>>Good day. And thanks for joining us as we continue our series here on the Coupa, the AWS startup showcase featuring today, big ID and what this is, will Murphy was the vice president of business development and alliances at big idea. Well, good day to you. How are you going today? Thanks John. I'm doing well. I'm glad to be here. That's great. And acute belong to, I might add, so it's nice to have you back. Um, let's first off, let's share the big ID story. Uh, you've been around for just a handful of years accolades coming from every which direction. So obviously, uh, what you're doing, you're doing very well, but for our viewers who might not be too familiar with big ID, just give us a 30,000 foot level of your core competence. Yeah, absolutely. So actually we just had our five-year anniversary for big ID, uh, which we're quite excited about. >>Um, and that five-year comes with some pretty big red marks. We've raised over $200 million for a unicorn now. Um, but where that comes to and how that came about was that, um, we're dealing with, um, longstanding problems with modern data landscape security governance, privacy initiatives, um, and starting in 2016 with the, uh, authorship of GDPR, the European privacy law organizations, how to treat data differently than they did before they couldn't afford to just sit on all this data that was collected for a couple of reasons, right? Uh, one of them being that it's expensive. So you're constantly storing data, whether that's on-prem or in the cloud is we're going to talk about there's expense that you have to pay to secure the data and keep it from being leaked. You have to pay for access control. It's paid for a lot of different things and you're not getting any value out of that. >>And then there's the idea of like the customer trust piece, which is like, if anything happens to that data, um, your reputational, uh, your reputation as a company and the trust you have between your customers and your organization is broken. So big ID. What we did is we decided that there was a foundation that needed to be built. The foundation was data discovery. If you even an organization knows where its data is, whose data it is, where it is, um, and what it is, and also who has access to it, they can start to make actionable decisions based on the data and based on this new data intelligence. So we're trying to help organizations keep up with modern data initiatives and we're empowering organizations to handle their data sensitive, personal regulated. And what's actually quite interesting is we allow organizations to define what's sensitive to them because like people, organizations are all different. >>And so what's sensitive to one organization might not be to another, it goes beyond the wall. And so we're giving organizations that new power and flexibility, and this is what I still find striking is that obviously with this exponential growth of data and machine learning, just bringing billions of inputs, it seems like right. All of a sudden you have this fast reservoir data, is that the companies in large part, um, don't know a lot about the data that they're harvest state and where it is. And so it's not actionable, it's kind of dark data, right. Just out there reciting. >>Um, and so as I understand it, this, this is your focus basically is tell people, Hey, here's your landscape. Uh, here's how you can better put it to action, why it's valuable and we're going to help them protect it. Um, and they're not aware of these things, which I still find a little striking in this day and age, >>And it goes even further. So, you know, when you start to, when you start to reveal the truth and what's going on with data, there's a couple things that some organizations do. Uh, and I think human instincts, some organizations want to bury their head in the sand. I'm like, everything's fine. Uh, which is, as we know, and we've seen the news frequently, not a sustainable approach. Uh, there's the, there's the, like, let's be a, we're overwhelmed. We don't, we don't even know. We don't even know where to start. Then there's the natural reaction, which is okay. We have to centralize and control everything which defeats the purpose of having, um, shared drives and collaboration and, um, geographically disparate workforces, which we've seen particularly over the last year, how important that resiliency within organizations is to be able to work in different areas. And so, um, it really restricts the value that, um, organizations can get from their data, which is important. And it's important in a ton of ways. Um, and for customers that have allowed their, their data to be, to be stored and harvested by these organizations, they're not getting value out of it either. It's just risk. And we've got to move data from the liability side of the balance sheet, um, to the assets out of the balance sheet. And that comes first and foremost with knowledge. >>So everybody's vote cloud, right? Everybody was on prem and also we build a bigger house and build a bigger house, better security, right in front of us, got it, got to grow. And that's where I assume AWS has come in with you. And, and this was a two year partnership that you've been engaged with in AWS. So maybe shine a little light on that, about the partnership that you've created with AWS, and then how you then in turn transition that, to leverage that for the betterment of your >>Customer base. Yeah. So AWS has been a great partner. Um, they are very forward-looking for an organization, as large as they are very forward looking that they can't do everything that their customers need. And it's better for the ecosystem as a whole to enable small companies like us. And we were very small when we started our relationship with them, uh, to, to join their partner organization. So we're an advanced partner. Now we're part of ISV accelerate. So it's a slightly more lead partner organization. Um, and we're there because our customers are there and AWS like us, but we both have a customer obsessed culture. Um, but organizations are embracing the cloud and there's fear of the cloud. There's there really shouldn't be in the, in the way that we thought of it, maybe five or 10 years ago. And that, um, companies like AWS are spending a lot more money on security than most organizations can. >>So like they have huge security teams, they're building massive infrastructure. And then on top of that, companies themselves can do, can use, uh, products like big ID and other products to make themselves more secure, um, from outside threats and from, from inside threats as well. So, um, we are trying to with them approach modern data challenge as well. So even within AWS, if you put all the information in, like, let's say S3 buckets, that doesn't really tell you anything. It's like, you know, I, I make this analogy. Sometimes I live in Manhattan. If I were to collect all the keys of everybody that lived in a 10 block radius around me and put it into a dumpster, uh, and keep doing that, I would theoretically know where all the keys were there in the dumpster. Now, if somebody asked me, I'd like my keys back, uh, I'd have a really hard time giving them that because I've got to sort through, you know, 10,000 people's keys. >>And I don't really know a lot about it, but those key sale a lot, you know, it says, are you in an old building, are you in a new building? You have a bike, do you have a car? Do you have a gym locker? There's all sorts of information. And I think this analogy holds up for data because of the way you store your data is important, but, um, you can gain a lot of theoretically innocuous, but valuable information from the data that's there while not compromising the sensitive data. And as an AWS has been a fabulous partner in this, they've helped us build a AWS security, have integration out of the box. Um, we now work with over 12 different AWS native, uh, applications from anything like S3 Redshift and Sienna, uh, Kinesis, as well as, um, apps built on AWS like snowflake and Databricks that we, that we connect to. >>And AWS, the technical team of department teams have been an enormous part of our success there. We're very proud of joining the marketplace to be where our customers want to buy enterprise software more and more. Um, and that's another area that we're collaborating, uh, in, in, in joint accounts now to bring more value in simplicity to our joint customers. What's your process in terms of your customer and, uh, evaluating their needs because you just talked about earlier, you had different approaches to security. Some people put their head in the sand, right? Some people admit that there's a problem. Some people fully engaged. So I assume there's also different levels of sophistication in terms of whatever you have in place and then what their needs are. So if you would shine a little light on that, you know, where they are in terms of their data landscape and AWS and its tools, but you just touched them on multiple tools you have in your service. >>Now, all that comes together to develop what would be, I guess, a unique program for a company's specific needs. It is. We started talking to the largest enterprise accounts when we were founded and we still have a real proclivity and expertise in that area. So the issues with the large enterprise accounts and the uniqueness there is scale. They have a tremendous amount of data, HR data, financial data, customer data, you name it, right? Like, we'll go. We can, we can go dry mouth talking about how many you're saying data. So many times with, with these large customers, um, freight Ws scale, wasn't an issue. They can store it, they can analyze it. They can do tons. It where we were helping is that we could make that safer. So if you want to perform data analytics, you want to ensure that sensitive data is not being, or that you want to make sure you're not violating local, not national or industry specific regulations. >>Financial services is a great example. There's dozens of regulations at the federal level in the United States and each state has their own regulations. This becomes increasingly complex. So AWS handles this by, by allowing an amazing amount of customization for their customers. They have data centers in the right places. They have experts on, on, uh, vertical, specific issues. Big ID handles this similarly in some ways, but we handle it through ostensive ability. So one of our big things is we have to be able to connect to every everywhere where our customers have data. So we want to build a foundation of like, let's say first let's understand the goals is the goal compliance with the law, which it should be for everybody that should just be like, we need to, we need to comply with the law. Like that's, that's easy. Yeah. Then as the next piece, like, are we dealing with something legacy? >>Was there a breach? Do we need to understand what happened? Are we trying to be forward-looking and understanding? We want to make sure we can lock down our most sensitive data, tier our storage