>> Live from Las Vegas, it's theCUBE. Covering AWS re:Invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. >> Hello Rod, we are here live in Las Vegas where Amazon Web Services' AWS re:Invent 2018. It's our sixth year covering re:Invent. We've been there from the beginning, as a customer using EC2 when it first launched in 2006, one of my first start-ups. What a scene it is here. Everyone in the industry is here full on, it's a Super Bowl of technology, Amazon is leading in the cloud game, and we're breaking it down for you in theCUBE. Our next guest is Holland Barry, Senior Vice President in Cybersecurity for Cyxtera, a hot company. Welcome to theCube, thanks for joining me. >> Thanks for having me. >> So, it's great to have a senior people, start-ups, technical people on theCube. Kind of extracting, kind of squint through the volume of data that's being announced here at the show. Huge set of announcements already out the door. More coming. I'm expecting to hear a big connectivity announcement at 11:30 involving satellite and remote coverage for IoT devices, VM containers, micro VMs, all this massive amount of tech. Putting it into reality is critical. This is what customers want to do, they want to lower their costs, they want more performance, lower cost, more capability. Ushering in a true programing model for DevOps. How do you guys fit here? What's your story? Why are you here? What's the value proposition? >> So we're really focused, especially at this show around the DevOps community, and enabling agility for those folks. Ten years ago, the word DevOps and the term DevOps came to life, and there was this tug-o-war going on between the development teams and the operations team. Where development team wanting to move fast, and have all the agility. And the operations team wanted to have stability, and then all these things. They came together in a matrimony, and 10 years later we're highly automated, everything looks great from a DevOpps perspective, but what we're seeing now is security, being a bit of a speed bump. They're having a hard time catching up with that. That's our focus on the show is unleashing the DevOps folks >> and letting security move at the speed of DevOps. >> Lets drill down on security. Obvious cyber security is a global issue. It's also a national security issue in the United States, but other countries too. It's a global policy thing. There's tech involved, right? Cyber warfare all those, we hear about the news. But for a basic enterprise, the perimeter's no longer there with cloud. You got to think differently around how you're going to secure things. Amazon is now seeing security, not a blocker. Used to be no cloud implementation, it's not secure at all. Now you're hearing people saying, it's actually pretty secure, but there's more things going on keep raising the bar on capabilities that are needed. Could you share your expert opinion on, state of security of the cloud. What are the key areas? Where are they kind of leveled out? What's the baseline now? How acceptable is that? And what are the gaps, what are people working on? >> I think we're seeing a lot more security components, move into that infrastructure as code conversations. Amazon is fantastic about launching stacks, via cloud formation template, or maybe using TerraForm And now we're seeing the need for security components to move into that as an extension, of that infrastructure type deployment. That's another are of deep focus for us. >> Is there a tech trend that's a tail win for this? Is there anything helping? Or is there more headwins then tailwins? What's the big focus? >> I think one of the big trends we're seeing, and we're getting a lot of analyst conformations on this trend too is, the whole thing around software to find perimeters. So a new approach to describing access, for the users, kind of getting away from the VPN model, where you have a central concentration entry point. And then having the traverse complicated, to maintain back haul lines right? We're seeing software define perimeter, allow users and DevOps professionals access multiple environments simultaneously, without the need of these more archaic architectures if you will. >> Now the way it works braided to VP is absolutely great. Very secure malware transmission to the inpoint. >> Absolutely, I mean you think about the old style of connectivity, and you've got a user, that has nearly unfettered access wants that VPN connection isn't created. They have way more access, they have way more ability to spread malware laterally, with a VPN connection. Software to find perimeter, greatly reduces that attack surface, by giving those users only access to those items, within the perpend infrastructure, that they're vetted to have access to, and nothing more. >> So hold on, I got to ask you a question around cloud architects, the hottest area that we're seeing from an educational, learning, progressionary, knowledge seeking area, what is a cloud architect? And what are the things that make up, how would you describe and ideal cloud architecture? So I'm enterprise, I realize I've got to straighten my data center down, I'm using the cloud, lot of great things about the cloud, lot of great things about having something around perimeters of low latency. Now we've got IOT Edge, I'm going to want to power that with power, and then have connectivity now, that's over the top. How do I architect this? 