought on board and we took on I would call as the leader today said and dashes dream off. Bringing together all the 60 chapters and the city chapter's essentially are split across 120 locations. So Wade took on a project off. You know, combining our integrating all of their infrastructure needs into one place. And Phoenix without ada, sent a provider. You know, we worked with a partner. Phoenix. Now fantastic partners >> there. We had them on the other day. >> Yep, yep. Yeah, MacLaren. I mean, and the team, they did a great job. And, you know, when we had to move all of the data, everything from the 60 chapters applications everything into a centralized data center, locations that we managed right now from Make a Wish National office and provide a service back to the chapters That gives you a little bit off. You know, from behind the scenes. What happened? >> You provide the technical overview framework for all the 60 chapters. >> It almost sounds like a franchise model. >> It's what we call a Federated model back in the nonprofit. >> But but but but because make a wish is so driven by information. Yep. Both in the application as well as the programs to deliver thie brand promise. And the brand execution has got to be very, very closely tied to the quality of a shared services you provide >> exactly. Exactly. And like I said, the reason I talked about them being a separate companies themselves is you know, as I always say to my 60 CEOs, Ah, I should be able to provide the services because they wanted, because they have a choice to go outside and have their own partner. Another thing for that which they can. But they would want to work with the national team and get my, you know, work through our services rather than having have to because of the very it's A. It's a big difference when it comes to, but I've been lucky on privileged to you have these conversations with the CEO's. When I start talking to them about the need for centralization, the enterprise society assed much, there are questions when he start leading with the mission and the business notion of why we need to do that, it's It's fantastic. Everybody is in line with that. I mean, there's no question, then, as toe Hey, guys, uh, let me do all the Operation Manisha fight and leave it to me and I'll in a handler for you, and I let you guys go to what you do best. which is granting wishes. So then it becomes it doesn't become a question off, you know, should be a shouldn't way. And of course, to back that up. But I was talking to the dean, folks, It just solutions. Like VMware, Veeam. It makes it much simpler even from a cost prospect. You not for me to manage a bigger team s so that I can take those dollars and give it back to the business to grant another wish. So it's it's pretty exciting that >> way. So you set the standards. Okay, here's what you know, we recommend and then you're you're saying that adoption has been quite strong. Yeah, I remember Peter. Don't say easy. I used to run Kitty Sports in my local town in which is small town. And there was, you know, a lot of five or six or seven sports, and I was the sort of central organization I couldn't get six sports to agree that high man is 60 different CEO's. But that's okay. So not easy. But so how were you able to talk leadership or leading as we heard from Gino Speaker today? How were you able to get those guys, you know, aligned with your vision. >> Uh, it's it's been fantastic. I've had a lot ofthe good support from our executive came from a leadership team because leadership is always very important to these big initiatives are National board, which comprises off some of the that stuff best leaders in America and I have the fortune toe be mentored by Randy Sloan, who used to be the CEO of Southwest. And before that, you see a global CEO for, uh, you know, Popsicle. You know, he always told me, but but I mean CIA job. One thing is to no the technology, but completely another thing. Toe building relationships and lead with the business conversation. And so a typical conversation with the CEO about Hey, I need to take the data that you have all the I t things that you have and then me doing it. And then there are questions about what about my staff and the's conversations. Because you know, it's a nonprofit is a very noble, nice feeling, and you wouldn't want the conversations about, you know, being rift and things like that are being reduced producing the staff and thinks of that. But you know as he walked through that and show the benefits of why we doing it. They get it. And they've been able to repurpose many off the I. D functions back in tow, revenue generation model or ofhis granting in our team. And in many cases, I've been ableto absolve some off their folks from different places, which has worked out fine for me, too, because now I have kind of a power user model across the United States through which I can manage all these 120 locations. It's very interesting, >> you know, site Reliable and Engineering Dev Ops talks about thie error budget or which is this notion of doo. You're going tohave errors. You're going to have challenges. Do you want it in the infrastructure you wanted the functions actually generating value for the business? I don't know much about Make a wish. I presume, however, that the mission of helping really sick kids achieve make achieve a wish is both very rewarding, very stressful. He's gotta be in a very emotional undertaking, and I imagine it part of your message them has got to be let's have the stress or that emotional budget be dedicated to the kids and not to the technology >> completely agree. That's that. That's been one of my subjects, as you asked about How is it going about? It's about having the conversation within the context of what we talked about business and true business. Availability of data. You know, before this enterprise project data was probably not secure enough, which is a big undertaking that we're going down the path with cyber security. And you know, that is a big notion, misplaced notion out there that in a non profits are less vulnerable. Nobody. But that's completely untrue, because people have found out that nonprofits do not probably have the securing of walls and were much more weight being targeted nonprofits as a whole, targeted for cyber security crimes and so on and so forth. So some of these that I used to, you know, quote unquote help or help the business leaders understand it, And once they understand they get it, they ableto, you know, appreciate why we doing it and it becomes the conversation gets much more easier. Other What's >> the scope of the size of the chapters is that is a highly variable or there is. >> It is highly variable, and I should probably said, That's Thesixty chapters. We look at it as four categories, so the cat ones are what we call the Big Ice, the Metro New Yorkers and Francisco Bay Area. They're called Category one chapters anywhere between 4 1 60 to 70 staff. Grant's close to around 700 wishes you so as Make a Wish America, we ran close toe 15,600 wishes a year, and cat ones do kind of close to 700 15,600 400 to 700. And then you get into care to scare threes and cat for scat force are anywhere between, you know, given example Puerto Rico or Guam territory there. Cat Force New Mexico is a cat for three staff members Gammas operated by two staff members and 20 volunteers. They grant about 3 2 20 12 to 15 which is a year, so it's kind of highly variable. And then, you know, we talk about Hawaii chapter. It's a great example. They cat once predominate because of the fact that you know, they they do. There's not a lot ofthe wishes getting originated from how I but you know, Florida, California and how your three big chapters with a grand are a vicious ist with a lot of grant, you know, wish granting. So there's a lot off, you know, traffic through those chapters >> so so very distributed on diverse. What's the relationship between data and the granting of wishes? Talk about the role of data. >> Should I? I was say this that in a and I probably race a lot of fibrosis and my first introductory session a couple of years back when I John make a wish with the CEO's uh, when we had the CEO meeting and talk to them about I leaders the days off making decisions based on guts are gone. It has to be a data driven decision because that's where the world is leading to be. Take anything for that matter. So when we talk about that, it was very imperative going back to my project that the hall we had all of the data in one place or a semblance off one single place, as opposed to 60 different places to make decisions based on wish forecast, for example, how many wishes are we going to do? How many wishes are coming in? How's the demand? Was the supply matching up one of the things that we need to do. Budget purposes, going after revenue. And thanks for that. So data becomes very important for us. The other thing, we use data for the wish journeys. Essentially, that's a storytelling. You know, when I you know, it was my first foray into for profit Sorry, nonprofit. And me coming from a full profit is definitely a big culture shock. And one of the things they ask us, what are we selling? Its emotions and story. And that's our data. That is what you know. That's huge for us if we use it for branding and marketing purposes. So having a good semblance off data being ableto access it quickly and being available all the time is huge for us. >> Yeah, and you've got videos on the site, and that's another form of data. Obviously, as we as we know here, okay. And then, from a data protection standpoint, how do you approach that? Presume you're trying to standardize on V maybe is way >> are actually invested in veeam with them for a couple of years right now, as we did the consolidation of infrastructure pieces Veeam supporters with all of the backup and stories replication models. Uh, we're thinking, like Ratmir talked about act one wi be a part of the journey right now, and we're looking at active. What that brings to us. One of the things that you know, dream does for us is we have close to 60 terabytes of data in production and close to another 400 terabytes in the back of things. And, uh, it's interesting when they look about look at me equation, you think about disaster recovery back up. Why do you need it? What? The business use cases case in point. This classic case where we recently celebrated the 10th anniversary ofthe back wish bad kid in San Francisco, we have to go back and get all the archives you know, in a quick fashion, because they're always often requests from the media folks to access some of those. They don't necessarily come in a planned manner. We do a lot of things, a lot of planning around it, but still there are, you know, how How did that come about? What's the story behind? So you know, there are times we have to quickly go back. That's one second thing is having having to replicate our data immediately. Another classic case was in Puerto Rico. There was a natural disaster happened completely. Shut off. All the officers work down. We had to replicate everything what they had into a completely different place so that they could in a vpn, into an access that other chapters and our pulled in to help. They were close to 10 wish families close to 10 which families were stranded because of that. So, you know, gaining that data knowledge of where the family is because the minute of his journey starts. Everything is on us till the witch's journey ends. So we need to make sure everything is proper. Everything goes so data becomes very crucial from those pants >> you're tracking us. I mean, if you haven't been on the make a Wish site is some amazing stories. There I went on the other day. There's a story of ah, of 13 year old girl who's got a heart condition. Who wanted to be a ballerina. A kid with leukemia five years old wants to be a You want to be a chef. My two favorites, I'll share What? It was this kid Brandon a 15 year old with cystic fibrosis. I wanted to be a Navy seal. You guys made that happen. And then there was this child. Colby was 12 years old and a spinal muscular issue. You want to be a secret agent so very creative, you know, wishes that you ran >> way had another wish a couple of years last year in Georgia, where they wish kid wanted to go to Saturn. Yes, yes, it was huge. I mean, and you know the best part about us once we start creating those ideas, it's amazing how much public support we get. The community comes together to make them wish granting process. Great. Now. So I got involved in that. They gave the wish Kato training sessions to make sure that he is equipped when he goes into. And we had a bushel reality company create the entire scene. It was fabulous. So, you know, the way you talk about data and the technology is now some of the things I'm very excited about us usage off thes next Gen technology is like our winter reality to grant a wish. I mean, how cool would that be for granting a wish kid who is not able to get out of the bed. But having able to experience a the Hawaii is swimming. Are being in Disney World enough a couple of days? That's That's another use case that we talked about. That other one is to put the donors who pay the money in that moment off granting, you know, they are big major gift, uh, donors for make a wish. Sometimes we were not able to be part of a fish, but that would be pretty cool if you can bring the technology back to them and you know not going for them. You know pretty much everybody and make the ass through that rather than a PowerPoint or a storytelling, when the storytelling has to evolve to incorporate all of that so pretty excited >> and potentially make a participatory like, say, the virtual reality and then even getting in more into the senses and the that the smells. And I mean this is the world that we're entering the machine intelligence, >> which you still have to have, But you still have to be a functioning, competent, operationally sound organization. There've been a number of charities, make a wish is often at the top of the list of good charities. But there were a number of charities where the amount of money that's dedicated to the mission is a lot less an amount of money, dedicated administration of fundraising, and they always blame it. Systems were not being able to track things. So no, it's become part of the mission to stay on top of how information's flowing because it's not your normal business model. But the services you provide is really useful. Important. >> Sure, let me percent you the business conundrum that I have personally as a 90 leader. It takes close to $10,400 on an average to grant a wish. Uh, and, uh, partly because of me. But being part of the mission, plus me as a 90 leader wanting to understand the business more, I signed up. I'm a volunteer at the local Arizona chapter. I've done couple of expanding myself, and, uh, the condom is, if asked, if you want to go, uh, you know, do the latest and greatest network upgrade for $10,400 are what do you want to, uh, you know and make the network more resilient cyber security and all that stuff. What do you want to go grant? Another wish as a 90 leader probably picked the former. But as a volunteer, I would be like, No, it needs to go to the kid. It's Ah, it's It's an interesting kind of number, you know? You have to find the right balance. I mean, you cannot be left behind in that journey because at many points of time s I talked about it being a cost center. It being a back office. I think those days have clearly gone. I mean, we we evolved to the point where it is making you steps to be a participant b A b a enabler for the top line to bring in more revenues, tow no augment solutions for revenue and things. For that sofa >> rattles the experience or exact role citizens. And in your case, it's the experience is what's being delivered to the degree that you can improve the experience administratively field by making operations cheaper. Great. But as you said, new digital technologies, they're going to make it possible to do things with the experience that we could even conceive of. Five >> wears a classic example. Williams and Beam. I couldn't have taken the data from 60 chapters 120 locations into one single location manageable, and it reduced the cost literally reduce the cost of the 60 instances in one place without technology is like, you know what Sharia virtual machines. And and then to have a backup robust backup solution in a replication off it. It's fantastic. It's amazing >> there. And that's against here. You could give back to the dash chapters and backing, But thanks so much for sharing your story. You Thank you. Thank you. You're welcome. Alright, keep it right there. Buddy. Peter and I were back with our next guest. You watching the Cube live from V mon from Miami? 2019. We're right back. Thank you.