tier, our security tier are our analytics efforts, which also is cost-effective. So you don't have to do, uh, everything everywhere, um, or is the goal a little bit like we needed to get a return on investment faster, and we can't do that without de-risking some of that. So we've taken those lessons from the enterprise where it's exceedingly difficult, uh, to work because of the strict requirements, because the customers expect more. And I think like AWS, we're bringing a down market. Uh, we have some, a new product coming out. Uh, it's exclusive for, uh, AWS now called small ID, which is a cloud native, a smaller version, lighter weight version of our product for customers in the more commercial space in the SMB space where they can start to build a foundation of understanding their data or, um, protection for security for, for, for privacy. >>And, and before I let you go here, what I'd like to hear about is practical application. You know, somebody that, that you've, you know, that you were able to help and assist you evaluated. Cause you've talked about the format here. You've talked about your process and talk about some future, I guess, challenges, opportunities, but, but just to give our viewers an idea of maybe the kind of success you've already had to, uh, give them a perspective on that, this share a couple stories. If you wouldn't mind with some work that you guys did and rolled up your sleeves and, and, uh, created that additional value >>For your customers. Yeah, absolutely. So I'll give a couple examples. I'm going to, I'm going to keep everyone anonymized, uh, as a privacy based company, in many ways, what we, we try to respect colors. Um, but let's talk about different types of sensitive data. So we have customers that, um, intellectual property is their biggest concern. So they, they do care about compliance. They want to comply with all local and national laws where they, where they, their company resides all their offices are, but they were very concerned about sensitive data sprawl around intellectual property. They have a lot of patents. They have a lot of sensitive data that way. So one of the things we did is we were able to provide custom tags and classifications for their sensitive data based on intellectual property. And they could see across their cloud environment, across their on-premise environment across shared drives, et cetera. >>We're sensitive data had sprawl where it had moved, who's having access to it. And they were able to start realigning their storage strategy and their content management strategy, data governance strategy, based on that, and start to, uh, move sensitive data back to certain locations, lock that down on a higher level could create more access control there, um, but also proliferate and, uh, share data that more teams needed access to. Um, and so that's an example of a use case that I don't think we imagined necessarily in 2016 when we were focused on privacy, but we've seen that the value can come from it. Um, so yeah, no, I mean, the other piece is, so we've worked with some of the largest AWS customers in the world. Their concern is how do we even start to scan the Tedder, terabytes and petabytes of data in any reasonable fashion? >>Uh, without it being out of date, if we create this data map, if we prayed this data inventory, uh, it's going to be out of date day one, as soon as we say, it's complete, we've already added more. That's where our scalability fit Sam. We were able to do a full scan of their entire AWS environment and, uh, months, and then keep up with the new data that was going into their AWS environment. This is a, this is huge. This was groundbreaking for them. So our hyper scan capability, uh, that we've wrote, brought out that we rolled out to AWS first, um, was a game changer for them to understand what data they had and where it is who's it is et cetera at a way that they never thought they could keep up with. You know, I I'm, I brought back to the beginning of code when the British government was keeping track of all the COVID cases on spreadsheets and spreadsheet broke. >>Um, it was also out of date, as soon as they entered something else. It was already out of date. They couldn't keep up with them. Like there's better ways to do that. Uh, luckily they think they've moved on from, from that, uh, manual system, but automation using the correct human inputs when necessary, then let, let machine learning, let, uh, big data take care of things that it can, uh, don't waste human hours that are precious and expensive unnecessarily and make better decisions based on that data. You know, you raised a great point too, which I hadn't thought of about the fact is you do your snapshot today and you start evaluating all their needs for today. And by the time you're going to get that done, their needs have now exponentially grown. It's like painting the golden gate bridge, right. You get that year and now you've got to pay it again. I said it got bigger, but anyway, they will. Thanks for the time. We certainly appreciate it. Thanks for joining us here on the sort of showcase and just remind me that if you ever asked for my keys, keep them out of that dumpster to be here.

(upbeat music) >> Well good to have you with us here as we continue the AWS startup showcase and we're joined now by the CEO of BigID, Dmitri Sirota. And Dmitri good afternoon to you? How are you doing today? >> I'm pretty good, it's Friday, it's sunny, it's warm, I'm doing well. >> Then that's a good start, yeah. Glad to have you with us here. First off, just about BigID and when you look at I would assume these accolades are, they are quite a showcase for you. Well economic forum technology pioneer. Forbes cloud 100, business insider startup the watch. I mean, you are getting a lot of attention, obviously for... >> Yep. >> And well-deserved, but when you see these kinds of recognitions coming your way- >> Yep. >> First of what does that do to inspire, motivate and fuel this great passion that you have? >> Yeah, look I think all of these recognitions help, I think affirm, I think what we aspire to be right? Provide the preeminent solution for helping organizations understand their data and in so doing, be able to address problems in privacy and protection and perspective. And I think that these recognitions are part of that as our customers, as our partners like AWS. So they're all part of that ad mixture. And I think they contribute to a sense that we're doing some pioneering work, right as they work from the world economic forum recognized. So I think it's important. I think it's healthy. It encourages kind of cooperative spirit at the company. And I think it's, you know, it's very encouraging for us to continue and build. >> So let's talk about BigID, a little bit for our viewers who might not be too familiar. You are a fairly new company, raised 200 million so far, five years of operations coming up on five years. >> Yep. >> But talk about your sweet spot in terms of the variety of services they provided in terms of protection and security. >> Yeah, sure. So we were founded with really this kind of precept that organizations need to have a better understanding of their data. I think when we got started about five years ago. Most organizations had some view of their data, maybe a few of their files, maybe their databases. What changed is the emerging privacy regulations like GDPR and CCPA later forced companies to rethink their approach to data understanding data knowledge, because part of the kind of the core consumption of privacy is that you and me and other individuals have a right to their data the data actually belongs to us. Similar to when you deposit a check in a bank. That money you deposited is yours. If you ever want to withdraw it, the bank has to give it back to you. And in a similar way, these privacy regulations require organizations to be able to give back your data or delete it or do other things. And as it happens there was no real technology to help companies do that, to help companies look across their vast data estates and pick out all the pieces of information all the detritus that could belong to Dimitri. So it could be my password, it could be my social security, it could be my click stream, it could be my IP address, my cookie. And so we developed from the ground up a brand new approach to technology that covers the data center and the cloud, and allow organizations to understand their data at a level of detail that never existed before. And still, I would argue doesn't exist today. Separate from BigID. And we describe that as our foundational data discovery in depth, right? We provide this kind of multidimensional view of your data to understand the content and the context of the information. And what that allows organizations to do is better understand the risk better meet certain regulatory requirements like GDPR and CCPA. But ultimately also get better value from their data. And so what was pioneering about us is not only that level of detail that we provided almost like your iPhone provides you four cameras to look at the world. We provide you kind of four lenses to look at your data. But then on top of that we introduced a platform that allowed you to take action on what you found. And that action could be in the realm of privacy so that you could solve for some of the privacy use cases like data rights or consent or consumer privacy preferences or data protection data security, so that you can remediate. You can do deal with data lifecycle management. You could deal with encryption, et cetera. Or ultimately what we call a data governance or data perspective, this idea of being able to get value from your data but doing so in a privacy and security preserving way. So that's kind of the conception we want to help you know, your data. And then we want to help you act on your data so that your data is both secure. It's both compliant , but ultimately you get value from your data. >> Now we get into this, helping me know my data better because you you've talked about data you know and data you don't right? >> Dimitri: Yeah. >> And you're saying there's a lot more that we don't or a company doesn't know. >> Dimitri: Yeah. >> Than it's aware of. And I find that still kind of striking in this day and age. I mean with kind of the sophistication of tools that we have and different capabilities that I think give us better insight. But I'm still kind of surprised when you're saying there's all a lot of data that companies are housing that they're not even aware of right now. >> They're not and candidly they didn't really want to be for a long, long time. I think the more you know sometimes the more you have to fix, right? So there needed to be a catalyzing event like these privacy regulations to essentially kind of unpack, to force a set of actions because the privacy regulation said, no, no, no you need to know whether you want to or not. So I think a lot of organizations for years and years outside of a couple of narrow fields like HIPAA, PCI unless