'Cause data is going to live there, human computes can move around from Amazon, that's the direction that they're going. How do I lay it all out? What's your view on Cloud architect these days, and how they should be thinking? >> Well the Cloud architect role I think has evolved a lot, So start off with right? It's no longer just being an infrastructure person, you've got to be sort of an expert on security, some of an expert on networking, and a lot of storage all these other components. I think it's different, the organization, I think there's a series of best practices. I think AWS does a fantastic job of delivering templatized best practices to folks who are looking to adopt a cloud architecture. I think that's a great guide post to go by. Is the recommendations. >> How about staffing? What are you seeing in the makeup of the kind of, you know, I don't want to sound....Ninja or pirate, or whatever metaphor you want to use. You see kind of a new bread of, DevOps engineering, >> Absolutely. >> Mixed with app developer emerging. >> Yeah I think you got it, I think that matrimony that happened between the develop and the operations team has continued to evolve, and we're seeing this new kind of combined specialty. Where you've got great programming chopped, You're a python or JavaScript ninja, and you also know a lot more about the infrastructure than traditionally, your development role would of necessitated in the past. >> What are the top security conversations are you having in a DevOps environment, because there's some really great DevOps shops, and DevOps thinking in a lot of companies. And then you've got the people who're now learning DevOps they're kind of getting cloud native. They see Kubernetes around the corner. They see.. they put containers around things. I could keep my work loads on premises. Okay I got some cloud. What is some of the thinking around that? What's your view on all this? >> So I think access is a big piece, I think, you know developers needing to get to heterogeneous set of hybrid environments. They might have some legacy, or new stuff on prem. They might have a couple of clouds they're working with, how do you have a single unified policy contract that talks about how it's users can interact with it. And we're also hearing a lot about DevSecOps to moving that detection of vulnerabilities, and code imperfections earlier on in that development cycle. And we're enabling a big compliment to that, we're not DevSecOps ourselves, but we're involved in that conversation from an access perspective. >> Can't you explain what you guys do I want to get that out there because board. What do you guys actually do? How do you make money? What's your business model? What's the product? >> Yeah, so Cyxtera is a cyber security company, that also happens to have a colocation data center footprint in 29 markets. We've got 50+ data centers. We're here focused on, once of our access products called Appgte STP Appgate is a secure access solution, that was really built with developers in mind, that allows that simultaneous secure access, to a multitude of environments. So if you're a native U.S customer, and you've got 20 or 30 accounts, we can seamlessly allow that connectivity with a very robust policy structure, to allow all those developers, those users, to interact with those environments, without having to do that VPN switching that we discussed earlier. A real real clean in sophisticated way to connect your users into your internal and sensitive infrastructure. >> And what're the...who's the buyer of the product? And why are they using you guys? >> It's typically going to be the security team, sometime we'll have the networking in the cloud, infrastructure teams involved in the conversations, but this is a security product. This is secured access product. And this is really a evolution, of what people are using for the VPN, and jumpboxes and things like that for these days. >> How dead is the VP if you had to put it on a scale? One being on life support, 10 being still state of the art. I mean VP is still around, people are using VPNs a lot. >> Totally. >> There's a role for VPNs. Is it a rip and replace? Or is it more of a functional, some spots VPNs are great, some spots they're not. What's the role of VPN? >> We're seeing them, and I think Gartner has a statistic, that 60% of VPNs will be dead by 2021, or something like that. We're seeing that evolution occur. Looking simple environment, A VPN might be a really appropriate approach. But when you have cloud workloads everywhere, you got on premise data, you've got your users everywhere. It simply can't keep up. That's really the problem space part of it. >> Where's the action for security in terms of good developing trends? Is it at the network layer? Is it the virtualization layer? The identity layer? Where are you seeing, security really advancing and excelling with cloud? What specifically, where's the action happening? >> I think it's at all airs. I mean, we've seen the identity access management, identity provider market explode. We're seeing great new technologies around, container security, virtual machine security. I can't pick any one category, I just wouldn't. I would argue though, that this access category in the software to find perimeter trend, is something. We're tuned into it obviously, maybe a little more than most. But we are seeing a huge uptake. >> Well what's the alternative? I mean most IT guys, obviously they're scared. I mean they're not... They're kind of running scared. They've been doing perimeter based security for years. Firewalls, routers, all classic all lock down. Now in comes API economy, and now they're like, "Okay." I got to figure out, buy them everything in the planet to figure it out. What are they doing now? What's state of the art for people who are moving off the perimeter completely? >> I think the adoption of, more cloud native controls. A lot folks right now, are very familiar