>> Pomp YouTubers. Welcome to another cube conversation from ours, the Cube Studios in Palo Alto, California In this conversation, we're going to build upon some other recent conversations we've had which explores this increasingly important relationship between Senate conductor, memory or flash and new classes of applications that are really making life easier and changing the way that human beings in Iraq with each other, both in business as wells and consumer domains. And to explore these crucial issues. We've got two great guests. Brian Kumagai is the director of business development at Kashima Memory America. Scott Beekman is the director of managed flashes to Sheba Memory America's Well, gentlemen, welcome to the Cube. And yet so I'm gonna give you my perspective. I think this is pretty broadly held generally is that as a technology gets more broadly adopted, people get experience with. And as designers, developers, users gain experience with technology, they start to apply their own creativity, and it starts to morph and change and pull and stretch of technology and a lot of different directions. And that leads to increased specialization. That's happening in the flash work I got there, right? Scott? >> Yes, you know the great thing about flashes. Just how you because this it is and how widely it's used. And if you think about any electronic device it needs, it needs a brain processor. Needs to remember what it's doing. Memory and memories, What? What we do. And so we see it used in, you know, so many applications from smartphones, tablets, printers, laptops, you know, streaming media devices. And, uh and so you know, that that technology we see used, for example, like human see memory. It's a low power memory is designed for, for, like, smartphones that aren't plugged in. And, uh, and so when you see smartphones, one point five billion smartphones, it drives that technology and then migrates into all kinds of other applications is well, and then we see new technologies that come and replace that like U F s Universal flash storage. It's intended to be the high performance replacement. Mm. See, And so now that's also mag raiding its way through smartphones and all these other applications. >> So there's a lot of new applications that are requiring new classes of flash. But there's still a fair amount of, AH applications that require traditional flash technology. These air not coming in squashing old flash or traditional flasher other pipe types of parts, but amplifying their use in specialized ways. Brian Possible. But about >> that. So it's interesting that these days no one's really talks about the original in the hand flash that was ever developed back in nineteen eighty seven and that was based on a single of a cell, or SLC technology, which today still offers the highest reliability and fastest before me. Anand device available in the market today. And because of that, designers have found this type of memory to work well for storing boot code and some levels of operating system code. And these are in a wide variety of devices, both and consumer and industrial segments. Anything from set top boxes connecting streaming video. You've got your printers. You, Aye aye. Speakers. Just a numerous breath of product. I >> gotta also believe a lot of AA lot of i o t lot of industrial edge devices they're goingto feature. A lot of these kinds of parts may be disconnected, maybe connected beneath low power, very high speed, low cost, highly reliable. >> That's correct. And because these particular devices air still offered in lower densities. It does offer a very cost effective solutions for designers today. >> Okay, well, let's start with one of the applications. That is very, very popular. Press. When automated driving autonomous funerals on the work, it's it's There's a Thomas vehicles, but there's autonomous robots more broadly, let's start with Autonomous vehicle Scott. What types of flash based technologies are ending up in cars and why? >> Okay, so we've seen a lot of changes within vehicles over the last few years. You know, increasing storage requirements for, like, infotainment systems. You know, more sophisticated navigations of waste recognition. Ah, no instrument clusters more informed of digital displays and then ate ass features. You know, collision avoidance things like like that and all that's driving maur Maureen memory storage and faster performance memory. And in particular, what we've seen for automotive is it's basically adopting the type of memory that you have in your smartphone. So smart phones have a long time have used this political this. Mm. See a memory. And that has made you made my greatest weigh in automotive. And now a CZ smartphones have transition been transitioning do you? A fast, in fact, sushi. But it was the first introduced samples of U F U F S in early two thousand thirteen, and then you started to see it in smartphones in two thousand fifteen. Well, that's now migrating in tow. Automotive as well. They need to take advantage of the higher performance, the higher densities and so and so to Chiba. Zero. We're supporting, you know this, this growth within automotive as well. >> But automotive is a is a market on DH. Again, I think it's a great distinction you made. It's just not autonomous. It's thie even when the human being is still driving. It's the class of services that provided to that driver, both from an entertainment, say and and safety and overall experience standpoint. Is driving a very aggressively forward that volume in and the ability to demonstrate what you can do in a car is having a significant implications on the other classes of applications that we think for some of these high end parts. How is the experience that were incorporating into an automotive application or set of applications starting to impact? How others envision how their consumer products can be made better, Better experience safer, etcetera in other domains >> uh, well, yeah, I mean, we see that all kinds of applications are taking advantage of the these technologies. Like like even air via air, for example. Again, it's all it's all taking advantage of this idea of needing higher, larger density of storage at a lower cost with low power, good performance and all these applications air taking an advantage of that, including automotive. And if you look it automotive, you know, it's it's not just within the vehicle. Actually, it's estimated, you know, projected that autonomous vehicles we need, like one two, three terabytes of storage within the within the vehicle. But then all the data that's collected from cameras and sensors need to be uploaded to the cloud and all that needs to be stored. So that's driving storage to data centers because you basically need to learn from that to improve the software. For the for, Ah, you know, for the time being, Yeah, exactly. So all these things are driving more and more storage, both with within the devices themselves, like a car is like a device, but also in the data centers as >> well. So if we can't Brian take us through some of the decisions that designer has to go through to start to marry some of these different memory technologies together to create, whether it's an autonomous car, perhaps something a little bit more mundane. This might be a computing device. What is the designer? How does is I think about how these fit together to serve the needs of the user in the application. >> Um, I think >> these days, you know a lot of new products. They require a lot of features and capabilities. So I think a lot of input or thought is going into the the memory size itself. You know, I think software guys are always wanting to have more storage, to write more code, that sort of thing. So I think that is one lt's step that they think about the size of the package and then cost is always a factor as well. So you know nothing about the Sheba's. We do offer a broad product breath that producing all types of I'm not about to memory that'll fit everyone's needs. >> So give us some examples of what that product looks like and how it maps to some of these animation needs. >> So we like unmentioned we offered the lower density SLC man that's thought that a one gigabit density and then it max about maximum thirty to get bit dying. And as you get into more multi level cell or triple level cell or cue Elsie type devices, you're been able to use memory that's up to a single diet could be upto one point three three terror bits. So there's such a huge range of memory devices available >> today. And so if we think about where the memories devices are today and we're applications or pulling us, what kind of stuff is on the horizon scarred? >> Well, one is just more and more storage for smartphones. We want more, you know, two fifty six gigabyte fight told Gigabyte, one terabyte and and in particular for a lot of these mobile devices. You know, like convention You f s is really where things were going and continuing to advance that technology continuing to increase their performance, continuing to increase the densities. And so, you know, and that enables a lot of applications that we actually a hardman vision at this point. And when we know autonomous vehicles are important, I'm really excited about that because I'm in need that when I'm ninety, you know can drive anywhere. I want everyone to go, but and then I I you know where I's going, so it's a lot of things. So you know, we have some idea now, but there's things that we can't envision, and this technology enables that and enables other people who can see how do I take advantage of that? The faster performance, the greater density is a lower cost forbid. >> So if we think about, uh, General Computer, especially some of these out cases were talking about where the customer experience is a function of how fast a device starts up or how fast the service starts up, or how rich the service could be in terms of different classes of input, voice or visual or whatever else might be. And we think about these data centers where the closed loop between the processing and the interesting of some of these models and how it affects what that transactions going to do. We're tournament lower late. See, that's driving a lot of designers to think about how they can start moving certain classes of function closer to the memory, both from a security standpoint from an error correction standpoint, talk to us a little bit about the direction that to Sheba imagines, Oh, the differential ability of future memories relative Well, memories today, relative to where they've been, how what kinds of features and functions are being added to some of these parts to make them that much more robust in some of these application. >> I think a >> CZ you meant mentioned the robustness. So the memory itself. And I think that actually some current memory devices will allow you to actually identify the number of bits that are being corrected. And then that kind of gives an indication the integrity or the reliability of a particular block of memory. And I think as users are able to get early detection of this, they could do things to move the data around and then make their overall storage more reliable. >> Things got way. Yeah. I mean, we continue, Teo, figure out how to cram orbits within a given space. You know, moving from S l see them. I'll see the teal seemed. And on cue, Elsie. That's all enabling that Teo enabled greater storage. Lower cost on DH, then, Aziz, we just talked from the beginning. Just that there's all kinds of differentiation in terms of of flash products that are really tailored for certain things. Someone focus for really high performance and give up some power. And others you need a certain balance of that. Were, you know, a mobile device, you know, handheld device. You're not going to play. You know, You give up some performance for less power. And so there's a whole spectrum. It's someone you know. Endurance is incredibly important. So we have a full breast of products that address all those particular needs. >> The designer. It's just whatever I need. I could come to you. >> Yeah, that's right. So she betrays them. The full breath of products available. >> All right, gentlemen. Thank you very much for being on the Cube. Brian Coma Guy, director of business development to Sheba Memory America. Scott Beekman, director of Manage Flash. Achieve a memory. America again. Thanks very much for being on the Q. Thank you. Thank you. And this closes this cube conversation on Peter Burress until next time. Thank you very much for watching

>> (enchanted music) >> Hi, I'm Peter Burris and welcome to another CUBE Conversation from our awesome Palo Alto Studios. We've got a great conversation today. We're going to be talking about flash memory, other types of memory, classes of applications, future of how computing is going to be made more valuable to people and how it's going to affect us all. And to do that we've got Scott Nelson who's the Senior Vice President and GM of the memory unit at Toshiba Memory America. And Doug Wong who's a member of the technical staff also at Toshiba Memory America. Gentlemen, welcome to the CUBE >> Thank you >> Here's where I want to start. That when you think about where we are today in computing and digital devices, etc., a lot of that has been made possible by new memory technologies, and let me explain what I mean. For a long, time storage was how we persisted data. We wrote transactions to data and we kept it there so we could go back and review it if we wanted to. But something happened in the last dozen years or so, it happened before then but it's really taken off, where we're using semi-conductor memory which allows us to think about how we're going to deliver data to different classes of devices, both the consumer and the enterprise. First off, what do you think about that and what's Toshiba's association with these semi-conductor memories been? Why don't we start with you. >> So, appreciate the observation and I think that you're spot on. So, roughly 35 years ago Toshiba had the vision of a non-volatile storage device. So, we brought to market, we invented NOR flash in 1984. And then later the market wanted something that was higher density, so we developed NAND flash technology, which was invented in 1987. So, that was kind of the genesis of this whole flash revolution that's really been disruptive to the industry as we see it today. >> So, added up, it didn't start off in large data centers. It started off in kind of almost unassuming devices associated with particular classes of file. What were they? >> So, it was very disruptive technology. So the first application for the flash technology was actually replacing audio tape and the phone answering machine. And then it evolved beyond that into replacing digital film. Kept going replacing cassette tapes and then if you look at today it enabled the thin and light that we see with the portability of the notebooks and the laptops. The mobility of content with our pictures, and our videos and our music. And then today, the smart phone, that wouldn't really be without the flash technology that's necessary that gives us all of the high density storage that we see. >> So, this suggests a pretty expansive role of semi-conductive related memory. Give us a little sense of where is the technology today? >> Well, the technology today is evolving. So, originally floating-gate flash was the primary type of flash that we created. It's called two-dimensional, cleaner, floating-gate flash. And that existed from the beginning all the way through maybe to 2015 or so. But, it was not possible to really shrink flash any further to increase the density. >> In the 2D form? >> In the 2D form, exactly. So, we to move to a 3D technology. Now Toshiba presented the world's first research papers on 3D flash back in 2007, but at that time it was not necessary to actually use 3D technology at that time. When it became difficult to increase the density of flash further that's when we actually moved to production of our 3D flash memory which we call BiCS flash. And BiCS stands for bit column stacked flash and that's our trade name for our 3D memory. >> So, we're now in 3D memory technology because we're creating more data and the applications are demanding more data, both for customer experience and new classes of application. So, when we think about those applications Toshiba used to have to go to people and tell them how they could use this technology and now you've got an enormous number of designers coming to you. Doug, what are some of the applications that you're anticipating hearing about that's driving the demand for these technologies? >> Well, beyond the existing applications, such as personal information appliances like laptops and portables, and also in data centers which is actually a large part of our business as well. We also see emerging technologies as becoming eventual large users of flash memory. Things like autonomous vehicles or augmented or virtual reality. Or even the emerging IOT infrastructure and that's necessary to support all these portable devices. So these are devices that currently aren't using large amounts of flash, but are going to be in the future. Especially as the flash memory gets more dense, and less expensive. >> So there's an enormous range of applications on the horizon. Going to drive greater demand for flash, but there's some business challenges of achieving that demand. We've seen periodic challenges of supply, price volatility. Scott, when we think about Toshiba as a leader in sustaining a kind of good flow of technology into these applications, what is Toshiba doing to continue to satisfy customer demand, sustain that leadership in this flash marketplace? >> So, first off as Doug had mentioned the floating-gate technology has reached its ability to scale in a meaningful way. And so the other part of that also, is the limitation on the dye density so the market demand for these applications are asking for a higher density, higher performance, lower latency type of applications. And so because floating-gate has reached the end of its usefulness in terms of being able to scale, that brought about the 3D. And so the 3D, that gives us our higher density and then along with the performance it enables these applications. So, from Toshiba's point, we are seeing that migration that is happening today. So, the floating-gate is migrating over to the 3D. It's not to say that floating-gate demand will go away. There's a lot of applications that require the lower density. But certainly the higher density where you need a dye level 256 512 giga bit even up to terabit of data. That's where the 3D's go into play. Second to that really goes into the cap back. So, obviously that requires a significant amount of cap backs not only on the development but also in