there was a specific regulation, they didn't want to know too much. And as a consequence there, wasn't really technology to keep up with the explosion in data volumes and data platforms. Right? Think about like AWS didn't exist when a lot of these technologies were first built in the early 2000's. And so we had to kind of completely re-think things. And one thing I'll also kind of highlight is the need or necessity is not just driven by some of these emerging privacy regulations, but it's also driven by the shift to the cloud. Because when you have all your data on a server in a data center in New Jersey, you could feel a false sense of security because you have doors to that data center in New Jersey and you have firewalls to that data center in New Jersey. And if anybody asks you where your sensitive data you could say, it's in New Jersey! But now all of a sudden you move it into the cloud and data becomes the perimeter, right? It's kind of naked and exposed it's out there. And so I think there's a much greater need and urgency because now data is kind of in the ethos in the air. And so organizations are really kind of looking for additional ability for them to both understand contextualize and deal with some of the privacy security and data governance aspects of that data. >> So you're talking about data obviously AWS comes to mind, right? >> Dimitri: Yeah. And the relationship that you have with them it's been a couple of years in the making things are going really well for you and ultimately for your customers. What is it about this particular partnership that you have with AWS that you think has allowed you to bring that even more added value at the end of the day to your customer base? >> Look, our customers are going to AWS because its simplicity to kind of provision their applications, their services, the cost is incredibly attractive, the diversity of capabilities that AWS provides our customers. And so we have a lot of larger and midsize and even smaller organizations that are going to AWS. And it's important for us to be where our customers are. And so if our customers are using Red Sheriff, or using S creator, using dynamo or using Kinesis or using security hub. We have to be there, right? So we've kind of followed that pathway because of they're putting data in those places, part of our job is provide that insight and intelligence to our customers around those data assets, wherever they are. And so we build a set of capabilities and expertise around the broader AWS platform. So that we could argue that we can help you, whether you keep your data in S3 whether you keep it Dynamo, whether you keep it in EMR, RDS, Aurora, Athena the list goes on and on. We want to be that expert partner for you to kind of help you know your data and then tend to take action on your data. >> So the question about data security in general, obviously as you know, there are these major stories of tremendous breach that's right. >> Yep. >> Stayed afterwards, in some cases. >> Bad guys. >> Yeah, really bad guys and bad smart guys, unfortunately and persistent to say the least. How do you work with your clients in an environment like that? Where, you know, these threats are never ending, >> Yep. >> They're becoming more and more complex. And the tools that you have are certainly robust but at the end of the day, it's very difficult. If not impossible to say a 100% bulletproof, right? >> Yeah. >> It's if you are absolutely safe with us. But you still try, you give these insurances because of your sophistication that, should give people some peace of mind. Again, it's a tough battle your in. >> Yeah. So I think the first rule of fight club is that, to solve a problem, you need to know the problem, right? You can't fix what you can't find, right? So if you're unaware that there's a potential compromise in your data, potential risk in your data maybe you have passwords in a certain data store and there's no security around that. You need to know that you have passwords in a certain data store and there's no security around that. >> Because unless you know that first, there's no ability for you to solve it. So the first part of what we do that kind of know your data that K-Y-D, is we help organizations understand what data do they have that potentially is at risk, may violate a regulatory requirement like GDPR or CCPA, things of that sort. So that's kind of the first level of value because you can't solve for something you can't, you're unaware of, right? You need to be able to see it and you need to be able to understand it. And so our ability to kind of both understand your data and understand what it is, why it is, whose it is where it came from, the risk around it lets you take action on that. Now we don't stop there. We don't stop at just helping you kind of find the problem. We also help you understand if there's additional levels of exposure. Do you have access control around that data for instance. If that data is open to the world and you just put a bunch of passwords there or API keys or credentials, that's a problem. So we provide this kind of holistic view into your data and to some of the security controls. And then most importantly, through our application platform our own apps, we provide ways for you to take action on that. And that action could take many forms. It could be about remediating where you delegate to a security owner and say, hey, I want you to delete that data. Or I want you to encrypt that data. It could be something more automated where it just encrypts everything. But again, part of the value and virtue of our platform is that we both help you identify the potential risk points. And then we give you in the form of apps that sit on top of our platform, ways to take action on it, to secure it, to reduce it, to minimize the risk. >> Because these threats are ever evolving. Can you give us a little, maybe inside peek under the tent here, a bit about what you're looking at in terms of products or services down the road here. So if somebody is thinking, okay. What enhanced tools might be at my disposal in the near term or even in the longterm to try and mitigate these risks. Can you give us an idea about some things you guys are working on? >> Yeah. So the biggest thing we're working on I've already kind of hinted at this is really the kind of first in industry platform, in our category companies that look at data and by platform i mean, something like where you can introduce apps. So AWS has a platform. People can introduce additional capabilities on top of AWS. In the data discovery classification arena, that had never been the case because the tools were very, very old. So we're introducing these apps and these apps allow you to take a variety of actions. I've mentioned a few of them, there's retention. You can do encryption, you can do access control, you could do remediation, and you could do breach impact analysis. Each of these apps is kind of an atomic unit of functionality. So there's no different than on your iPhone or your Android phone. You may have an Uber app, when you click on it, all of a sudden your phone looks like an Uber application. You may have an app focused on Salesforce, you click on it, all of a sudden your phone looks like a Salesforce application. And so what we've done is we've kind of taken this kind of data discovery, classification and intelligence mechanism that kind of K-Y-D I referenced. And then we built a whole app platform. And what we're going to start announcing over the coming months, is more and more apps in the field of privacy, in the fields of data security or protection, and even the fields of data value what we call perspective and that's and we're actually coming out with an announcement shortly on this app marketplace. And there'll be BigID building apps, but you know what, there's going to be a lot of third parties building apps. So companies that do intrusion detection and integrations and all kinds of other things are also building apps on BigID. And that's an exciting part of what you're going to see coming from us in the coming weeks. >> Great. Well, thanks for the sneak peek and wait I feel like I just barely scratched the surface of it. Governance, compliance, right? Regulation, you have so many balls in the air but obviously you're juggling them quite well and we wish you continued success, job well done. Thanks, Dimitri. >> Dimitri: Thank you very much for having me. (upbeat music)

(upbeat music) >> Well good to have you with us here as we continue the AWS startup showcase and we're joined now by the CEO of BigID, Dmitri Sirota. And Dmitri good afternoon to you? How are you doing today? >> I'm pretty good, it's Friday, it's sunny, it's warm, I'm doing well. >> Then that's a good start, yeah. Glad to have you with us here. First off, just about BigID and when you look at I would assume these accolades are, they are quite a showcase for you. Well economic forum technology pioneer. Forbes cloud 100, business insider startup the watch. I mean, you are getting a lot of attention, obviously for... >> Yep. >> And well-deserved, but when you see these kinds of recognitions coming your way- >> Yep. >> First of what does that do to inspire, motivate and fuel this great passion that you have? >> Yeah, look I think all of these recognitions help, I think affirm, I think what we aspire to be right? Provide the preeminent solution for helping organizations understand their data and in so doing, be able to address problems in privacy and protection and perspective. And I think that these recognitions are part of that as our customers, as our partners like AWS. So they're all part of that ad mixture. And I think they contribute to a sense that we're doing some pioneering work, right as they work from the world economic forum recognized. So I think it's important. I think it's healthy. It encourages kind of cooperative spirit at the company. And I think it's, you know, it's very encouraging for us to continue and build. >> So let's talk about BigID, a little bit for our viewers who might not be too familiar. You are a fairly new company, raised 200 million so far, five years of operations coming up on five years. >> Yep. >> But talk about your sweet spot in terms of the variety of services they provided in terms of protection and security. >> Yeah, sure. So we were founded with really this kind of precept that organizations need to have a better understanding of their data. I think when we got started about five years ago. Most organizations had some view of their data, maybe a few of their files, maybe their databases. What changed is the emerging privacy regulations like GDPR and CCPA later forced companies to rethink their approach to data understanding data knowledge, because part of the kind of the core consumption of privacy is that you and me and other individuals have a right to their data the data actually belongs to us. Similar to when you deposit a check in a bank. That money you deposited is yours. If you ever want to withdraw it, the bank has to