with traditional firewall vendor, and they'll tend to take that, and implement a software version of that hardware box up in the cloud. And we're not arguing that, you need to get away from something, like a next generation firewall. This traffic exception is does a lot of things, that our solution specifically doesn't do on a lot of the SDP soluntions don't. Taking that layer approach, and seeking out the solutions that are, that are cloud native. Forcing an uptech on that, and it's really changing the way people think about the architecture in their environments too. We're familiar with one thing from OnFarm We try to shoehorn that, that methodology in the cloud >> So single sign on is critical >> SSO is critical, we're seeing a huge check up on that. Absolutely. >> How do I handle the sprawl of new environments, with IOT Edgefor instance, you'll see a lot more things connect in. How do you do that? Is it manual, was there any animation or machine learning? How are you guys bringing that to scale? Because that's a big challenge we hear a lot. >> Absolutely. One of the things we're doing, at Cyxtera, is allowing you to templatize what secured access should look like for these new environments. So just like you're deploying that infrastructure as code, we're just a secured access piece of that. All the connectivity has already been described, by the security team. So back to the comment about DevOps Where operations team needing to move fast. Thinking that would deploy a brand new environment, with that access me and you >> So you're splitting up the auto building, you're standing it up quickly. >> Yeah >> All built in a preconfigured policy just goes out. >> Absolutely. Data dog, one of our reg AWS customers a great example of someone who is highly automated everything. They don't even touch our UI They use APIs for everything. They've codeified all the elements of our platform, and so when they spin up a new environment, you know they'll actually check out, a configuration from their, whatever, get hub get lab they're using. And inject that into the spin up of the new environment. Super sophisticated, high level of automation. Really at the end of the day, what's it helping them do? Why are we doing any of this? Why are we doing DevOps? We can move faster to the live product and services, quicker to our customers. >> So you guys are basically DevOps version of security, you're instrumenting everything DevO.. Data Ghost is a great example. They're instrumenting every, all the application areas. You guys are taking the sim.... Devops approach to security. Is that your approach? >> DevOps approach to security and user access, yeah, very much so. >> And what's the big conversation you're having here, at reInvent? Obviously a lot going on, what's most exciting for you here? Every event. >> I think it's everything that we just talked about, we're hearing people finally get ready for this, message you know, we're practitioners and users of this platform ourselves, and the SDP speck. I use it everyday. I flip up my laptop in the morning, I get instantly connected from anywhere to seven and 10, what we call sites right? We're familiar with the power, we're leveraging the power internally. Now seeing other people come over, what people like Data Dog and Voicebase or tour AWS clients, seeing what they've done, seeing their story, and having them say, "Hey how did they do that, we want to do that too." >> And how 'about a global scale, you guys are agnostic on geography, so they play into it. >> Completely neutral to the underlying infrastructure, the geography our solution acts the same. It doesn't matter public, private, cloud, bare metal, it's a unified policy framework that allows you to, to whatever level of granularity you want. Just grab access from the user, even including, ingredient from a third party system. For instance, I may have a developer that's assigned to a task, or a story, or an epic. Inside a Jira project for instance. Popular development tool. I can dictate, his or her access, to the infrastructure. And the projects are working on, based on an API called the Jira saying, "Okay this person has access to these things." Now I have a conditional response to, should someone have access to this resource. It's well, it depends, are they working on this project? Are they in the office? Is there a machine patched? Who are they and the identity provider? All these things should feed in to.. >> And they're automated too. They're automating in? >> This is all completely automated, and all these checks that I just described, are actually done our system, preauthentication. So you're vetted first, and then you're handed an access passport, we call Live Entitlement. And that gets you to the infrastructure, and only the infrastructure and applications you're vetted to do. Based on that evaluation that happened preautentication >> How agile are you guys when new things have to change? There's a security threat, or something on the landscape or surface area changes. How do you guys respond to it from aj Jilly standpoint? >> Yeah so, our system can take hints VN and API as well, so if you have a, you know, a threat system or something giving you signals that something might be going on. You could come into our system for instance, and revoke everyone's accces, you could prompt someone, maybe for a step up authentication, to make the reprove who they are, they got a one time password. So lot of options. We want to take hints from third party systems, we're designed that way. We can adjust, network access and program the network, based on other things that are happening. >> Final question before we wrap up here. Let get a plug in