terms of capacity. And that, of course, is very important to our customers and to the industry as a whole for the assurance of supply. >> So, we're looking so Toshiba's value to the marketplace is both in creating these new technologies, filling out a product line, but also stepping up and establishing the capacity through significant capital investments in a lot of places around the globe to ensure that the supply is there for the future. >> Exactly right. You know, Toshiba is the most experienced flash vendor out there and so we led the industry in terms of the floating-gate technology and we are technology leaders; industry's migrating into the 3D. And so, with that, we continue with a significant capital investment to maintain our presence in the industry as a leader. >> So, when we think about leadership, we think about leadership both in consumer markets, because volume is crucial to sustaining these investments, generating returns, but I also want to spend just a second talking about the enterprise as well. What types of enterprise relationships do you guys envision? And what types of applications do you think are going to be made possible by the continued exploitation of flash in some of these big applications that we're building? Doug, what do you think? >> Well, I think that new types of flash will be necessary for new, emerging applications such as AI or instant recognition of images. So, we are working on next generation flash technology. So, historically flash was designed for lowest cost per bit. So that's how flash began to take over the market for storage from hard drives. But there are a class of applications that do require very low latencies. In other words, they want faster performance. So we are working on a new flash technology that actually optimizes performance over cost. And that is actually a new change to the flash memory landscape. And as you alluded to earlier there's a lot of differentiation in flash now to address specific market segments. So that's what we are working on, actually. Now, generically, these new non-volatile memory technologies are called storage class memories. And they include things like optimized flash or potentially face change memories resistive memories. But all these memories, even though they're slower than say the volatile memories such as D-ram and S-ram they are, number one they're non-volatiles which means they can learn and they can store data for the future. So we believe that this class of memory is going to become more important in the future to address things like learning systems and AI. >> Because you can't learn what you can't remember. >> Exactly. >> I heard somebody say that once. In fact, I've got to give credit. That came straight from Doug. So, if we think about looking forward the challenges that we face ultimately is have the capital structure necessary to build these things. The right relationships with the designers necessary to provide guidance and suggest about the new cost of applications, and the ability to consistently deliver into this. Especially for some of these new applications as we look forward. Do you guys anticipate that there will be in the next few years, particular moments or particular application forms that are going to just kick a lot of or further kick some of the new designs, some of the new technologies into higher gear? Is there something autonomous vehicles or something that's just going to catalyze a whole new way of thinking about the role that memory plays in computing and in devices? >> Well, I think that building off of a lot of the applications that are utilizing NAND technology that we're going to see now we have the enterprise, we have the data center that's really starting to take off to adopt the value proposition of NAND. And as Doug had mentioned when we get into the autonomous vehicle we get into AI or we get into VR a lot of applications to come will be utilizing the high-density, low-latency that the flash offers for storage. >> Excellent. Gentlemen, thanks very much for being on the CUBE. Great conversation about Toshiba's role in semi-conductor memory, flash memory, and future leadership as well. >> Thank you, Peter. >> Scott Nelson is the Senior Vice President and GM of the memory unit at Toshiba Memory America. Doug Wong is a member of the tactical staff at Toshiba Memory America. I'm Peter Burris. Thanks once again for watching the CUBE. (enchanted music)

(techno music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in Reno, Nevada at the Reno Convention Center. It's InterBike 2018, I think it's like 20,000 people, haven't got the official count yet, but this is an amazing show, it's all about bicycles. We came because we want to learn more about eBikes, and really, this kind of last mile thing that's goin' on, mobility, and right at the center of the eBike revolution is a company that's been around forever, and that's Bosch, and we're happy to have Jonathan Weinert. He's a sales and marketing manager for the Bosch eBikes. Jonathan, great to see you. >> Great to see you, Jeff. >> So, I don't know if everybody knows, you guys power like half of all the eBikes that are out there. You guys are completely in bed with all these manufacturers with really, the industry leading system. >> Thank you, yes, the Bosch eBike system, you'll find it world wide on about 70 different bike brands throughout the world. Here in North America, we're on about 30 different brands, from Trek to Electra to Cannondale. And they power all types of bikes, so commuter bikes, cargo bikes, fat bikes, mountain bikes, any type of bike that you can think of can use the Bosch eBike system to amplify the rider's power and help you go further, higher, farther, less sweat or sweat it out, whatever you want. >> Right, it's like the magic power. >> Exactly, magic carpet ride. >> The main components are you got the drive unit, which is really the heart of the system. >> Yes. >> The battery obviously to provide the power, then the control unit that's up on top of the handlebars, so you can control it. >> Exactly. >> So we were talking before we turned the cameras on, of kind of the history, you guys have been at this for like nine years, I believe you said? >> Exactly, yeah, we invented this system nine years ago, it was a combination of technology from our automotive business. So an electric power steering motor, married with technology from our power tools business, the lithium iron battery pack. And we also had some sensors, torque sensors and electronics and we put these technologies together, and the engineers back then, what they wanted to do is create something to make cycling still feel like cycling but help you conquer hills. >> Right. >> And go farther and use the bike more. >> Right, it's pretty interesting cause there's a whole lot of data that's feeding that software and the algorithms to make those feedback loops smooth, make 'em feel like bicycling, so it's really you're riding on software. >> Exactly, you're riding on software and we have three sensors that are capturing your input. Torque sensor from the pedals, how fast you're pedaling, and wheel speed. And those three sensor measurements go into the electronics and tell the motor how much extra oomph to give you. >> Right, but you have to be pedaling right? >> You always have to be pedaling, yeah. >> That's one of the data inputs. >> Exactly, these are all pedal assist eBikes, and they only assist you when you pedal, no throttle, and they can assist you up to 20 miles per hour, or 28 miles per hour for our speed system. >> Right, we saw that last night in the gazelle, they had one of the 28 mile an hour bikes. >> Yeah, which is great for people that have long distance commutes or they want to do these huge adventure rides, so yeah, both are great. >> Now, what about the maintenance for these types of systems I mean it looks like a pretty closed system. >> It is totally closed, yeah. >> It's totally closed. >> Yeah, the maintenance, they last a long time, they're warrantied for two years, but if you have a problem with anything, you take it to the dealer, the dealer takes the component off, sends it to Bosch and gives you a new one. You don't have to open anything or solder anything. >> Right, right. >> Yeah, no. It's automotive grade, sort of service and diagnostics. >> Right, so the other thing we're seeing all over the show floor here again is all about the data. There's so much more data available to the riders. We were just at the Garmin booth and I don't know how many different data sets that they can track, in terms of your pedal pressure. >> Yes. >> Whether you're tipping back and forth, whether you're even, and you guys are actually pulling some of that external data back into your systems, right? For a unified experience for the rider. I think you said, a heart rate sensor for instance? >> Exactly, that's the newest feature that we're showcasing at InterBike today, the Kiox display. Which connects man and machine, or woman and machine. You can wear a heart rate monitor and as you're riding, you can see your heart rate on your device. Which is great if you want to train on an e-mountain bike. Sometimes you want to keep your heart rate in a certain range. Sometimes you want to make sure it doesn't go above a certain limit. >> Right. Yeah, so it's our first step into connectivity. Many more connectivity features will follow. >> Right, so I'm just curious from your perspective on the bike industry, cause you sit in kind of this, cat bird seat, since you deal with so many different kinds of bikes. And I was amazed at how much of the mountain bike adoption of the eBikes is happening here. Have you seen within your dealers, kind of this new opportunity to leverage electronics and a motor to kind of reinvigorate the brands, reinvigorate the models, and reinvigorate, you know, many of the, just a wide range of cool form factors that we're seeing all over the floor? >> Yeah, so nine years ago, Bosch coupled with Haibike. Haibike sort of created this segment of e-mountain biking by putting the motor in a unique way into the bike, and since then this e-mountain bike trend has really taken off, it's huge in Europe. You'll see e-mountain bikes all over the ski resorts there. They're allowing families to e-mountain bike together, to bike together, just like they ski together in the winter. So it's reinvigorating ski resorts and we see ski resorts here in the US, also embracing e-mountain bikes. Mammoth Mountain just allowed class one e-mountain bikes on all their bike park trails. So e-mountain biking is really spreading through this resort and other resorts, North Star, right up the road. >> Right and I wonder on the city side, again, lessons we can learn from Europe, cause it seems like the regulations are, you know, they're always a little bit behind the technology in terms of, you know, how are eBikes treated. Are they a bike, are they a motor vehicle? And I know there's some laws but it still seems a little bit confused and cities aren't quite ready to realize that an eBike is better than a car, in terms of so many things happening in the city. Are you guys involved in that, kind of industry consortium and how do you see that evolving? >> So we've been involved with several other bike companies and PeopleForBikes to create a framework, how to regulate eBikes. And we've divided eBikes into three classes. Class one, two and three, pedal assist, throttle, anyway. Setting up this definition of the three classes of eBikes, we've created this eBike law in California and nine other states throughout the country. So now they know how to regulate eBikes and these three classes and they can limit where each class can go on the roads. And with this regulation, we're seeing the eBike adoption in these states really start to pick up, now that they're easier to regulate. >> Right, well Jonathan, really a cool story and it's been really fun to watch Bosch, especially as you guys have gone from your long history in the auto parts world to this new exciting space. So thanks for taking a few minutes and congrats. >> Oh, my pleasure, Jeff, thank you. >> Alright, he's Jonathan, I'm Jeff, you're watching theCUBE, we're at InterBike in Reno, Nevada. Thanks for watching, see you next time. (techno music)

>> Narrator: Live from Las Vegas, it's theCUBE, covering Dell Technologies World 2018. Brought to you by Dell EMC and its ecosystem partners. >> Welcome back to the Sands! We continue here live on theCUBE, our coverage here of Dell Technologies World 2018. 14,000 attendees wrapping up day 3. We are live as I said with Stu Miniman. I'm John Walls, and it is now our pleasure to welcome to the set Steve Fingerhut, who is the SVP and GM of SSD and Cloud Software Business Units at Toshiba Memory Americas. Steve, good to see you, sir. >> Great to be here. >> And Ravi Pendekanti, who is the SVP of Server Solutions Product Management and Marketing at Dell. >> Thank you, John. >> Ravi, good to see you, sir. >> Same here, sir. >> Yeah, let's talk about, first off, show theme. Make it real, right? Digital transformation, but make it real. >> Ravi: Yup. >> So, what does it mean to the two of you? We've heard that theme over and over again, and what do you think that means to your customers as well? How do you make it real for them? >> First and foremost, I think the whole idea of new workloads come in play. People talk about machine learning and deep learning as you, I'm sure, are aware of. People talk about analytics. The fact is, each of us is collecting a lot more data than a year ago. Which is good for my friend Steve and others, and obviously, we like the fact that customers are looking at making more real-time, if not near real-time, analysis. And the whole notion of governmental agencies across the world trying to go into more of a digital world where if you look at a country like India, for example, I mean, they have a billion people who are looking at other cards where they didn't have a form of identification for each individuals. Now if they're gone through a new transformation phase where they want to ensure that every single one of them actually has a way of identification, and it's all done digitally with accounts and everything else that goes on, this is just some of the manifestations of the digital transformation we see, whether it is in your industries, pick your favorite one, whether it's financial sector, the manufacturing, health care, all the way to governmental agencies. I think each of them are looking at how do they look at providing rights out of services. Either for their customers or their communities at large, and, you know, we can't be more excited about what this provides an opportunity for us to go back and provide a way for them to communicate and do some cool takes. >> Steve? >> Yeah, Ravi, you mentioned the workloads that are driving the new campaign or that you're highlighting in the new campaign Make It Real, and, many of those workloads are, they're new architectures, and they were basically built from day one on SSDs, right? Counting on that performance, reliability, etc. And so obviously, that's what we're here to promote at the show. And you can see the new workloads, obviously anything Cloud very much counts on SSDs and Flash. And then as you get into machine learning, different types of artificial intelligence, those are certainly counting on the performance of SSDs. And keep nothing more real than actual products in hands so with Ravi's products and ours, we have a number of demo's, including the new AMD platforms that the Power Edge team is rolling out, running all of these new workloads on Toshiba SSDs. So it's a good way to make it real. >> Yeah, Steve, maybe bring us in a little bit kind of the state of storage, though. We have talked about SSDs, and we're now a decent way into it. Dell's announcement talking a lot about NVMe. Maybe give us the Toshiba viewpoint on memory and storage and some of those transitions we're going through. >> Right, well, I guess the secret's out that SSDs are a great addition. Right? You take pretty much any environment, and you add SSDs, and it will go faster. So it's pretty much the biggest bang for the buck in terms of incremental performance. So what that means is just tremendous growth. And the last couple years have been, really for the industry, keeping up with that really increased demand. So there's inherent efficiencies in the SSDs. We're trying to build as many as we can, and then obviously trying to help our customers use them in the most efficient ways possible. >> Yeah, I agree with Steve. I mean, it is an efficiency equation. The fact of the matter is, you really do need to provide customers with a better way of ensuring that timely information is made available. Again, it's information, and it has to be timely. Because if you really don't provide it at a time when our customers need it, there's really no advantage of being really, having right infrastructure, right? Or lack of it, for that matter. Case in point, if you look at what we just announced, Stu. Yesterday, we had talked about the R840, for example, which is a 4-socket server. And we actually announced it with 44 NVMe drives, believe it or not. That's about two times more than the nearest competitor that just gives you an idea into the amount of data that customers are consuming on the applications, obviously. And more importantly, when we were coming up with this notion, we felt that 12 was probably a good number. Maybe 24 was going to be a stretch. And the number of customers we have talked to even in the last two days, I mean it's been huge. We're hearing them saying, "Wow, we can't wait "to go get this product in our hands." Because that really shows you that there is already a pretty big demand for these kinds of technologies to be brought in. >> Yeah, I like what you were saying there, Ravi, because I'd like both of you to help connect the dots for us a little bit. 