give it back to you. And in a similar way, these privacy regulations require organizations to be able to give back your data or delete it or do other things. And as it happens there was no real technology to help companies do that, to help companies look across their vast data estates and pick out all the pieces of information all the detritus that could belong to Dimitri. So it could be my password, it could be my social security, it could be my click stream, it could be my IP address, my cookie. And so we developed from the ground up a brand new approach to technology that covers the data center and the cloud, and allow organizations to understand their data at a level of detail that never existed before. And still, I would argue doesn't exist today. Separate from BigID. And we describe that as our foundational data discovery in depth, right? We provide this kind of multidimensional view of your data to understand the content and the context of the information. And what that allows organizations to do is better understand the risk better meet certain regulatory requirements like GDPR and CCPA. But ultimately also get better value from their data. And so what was pioneering about us is not only that level of detail that we provided almost like your iPhone provides you four cameras to look at the world. We provide you kind of four lenses to look at your data. But then on top of that we introduced a platform that allowed you to take action on what you found. And that action could be in the realm of privacy so that you could solve for some of the privacy use cases like data rights or consent or consumer privacy preferences or data protection data security, so that you can remediate. You can do deal with data lifecycle management. You could deal with encryption, et cetera. Or ultimately what we call a data governance or data perspective, this idea of being able to get value from your data but doing so in a privacy and security preserving way. So that's kind of the conception we want to help you know, your data. And then we want to help you act on your data so that your data is both secure. It's both compliant , but ultimately you get value from your data. >> Now we get into this, helping me know my data better because you you've talked about data you know and data you don't right? >> Dimitri: Yeah. >> And you're saying there's a lot more that we don't or a company doesn't know. >> Dimitri: Yeah. >> Than it's aware of. And I find that still kind of striking in this day and age. I mean with kind of the sophistication of tools that we have and different capabilities that I think give us better insight. But I'm still kind of surprised when you're saying there's all a lot of data that companies are housing that they're not even aware of right now. >> They're not and candidly they didn't really want to be for a long, long time. I think the more you know sometimes the more you have to fix, right? So there needed to be a catalyzing event like these privacy regulations to essentially kind of unpack, to force a set of actions because the privacy regulation said, no, no, no you need to know whether you want to or not. So I think a lot of organizations for years and years outside of a couple of narrow fields like HIPAA, PCI unless there was a specific regulation, they didn't want to know too much. And as a consequence there, wasn't really technology to keep up with the explosion in data volumes and data platforms. Right? Think about like AWS didn't exist when a lot of these technologies were first built in the early 2000's. And so we had to kind of completely re-think things. And one thing I'll also kind of highlight is the need or necessity is not just driven by some of these emerging privacy regulations, but it's also driven by the shift to the cloud. Because when you have all your data on a server in a data center in New Jersey, you could feel a false sense of security because you have doors to that data center in New Jersey and you have firewalls to that data center in New Jersey. And if anybody asks you where your sensitive data you could say, it's in New Jersey! But now all of a sudden you move it into the cloud and data becomes the perimeter, right? It's kind of naked and exposed it's out there. And so I think there's a much greater need and urgency because now data is kind of in the ethos in the air. And so organizations are really kind of looking for additional ability for them to both understand contextualize and deal with some of the privacy security and data governance aspects of that data. >> So you're talking about data obviously AWS comes to mind, right? >> Dimitri: Yeah. And the relationship that you have with them it's been a couple of years in the making things are going really well for you and ultimately for your customers. What is it about this particular partnership that you have with AWS that you think has allowed you to bring that even more added value at the end of the day to your customer base? >> Look, our customers are going to AWS because its simplicity to kind of provision their applications, their services, the cost is incredibly attractive, the diversity of capabilities that AWS provides our customers. And so we have a lot of larger and midsize and even smaller organizations that are going to AWS. And it's important for us to be where our customers are. And so if our customers are using Red Sheriff, or using S creator, using dynamo or using Kinesis or using security hub. We have to be there, right? So we've kind of followed that pathway because of they're putting data in those places, part of our job is provide that insight and intelligence to our customers around those data assets, wherever they are. And so we build a set of capabilities and expertise around the broader AWS platform. So that we could argue that we can help you, whether you keep your data in S3 whether you keep it Dynamo, whether you keep it in EMR, RDS, Aurora, Athena the list goes on and on. We want to be that expert partner for you to kind of help you know your data and then tend to take action on your data. >> So the question about data security in general, obviously as you know, there are these major stories of tremendous breach that's right. >> Yep. >> Stayed afterwards, in some cases. >> Bad guys. >> Yeah, really bad guys and bad smart guys, unfortunately and persistent to say the least. How do you work with your clients in an environment like that? Where, you know, these threats are never ending, >> Yep. >> They're becoming more and more complex. And the tools that you have are certainly robust but at the end of the day, it's very difficult. If not impossible to say a 100% bulletproof, right? >> Yeah. >> It's if you are absolutely safe with us. But you still try, you give these insurances because of your sophistication that, should give people some peace of mind. Again, it's a tough battle your in. >> Yeah. So I think the first rule of fight club is that, to solve a problem, you need to know the problem, right? You can't fix what you can't find, right? So if you're unaware that there's a potential compromise in your data, potential risk in your data maybe you have passwords in a certain data store and there's no security around that. You need to know that you have passwords in a certain data store and there's no security around that. >> Because unless you know that first, there's no ability for you to solve it. So the first part of what we do that kind of know your data that K-Y-D, is we help organizations understand what data do they have that potentially is at risk, may violate a regulatory requirement like GDPR or CCPA, things of that sort. So that's kind of the first level of value because you can't solve for something you can't, you're unaware of, right? You need to be able to see it and you need to be able to understand it. And so our ability to kind of both understand your data and understand what it is, why it is, whose it is where it came from, the risk around it lets you take action on that. Now we don't stop there. We don't stop at just helping you kind of find the problem. We also help you understand if there's additional levels of exposure. Do you have access control around that data for instance. If that data is open to the world and you just put a bunch of passwords there or API keys or credentials, that's a problem. So we provide this kind of holistic view into your data and to some of the security controls. And then most importantly, through our application platform our own apps, we provide ways for you to take action on that. And that action could take many forms. It could be about remediating where you delegate to a security owner and say, hey, I want you to delete that data. Or I want you to encrypt that data. It could be something more automated where it just encrypts everything. But again, part of the value and virtue of our platform is that we both help you identify the potential risk points. And then we give you in the form of apps that sit on top of our platform, ways to take action on it, to secure it, to reduce it, to minimize the risk. >> Because these threats are ever evolving. Can you give us a little, maybe inside peek under the tent here, a bit about what you're looking at in terms of products or services down the road here. So if somebody is thinking, okay. What enhanced tools might be at my disposal in the near term or even in the longterm to try and mitigate these risks. Can you give us an idea about some things you guys are working on? >> Yeah. So the biggest thing we're working on I've already kind of hinted at this is really the kind of first in industry platform, in our category companies that look at data and by platform i mean, something like where you can introduce apps. So AWS has a platform. People can introduce additional capabilities on top of AWS. In the data discovery classification arena, that had never been the case because the tools were very, very old. So we're introducing these apps and these apps allow you to take a variety of actions. I've mentioned a few of them, there's retention. You can do encryption, you can do access control, you could do remediation, and you could do breach impact analysis. Each of these apps is kind of an atomic unit of functionality. So there's no different than on your iPhone or your Android phone. You may have an Uber app, when you click on it, all of a sudden your phone looks like an Uber application. You may have an app focused on Salesforce, you click on it, all of a sudden your phone looks like a Salesforce application. And so what we've done is we've kind of taken this kind of data discovery, classification and intelligence mechanism that kind of K-Y-D I referenced. And then we built a whole app platform. And what we're going to start announcing over the coming months, is more and more apps in the field of privacy, in the fields of data security or protection, and even the fields of data value what we call perspective and that's and we're actually coming out with an announcement shortly on this app marketplace. And there'll be BigID building apps, but you know what, there's going to be a lot of third parties building apps. So companies that do intrusion detection and integrations and all kinds of other things are also building apps on BigID. And that's an exciting part of what you're going to see coming from us in the coming weeks. >> Great. Well, thanks for the sneak peek and wait I feel like I just barely scratched the surface of it. Governance, compliance, right? Regulation, you have so many balls in the air but obviously you're juggling them quite well and we wish you continued success, job well done. Thanks, Dimitri. >> Dimitri: Thank you very much for having me. (upbeat music)