for the company. How old is the company? How many people... So how about some of your customers? Give the plug for Cyxtera. >> 1500 employees, I think I mentioned, 50+ data centers across 29 markets, hundred and hundreds of customers on the security access product that I talk about. You know, many thousands of customers in our data center. >> So business is good? >> Business is good. Yeah. In terms of like focus areas for next year, we're all in on DevOps, we're investing heavily in this area. Expect to hear more about a richer API set. More prebundled integrations, and also a bigger focus on containers. >> Well I think you guys are a great example of, success with using cloud. Lot more work to do. >> Yep. >> I mean you've got, Global, you've got all kinds of new landscapes changes. Final question, What's the one problem you saw, summarize it in a sound bite, why do people buy Cyxtera? Why do they use you? >> For network platform access for your user with a single security contract. I can't stress that. It's a huge competitive differentiation, versus some of the web application proxys that are out there. I invite everyone to dig into the details about what we provide. You can go to appgateforaws.com if you want to test dive the product. Get a feel for the admin UI, the client setup all that stuff. It's really simple and I give ya real good taste. And please come by the booth and see a demo as well. >> Tell th em Johnathan, you get a 10% discount. Only kidding. Hey, thanks for sharing your insight on theCUBE. >> Thank you very much. >> We're here at reInvent, lot of action happening. Obviously a crowd of great people. Lot of great networking, but more importantly than industry continues to power forward, with cloud, on premise, in the world. It's cute bringing all the action her in Las Vegas. We'll be back with more after this short break.

>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in San Francisco 40,000 plus people talking about security, gets bigger and bigger every year. Soon it's going to eclipse Oracle Open World and Sales Force to be the biggest conference in all of San Francisco. But we've got somebody who's been coming here he said for 16 years, Ricardo Villidiego, the EDP and GM Security and Fraud for Cyxtera. Did I get that right, Cyxtera? >> Cyxtera. >> Jeff: Cyxtera Technologies, great to see you. >> Thank you Jeff, it's glad to be here. >> So you said you've been coming here for 16 years. How has it changed? >> Yeah, that's exactly right. You know it's becoming bigger, and bigger, and bigger I believe this is a representation of the size of the prowling out there. >> But are we getting better at it, or is it just the tax service is getting better? Why are there so many, why is it getting bigger and bigger? Are we going to get this thing solved or? >> I think it is that combination within we have the unique solution that is going to help significantly organizations to get better in the security landscape I think the issue that we have is there's just so many now use in general and I think that now is a representation of the disconnection that exists between the way technologies are deploying security and the way technologies are consuming IT. I think IT is completely, has a evolved significantly and is completely hybrid today and organizations are continuing to deploy security in a way like if we were in the 90s. >> Right. >> And that's the biggest connection that exists between the attacks and the protection. >> But in the 90s we still like, or you can correct me, and we can actually build some big brick walls and a moat and a couple crocodiles and we can keep the bad guys out. That's not the way anymore. >> It is not a way. And look, I believe we're up there every protection creates a reaction on the adversary. And that is absolutely true in security and it is absolutely true in the fraud landscape. Every protection measure will push the adversary to innovate and that innovation is what, for good and for bad, has created this big market which we can't complain. >> Right, right. So for folks that aren't familiar with Cyxtera give them the quick update on what you guys are all about. >> So see, I think Cyxtera is here to conquer the cyber security space. I think what we did is we put together technologies from the companies that we acquire. >> Right. >> With a combination of the call center facilities that we also acquired from Centurylink to build this vision of the secure infrastructure company and what we're launching here at the RSA conference 2018 is AppGate 4.0 which is the flagship offering around secure access. Secure access is that anchor up on which organizations can deploy a secure way to enable their workforce and their party relationships to get access the critical assets within the network in a secure way. >> Okay, and you said 4.0 so that implies that there was a three and a two and probably a one. >> Actually you're right. >> So what are some of the new things in 4.0? >> Well, it's great it gives it an evolution of the current platform we lounge what we call life entitlements which is an innovative concept upon which we can dynamically adjust the permitter of an an end point. And the user that is behind that end point. I think, you know, a permitter that's today doesn't exist as they were in the 90s. >> Right, right. >> That concept of a unique permitter that is protected by the firewall that is implemented by Enact Technology doesn't exist anymore. >> Right. >> Today is about agility, today is about mobility, today is about enabling the end user to securely access their... >> Their applications, >> The inevitable actions, >> They may need, right. >> And what AppGate does is exactly