'Cause when I think back to, okay, what speed disc did I have? Or was the flash piece in? This was something that, it was traditionally the server admin. Maybe there was some application person that came in. But you're talking about C-level discussions here. The trends that Jeff Clark talked about in his keynote as to, you know, this is what the business is driving things, like AINML and some of those. Steve, how are the conversations changing to get this piece of the infrastructure up at more of the C-level discussion? >> Right, it certainly is part of the transformation where it's been talked about several times this week. IT has moved from being a cost center to the revenue center and then that puts it on the CEO's radar much more squarely. You definitely want to, if you're the CIO, CTO, infrastructure leader, your goal is to try to deliver that agility, right? Don't stand in the way of revenue, while managing security, managing cost. And it's those dynamics and, you know, it's not a new conversation, but it's the public versus private hybrid. What exactly should go where? And those are still top-of-mind for all the customers we're talking to. >> Actually, Steve hit on something else, if I may, which is about security. And I can't tell you, Stu, a good 70% of the customers on average today, do not finish a conversation in the 30-minute chunks we have had without talking about what is it you guys are going to do for security. And that's a huge number or an increase from where we were just even a year or two ago. And imagine having said that, if you really had a longer conversation, security obviously is one of those fundamental pillars that everybody comes down to. Because everybody's worried about data, and the fact that there's leakage of information, if I may, pertaining to this. And more importantly, you know, making it real, if I may, to your point earlier on, Jon, as well. Which is, customers don't want to look at just the buzz words. They're now asking for proof points. Proof points on, "Hey, what does this really mean "in terms of security?" For example, when we talk about zero arrays or, you know, secure arrays, sorry, which is, how do you go retire an old data server or a box without necessarily worrying about the bits and bytes being left on the disc drives? So we have come up with new technologies which enables all the drives to be wiped. Makes it a lot easier, of course, with some of the stuff we do with Toshiba, and some of their technologies as well. But my point, again, being that I think now, our C-level execs are coming in asking us for, not just the major teams, but they're actually more interested in finding out how and what is it we're doing to help some of those major teams. And I think the number of requests we have had for some of the white papers we have come out with, Steve, I think has only grown up now. >> Absolutely. >> Which, I don't think was happening in the past from the C-level execs. So it's absolutely a valid statement. >> Yeah, well, there were Senate hearings last year and some pretty famous data breaches, and you have senators grilling CEO's, and it was shocking. They actually used, there was a senator who used the term, full disc encryption, and taking a CEO to task for not using full disc encryption and so I think that might help, talking about getting on the C-level radar. That helps. >> That was good staff work there. >> Exactly, exactly. That was a good plant. >> Yeah, right. But to the point of security. Obviously with this exponential growth of data, unstructured, blowing up, and then all of a sudden, you become a lot riper, if you will, and you've got a lot more to manage. And so with that, how much more at risk are people, and is that what's raising the awareness now in the C-sweep? Is they realize that they're a much bigger target now than maybe when data wasn't as plentiful you know, back in the old days, if you will. Is that part of this? Or is that it? >> I believe that's a big part of it. And, one of the other things that's obviously going with this is, if you really look at the disclosures that any of us have to go through, even in terms of whether it's a simple credit card you're looking at. I don't know if you've ever seen those. As we were doing some of the analysis, we noticed. You want a simple credit card application, we'd had some security, and, you know, personal information clauses is actually garnered by about 120% in terms of the number of things they ask for. And making sure that the consumer is aware as well. Right? I don't think that happened before. And the fact of the matter is, I don't think there's a single day that we can go through any of the trade press without somebody coming out with a security breach maybe, or a security feature, whether it's hardware or software. And I think there's a whole security encryption device or drives, I think there's a huge demand for that as well, right? >> Absolutely. And you talk about the data growth. It's obviously been phenomenal. In his keynote Monday, Michael Dell talked about the data growth from machine to machine, and it's going to make this look like a little bit of data. So like you said, just that risk, the exposure is much larger, and you have to keep that data secure. So as Ravi mentioned, we work closely with Dell. There's a lot of, it's not an easy problem to solve, right? So there's a lot of engineering to make sure that you have that end-to-end security, and that's why we work with things like the instant system erase, right? So you can, one button, erase the system in minutes, versus in the past, it might take hours and days. And do you really trust that it's gone? Those types of things, so I think that those are enabling a much more robust security, and you basically have to make it easy, right? >> Letting people sleep at night. >> Exactly. >> That's what you're doing. >> It's interesting. In the past, the only way you could do that was you had to write a series of 0's and 1's on their driver. And that would take, you know, hours together. That's how you would erase your data, right? I love when you talk about autonomous vehicles. Imagine there's a whole big, a whole discussion as much as how do you make sure that you have the, that's kind of an edge computing as Jeff, I think, mentioned on stage yesterday. That you want to not have latency come in between making a deterministic turn, right? Or an object appears. You don't want to wait for the breaking system to play because some decision needs to be made in a remote center. Right? Which essentially means now you have got data being collected and analyzed and acted upon. And there are things like that, and you've probably heard of all the insurance companies are working on, you know, what kind of data can we collect it, because when crashes happen, right? How do you make sure that, you know, there are privacy laws in place and what-not, who has access to it, plenty of stuff. >> John: Sure. >> Steve, want to get your viewpoint. We're getting not far from the end of the show. Why don't you give, in general, the partner viewpoint of Dell technology's world in, specifically Toshiba. I know you've got, there's the booze, there's the party, there's demos, there's labs, so a lot of activity your team's doing, for those that haven't been here. And, you know, Toshiba's worked with both Legacy Dell, Legacy MC. Any commentary to close on that coming together? >> Right. I think last year, I used the Jordan/Pippen analogy, but it's only gotten better since then. So it's a great partnership. We're definitely growing strong together, and like you said, that doesn't happen overnight. That's years of hard work and trust that makes that a possibility. But I truly believe we're only getting started. And you know, one of our goals we're working together is how do we make these important capabilities like security more common, more accessible, lower cost, those types of things. So that's a major factor, major focus area for us going forward. But definitely see this is just the beginning. >> Any key highlight from the show or activities that your team's been doing here that you'd like to leave us with? >> Sure. Yeah, we have a significant presence here. We have eight server demos running. I mentioned the AMD servers, multiple workloads across these new emerging workloads. And then the hands-on demo zone. Where actually, the developers can use the systems and software they want to evaluate. They can use them in the Cloud. Those are all being driven by Toshiba, and of course, as part of the Dell Solution. Yeah, we're happy. Honored to be a big part of the show this year. >> Jordan/Pippen, I was thinking more like Curry/Durant. That's where I was going with that. >> Exactly. That might be a little more up-to-date, right? >> I'm good with Jordan. No, he wasn't bad. Pretty good pair like you two are. Thanks for joining us both. We appreciate it, Ravi, Steve. >> Thank you. >> Thank you. >> Good seeing you here. Back with more of a continue, our live coverage here on theCUBE where Dell Technologies World 2018, and we are in Las Vegas.

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in San Francisco 40,000 plus people talking about security, gets bigger and bigger every year. Soon it's going to eclipse Oracle Open World and Sales Force to be the biggest conference in all of San Francisco. But we've got somebody who's been coming here he said for 16 years, Ricardo Villidiego, the EDP and GM Security and Fraud for Cyxtera. Did I get that right, Cyxtera? >> Cyxtera. >> Jeff: Cyxtera Technologies, great to see you. >> Thank you Jeff, it's glad to be here. >> So you said you've been coming here for 16 years. How has it changed? >> Yeah, that's exactly right. You know it's becoming bigger, and bigger, and bigger I believe this is a representation of the size of the prowling out there. >> But are we getting better at it, or is it just the tax service is getting better? Why are there so many, why is it getting bigger and bigger? Are we going to get this thing solved or? >> I think it is that combination within we have the unique solution that is going to help significantly organizations to get better in the security landscape I think the issue that we have is there's just so many now use in general and I think that now is a representation of the disconnection that exists between the way technologies are deploying security and the way technologies are consuming IT. I think IT is completely, has a evolved significantly and is completely hybrid today and organizations are continuing to deploy security in a way like if we were in the 90s. >> Right. >> And that's the biggest connection that exists between the attacks and the protection. >> But in the 90s we still like, or you can correct me, and we can actually build some big brick walls and a moat and a couple crocodiles and we can keep the bad guys out. That's not the way anymore. >> It is not a way. And look, I believe we're up there every protection creates a reaction on the adversary. And that is absolutely true in security and it is absolutely true in the fraud landscape. Every protection measure will push the adversary to innovate and that innovation is what, for good and for bad, has created this big market which we can't complain. >> Right, right. So for folks that aren't familiar with Cyxtera give them the quick update on what you guys are all about. >> So see, I think Cyxtera is here to conquer the cyber security space. I think what we did is we put together technologies from the companies that we acquire. >> Right. >> With a combination of the call center facilities that we also acquired from Centurylink to build this vision of the secure infrastructure company and what we're launching here at the RSA conference 2018 is AppGate 4.0 which is the flagship offering around secure access. Secure access is that anchor up on which organizations can deploy a secure way to enable their workforce and their party relationships to get access the critical assets within the network in a secure way. >> Okay, and you said 4.0 so that implies that there was a three and a two and probably a one. >> Actually you're right. >> So what are some of the new things in 4.0? >> Well, it's great it gives it an evolution of the current platform we lounge what we call life entitlements which is an innovative concept upon which we can dynamically adjust the permitter of an an end point. And the user that is behind that end point. I think, you know, a permitter that's today doesn't exist as they were in the 90s. >> Right, right. >> That concept of a unique permitter that is protected by the firewall that is implemented by Enact Technology doesn't exist anymore. >> Right. >> Today is about agility, today is about mobility, today is about enabling the end user to securely access their... >> Their applications, >> The inevitable actions, >> They may need, right. >> And what AppGate does is exactly that. Is to identify what the security processor of the end point and the user behind the end point and deploy a security of one that's unique to the specific conditions of an end point and the user behind that end point when they're trying to access critical assets within the network. >> Okay, so if I heard you right, so instead of just a traditional wall it's a combination of identity, >> Ricardo: It's identity. >> The end point how their access is, and then the context within the application. >> That's exactly right. >> Oh, awesome so that's very significant change than probably when you started out years ago. >> Absolutely, and look Jeff, I think you know to some extent the way enterprises are deploying security is delusional. And I say that because there is a reality and it looks like we're ignoring ignoring the reality but the reality is the way organizations are consuming IT is totally different than what it was in the 90s and the early 2000s. >> Right. >> The way organizations are deploying security today doesn't match with the way they're consuming IT today. That's where AppGate SDP can breach that gap and enable organizations to deploy security strategies that match with the reality of IT obstacles today. >> Right. If they don't get it, they better get it quick 'cause else not, you know we see them in the Wall Street Journal tomorrow morning and that's not a happy place to be. >> Absolutely not, absolute not and we're trying to help them to stay aware of that. >> Right. Alright, Ricardo we'll have to leave it there we're crammed for time but thanks for taking a few minutes out of your day. >> Alright Jeff, thank you very much I love to be here. >> Alright. He's Ricardo I'm Jeff you're watching theCUBE from RSAC 2018 San Francisco. (upbeat music)

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're at the RSA Conference in downtown San Francisco. Forty thousand plus security experts really trying to help us all out. Protect our borders not so much, but protects access to these machines, which is harder and harder and harder everyday with bring your own devices and all these devices. So really, it's a different strategy. And we're really excited to have ExtraHop back, we had ExtraHop on last year for the first year, he's Matt Cauthorn, the VP of security at ExtraHop. So Matt, what do you think of the show? >> Oh, amazing. Absolutely amazing. Super packed, been walking like crazy. Got all my steps in, its fantastic. >> Alright, so you guys have been in network security for a long time? >> Yeah so we've been, so we live in the East-West corridor, inside the enterprise, inside the perimeter doing wire data analytics, and network security analytics. Our source of data is the network itself. >> Okay. And the network is increasing exponentially with all the traffic that's going through, the data sources are increasing exponentially with all the traffic going through. >> That's right. >> So how are you guys keeping up with the scale, and what's really the security solution that you guys are implementing? >> So the point you make is really interesting. Yes, it is increasing exponentially, and as a data source the network is the only sort of observational point of truth in the entirety of IT. Everything else is sort of self-reported. Logs, end points, those are very valuable data sources, but as an empirical source of truth, of evidence, the network wins. That assumes you can scale. And that assumes you're fluent with the protocols that are traversing the network, and you're able to actually handle the traffic in the first place. And so for us just this week, we announced a 100gb per second capable appliance, which you know is an unprecedented amount of analytics from the network's perspective. So we're very proud about that. >> So what are you looking for? What are some of the telltale signs that you guys are sniffing for? >> So generally, we auto-classify and auto-discover all of the behaviors on the wire. From the devices themselves, to the services that those devices expose, as well as the transactions that those devices exchange. And so from a context perspective, we're able to go far deeper than almost anyone else in the space, that we know of at least. Far deeper and far more comprehensive sort of analysis as it relates to the network itself. >> And the context is really the key, right? Tag testing what, why, how. System behavior, that's what you're looking for? >> A great example is a user logging into a database, that might be part of a cluster of databases, and understanding what the user's behavior is with the database, which queries are being exchanged, what the database response is in the first place. Is it an error, is it an access denied? And does this behavior look like a denial of service, for example. And we can do all of that in real time, and we have a machine learning layer that sits over top and sort of does a lot of the analytics, and the sort of insights preemptively on your behalf. >> And it's only going to get crazier, right? With IOT and 5g. Just putting that much more data, that many more devices, that much more information on the network. Yeah, so IOT in particular is interesting, because IOT is challenging to instrument in traditional ways, and so you really do have to fall back to the network at some point for your analysis. And so that's where we're very, very strong in the IOT world and industrial controls, SCADA and beyond. Healthcare, HL7 for example. So we're able to actually give you a level of insight that's really, really difficult to get otherwise. >> And we've been hearing a lot of the keynotes and stuff, that those machines, those end points are often the easiest path in for the bad guys. >> Yes they are. >> An enormous security camera or whatever, because they don't have the same OS, they don't have all the ability to configure the protections that you would with say a laptop or a server. >> That's right. There's a surprising number of IOT devices out there that are running very, very old. And vulnerable operating systems are easy to exploit. >> Alright, so Matt I guess we're into Q2 already, hard to believe the years passing by. What's priorities for 2018 for you and ExtraHop? >> So we've announced a first class, purpose-built security solution this year, and really the plan is to continue the sort of momentum that we've accrued. Which is very encouraging, the amount of interest that we've had. It's hard to keep up, frankly. Which is fantastic. We want to continue to build on that, grow out the use cases, grow out the customer base and continue our success. >> Alright Matt, well we'll keep an eye on the story, and thanks for stopping by. >> Great, thank you. Appreciate it. >> Alrighties Matt, I'm Jeff, you're watching theCUBE from RSA Conference, San Francisco. Thanks for watching.