(upbeat music) >> Well, good day and thank you for joining us as we continue our series here on theCUBE of the AWS Startup Showcase featuring today BigID. And with us is Will Murphy, who's the Vice President of the Business Development and Alliances at BigID. Will, good day to you, how are you doing today? >> Thanks John, I'm doing well. I'm glad to be here. >> Yeah, that's great. And theCUBE alum too, I might add so it's nice to have you back. Let's first off, let's share the BigID story. You've been around for just a handful of years. Accolades coming from every which direction so obviously what you're doing, you're doing very well. But for our viewers who might not be too familiar with BigID, just give us a 30,000 foot level of your core competence. >> Yeah absolutely. So actually we just had our five-year anniversary for BigID, which we're quite excited about. And that five year comes with some pretty big red marks. We've raised over $200 million for a unicorn now. But where that comes to and how that came about was that we're dealing with longstanding problems with modern data landscapes, security governance, privacy initiatives. And starting in 2016 with the authorship of GDPR, the European privacy law organizations had to treat data differently than they did before. They couldn't afford to just sit on all this data that was collected. For a couple reasons, right? One of them being that it's expensive. So you're constantly storing data whether that's on-prem or in the cloud as we're going to talk about. There's expense to that. You have to pay to secure the data and keep it from being leaked, You have to pay for access control, you have to pay for a lot of different things. And you're not getting any value out of that. And then there's the idea of the customer trust piece, which is like if anything happens to that data, your reputation as a company and the trust you have between your customers and your organization is broken. So BigID, what we did is we decided that there was a foundation that needed to be built. The foundation was data discovery. If an organization knows where its data is, whose data it is, where it is, and what it is and also who has access to it, they can start to make actionable decisions based on the data and based on this new data intelligence. So, we're trying to help organizations keep up with modern data initiatives. And we're empowering organizations to handle their data, sensitive, personal regulated. What's actually quite interesting is we allow organizations to define what's sensitive to them because like people, organizations are all different. And so what's sensitive to one organization might not be to another. It goes beyond the wall. And so we're giving organizations that new power and flexibility. >> And this is what I still find striking is that obviously with this exponential growth of data you got machine learning, just bringing billions of inputs. It seems like right now. Also you had this vast reservoir of data. Is that the companies in large part don't know a lot about the data that they're harvesting and where it is, and so it's not actionable. It's kind of dark data, right? Just out there residing. And so as I understand it, this is your focus basically is to tell people, hey here's your landscape, here's how you can better put it to action why it's valuable and we're going to help you protect it. And they're not aware of these things which I still find a little striking in this day and age >> And it goes even further. So you know, when you start to reveal the truth and what's going on with data, there's a couple things that some organizations do. And enter the human instincts. Some organizations want to bury their head in the sand like everything's fine. Which is as we know and we've seen the news frequently not a sustainable approach. There's the like let's be we're overwhelmed. Yeah. We don't even know where to start. Then there's the unnatural reaction, which is okay, we have to centralize and control everything. Which defeats the purpose of having shared drives and collaboration in geographically disparate workforces, which we've seen in particularly over the last year, how important that resiliency within organizations is to be able to work in different areas. And so it really restricts the value that organizations can get from their data, which is important. And it's important in a ton of ways. And for customers that have allowed their data to be stored and harvested by these organizations, like they're not getting value out of it neither. It's just risk. And we've got to move data from the liability side of the balance sheet to the assets side of the balance sheet. And that comes first and foremost with knowledge. >> So everybody's going cloud, right? Used to be, you know, everybody's on prem. And all of a sudden we build a bigger house. And so because you build a bigger house, you need better security, right? Your perimeter's got to grow. And that's where I assume AWS has come in with you. And this is a two year partnership that you've been engaged with in AWS. So maybe shine a little light on that. About the partnership that you've created with AWS and then how you then in turn transition that to leverage that for the benefit of your customer base. >> Yeah. So AWS has been a great partner. They are very forward-looking for an organization as large as they are. Very forward looking that they can't do everything that their customers need. And it's better for the ecosystem as a whole to enable small companies like us, and we were very small when we started our relationship with them, to join their partner organization. So we're an advanced partner now. We're part of ISV Accelerate. So it's a slightly more lead partner organization. And we're there because our customers are there. And AWS like us, we both have a customer obsessed culture. But organizations are embracing the cloud. And there's fear of the cloud, but there really shouldn't be in the way that we thought of it maybe five or 10 years ago. And that companies like AWS are spending a lot more money on security than most organizations can. So like they have huge security teams, they're building massive infrastructure. And then on top of that, companies themselves can can use products like big ID and other products to make themselves more secure from outside threats and from inside threats as well. So we are trying to with them approach modern data challenges well. So even within AWS, if you put all the information in like let's say S3 buckets, it doesn't really tell you anything. It's like, you know, I make this analogy sometimes. I live in Manhattan and if I were to collect all the keys of everybody that lived in a 10 block radius around me and put it into a dumpster and keep doing that, I would theoretically know where all the keys were. They're in the dumpster. Now, if somebody asked me, I'd like my keys back, I'd have a really hard time giving them that. Because I've got to sort through, you know, 10,000 people's keys. And I don't really know a lot about it. But those key say a lot, you know? It says like, are you in an old building? Are you in a new building? Do you have a bike? Do you have a car? Do you have a gym locker? There's all sorts of information. And I think that this analogy holds up for data but ifs of the way you store your data is important. But you can gain a lot of theoretically innocuous but valuable information from the data that's there, while not compromising the sensitive data. And as an AWS has been a fabulous partner in this. They've helped us build a AWS security, have integration out of the box. We now work with over 12 different AWS native applications from anything like S3, Redshift, Athena, Kinesis, as well as apps built on AWS, like Snowflake and Databricks that we connect to. And in AWS, the technical teams, department teams have been an enormous part of our success there. We're very proud to have joined the marketplace, to be where our customers want to buy enterprise software more and more. And that's another area that we're collaborating in joint accounts now to bring more value and simplicity to our joint customers. >> So what's your process in terms of your customer and evaluating their needs? 'Cause you just talked about it earlier that you had different approaches to security. Some people put their head in the sand, right? Some people admit that there's a problem. Some people fully are engaged. So I assume there's also a different level of sophistication in terms of what they already have in place and then what their needs are. So if you were to shine a little light on that, about assessing where they are in terms of their data landscape. And now AWS and its tools, which you just touched on. You know, the multiple tools you have in your service. Now, all that comes together to develop what would be I guess, a unique program for a company's specific needs. >> It is. We started talking to the largest enterprise accounts when we were founded and we still have a real proclivity and expertise in that area. So the issues with the large enterprise accounts and the uniqueness there is scale. They have a tremendous amount of data: HR data financial data, customer data, you name it. Right? Like, we could go dry mouth talking about how many insane data so many times with these large customers. For AWS, scale wasn't an issue. They can store it. They can analyze it. They can do tons with it. Where we were helping is that we could make that safer. So if you want to perform data analytics, you want to ensure that sensitive data is not being part of that. You want to make sure you're not violating local, national or industry specific regulations. Financial services is a great example. There's dozens of regulations at the federal level in United States. And each state has their own regulations. This becomes increasingly complex. So AWS handles this by allowing an amazing amount of customization for their customers. They have data centers in the right places. They have experts on vertical specific issues. BigID handles this similarly in some ways, but we handle it through extensibility. So one of our big things is we have to be able to connect to everywhere where our customers have data. So we want to build a foundation of like let's say first, let's understand the goals. Is the goal compliant with the law? Which it should be for everybody. That should just be like, we need to comply with the law. Like that's easy. Yeah. Then there's the next piece, like are we dealing with something legacy? Was there a breach? Do we need to understand what happened? Are we trying to be forward-looking and understanding? We want to make sure we can lock down our most sensitive data. Tier our storage, tier our security, tier are our analytics efforts which also is cost-effective. So you don't have to do everything everywhere. Or is the goal a little bit like we needed to get our return on investment faster. And we can't do that without de-risking some of that. So we've taken those lessons from the enterprise where it's exceedingly difficult to work because of the strict requirements because the customers expect more. And I think like AWS, we're bringing it down market. We have some new product coming out. It's exclusive for AWS now called SmallID, which is a cloud native. A smaller version, lighter weight version of our product for customers in the more commercial space. In the SMB space where they can start to build a foundation of understanding their data for protection and for security, for privacy. >> Will, and before I let you go here what I'd like to hear about is practical application. You know, somebody that you've, you know, that you were able to help and assist, you evaluated. 