that. Is to identify what the security processor of the end point and the user behind the end point and deploy a security of one that's unique to the specific conditions of an end point and the user behind that end point when they're trying to access critical assets within the network. >> Okay, so if I heard you right, so instead of just a traditional wall it's a combination of identity, >> Ricardo: It's identity. >> The end point how their access is, and then the context within the application. >> That's exactly right. >> Oh, awesome so that's very significant change than probably when you started out years ago. >> Absolutely, and look Jeff, I think you know to some extent the way enterprises are deploying security is delusional. And I say that because there is a reality and it looks like we're ignoring ignoring the reality but the reality is the way organizations are consuming IT is totally different than what it was in the 90s and the early 2000s. >> Right. >> The way organizations are deploying security today doesn't match with the way they're consuming IT today. That's where AppGate SDP can breach that gap and enable organizations to deploy security strategies that match with the reality of IT obstacles today. >> Right. If they don't get it, they better get it quick 'cause else not, you know we see them in the Wall Street Journal tomorrow morning and that's not a happy place to be. >> Absolutely not, absolute not and we're trying to help them to stay aware of that. >> Right. Alright, Ricardo we'll have to leave it there we're crammed for time but thanks for taking a few minutes out of your day. >> Alright Jeff, thank you very much I love to be here. >> Alright. He's Ricardo I'm Jeff you're watching theCUBE from RSAC 2018 San Francisco. (upbeat music)

>> Narrator: Live from Las Vegas, it's theCUBE covering AWS re:Invent 2017 presented by AWS, Intel, and our ecosystem of partners. >> Welcome back to AWS re:Invent 2017. I am Lisa Martin with theCUBE, our day two of continuing coverage of this event that has attracted 44,000 people. Keith Townsend is my cohost, and we are very excited to welcome to theCUBE family Simon West, the CMO of Cyxtera. Welcome, Simon. >> Thank you, great to be here. >> Cyxtera, a six-month-old company. Tell us about it, what do you guys do? >> Sure, so as you said we are just six months old. It feels longer than that now, born at the intersection of five simultaneous acquisitions. One part of that was the acquisition of 57 data centers and a global co-location business that was formerly owned and operated by Century Link. Into that we've added the security and analytics capabilities of four modern startup software companies, and the vision is to provide a secure infrastructure solution both within our data centers, but interestingly even though I've got 57 data centers around the world, I want to be location agnostic. We recognize that today's enterprises are running multi-clouds, running hybrid environments, so we extend our security solutions on prem and into public clouds which is why we are here at AWS re:Invent. >> Fantastic. >> One of the big challenges that we hear from the enterprise perspective, hybrid IT is that the control that we have internally are very different from the controls that exist in AWS. How do you guys help even that out? >> You are exactly right, we would go so far as to gently suggest that the core method by which we protect access to infrastructure and applications which is still predicated on a physical perimeter is just fundamentally flawed in a 2017 world where your applications are everywhere, your users are everywhere connecting on a myriad of devices. You can't build a wall around that which doesn't exist. You have also obviously, as you say, you've got that problem of hydrogenous platforms, each with their own method of control. Our flagship product in that area is a product called AppGate SDP. SDP stands for software defined perimeter which is an emerging specification born out of the US government's disarm. Now a number of companies are offering software defined perimeter solutions. The basic premise that we hold is that security should be user centric rather than IP centric. A firewall is still predicated on granting access from one IP block to another IP block. The VPN may capture who is coming in, but once you are in, we give you basically unfettered access to flat corporate internal networks and we track you as an IP address rather than as a user. We think we should get more user centric. The user should be at the center of our policy. We think it should be more like cloud in the way we run security so rather than these hardware-based static central chokepoints, we think security should be real-time, it should be adaptive and intelligent, and it should be as agile as the cloud. You build cloud applications that are capable of spawning multiple copies of themselves, auto scaling up and down, moving from availability zone to availability zone yet our typical network security posture is still highly static. When you have some of the high profile attacks that we have seen over the last few months, our ability to change policy, immediately we recognize a problem. A particular operating system, apps in a particular service pack, is incredibly out of step with how agile the rest of our IT is. So more like cloud in terms of the way it operates, and finally we think, and so does the software defined perimeter spec, we think that access needs to be thought of as conditional rather than just a X, Y, yes or no. Jim has access to sensitive financial systems should be dependent on what operating system Jim is using whether Jim is on a coffee shop Wi-Fi network or on