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the Cube. We're at the RSA conference in downtown San Francisco, 40,000 plus professionals all about security and one of the big themes is how do we work together? How do we leverage our collective knowledge, look for patterns to help, you know, be better against the bad guys, and one of the really big forces for that is the Cyber Threat Alliance and we're really excited to have Michael Daniel, the president and CEO of Cyber Threat Alliance. Michael, great to see you. >> Thanks for having me. >> So, talk about kind of the genesis of this because it's such an important concept that, yes, we're competitors on this floor but if we work together, we can probably save ourselves a lot of work. >> Absolutely, I mean, part of the idea behind the Cyber Threat Alliance is that no matter how big you are, no matter how broad your coverage is of cyber security company, no one individual company ever sees all of the threats all of the time. >> Jeff: Right. >> And, so that, in order to better protect their customers and clients, sharing that threat intelligence at speed at scale is a very fundamental part of being a much better cyber security company. >> So, how hard of a sell was that a year ago? I think you started it a year ago, announced it, and how's the ecosystem kind of changed over the last year? >> Well, I would say that, you know, it's not like I run into anybody that says, "You know, Michael, that's a really "stupid idea, we shouldn't do that." Right, it's really finding the way for a cyber security company to fit it into their business model. >> Right. >> To be able to consume the threat intelligence at a speed that matters and really be able to bake it into their products. That's usually the hard part. Conceptually, everybody agrees that this is what we need to do. >> Right, and then, how 'about just the nitty gritty nuts and bolts of, you know, how do you share information? How is it picked up, how is it communicated? What are the protocols? I'd imagine that's not too simple. >> That's right, and one of the things that we settled on was we use the STIX format because it's an open format that everybody can translate back and forth. We had to build in a lot of business rules to actually make sure that people were playing fair. You know, for example, we actually require all of our members to share. So, you can't just join the alliance and consume information, you actually have to give in order to receive. >> Right, and you've got some really kind of high-level, lofty goals that you've built this around in terms of doing good for the greater good, kind of beyond the profitability of an individual customer transaction. I wonder if you can speak to a few of those. >> Well, sure, so the part of the idea behind the way that CTA is structured is that we're a 501 C6, so we're a non-profit, right, and the idea is that we function to help raise the level of cyber security across the digital ecosystem and actually enable our member companies to compete more effectively because they have better intelligence that their products and services are based on, but we, ourselves, are not in it to make money. >> Right, right, right, alright, Michael. Unfortunately, we're up against the time. >> Absolutely. >> So, we're going to have to leave it there, but love the work that you guys are doing and it makes so much sense for people to work together. >> Well, thank you very much, thank you for having me. >> Alright, he's Michael from Cyber Threat Alliance. I'm Jeff from the Cube. You're watching us from the RSA conference San Francisco, thanks for watchin'. (soft electronic beat)

>> Narrator: From downtown San Francisco it's the Cube covering RSA North America 2018. >> Hey, welcome back, everybody, Jeff Frick here at the Cube. We're at RSA's security conference, about 40,000 plus. I don't know, I got to get the number. The place is packed, it's a mob scene. Really excited to be here and joined by Derek Manky We saw Derek last year from Fortinet. Great to get an update, Derek, what do you think of the show this year? >> It's getting big for sure, as I said. That's an understatement. >> I know. >> This is my tenth year coming to RSA now, yeah. >> It's your tenth? >> And just to see how it's changed over 10 years is phenomenal. >> Alright. So, one of the things you want to talk about that you probably weren't talking about 10 years are swarms of bots. >> Yeah. >> What the heck is going on with swarms of bots? >> There's been a lot of changes on that front too, so the bad guys are clever, of course, right? If we look at 10 years ago, there was a lot of code, you know, crime kits, crime services that were being created for infrastructure. That led up to some more, you know, getting affiliates programs, kind of, business middle men to distribute crime. So, that drove a lot of the numbers up, but, literally, in the last three quarters, if we look at hacking activity, the number has doubled from FortiGuard labs. It's gone from 1.1 million to 2.2 to 4.4 million just over the last three quarters. So, we're looking at a exponential rise to attacks. The reason that's happening is because automation >> Right. >> And artificial intelligence is starting to be put into black cat code, and so the swarm concept, if you think of bees or ants in nature, what do they do? They work together, it's strength in numbers from a black cat's point of view. >> Right, right. >> They work together to achieve a common goal. So, it's intent based attacks, and that's what we're starting to see as precursors as some code, right? These IoT bot nets, we're actually seeing nodes within the bot net that can communicate to each other, say, "Hey, guys, I found this other target in the network. "Let's go launch a DDOS attack "or let's all try to take different "bits of file information from those targets." So, it's that swarm mentality where it takes the attacker more and more out of the loop. That means that the attack surge is also increasing in speed and becoming more agile too. >> So, the bad news, right, is the bad guys have all the same tools that the good guys have in terms of artificial intelligence, machine learning, automation, software to find and they don't have a lot of rules that they're supposed to follow as well. So, it kind of puts you in a tougher situation. >> Yeah, we're always in a tough situation for sure. You know, I would say, for sure, that when it comes to the tools, a lot of the tools are out there, they custom develop some tools. I would have to say on the technology side when it comes to security members especially collaborating together and the amount of infrastructure that we have set up, I think we have a foot up on the attackers there, we're at an advantage, but you're absolutely right, when it comes to rules, there are no rules when it comes to the black cat attackers and we have to be very careful of that, how we proceed, of course, right. >> And that's really the idea behind the alliance, right, so, that you guys are sharing information. >> Yeah. >> So, you're sharing best practices, you're picking up patterns. So, everybody's not out there all by themselves. >> Absolutely, it's strength in numbers concept on our end too. So, we look at Cyber Threat Alliance, Fortinet being out founding member working with all other leading security vendors in this space is how we can team up against the bad guys, share actionable intelligence, deploy that into our security controls which makes it a very effective solution, right. By teaming up, stacking up our security, it makes it much more expensive for cyber criminals to operate. >> Right, that's good. >> Yeah. >> That's a good thing. >> Yeah, yes. >> And then, what about kind of this integration of the knock and the sock? >> Yeah. >> Because security's so much more important for all aspects of the business, right? It's not layered on, it's not stand alone. It's really got to be integrated into the software, into the process and the operations. >> Absolutely, so, the good news is, if you look at things like we're doing with the security fabric, a lot of it is how do we integrate, how do we bring technology and intelligence down to the end user so that they don't have to do day-to-day mundane tasks, right? Talking about the swarm networks, what's happening on the black cats' side, attackers are gettin' much quicker so defense solutions have to be just as quick if not faster, and so that's what the knock sock integration is about, right, how we can take network's security visibility, put it into things like our FortiAnalyzer manager sim appliances, right, be able to bring those solutions so, again, to when it comes to a knock and sock operation, how do you bring visibility into threats? How do you respond to those threats? More importantly, how do you also have automated security defense, so agile defense, put up? >> Right. >> We talk about concepts like agile macrosegmentation, right? That's something we're doing with Fortinet, how we can look at attacks and actively lock down attacks as they're happening is a really concept, right? >> So, really, just to isolate 'em within kind of where they've caused the harm, keep 'em there until you can handle 'em and not let 'em just go bananas all over the orientation. >> Yeah, yeah, so you can think of it as, like, an active quarantine. We've also launched our threat intelligence services. So, this is bringing the why. There's a lot of intelligence out there. There's a lot of logs. We have, now,, threat intelligence services that we bring to security operation centers to show them here are the threats happening on your network. Here is why it is a threat. Here's the capabilities of the threat and here's how you respond to it. So, it helps from a CSOL perspective prioritized response on the incident response model to threats as well. >> Alright, well, Derek, we've got to let it go there. We are at a super crazy time crunch. >> I know. >> We'll get you back into the studio and have a little bit more time when it's not so crazy. >> Okay, I appreciate it. >> Alright, he's Derek Manky, I'm Jeff Frick. You're watching the Cube from RSA 2018, thanks for watchin'. (soft electronic beat)

>> Narrator: From downtown San Francisco it's theCUBE covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA Conference North America 2018 downtown San Francisco. 40,000 plus people swarming all over Moscone to the north to the south and to the west. We're excited to have our next guest on. He's Chase Cunningham, principal analyst at Forrester. Chase, great to meet you, welcome. >> Thanks for having me. >> Absolutely, so you just had an interesting blog post. Was Zero Trust on a beer budget. >> Yeah. >> What is that all about? >> Well, so Zero Trust is a pretty simple concept about accepting failure, if you will, and focusing on the internal and moving outward. And basically the premise was, I had friend of mine ask me if he could do Zero Trust for his small company. And I said sure, let's go get a beer and we'll figure this out. And literally, in about half an hour we had a Zero Trust strategy in place for less than 40 grand and his infrastructure is way more secure and it's really simple. >> So that's pretty interesting because, you Know it's easy for big companies that have a lot of resources or the big puddle of Cloud companies have a lot of resources to put a lot of implementation into place. But as we look around this conference tons and tons of companies, it's a lot harder for small and medium businesses either to have the expertise or the budgets to really bring in what they need to secure things. So what were some of the insights from your beer exercise? >> Sure, so it was really simple. If you really think about where the majority of the threat comes from, the network is there and everybody uses it but who accesses the network? The users, the individuals, the devices, everything else. So the first thing we did was we're going to lock down identity and access management because I know if I can control that I've made a fundamental shift into power position for myself. And the next thing we did was we said look you guys don't really own intellectual property but you send emails. We're going to put stuff in place to encrypt every email you send whether you like it or not. So between those two simple things, identity access management and sort of data email encryption we put a really strong security platform in place and it didn't break the bank and it wasn't really hard to do and it's something that you can get better as it goes on. >> Right. And I'm curious, had he had an event or he was just trying to get ahead of the curve? >> He had had some weird stuff showing up. He's in esports, right, so he doesn't have actual intellectual property but he's worried because if they get dossed or they get hacked or they get ransomware for every minute they're down they're losing viewers and that's business and money for them. >> Right, so it kind of ties back to this kind of next gen access where it's really important with the identity but the other one is the context. Who is it and where are they trying to get in? Do they usually come in that way? Do they usually have access? So that's another really way to kind of isolate the problems that might come in the front door. >> Yeah, and you know the, years ago the next gen firewall was really the thing to integrate lots of functions across the network and that's all there. It still exists and it's still necessary but really when you break it down and look at historically where the threats have come from and where the compromises have come from, it's access and if you can't control that you don't have the capability of actually stopping bad things from happening. >> Right, right, so as you look around and you've been coming to this probably for a couple years, as this space evolves. You know, kind of what are your general impressions? I mean, on one hand, so many vendors, so many activities. On the other hand, it was like, we've been at this for a while or are we just stuck in this race and we just got to keep running? >> Well I think we're going to continue running the race but interestingly enough there's buses driving by now with Zero Trust all over the side of it. And I'm glad to see that that strategy is starting to take hold because the problem I have is you can Frankenstein technology together all day long but if you don't have a strategic guidepost that everybody understands from the board down to the network engineer you're going to get it wrong. You're going to miss and so I'm a fan of simplicity and force multipliers and to me the Zero Trust strategy sort of drives that forward. >> All right, well Chris thanks for taking a few minutes. Everyone can log onto your site, take a look at the blog. Thanks for stopping by. >> Thanks for having me. >> All right, he's Chris Cunningham from Forrester. I'm Jeff Frick from theCUBE. Thanks for watching from RSAC 2018.