'Cause you've talked about the format here. You talked about your process and talked about some future, I guess, challenges, opportunities. But just to give our viewers an idea of maybe the kind of success you've already had. To give them a perspective on that. Just share a couple of stories, if you wouldn't mind. Whether there's some work that you guys did and rolled up your sleeves and created that additional value for your customers. >> Yeah, absolutely. So I'll give a couple examples. I'm going to keep everyone anonymized. As a privacy based company, in many ways, we try to respect-- >> Probably a good idea, right? (Will chuckles) >> But let's talk about different types of sensitive data. So we have customers that intellectual property is their biggest concern. So they do care about compliance. They want to comply with all the local and national laws where their company resides and all their offices are. But they were very concerned about sensitive data sprawl around intellectual property. They have a lot of patents. They have a lot of sensitive data that way. So one of the things we did is we were able to provide custom tags and classifications for their sensitive data based on intellectual property. And they could see across their cloud environment, across their on-premise environment, across shared drives et cetera, where sensitive data had sprawl. Where it had moved, who's having access to it. And they were able to start realigning their storage strategy and their content management strategy, data governance strategy, based on that. And start to move sensitive data back to certain locations, lock that down on a higher level. Could create more access control there, but also proliferate and share data that more teams needed access to. And so that's an example of a use case that I don't think we imagined necessarily in 2016 when we were focused on privacy but we've seen that the value can come from it. Yeah. >> So it's a good... Please, yeah, go ahead. >> No, I mean, the other (mumbles). So we've worked with some of the largest AWS customers in the world. Their concern is how do we even start to scan the Tedder terabytes and petabytes of data in any reasonable fashion without it being out of date. If we create this data map, if we create this data inventory, it's going to be out of date day one. As soon as we say, it's complete, we've already added more. >> John: Right. >> That's where our scalability fits in. We were able to do a full scan of their entire AWS environment in months. And then keep up with the new data that was going into their AWS environment. This is huge. This was groundbreaking for them. So our hyper scan capability that we brought out, that we rolled out to AWS first, was a game changer for them. To understand what data they had, where it is, who's it is et cetera, at a way that they never thought they could keep up with. You know, I brought back to the beginning of code when the British government was keeping track of all the COVID cases on spreadsheets and spreadsheets broke. It was also out of date. As soon as they entered something else it was already out of date. They couldn't keep up with it. Like there's better ways to do that. Luckily they think they've moved on from that manual system. But automation using the correct human inputs when necessary. Then let machine learning, let big data take care of things that it can. Don't waste human hours that are precious and expensive unnecessarily. And make better decisions based on that data. >> Yeah. You raised a great point too which I hadn't thought of about. The fact is, you do your snapshot today and you start evaluating all their needs for today. And by the time you're able to get that done their needs have now exponentially grown. It's like painting the golden gate bridge. Right? You get done and now you got to paint it again, except it got bigger. We added lanes, but anyway. Hey, Will. Thanks for the time. We certainly appreciate it. Thanks for joining us here on the startup showcase. And just remind me that if you ever asked for my keys keep them out of that dumpster. Okay? (Will chuckles) >> Thanks, John. Glad to be here. >> Pleasure. (soft music)

>> Announcer: From around the globe, it's theCUBE. With digital coverage of AWS re:Invent 2020. Special coverage sponsored by AWS global partner network. >> Okay, welcome back everyone to theCUBE virtual coverage of re:Invent 2020 virtual. Normally we're in person, this year because of the pandemic we're doing remote interviews and we've got a great coverage here of the APN, Amazon Partner Network experience. I'm your host John Furrier, we are theCUBE virtual. Got a great guest from Tel Aviv remotely calling in and videoing, Nimrod Vax, who is the chief product officer and co-founder of BigID. This is the beautiful thing about remote, you're in Tel Aviv, I'm in Palo Alto, great to see you. We're not in person but thanks for coming on. >> Thank you. Great to see you as well. >> So you guys have had a lot of success at BigID, I've noticed a lot of awards, startup to watch, company to watch, kind of a good market opportunity data, data at scale, identification, as the web evolves beyond web presence identification, authentication is super important. You guys are called BigID. What's the purpose of the company? Why do you exist? What's the value proposition? >> So first of all, best startup to work at based on Glassdoor worldwide, so that's a big achievement too. So look, four years ago we started BigID when we realized that there is a gap in the market between the new demands from organizations in terms of how to protect their personal and sensitive information that they collect about their customers, their employees. The regulations were becoming more strict but the tools that were out there, to the large extent still are there, were not providing to those requirements and organizations have to deal with some of those challenges in manual processes, right? For example, the right to be forgotten. Organizations need to be able to find and delete a person's data if they want to be deleted. That's based on GDPR and later on even CCPA. And organizations have no way of doing it because the tools that were available could not tell them whose data it is that they found. The tools were very siloed. They were looking at either unstructured data and file shares or windows and so forth, or they were looking at databases, there was nothing for Big Data, there was nothing for cloud business applications. And so we identified that there is a gap here and we addressed it by building BigID basically to address those challenges. >> That's great, great stuff. And I remember four years ago when I was banging on the table and saying, you know regulation can stunt innovation because you had the confluence of massive platform shifts combined with the business pressure from society. That's not stopping and it's continuing today. You seeing it globally, whether it's fake news in journalism, to privacy concerns where modern applications, this is not going away. You guys have a great market opportunity. What is the product? What is smallID? What do you guys got right now? How do customers maintain the success as the ground continues to shift under them as platforms become more prevalent, more tools, more platforms, more everything? >> So, I'll start with BigID. What is BigID? So BigID really helps organizations better manage and protect the data that they own. And it does that by connecting to everything you have around structured databases and unstructured file shares, big data, cloud storage, business applications and then providing very deep insight into that data. Cataloging all the data, so you know what data you have where and classifying it so you know what type of data you have. Plus you're analyzing the data to find similar and duplicate data and then correlating them to an identity. Very strong, very broad solution fit for IT organization. We have some of the largest organizations out there, the biggest retailers, the biggest financial services organizations, manufacturing and et cetera. What we are seeing is that there are, with the adoption of cloud and business success obviously of AWS, that there are a lot of organizations that are not as big, that don't have an IT organization, that have a very well functioning DevOps organization but still have a very big footprint in Amazon and in other kind of cloud services. And they want to get visibility and they want to do it quickly. And the SmallID is really built for that. SmallID is a lightweight version of BigID that is cloud-native built for your AWS environment. And what it means is that you can quickly install it using CloudFormation templates straight from the AWS marketplace. Quickly stand up an environment that can scan, discover your assets in your account automatically and give you immediate visibility into that, your S3 bucket, into your DynamoDB environments, into your EMR clusters, into your Athena databases and immediately building a full catalog of all the data, so you know what files you have where, you know where what tables, what technical metadata, operational metadata, business metadata and also classified data information. So you know where you have sensitive information and you can immediately address that and apply controls to that information. >> So this is data discovery. So the use case is, I'm an Amazon partner, I mean we use theCUBE virtuals on Amazon, but let's just say hypothetically, we're growing like crazy. Got S3 buckets over here secure, encrypted and the rest, all that stuff. Things are happening, we're growing like a weed. Do we just deploy smallIDs and how it works? Is