a structured corporate network, the time of day, the day of week, our overall security posture. The way AppGate works is when a user tries to access a system, the policy can ingest any one of these different conditional items. It can interrogate the device the user is using for the right software revisions. You can look at environmental variables. It can even look at internal business systems and check anything it can get to via an API, and only if those conditions are met will it provide access to a specific system, and then it can monitor that real time, so if your context changes, you move from a trusted network to an untested network, we can alter access. We can prime for a one time multifactor authentication or take any other steps the user wants. We offer that in cloud, on premise, integrated into our data centers to provide one central policy mechanism no matter what platform you are running on. In the case of AWS, we integrate with features like security groups, like AMI machine tagging, so you can build policy natively out of those Amazon features as well. >> Talk about that transition to this user based approach. I would imagine that a user can migrate their legacy systems into one of your 56, 57 data centers, and then as they start to expand out to the cloud, they have to change their operating model from they may migrate their traditional big firewall into your data center. What does that migration process look like? Is that an application by application spec, network by network? How do I transition? >> You know, it really varies. It feels a lot like I'm an old cloud guy, so it feels a lot like cloud did in the late 00s, in 2008, 2009. We think the software defined perimeter is going to have that big of an impact, a cloudlike impact on network and application security, but the way in which organizations will choose to implement it is going to vary. One of the things we did very early on was to integrate AppGate as a service into the data centers. If you think about co-location environments, when you bring new gear into a data center, you racket and stack it, the very next thing you do after that is drag a VPN back to the corporate office so you can access it remotely, which we would respectfully suggest is not necessarily the best way to do it in 2017 out of the chute. We've then integrated AppGate so organizations can just avail themselves of that as a service, and instantly have a kind of easy on-ramp. One of the big areas we see, and we've seen with customers here at re:Invent is customers who are moving workloads to cloud, and want to make sure that they can have that same sense of fine-grained access control common to those on premises and off premises environments, whether that's at migration or that's just an extension of an app into cloud environments, so it's kind of all over the place. >> Sorry Simon, what differentiates Cyxtera's approach to the software defined perimeter from your competitors? >> A couple of things, it's extremely robust in terms of one, being able to run in multiple environments, so a native AWS version, versions that run natively in other public cloud environments. Obviously we think the ability to offer it deeply integrated into the data centers is important. It's also capable of granting access to more than just web applications. You've got some solutions out there that are really web proxies and that are built for SAS apps and born on the cloud apps. This is more of a fundamental network platform by which you can gain access to any system or application you choose, and finally was introduced the concept of what we call scriptable entitlements which is the ability to interrogate third-party systems via API, and bring back those results as part of the building policy. An example there is we've got service provider customers who are running large multitenant environments. You then have a technical support organization who needs to support a huge multi thousands of servers environment with multiple customers running in multiple VLANs and typically the way you have to do that is a jam box in the middle and then giving these technical support folks access to that entire backend management network which is a security risk. With AppGate, you can actually integrate into a ticketing system and when John in support asks for access to a customer database server, at runtime, we can find out whether there is a trouble ticket open on that box assigned to that rep, and only then will we grant access. We don't grant level network access. We grant access to that specific application. We call it a segment of one, secure and cryptic connection between the user's device and the application or the applications they have access to but to nothing else. Everything else on the network is literally dark. It cannot be port scanned. It doesn't show up at all, so it's a much narrower sense of control, a much narrower sense of access, and again it's dynamic. If that trouble ticket that shut off, the access goes away automatically. We think the integration into business systems is a critical piece of the puzzle and an area where I think we have innovated with AppGate. >> Let's talk about security in depth. Obviously you guys are putting the software security perimeter around the data center, what we would classify as the data center which is kind of disappearing in a sense, and the edge. You talked about end-user protection. Where do you guys pickup and drop off when it comes to MDM, mobile device management, which is much more important now with mobile, and then laptops, desktops, et cetera, and you mentioned third parties, pieces of data center equipment that's not in your data center, like a wind farm. >> Sure, so