>> Narrator: From downtown San Francisco it's TheCUBE covering RSA North American 2018. >> Hey, welcome back everybody. Jeff Frick from TheCUBE. We're on the floor at the RSA Conference 2018. 40,000 plus people packed in Moscone North, South, West, and we're excited to be here. It's a crazy conference, Security's top of mind obviously and everybody is aware of this. And our next guest, he's Bill Mann, chief product officer from Centrify. Bill, great to see you. >> Great to see you. >> So you guys have a lot of stuff going on but what I think what's interesting to me is you guys have this kind of no trust as your starting foundation. Don't trust anybody, anything, any device. How do you work from there? Why is that the strategy? >> Well that strategy is because we've got a really new environment now. A new environment where we have to appreciate that the bad actors are already within our environment. And if you stop believing that bad actors are already in your environment, you have to start changing the way you think about security. So it's a really different way of thinking about security. So what we call this new way of thinking about security is zero trust security. And you might have heard this from Google with BeyondCorp and so forth. And with that as the overarching kind of way we are thinking about security, we're focusing on something called NextGenAccess. So how do you give people access to applications and services where they're remote. They're not on the network and they're not behind a firewall because who cares about the firewall anymore because it's not secure. >> Right. So there's four tenants of NextGenAccess. One is verify the user, verify the device that they are coming from so they're not coming from a compromised device. Then give them limited access to what they are trying to access or what we call Limit Privilege and Access. And that last one is learn and adapt which is this kind of pragmatic viewpoint which is we're never going to get security right day one, right? To learn and adapt and what we're doing look at auto tune logs and session logs to change your policy and adapt to get a better environment. >> So are you doing that every time they access the system? As they go from app to app? I mean how granular is it? Where you're consistently checking all these factors? >> We're always checking the end factor and where we use an actual machine learning to check what's happening in the environment and that machine learning is able to give that user a better experience when they are logging in. Let's say Bill's logging into Salesforce.com from the same location, from the same laptop all the time. Let's not get in the way right? But if Bill the IT worker is going from a different location and logging into a different server that's prompting for another factor of authentication because you want to make sure that this is really Bill. Because fundamentally you don't trust anybody in the network. >> And that's really what you guys call this NextGenAccess, right? [Bill]- That right, that's right, that's right. >> It's not just I got a VPN. You trust my VPN. I got my machine. Those days are long gone. >> Well VPNs, no no to VPNs as well, right? We do not trust VPNs either. >> So a bit topic ever since the election, right, has been people kind of infiltrating the election. Influencing you know how people think. And you guys are trying to do some proactive stuff even out here today for the 2018 election to try to minimize that. Tell us a little bit more about it. >> Yeah we call it Secure The Vote. And if the audience has looked at the recent 60 Minutes episode that came on. That did a really good that walked everybody through what was really happening with the elections. The way you know the Russians really got onto the servers that are storing our databases for the registration systems and changed data and created chaos in the environment. But the fundamental problem was compromised credentials. I mean 80% of all breaches believe it or not have to do with compromised credentials. They are not around all the things we think are the problem. So what we're doing here with Secure The Vote is giving our technology to state and local governments for eight months for free. And essentially they can then upgrade their systems, right? So they can secure the vote. So fundamentally securing who has access to what and why and when. And if you look at the people who are working on election boards, they're volunteers, there are a lot of temporary staff and so forth. >> Right, right. >> So you can imagine how the bad guys get into the environment. Now we've got a lot of experience on this. We sell to state and local governments. We've seen our technology being used in this kind of environment. So we're really making sure that we can do our part in terms of securing the election by providing our technology for free for eight months so election boards can use our technology and secure the vote. >> So how hard is it though for them to put it in for temporary kind of situation like that? You made it pretty easy for them to put it in if they are not an existing customer? >> Absolutely I mean one of the things, one of the fallacies around this whole NextGenAccess space is the fact that it's complicated. It's all SAS-Space, it's easy to use, and it's all in bite-sized chunks, right? So some customers can focus on the MFA aspects, right? Some customers can focus on making sure the privileged users who have access to the databases, right, are limiting their access right? So there's aspects of this that you can implement based upon where you want to be able to, what problem you want to be able to solve. We do provide a very pragmatic best practices way of implementing zero trust. So we are really providing that zero trust platform for the election boards. [Jeff]- Alright well that's great work Bill and certainly appreciated by everybody. We don't want crazy stuff going on in the elections. >> Absolutely. >> Jeff: So we'll have to leave it there. We'll catch up back in the office. It's a little chaotic here so thanks for taking a few minutes. >> Thank you very much. >> Alright, he's Bill Mann and I'm Jeff Frick. You're watching TheCUBE from RSCA 2018. Thanks for watching. (bright music)

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE covering RSA North America 2018. Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA's North American Conference 2018 at downtown San Francisco. 40,000 plus people talking about security. Security continues to be an important topic, an increasingly important topic, and a lot more complex with the, having a public cloud, hybrid cloud, all these API's and connected data sources. So, it's really an interesting topic, it continues to get complex. There is no right answer, but there's a lot of little answers to help you get kind of closer to nirvana. And we're excited to have Misha Govshteyn. He's the co-founder and SVP of Alert Logic, CUBE alumni, it's been a couple years since we've seen you, Misha, great to see you again. >> That's right, I'm glad to be back, thank you. >> Yeah, so since we've seen you last, nothing has happened more than the dominance of public cloud and they continue to eat up-- >> I think I predicted it on my past visits. >> Did you predict it? Wow that's good. >> But I think it happened. >> But it's certainly happening, right. Amazon's AWS' run rate is 20 billion last reported. Google's making moves. >> Their conference is bigger than ours right now. >> Is it? >> That's 45,000 people. >> Yeah, it's 45,000, re:Invent, it's nuts, it's crazy. and then obviously Microsoft's making big moves, as is Google cloud. So, what do you see from the client's perspective as the dominance of public cloud continues to grow, yet they still have stuff they have to keep inside? We have our GDPR regs are going to hit in about a month. >> Well one thing's for sure is, it's not getting any easier, right? Because I think cloud is turning things upside down and it's making things disruptive, right, so there's a lot of people that are sitting there and looking at their security programs, and asking themselves, "Does this stuff still work? "When more and more of my workloads "are going to cloud environments? "Does security have to change?" And the answer is obviously, it does but it always has to change because the adversaries are getting better as well, right. >> Right. >> There's no shortage of things for people to worry about. You know when I talk to security practitioners, the big thing I always hear is, "I'm having a good year if I don't get fired." >> Well it almost feels like it's inevitable, right? It's almost like you're going to, it seems like you're going to get hit. At some way, shape, or form you're going to get hit. So it's almost, you know how fast can you catch it? How do you react? >> That's a huge change from five years ago, right? Five years ago we were still kind of living in denial thinking that we can stop this stuff. Now it's all about detection and response and how does your answer to the response process works? That's the reason why, you know last year, I think we saw a whole bunch of noise about, you know machine learning and anomaly detection, and AI everywhere and a whole lot of next-generation antivirus products. This year, it seems like a lot of it is, a lot of the conversation is, "What do I do with all this stuff? "How do I make use of it?" >> Well then how do you leverage the massive investment that the public cloud people are making? So, you know, love James Hamilton's Tuesday night show and he talks about just the massive investments Amazon is making in networking, in security, and you know, he's got so many resources that he can bring to bear, to the benefit of people on that cloud. So where does the line? How do I take advantage of that as a customer? And then where are the holes that I need to augment with other types of solutions? >> You know here's the way I think about it. We had to go through this process at Alert Logic internally as well. Because we obviously are a fairly large IT organization, so we have 20 petabytes of data that we manage. So at some point we had to sit down and say, "Are we're going to keep managing things the way we have been "or are we going to overhaul the whole thing?" So, I think what I would do is I would watch where my infrastructure goes, right. If my infrastructure is still on-prem, keep investing in what you've been doing before, get it better, right? But if you're seeing more and more of your infrastructure move to the cloud, I think it's a good time to think about blowing it up and starting over again, right? Because when you rebuild it, you can build it right, and you can build it using some of the native platform offerings that AWS and Azure and GCP offer. You can work with somebody like Alert Logic. There's others as well right, to harness those abilities. I'll go out on a limb and say I can build a more secure environment now in a cloud than I ever could on-prem, right. But that requires rethinking a bunch of stuff, right. >> And then the other really important thing is you said the top, the conversation has changed. It's not necessarily about being 100% you know locked down. It's really incident response, and really, it's a business risk trade-off decision. Ultimately it's an investment, and it's kind of like insurance. You can't invest infinite resources in security, and you don't want to just stay at home and not go outside. Now that's not going to get it done. So ultimately, it's trade-offs. It's making very significant trade-off decisions as to where's the investment? How much investment? When is the investment then hit a plateau where the ROI is not there anymore? So how do people think through that? Because, the end of the day there's one person saying, "God, we need more, more, more." You know, anything is bad. At the other hand, you just can't use every nickel you have on security. >> So I'll give you two ends of the spectrum right, and on one end are those companies that are moving a lot of their infrastructure to the cloud and they're rethinking how they're going to do security. For them, the real answer becomes it's not just the investment in technology, and investing into better getting information from my cloud providers, getting a better security layer in place. Some of it is architecture right, and some of the basics right, there's thousands of applications running in most enterprises. Each one of those applications on the cloud, could be in its own virtual private cloud, right. So if it gets broken into, only one domino falls down. You don't have this scenario where the entire network falls down, because you can easily move laterally. If you're doing things right in the cloud, you're solving that problem architecturally, right. Now, aside from the cloud, I think the biggest shift we're seeing now, is towards kind of focusing on outcomes, right. You have your technology stack, but really it's all about people, analytics, data. What do you, how do you make sense of all this stuff? And this is classic I think, with the Target breach and some of the classic breaches we've seen, all the technology in the world, right? They had all the tools they needed. The real thing that broke down is analytics and people. >> Right, and people. And we hear time and time again where people had, like you said, had the architecture in place, had the systems in the place, and somebody mis-configured a switch. Or I interviewed a gal who did a live social hack at Black Hat, just using some Instagram pictures and some information on your browser. No technology, just went in through the front door, said, you know, hey, "I'm trying to get the company picnic "site up, can you please test this URL?" She's got a 100% hit rate! But I think it's really important, because as you said, you guys offer not only software solutions, but also services to help people actually be successful in implementing security. >> And the big question is, if somebody does that to you, can you really block it? And the answer a lot of times is, you can't. So the next battlefront is all about can you identify that kind of breach happening, right? Can you identify abnormal activity that starts to happen? You know, going back to the Equifax breach, right, one of the abnormal things that happened that they should've seen and for some reason didn't, you know, 30 web shells were stood up. Which is the telltale sign of, maybe you don't know how you got broken into, but because there's a web shell in your environment you know somebody's controlling your servers remotely, that should be one of those indicators that, I don't know how it happened, I don't know maybe I missed it and I didn't see the initial attack, but there's definitely somebody on a network poking around. There's still time, right? There's, you know for most companies, it takes about a hundred days on average, to steal the data. I think the latest research is if you can find the breach in less than a day, you eliminate 96% of the impact. That's a pretty big number right? That means that if you, the faster you respond, the better off you are. And most people, I think when you ask 'em, and you ask 'em, "Honestly assess your ability to quickly detect, respond, eradicate the threat." A lot of them will say, "It depends" But really the answer is "Not really." >> Right, 'cause the other, the sad stat that's similar to that one, is usually it takes many, many days, months, weeks, to even know that you've been breached, to figure out the pattern, that you can even start, you know, the investigation and the fixing. >> Somewhat not surprising, right? I don't think there's that many Security Operation Centers out there, right? There's not, you know, not every company has a SOC right? Not every company can afford a SOC. I think the latest number is, for enterprises, right, this is Fortune 2000, right, 15% of them have a SOC. What are the other 85% doing? You know, are they buying a slice of a SOC somewhere else? That's the service that we offer, but I think, suffice to say, there's not enough security people watching all this data to make sense of it right. That's the biggest battle I think going forward. We can't make enough people doing that, that requires a lot of analytics, right. >> Which really then begs, for the standalone single enterprise, that they really need help, right? They're not going to be able to hire the best of the best for their individual company. They're not going to be able to leverage you know best-in-breed, Which I think is kind of an interesting part of the whole open-source ethos, knowing that the smartest brains aren't necessarily in your four walls. That you need to leverage people outside those four walls. So, as it continues to morph, what do you see changing now? What are you looking forward to here at RSA 2018? >> So I made some big predictions five years ago, so I'll say you know, five years from now, I think we're going to see a lot more companies outsource major parts of their security right, and that's just because you can't do it all in-house right. There's got to be a lot more specialization. There's still people today buying AI products right, and having machine learning models they invest in to, there's no company I'm aware of, unless they're, you know, maybe the top five financial firms out there, that should have a, you know, security focused data scientist on staff, right? And if you have somebody like that in your environment, you're probably not spending money the right way, right. So, I think security is going to get outsourced in a pretty big way. We're going to focus on outcomes more and more. I think the question is not going to be, "What algorithm are you using to identify this breach?" The question is going to be, "How good are your identifying breaches?" Period. And some of the companies that offer those outcomes are going to grow very rapidly. And some of the companies that offer just, you know, picks and shovels, are going to probably not do nearly as well. >> Right. >> So five years from now, I'll come back and we'll talk about it then. >> Well, the other big thing, that's going to be happening in a big way five years from now, is IoT and IIoT and 5G. So, the size of the attacked surface, the opportunities to breach-- >> The data volume. >> The data volume, and the impact. You know it's not necessarily stealing credit cards, it's taking control of somebody's vehicle, moving down the freeway. So, you know, the implications are only going to get higher. >> We collect a lot of logs from our customers. Usually, the log footprint, grows at three times the rate of our revenue and customers, right. So, you know, thank god-- >> The log, the log-- >> The log volume grows-- >> volume that you're tracking for a customer, grows at three times your revenue for that customer? >> That's right. I mean, they're not growing at three times that rate, annually right, but annually, you know, we've clocked anywhere between 200% to 300% growth in data that we collect from them, IoT makes that absolutely explode, right. You know, if every device out there, if you actually are watching it, and if you have any chance of stopping the breaches on IoT networks, you got to collect a lot of that data, that's the fuel for a lot of the machine learning models, because you can't put human eyes on small RTUs and you know, in factories. That means even more data. >> Right, well and you know the model that we've seen in financial services and ad-tech, in terms of, you know, an increasing amount of the transactions are going to happen automatically, with no human intervention, right, it's hardwired stuff. >> So I think it's that balance between data size and data volume, analytics, but most important, what do you feed the humans that are sitting on top of it? Can you feed them just the right signal to know what's a breach and what's just noise? That's the hardest part. >> Right, and can you get enough good ones? >> That's right. >> Underneath your own, underneath your own shell, which is probably, "No", well, hopefully. >> I think building this from scratch for every company is madness, right. There's a handful of companies out there that can pull it off, but I think ultimately everybody will realize, you know, I'm a big audio nerd so I Looked it up, right, you used to build all of your own speakers, right. You'd buy a cabinet and you'd buy some tools, and you would build all the stuff. Now you go to the store and you buy an audio system, right? >> Right, yeah, well at least audio, you had, speakers are interesting 'cause there's a lot of mechanical interpretations about how to take that signal and to make sound, but if you're making CDs you know you got to go, with the standard right? You buy Sonos now, and Sonos is a fully integrated system. What is Sonos for security, right? It doesn't exist yet. And that's, I think that's where Security as a Service is going. Security as a Service should be something you subscribe to that gives you a set of outcomes for your business, and I think that's the only way to consume this stuff. It's too complex for somebody to integrate from best-of-breed products and assemble it just the right way. I think the parallels are going to be exactly the same. I'm not building my car either, right? I'm going to buy one. Alright Misha, well, thanks for the update, and hopefully we'll see you before five years, maybe in a couple and get an update. >> We'll do some checkpoints along the way. >> Alright. Alright, he's Misha, I'm Jeff. You're watching theCUBE from RSA North America 2018 in downtown, San Francisco. Thanks for watching. (techno music)

>> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're at RSA North America 2018 in San Francisco. 40,000 plus people talking security, enterprise security, cloud security, a lot going on. It just continues to get more and more important. And we're really excited for our next guest who's been playing in the enterprise space for as long as I can remember, which has been a little while. Mike Decesare, he's the CEO and President of ForeScout. Mike, great to see you. >> Started my career off when I was one. (Jeff laughs) So, I've been in this for a long time. >> You have been in it a long time. So you guys now you're all about, right so there's so much stuff going on in security and security is one of these things that I have to look at it as kind of like insurance. You can't put every last nickel in security, but at the same time, you have to protect yourself. The attack surfaces are only growing with IIoT and we were at an autonomous vehicle show, and 5G is just coming around the corner, and all these connected devices and APIs. So you guys have a pretty unique approach to how you top level think about security called visibility. Explain that to us. >> So visibility is the next big thing in the world of cybersecurity and the dynamic is very basic. It's, for 20 plus years, CIOs and CSOs were substantially able to control everything that was on their network. You'd buy your servers and Windows machines and Blackberries for your employees and then there was very little tolerance for other devices being on those organization's networks. And what happened 10 years ago this year, with the birth of the iPhone was that CIOs, those same CIOs now had to deal with allowing things onto their network that don't subscribe to those same philosophies and when you can't buy it and outfit it with security before you put it into the environment. And that's the gap that ForeScout closes for organizations is we have an agentless approach which means we plug into the network infrastructure itself and we give customers visibility into everything that is connected to their network. >> So that begs a question, how do you do that without an agent? I would imagine you would put a little agent on all the various devices. So what's your technique? >> We actually don't. That's the secret sauce of the company is that >> okay >> you know over 10 years ago, we recognized this IoT trend coming because that's, that's the thing in the world of IoT is unlike the first kind o' 20 years of the internet, there was a substantially smaller number of operating systems, most of them open. The different characteristic about the current internet is that many of these use cases are coming online as closed proprietary operating systems. The example I use here is like your home. You know, you get a Nest thermostat and you put in on your network and it monitors, you know, heating and cooling but the device, the operating system, the application is all one consumer device. It doesn't run Windows. You can't install antivirus on you Nest thermostat. So our approach is we plug into the network infrastructure. We integrate to all of the network vendors, the firewall vendors, the wireless controlling vendors and we pull both active and passive techniques for gathering data off those devices and we translate that into a real-time picture of not just everything connected to the network but we know what those devices are without that client having to do anything. >> So you have what you call device cloud or yeah, ForeScout device cloud. So is that, is that a directory of all potential kind of universe of devices that you're querying off of or is that the devices within the realm of control of your of your clients directly? >> It's the second. It's the, so the way that our product works is we plug into the network infrastructure so anything that requests an IP address, whether is wired and wireless in the campus environment, whether it's data center or cloud in the data center environments or even into the OT space, anything that requests an IP address pops onto our radar the second it requests that address. And that cloud that we've built, that we've had for about nine months, we already have three million devices inside, almost three and a half million devices, is a superset of all of the different devices across our entire install base just from the clients that have been willing to share that data with us already. And that gives us optimism because what that becomes is a known set of fingerprints about all known devices so the first time that we discover a Siemens camera that might be a manufacturer, the company might have ten thousand of those in the environment, the first time that we see that device, we have to understand the pattern of traffic off that device, we label that as a security camera and any other customer world-wide that's has that same device connects, we instantaneously know it's a Siemens security camera. So we need the fingerprint of those devices once. >> Right, and so you're almost going to be like the GE Predix of connected devices down the road potentially with this cloud. >> We won't go there on that. >> He won't go there, alright. We've talked to Bill Ruh a lot of times but he does an interesting concept. The nice thing 'cause you can leverage from a single device and knowledge across the other ones which is so, so important on security so you can pick up multiple patterns, repeated patterns et cetera. >> One of the best parts about ForeScout is the fact that we deployed incredibly quickly. We have clients that have almost a million devices that got live in less than three months. And the reason we're able to do that is we plug into the infrastructure, and then our product kind o' does its own thing with very little effort from the client where we compare what we have in this repository against what they have in their environment. We typically get to an 80 or 90% auto-classification meaning that we know 80 or 90% of the time, not just what's on the network but what that device is and then the other 20% is where we have the implementation where we go through and we look at unique devices. It might be a bank has some model of ATM we've never seen before or a healthcare company has beds or machines on a hospital floor that we haven't recognized before. And the first time that we see each of those devices uniquely, we have to go through the process of fingerprinting it which means that we're looking for the unique pattern of traffic that's coming off a, you know, a router, a switch and a firewall and we're ingesting that and we're tagging that device and saying anytime we see that unique pattern of traffic, that's a certain device, a security camera or what have you. >> Right. >> The reason's that useful is then we get to put a policy in place about how those devices are allowed to behave on the network. So if you take something like the Mirai Botnet which hit about a year ago, was the thing that took down a big chunk of the Northeast, you know, utilities and you know, internet, it infected, it was a bot that infected security cameras predominantly. Nobody thought twice about having security cameras in their environment, but they're the same as they are in your house where you know, you put it online, you hit network pair and it's online. >> Right. >> But that bot was simply trying to find devices that had the default password that shipped from the security manufacturer and was able to be successful millions of time. And with our product in place, that couldn't happen because when you set us up, we would know it's a security camera, we'd put a policy in place that says security camera can speak to one server in the data center called the security camera server. And if that device tries to do anything more criminal, if it tries to dial the internet, if it tries to break into your SAP backend, any of those activities, we would give the customer the ability to automatically to take that device offline in real time. >> Right, so you're... >> And that's why our clients find us to be very useful. >> Right, so you're really segregating the devices to the places they're supposed to play, not letting 'em out of the areas they're supposed to be. Which is the >> Absolutely. >> Which is the classic kind of back door way in that the bad guys are coming in. >> Our philosophy is let everything onto the network. We take a look at that traffic. We give you a picture of all those devices and we allow each customer to put an individual policy in place that fences that in. If you take the other extreme like a Windows machine in a corporate environment, our typical policy will be you know, do you have Windows 2009 or later? 'Cause most customers have policies they don't want XP in their environments anymore. But we enforce it. So if an XP device hits the network, we can block that device or we can force a new version down. If you have Symantec, has it got a dat file update? If you've got Tenable, has it had a scan recently? If you've got, you know, any of the other products that are out there that are on those machines, our job is to enforce that the device actually matches the company's policy before that device is allowed in. >> Before you let it. Alright. >> And if at any time that it's on that network, it becomes noncompliant, we would take that device offline. >> You know, with the proliferation of devices and continuation growth of IoT and then industrial IoT, I mean, you guys are really in a good space because everything is getting an IP address and as you said, most of them have proprietary operation systems or they have some other proprietary system that's not going to allow, kind o' classic IT protections to be put into place. You've really got to have something special and it's a pretty neat approach coming at it from the connectivity. >> It's the secret sauce of the company is we recognized many years ago that the the combination of not just there being very few operating systems but they were all open. Windows, Lennox, right? I mean, you can buy a Windows machine and you can install any product you want on it. But we saw this trend coming when the next wave of devices was going to be massively heterogeneous and also in many cases, very closed. And you know, you mentioned the example of the OT space and that's one of the other, the third biggest driver for us in our business is the OT space because when you looking a WanaCry or a NotPetya and you see companies like Maersk and FedEx and others that are, that are publicly talking about the impact of these breaches on their earnings calls. What those companies are waking up and realizing is they've got 25 year old systems that have run, you know, an old version of Microsoft that's been end-of-life decades ago and the bad actors have proven very adept at trying to find any entry point into an organization, right, and the great news for ForeScout is that really lends itself very much towards our age-endless approach. I mean, many of these OT companies that we're in, devices that are in their manufacturing facilities don't even have an API. There were built so long ago so there's no concept of interacting with that machine. >> Right >> So for us, allowing that device to hit the Belden switches and then be able to interrogate the traffic coming off those switches let's us do the same thing that we do in the campus world over in the OT world as well. >> Good spot to be. So RSA 2018, what are ya looking forward to for this week? >> This is just massive in size. It's like speed dating. From a customer's perspective too, I mean, I meet so many customer's that come here and able to meet with 30 or 40 vendors in a single week and it's no different, you know, for the providers themselves so. You know, we've got some really, kind o' really high profile big wins, you know, it's very coming for us to be doing deals at this point that get up over a million devices so they're very high profile so it's a great chance to reconnect with customers. You know, one of the things I didn't mention to you is that kind o' the, the whole thing that we do of identifying devices and then understanding what they are and allowing those policies to get put in places, that's fundamentally done with our own IP, and the connections into the switch and firewall vendors. But we've built this whole other ecosystem of applications in the world of orchestration that set on top of our products. We integrate the firewall vendors, the vulnerability management vendors, the EDR vendors, the AV vendors, so it's a great chance for us to reconnect with you know, those vendors as well. In fact, we're doing a dinner tonight with CrowdStrike. They're one of our newer partners. Very excited about this week. It brings a lot of optimism. >> Well, great story Mike and excited to watch it to continue to unfold. >> We appreciate you giving us some time. >> Alright, thanks for stopping by. That's Mike Decesare. I'm Jeff Frick. You're watching theCUBE from RSA North America 2018. Thanks for watchin'. Catch you next time. (techno music)

>> Presenter: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the theCUBE. We're in downtown San Francisco with RSA North America 2018 40,000 plus professionals talking about security, enterprise security. It's a growing field, it's getting baked into everything. There's a whole lot of reasons that this needs to be better and more integrated into everything that we do, as opposed to just kind of a slap on at the end. And, who better to have on, who's investing at the cutting edge, keeping an eye on the startups than Sean Cunningham, our next guest. He's a managing director ForgePoint Capital, the newly named, so welcome to ForgePoint Capital, I guess. (Sean laughs) >> Thanks, Jeff, we're pretty excited about it. So, we were branded Trident Capital Cybersecurity. We're a 300 million dollar cybersecurity only fund, we closed the fund about a year and a half ago. We've invested in a dozen companies, and we decided that now is a great time to rebrand ForgePoint really tells more about what we're doing, we're forging ahead with our Series A, Series B funded companies, as well as a few growth equity. So, it made a lot of sense, but we're pretty excited about the market, and obviously RSA, with 1700 cybersecurity companies makes it interesting. >> Right, so you've been at this for a while. I wonder if you can speak to some of the macro trends as we've seen the growth of cloud, the growth of IoT will soon be more industrial IoT, enabled by 5G. We've got all these automated systems and financial services trading, and ad tech that we're going to see more and more of that automated transaction happening. You've got APIs and everything's connected to everything else to enable my application. So, really really exciting, and huge, growing threat surface if you will, but at the same, these are the technologies that are driving forward. So, what are you seeing from your, seat at the table some of the newer, more innovative startups? >> Jeff, I think you should probably tell me. You have all the answers there. >> I talked to a lot of smart people, that's the benefit of the job. >> I think the only two buzzwords you left off was Bitcoin and fraudulent payments. >> Oh, we can work a little blockchain in if you want. >> Yeah, but it is absolutely a bit of an interesting environment. I've been doing it since 2000 with Intel Capital for 15 years, but what's really changed, what hasn't changed is the fact that it's all about the hackers are able to monetize this. So, that's not going away. The biggest change are the, I guess, overt nation state attacks. So, between all of those things, the drivers are just continuing to force cybersecurity to become better and better. And, that's why the innovative startups are really, you're seeing these 1700, because the legacy companies can't fix these problems. And, you know, you talk about all these different paths for hackers to get in. It's absolutely the case and we are really big on areas, as you mentioned Jeff, the automation. It has to be about automating. It has to be about having a real solution for a real problem. You know, you look at, let's say 1500 of these security startups, a lot of them are about technology for the sake of technology. So, we're pretty excited about a couple of areas. One, is application security. If you think about the Equifax hack, you know, it's as simple as getting into the website and being able to hack into all of the PII data if you will. And, we've invested in a company called Prevoty and what they do is they make it easy for the application security folks to meet with the DevOps folks and inject the software into these applications. The reason why that's really interesting is, if you think about how long it takes for the DevOps guys to get all their new updates out, through that whole cycle, when you could automate that process and reduce that time to market, that's what it's really all about. >> So, what's your take on GDPR. You know, it's past a little while ago, the enforcement comes into place next month. It's weird what's going on with Facebook right now. I don't ever hear GDPR in