that use cases, SmallID is for AWS and BigID for everything else or? >> You can start small with SmallID, you get the visibility you need, you can leverage the automation of AWS so that you automatically discover those data sources, connect to them and get visibility. And you could grow into BigID using the same deployment inside AWS. You don't have to switch migrate and you use the same container cluster that is running inside your account and automatically scale it up and then connect to other systems or benefit from the more advanced capabilities the BigID can offer such as correlation, by connecting to maybe your Salesforce, CRM system and getting the ability to correlate to your customer data and understand also whose data it is that you're storing. Connecting to your on-premise mainframe, with the same deployment connecting to your Google Drive or office 365. But the point is that with the smallID you can really start quickly, small with a very small team and get that visibility very quickly. >> Nimrod, I want to ask you a question. What is the definition of cloud native data discovery? What does that mean to you? >> So cloud native means that it leverages all the benefits of the cloud. Like it gets all of the automation and visibility that you get in a cloud environment versus any traditional on-prem environment. So one thing is that BigID is installed directly from your marketplace. So you could browse, find its solution on the AWS marketplace and purchase it. It gets deployed using CloudFormation templates very easily and very quickly. It runs on a elastic container service so that once it runs you can automatically scale it up and down to increase the scan and the scale capabilities of the solution. It connects automatically behind the scenes into the security hub of AWS. So you get those alerts, the policy alerts fed into your security hub. It has integration also directly into the native logging capabilities of AWS. So your existing Datadog or whatever you're using for monitoring can plug into it automatically. That's what we mean by cloud native. >> And if you're cloud native you got to be positioned to take advantage of the data and machine learning in particular. Can you expand on the role of machine learning in your solution? Customers are leaning in heavily this year, you're seeing more uptake on machine learning which is basically AI, AI is machine learning, but it's all tied together. ML is big on all the deployments. Can you share your thoughts? >> Yeah, absolutely. So data discovery is a very tough problem and it has been around for 20 years. And the traditional methods of classifying the data or understanding what type of data you have has been, you're looking at the pattern of the data. Typically regular expressions or types of kind of pattern-matching techniques that look at the data. But sometimes in order to know what is personal or what is sensitive it's not enough to look at the pattern of the data. How do you distinguish between a date of birth and any other date. Date of birth is much more sensitive. How do you find country of residency or how do you identify even a first name from the last name? So for that, you need more advanced, more sophisticated capabilities that go beyond just pattern matching. And BigID has a variety of those techniques, we call that discovery-in-depth. What it means is that very similar to security-in-depth where you can not rely on a single security control to protect your environment, you can not rely on a single discovery method to truly classify the data. So yes, we have regular expression, that's the table state basic capability of data classification but if you want to find data that is more contextual like a first name, last name, even a phone number and distinguish between a phone number and just a sequence of numbers, you need more contextual NLP based discovery, name entity recognition. We're using (indistinct) to extract and find data contextually. We also apply deep learning, CNN capable, it's called CNN, which is basically deep learning in order to identify and classify document types. Which is basically being able to distinguish between a resume and a application form. Finding financial records, finding medical records. So RA are advanced NLP classifiers can find that type of data. The more advanced capabilities that go beyond the smallID into BigID also include cluster analysis which is an unsupervised machine learning method of finding duplicate and similar data correlation and other techniques that are more contextual and need to use machine learning for that. >> Yeah, and unsupervised that's a lot harder than supervised. You need to have that ability to get that what you can't see. You got to get the blind spots identified and that's really the key observational data you need. This brings up the kind of operational you heard cluster, I hear governance security you mentioned earlier GDPR, this is an operational impact. Can you talk about how it impacts on specifically on the privacy protection and governance side because certainly I get the clustering side of it, operationally just great. Everyone needs to get that. But now on the business model side, this is where people are spending a lot of time scared and worried actually. What the hell to do? >> One of the things that we realized very early on when we started with BigID is that everybody needs a discovery. You need discovery and we actually started with privacy. You need discovery in route to map your data and apply the privacy controls. You need discovery for security, like we said, right? Find and identify sensitive data and apply controls. And you also need discovery for data enablement. You want to discover the data, you want to enable it, to govern it, to make it accessible to the other parts of your business. So discovery is really a foundation and starting point and that you get there with smallID. How do you operationalize that? So BigID has the concept of an application framework. Think about it like an Apple store for data discovery where you can run applications inside your kind of discovery iPhone in order to run specific (indistinct) use cases. So, how do you operationalize privacy use cases? We have applications for privacy use cases like subject access requests and data rights fulfillment, right? Under the CCPA, you have the right to request your data, what data is being stored about you. BigID can help you find all that data in the catalog that after we scan and find that information we can find any individual data. We have an application also in the privacy space for consent governance right under CCP. And you have the right to opt out. If you opt out, your data cannot be sold, cannot be used. How do you enforce that? How do you make sure that if someone opted out, that person's data is not being pumped into Glue, into some other system for analytics, into Redshift or Snowflake? BigID can identify a specific person's data and make sure that it's not being used for analytics and alert if there is a violation. So that's just an example of how you operationalize this knowledge for privacy. And we have more examples also for data enablement and data management. >> There's so much headroom opportunity to build out new functionality, make it programmable. I really appreciate what you guys are doing, totally needed in the industry. I could just see endless opportunities to make this operationally scalable, more programmable, once you kind of get the foundation out there. So congratulations, Nimrod and the whole team. The question I want to ask you, we're here at re:Invent's virtual, three weeks we're here covering Cube action, check out theCUBE experience zone, the partner experience. What is the difference between BigID and say Amazon's Macy? Let's think about that. So how do you compare and contrast, in Amazon they say we love partnering, but we promote our ecosystem. You guys sure have a similar thing. What's the difference? >> There's a big difference. Yes, there is some overlap because both a smallID and Macy can classify data in S3 buckets. And Macy does a pretty good job at it, right? I'm not arguing about it. But smallID is not only about scanning for sensitive data in S3. It also scans anything else you have in your AWS environment, like DynamoDB, like EMR, like Athena. We're also adding Redshift soon, Glue and other rare data sources as well. And it's not only about identifying and alerting on sensitive data, it's about building full catalog (indistinct) It's about giving you almost like a full registry of your data in AWS, where you can look up any type of data and see where it's found across structured, unstructured big data repositories that you're handling inside your AWS environment. So it's broader than just for security. Apart from the fact that they're used for privacy, I would say the biggest value of it is by building that catalog and making it accessible for data enablement, enabling your data across the board for other use cases, for analytics in Redshift, for Glue, for data integrations, for various other purposes. We have also integration into Kinesis to be able to scan and let you know which topics, use what type of data. So it's really a very, very robust full-blown catalog of the data that across the board that is dynamic. And also like you mentioned, accessible to APIs. Very much like the AWS tradition. >> Yeah, great stuff. I got to ask you a question while you're here. You're the co-founder and again congratulations on your success. Also the chief product officer of BigID, what's your advice to your colleagues and potentially new friends out there that are watching here? And let's take it from the entrepreneurial perspective. I have an application and I start growing and maybe I have funding, maybe I take a more pragmatic approach versus raising billions of dollars. But as you grow the pressure for AppSec reviews, having all the table stakes features, how do you advise developers or entrepreneurs or even business people, small medium-sized enterprises to prepare? Is there a way, is there a playbook to say, rather than looking back saying, oh, I didn't do with all the things I got to go back and retrofit, get BigID. Is there a playbook that you see that will help companies so they don't get killed with AppSec reviews and privacy compliance reviews? Could be a waste of time. What's your thoughts on all this? >> Well, I think that very early on when we started BigID, and that was our perspective is that we knew that we are a security and privacy company. So we had to take that very seriously upfront and be prepared. Security cannot be an afterthought. It's something that needs to be built in. And from day one we have taken all of the steps that were needed in order to make sure that what we're building is robust and secure. And that includes, obviously applying all of the code and CI/CD tools that are available for testing your code, whether it's (indistinct), these type of tools. Applying and providing, penetration testing and working with best in