you are right. We are absolutely moving to the edge. I think we continue to think that the data center will be as important as it ever was. The more cloud we have, the more data centers it needs to run in. The more public cloud we have the more people want to move some of their machines that might have historically run on prem to cloud data centers with low latency direct connect to public cloud environments. If you look at our data center footprint with regard to the edge, we are not just in the major markets, although in major metropolitan markets I've got half a dozen data centers all linked together, but I'm also in markets started across the country, so I've got half a dozen in New York and New Jersey, half a dozen in DC, half a dozen in the Bay Area, but I'm in Tampa, I'm in Columbus Ohio, I'm in Dallas, I'm in Denver, and so that distribution becomes particularly important as more customers move data to the edge. From a security perspective, again, we think of that data center as the nexus of enterprise at IT and the cloud. The data center is where our conversation about security in terms of access control starts. It's a physical security message of biometrics, and ID checks, and so forth, but there, we think is the missing piece of the puzzle. The principal point of ingress and egress into a data center today is not to the front door, the back door, or the loading dock. It's the massively clustered multicarrier network core, so if you are not providing some level of access control in and out of the network, I'd offer you are not providing a truly secure infrastructure solution. We start there. We are focused mainly at this point with AppGate at controlling the conversation between the user device and the system applications themselves. One of our other acquisitions, a company called Cat Bird has done some innovative work in terms of east/west segmentation in virtual environments, which is notoriously difficult otherwise to see, to stop the spread of how machines can talk to each other in a large virtualized forms as well, and so it's the infrastructure where we principally focus. >> Where are we, or maybe where are you guys in this revolution of information security? Are we at the forefront of massive change? What is Cyxtera's view on that? >> I think we are at the beginnings of a revolution that's about 20 years late. If you can kind of carbon date year zero of modern IT at around 1996, which is the advent of the Internet as a commercial and consumer force, that was the revolution for enterprise IT. That was the moment that we had to move IT outside the four walls of the machine room on the corporate campus. Prior to that, the applications all ran on big beige boxes in one room. The users were largely tethered to them by smaller beige boxes in other rooms, and the notion of perimeter security worked. It was a valid construct. As soon as enterprises had to start thinking about an increasingly global user base, as soon as users started to connect from all over the place, the concept of this perimeter goes away. Over the last 20 years, you've seen revolution after revolution and the way in which we design, provision, deploy, manage and operate our business applications, our development frameworks, and our infrastructure. We've revolutionized for availability. We've revolutionized agility. We've turned IT into a real-time API driven motion, and we've revolutionized for scalability with platforms like AWS just industrializing this real time IT on a global scale, and if you took a systems administrator from '96, and you showed them IT today, I think you have some explaining to do. If you took a security administrator from 1996 and showed him 2017, I think the construct would be familiar. We are still hardware driven in a software defined world. We are still assuming that access is static, that it's never changing, that it's predicated on the users being someplace, the applications being another, and again, in a world of real time IT, a world in which our underlying application footprint changes without any human intervention whatsoever, and I think you see with WannaCry, with NotPetya, with all of these attacks, the commonalities that they have in the terms of the reason they were so devastating is one, they take advantage of lateral spread. They take advantage of riding an authorized access into a corporate network where port scans show up 10,000s of ports where you can rattle the handles, break the locks, and spread like wildfire, and two, in the case of something like WannaCry, days after we realized what the problem was, we were unable to simply alter as an institution, as an industry, or as an enterprise access policy at the press of a button until we could get things patched. We had to sit, and wait, and watch the fires continue to burn, so it's a question of security being insufficiently agile, insufficiently automated and adaptive, and insufficiently software driven. We think that is just starting. I think on the SDP side, we've noticed in the last six months the conversation changing. We've noticed customers who now have SDP mandates internally who are seriously starting to evaluate these technologies. >> Wow, it sounds like Cyxtera is at the beginning of being potentially a great leader in this security revolution. We wish you, Simon, and the entire company the best of luck. We thank you so much for joining us on theCUBE, and we look forward to hearing great things from you guys down the road. >> Much appreciated, thank you both. >> Absolutely, for my cohost, Keith Townsend, I'm Lisa Martin. You are watching theCUBE's continuous coverage of AWS re:Invent 2017. Stick around guys, we will be right back.