the conversation of what's going on, and yet, it's just around the corner and it seems like it would be part of that conversation. DC is just king of a Y2K moment, where there's a lot of buzz and the date hits and we get past it and then we kind of move on with our lives, or is this really a fundamental shift in the way that companies are going to have to manage their data? >> Well, I can show you my scars from investigating compliance companies. I think the winners in that space, from a business standpoint are going to be the consultant companies, initially and at some point then, the legacy guys are going to be also involved, as well as some of the startups. But, clearly, until you see some of the large penalties happen, there's not going to be a lot of movement. There's going to be a lot of hand waving and consulting firms are trying to figure out what's your problem, how do we solve it. So, you're going to see, I'm sure, around the floor a lot of GDLP stuff, but we're being very cautious about where we invest there because, as you say, Y2K and a lot of this is going to be a lot fud. The legacy guys are going to say, oh we can handle that. Same as they did with cloud. Look how long it's taking cloud to get adopted, my God. I mean-- >> Right. >> GDRP is a big piece of that. We did investments in that space, around CASB, it's called. And, we invested in a company called Prelert. It had great traction, but then it just kind of topped out. So, it's going to be investable space and there's going to be a lot of money dumped in there because it's, you know, the Lemming effect. All VCs are going to follow that. >> Right. >> We'll see what happens. >> And then on the cloud, you know, with the growth of public cloud with Amazon and Azure and Google Cloud Platform, and they've got significant resources that they're investing into the security of their clouds and their infrastructure. And, yet, we still hear things happen all the time where there's some breach because somebody forgot to turn a switch from green to blue, or whatever. How did the startups, you know, kind of find their path within these huge public cloud spaces to find a vector that they can concentrate on, that's not already covered by some of these massive investments that the big public cloud people are making? >> Yeah, I think some of the, you know you point something out, I mean we got to think about cloud, you think about the public cloud, you think of private cloud and hybrid model and so on. I think that's really where things are going to to be for a while. The big guys, the big companies, enterprises are not putting a lot of their crown jewels out in the public clouds, yet. And, so the private clouds are equally important to them. And, so they have to be secured. And, the public cloud, you know, there's definitely they have some good security, but they quietly are implementing security from innovative companies also. They're not as public about it because they want to have they're already secure, so don't worry about me, but there's a lot of opportunity there. >> Okay, and then when CIOs are talking about security and thinking about security, ultimately they cannot be 100 percent secure, right, it's just you cannot be. >> It's called job security. >> Yeah, job security for us, right. But, I was thinking of this kind of as an insurance model. At some point, you get kind of the law of diminishing returns and you got to start making business trade-offs for the investment. How are these people thinking about this, at the same time, seeing their competitors and neighbors showing up on the cover of the Wall Street Journal breach after breach after breach? What's the right balance? How should they be thinking about managing risk, and thinking of a risk problem as opposed to kind of a castle problem? >> Yeah, and that's the biggest problem with CIOs and CSOs right now. It's all about what's good enough. Where do I reach that threshold? And, so there is definitely buyer fatigue. And, I think it's a matter, there are companies out there that look at the risk profile and are actually giving ratings of, what is your environment look like. We just invested in a spin out from, we helped spin out a company called CyberCube out of Symantec, and it's insurance. And, they're looking at, from a cyber insurance perspective, of what's your risk profile within your organization and selling and that data from Symantec as well as the data they have and going back to the insurance, the under buyer and saying, hey, we can show you the risk profile of this company and you can properly price your cyber insurance now. We all know how large the cyber insurance market is, so there's a lot of opportunities in that space to really look at the risk factors. >> Alright, well before I let you go, to go visit all the 117 startups, which will be looking for your cheque, I'm sure. >> Human ATM. >> What is one or two things that you think about in some of the more progressive startups that you talk about that still hasn't kind of hit the public eye yet. That they should be thinking about, or that we're going to be talking about in a couple years that's still kind of below the radar? >> Yeah, you know, if I told you then everyone else would be-- >> That's true. >> So, I have to be a little careful. You know, I think the interesting thing is, you know, a bit of a contrarian view. Is, if you think about consumer space, people don't really want to invest. Investors don't want to put money in the consumer, but you think about Symantec again, LifeLock. Identity protection, 2.3 billion dollars Symantec paid to get LifeLock. That's a lot of money. But, if you think about five years ago, how many consumers would pull out their Visa card to buy security. So, we think that there's really a potential opportunity on the consumer side. Now, AV is pretty well scorched earth. A lot of places, a lot of these endpoint things are scorched earth, but consumer might be an interesting place to be able to take these enterprise applications and, what I call, the consumerization of security, and take some of those interesting application and solutions and bring them down to the consumer in a bundle type of environment. >> Yeah, well certainly with all the stuff going on with Facebook now, people's kind of reawakening at the consumer level of what's really happening would certainly be fuel for that fire. >> We have an investment in a company called IDEXPERTS, which does breach remediation and our goal right now is we're continuing to add products from that space to be able to give the consumers a very robust offering. >> Alright, Sean, well thanks for taking a few minutes out of your day from prospecting. >> Yeah, pleasure. >> Over on the floor, he's Sean Cunningham, I'm Jeff Frick. You're watching theCUBE from RSA North America 2018 in downtown San Francisco. Thanks for watching, I'll see you next time. (upbeat music)

>> Announcer: From downtown San Francisco, it's The Cube, covering RSA North America 2018. >> Welcome back, Jeff Frick with The Cube. We're at RSAC, the RSA Conference North American in San Francisco, 2018. 40,000 people, it's an amazingly huge and growing conference, 'cause security is obviously at the forefront of everything, especially as everything moves to devices and services and cloud, we can't forget security and we're excited to have somebody who's kind of got to a third-party validation kind of point of view on the marketplace to get their perspective. It's Jason Brvenik and he is the Chief Technology Officer for NSS Labs. So, Jason, great to meet you. >> Great to meet you. >> So for people that aren't familiar with NSS Labs, give us kind of the overview of what you guys are all about. >> We work with enterprises to understand their needs in security, and then, build and create test environments that create real-world conditions to assess whether or not a product is a good fit. We create comparable environments, so that we can understand fundamentally whether or not the products are delivering on their claims. >> Right, and recently you've done some work around the data center intrusion prevention systems group test. >> Mm-hmm. >> It's a mouthful. What is that all about? >> Well, that's all about the recognition that data centers are the keys to access for most organizations and appropriately protecting them is not as easy as deploying a firewall. You need to have much greater inspections on the interactions with systems, whether or not security's being provided within the application layers, being properly secured, and so, latency and performance and effectiveness against attacks are all measured and then presented in a set of group test reports. >> Right. So, must be getting increasingly complex, 'cause there's all these different components now that build up a solution. Right? It's not just one set of applications, that you're pulling maybe public data sources, you've got a bring-your-own-devices, you've got this huge string of things that are all pulled together. How do you incorporate that into your testing? How do you figure out how these things work together? 'cause ultimately, that increases your attack surface area, vulnerabilities, I would imagine. >> Certainly, and we create an environment, an architecture that we propose, that based on our interactions with the enterprises, it's fairly representative of what an enterprise would have, and then we create or simulate the types of interactions you would have with the different systems, generate attacks against them, and measure whether or not the products are able to sustain a concerted attack from an adversary. All the way into creating evasive techniques, so that an attack that is known to be blocked by a technology, we would apply different techniques to make it evasive and see if we can evade the security controls and to measure those. >> So how accurate are people, not to call anybody up, but how accurate are people in assessing the effectiveness of their own products and solutions? >> That's an interesting mixed bag. >> I'm sure it must run the gamut, right? >> It does, it does. >> Well, we don't want to call out any, beat anybody up, but I would imagine there are some that are just, Are they just looking at the wrong thing? Or how do you sort that all out? >> It's interesting to see the different perspectives that exist in the security space. Everything from just make the pain stop, where they want to do simple signature blocking to, we really want to understand what's happening and dig deep into the protocols and interactions and understand what's an appropriate interaction beyond whether or not there's an attack there. The fundamental premise we have in our space is there's an absolute shortage of talent in the security space that understands that just because the standard says something should be, doesn't mean that an attacker has to adhere to it. And so there's a ton of breaks in that. >> Dang. And what are some of the things that people just miss as the attack surfaces change? And I just think of the fully automated systems like we've seen in ad tech and advanced financial trading systems that are now moving more and more into an increasing group of applications that are going to be IoT-enabled, they're all going to be connected with 5G moving very quickly, so the potential for problems becomes pretty significant if there's a bad actor that gets inserted into that process. >> Certainly and it's interesting that the attackers seem to have automation down pretty well. They can get in and move laterally pretty quickly. >> Right. >> And ferreting out attacker behavior from just bad user behavior can be very difficult. The presumptions that a lot of technologies because the standard says something should be, it will be, create these situations where people aren't effectively looking for the ambiguities and standards, and those are abused all the time. When you look at embedded devices, they get deployed and they stay for 10 years. >> Jeff: Right. >> That's 10 years of technical data that's just deployed and waiting to be exercised and exploited, and having a good general hygiene on an operational environments to understand where these rifts are is probably the biggest gap in the Enterprise world. On the security side, the reliance on standards and the reliance on assumptions of what should be tend to continue, come back, and bite vendors, all right? >> It's funny. So you say just general hygiene and we talked about that in one of the prior interviews where often we'll hear, say, there's a Amazon breach or something and you get to the second paragraph and it's because somebody forgot to set a configuration in the right way, so it's not necessarily the technology or the infrastructure or the safeguards that are put up, it's just somebody forgot to turn the switch on. >> It is. >> So, why these things, general hygiene is still such a problem, is it just because it's so complex, things are moving so fast, people are just too busy? Is it a symptom of dev ops? >> We're human, we're human. >> There we go. >> There's a 1000 things demanding our attention all the time, and without solid processes and procedures, it's easy to miss something. And it's easy in the moment when you've got a big project that needs to launch to say that can wait until next week and then the next big project comes along and next week is here and it waits until the week after. Next thing you know, it's forgotten and you've got an old piece of architecture, infrastructure or security out there that just isn't being maintained anymore. >> Right. >> It's one of the reasons we created an environment that strives to do what we call continuous security validation. So even if you had the best security technologies in the world, it's indistinguishable from no security at all until a breach occurs, right? And so, continuous security validation allows us to look at live attacks that you're usually going to face, measure whether or not your security is deployed, is delivering all protections against them, and highlights there's a gap, simply because you're human. The best technology in the world isn't going to work if you're not managing it well. >> Right. So, are you creating kind of like a digital twin of the key components of my environment back in your lab? Or are you putting things in my system so that you can do this kind of continual monitoring? >> We create, effectively, a virtual remote office and then deploy your security controls and then we attack that remote office for you. And measure whether or not your security controls are being effective and whether or not your people with those controls are able to respond effectively. >> So what's been the impact of public cloud? Of the rise of public cloud? Both obviously, for those applications that are sitting in the public cloud from the Enterprise perspective, but now it's creating this kind of hybrid situation where they've still got stuff in the data center, they've got stuff in the public cloud, there's probably some stuff that's migrating in between, maybe it's tested to have in the public cloud and it gets deployed internally, or maybe they're trying to do a lift-and-shift out of the data center, so how has the rise of public cloud and with the hybrid cloud and multi-cloud environments impacted your guys' world? >> Oh, the biggest shift there, I think, is in the proliferation of what otherwise would have been well-controlled development environments into production environments. It's so easy to move what evolved in developing a technology into a production world without going in and paying attention whether or not all of the right elements are in play. So it used to be you developed it, then you moved it into QA and then from QA, it got moved into production. Now you go right from Dev to Production and QA kind of happens in the background. >> Right, right. And we talked in an earlier conversation, too, which is before then this security would be layered on after the test dev, once it was moving in production. Well, let's slap some security on it, but now it's got to be incorporated in from day one, so another huge opportunity, I guess, to miss that, as you roll that into production. >> It seems like nobody ever thinks about security first. It just isn't the function. No developer ever wakes up in the morning and thinks, I need to do security and then develop features. Their life is all around delivering the value that the customers are looking for and security prevents them creating the feature velocity they want to deliver. There's always a push-and-pull there to get the right balance and it's easy when you're not under sustained attack to believe that security isn't important. >> So how do people adjust kind of their thinking around security? Or is it just below the surface, or it's presumed? How does it become more of an ongoing part of the conversation and a feature that's always baked in during the development versus kind of an afterthought or, oh my gosh, my neighbor just got hacked or there's a big story in the Wall Street Journal? >> I think what we're seeing now in the evolution of software and development is the supply chain involved. It used to be you created systems from scratch and you built it from scratch and you had the opportunity to layer security in as you were going. You would find a weakness, you would design around it, you would overcome it. Now it's more of an assemblage of components to produce an outcome, and the security wasn't built in when the component was built, you've pretty much lost that opportunity and it's hard to go retrofit that. I think we're going to soon see the next phase where these components are start building security assumptions in up front, but it's going to be a long time, much like IoT where things are deployed forever, where we start seeing that supply chain evolve on its own and you can assemble secure software from the start. >> Yeah, it's amazing that's it's still kind of an afterthought when these things are in the newspaper every day and it's almost an assumption maybe we're getting a little numb to the thing that you're going to be breached and you're going to have an issue and how do you react to it? How quickly can you find it? How do you limit the damage? Because it seems like everybody's getting breached every day. >> Especially, when you consider we have decades of technical data. There are companies that still run their businesses on mainframes that haven't been produced in 20 years. >> I didn't even think of that part of it. All right, last question before I let you go, Jason. Big, big week this week at RSA. What are you looking forward to? >> Ah, I'm looking forward to really the evolution of advanced end point technologies, the delivery of visibility to the enterprise, that can do new response actions based on new knowledge. I'm looking forward to the growth of automation. Automation as it relates to security elements, so we can reduce the human element. >> Jeff: Right. >> And the mistakes that are made. >> Yeah, 'cause we certainly need it, 'cause it is easy to make mistakes when you've got a 1000 little tasks, right? >> It is. >> All right, Jason. Well, thank you for taking a few minutes of your day and stopping by. >> Thanks for having me. >> All right. He's Jason, I'm Jeff. You're watching The Cube. We're at RSAC 2018 North America in San Francisco. Thanks for watching. (exciting music)