line kind of pen testing companies and white hat hackers that would look at your code. These are kind of the things that, that's what you get funding for, right? >> Yeah. >> And you need to take advantage of that and use them. And then as soon as we got bigger, we also invested in a very, kind of a very strong CSO that comes from the industry that has a lot of expertise and a lot of credibility. We also have kind of CSO group. So, each step of funding we've used extensively also to make RM kind of security poster a lot more robust and invisible. >> Final question for you. When should someone buy BigID? When should they engage? Is it something that people can just download immediately and integrate? Do you have to have, is the go-to-market kind of a new target the VP level or is it the... How does someone know when to buy you and download it and use the software? Take us through the use case of how customers engage with. >> Yeah, so customers directly have those requirements when they start hitting and having to comply with regulations around privacy and security. So very early on, especially organizations that deal with consumer information, get to a point where they need to be accountable for the data that they store about their customers and they want to be able to know their data and provide the privacy controls they need to their consumers. For our BigID product this typically is a kind of a medium size and up company, and with an IT organization. For smallID, this is a good fit for companies that are much smaller, that operate mostly out of their, their IT is basically their DevOps teams. And once they have more than 10, 20 data sources in AWS, that's where they start losing count of the data that they have and they need to get more visibility and be able to control what data is being stored there. Because very quickly you start losing count of data information, even for an organization like BigID, which isn't a bigger organization, right? We have 200 employees. We are at the point where it's hard to keep track and keep control of all the data that is being stored in all of the different data sources, right? In AWS, in Google Drive, in some of our other sources, right? And that's the point where you need to start thinking about having that visibility. >> Yeah, like all growth plan, dream big, start small and get big. And I think that's a nice pathway. So small gets you going and you lead right into the BigID. Great stuff. Final, final question for you while I gatchu here. Why the awards? Someone's like, hey, BigID is this cool company, love the founder, love the team, love the value proposition, makes a lot of sense. Why all the awards? >> Look, I think one of the things that was compelling about BigID from the beginning is that we did things differently. Our whole approach for personal data discovery is unique. And instead of looking at the data, we started by looking at the identities, the people and finally looking at their data, learning how their data looks like and then searching for that information. So that was a very different approach to the traditional approach of data discovery. And we continue to innovate and to look at those problems from a different perspective so we can offer our customers an alternative to what was done in the past. It's not saying that we don't do the basic stuffs. The Reg X is the connectivity that that is needed. But we always took a slightly different approach to diversify, to offer something slightly different and more comprehensive. And I think that was the thing that really attracted us from the beginning with the RSA Innovation Sandbox award that we won in 2018, the Gartner Cool Vendor award that we received. And later on also the other awards. And I think that's the unique aspect of BigID. >> You know you solve big problems than certainly as needed. We saw this early on and again I don't think that the problem is going to go away anytime soon, platforms are emerging, more tools than ever before that converge into platforms and as the logic changes at the top all of that's moving onto the underground. So, congratulations, great insight. >> Thank you very much. >> Thank you. Thank you for coming on theCUBE. Appreciate it Nimrod. Okay, I'm John Furrier. We are theCUBE virtual here for the partner experience APN virtual. Thanks for watching. (gentle music)

from the cube studios in Palo Alto in Boston connecting with thought leaders all around the world this is a cube conversation LeBron welcome to the cube studio I'm John Ferrier here in Palo Alto in our remote coverage of the tech industry we are in our quarantine crew here getting all the stories in the technology industry from all the thought leaders and all the newsmakers we've got a great story here about data data compliance and really about the platforms around how enterprises are using data I've got two great guests and some news to announce Kieran our CEO is the vice president of business development with elation and William Murphy vice president of technology alliances of big ID got some interesting news a integration partnership between the two companies really kind of compelling especially now as people have to look at the cloud scale what's happening in our world certainly in the new realities of kovin 19 and going forward the role of data new kinds of applications and the speed and agility are gonna require more and more automation more reality around making sure things are in place so guys thanks for coming on appreciate it Kieran William thanks for joining me thank you thank you so let's take a step back elation you guys have been on the cube many times we've been following you guys been a leader and Enterprise catalog a new approach it's a real new technology approach and methodology and team approach to building out the data catalogues so talk about the Alliance here why what's the news why you guys in Creighton is integration partnership well let me start and thank you for having us today you know as you know elation launched the data catalog a category seven years ago and even today we're acknowledging the leader as a leader in that space you know and but we really began with the core belief that ultimately data management will be drive driven more and more by business demand and less by information suppliers so you know another way to think about that is you know how people behave with data will drive how companies manage data so our philosophy put very simply is to start with people and not first not data and our customers really seem to agree with this approach and we've got close to 200 brands using our data you know our tool every single day to drive vibrant data communities and and foster a real data culture in the environment so one of the things that was really exciting to us is the in been in data privacy by large corporate customers to get their arms around this and you know we really strive to improve our ability to use the tool inside you know these enterprises across more use cases so the partnership that we're announcing with big ID today is really you know Big Ideas the leading modern data intelligence platform for privacy and what we're trying to do is to bring bring a level of integration between our two technologies so that enterprises in better manage and scale their their data privacy compliance capability William talked about big ID what you guys are doing you guys also have a date intelligence platform we've been covering gdpr for a very long time I once called I won't say it again because it wasn't really that complimentary but the reality has sit in and they and the users now understand more than ever privacy super important companies have to deal with this you guys have a solution take a minute to explain big-big ID and what you guys are doing yeah absolutely so our founders Demetri Shirota and Nimrod Beck's founded big idea in 2016 Sam you know gdpr was authored and the big reason there is that data changed and how companies and enterprises doubled data was changing pretty much forever that profound change meant that the status quo could no longer exist and so privacy was gonna have to become a day-to-day reality to these enterprises but what big ID realized is that to start to do to do anything with privacy you actually have to understand where your data is what it is and whose it is and so that's really the genesis of what dimitri nimrod created which which is a privacy centric data discovery and intelligence platform that allows our enterprise customers and we have over 70 customers in the enterprise space many within the Fortune hundred to be able to find classify and correlate sensitive data as they defined it across data sources whether its own Prem or in the cloud and this gives our users and kind of unprecedented ability to look into their data to get better visibility which if both allows for collaboration and also allows for real-time decision-making a big place with better accuracy and confidence that regulations are not being broken and that customers data is being treated appropriately great I'm just reading here from the release that I want to get you guys thoughts and unpack some of the concepts on here but the headline is elation strengthens privacy capabilities with big ID part nur ship empowering organizations to mitigate risks delivering privacy aware data use and improved adherence to data privacy regulations it's a mouthful but the bottom line is is that there's a lot of stuff to that's a lot of complexity around these rules and these platforms and what's interesting you mentioned discovery the enterprise discovery side of the business has always been a complex nightmare I think what's interesting about this partnership from my standpoint is that you guys are bringing an interface into a complex platform and creating an easy abstraction to kind of make it usable I mean the end of the day you know we're seeing the trends with Amazon they have Kendre which they announced and they're gonna have a ship soon fast speed of insights has to be there so unifying data interfaces with back-end is really what seems to be the pattern is that the magic going on here can you guys explain what's going on with this and what's the outcome gonna be for customers yeah I guess I'll kick off and we'll please please chime in I think really there's three overarching challenges that I think enterprises are facing is they're grappling with these regulations as as we'll talked about you know number one it's really hard to both identify and classify private data right it's it's not as easy as it might sound and you know we can talk a little bit more about that it's also very difficult to flag at the point of analysis when somebody wants to find information the relevant policies that might apply to the given data that they're looking to it to run an analysis on and lastly the enterprise's are constantly in motion as enterprises change and by new businesses and enter new markets and launch new products these policies have to keep up with that change and these are real challenges to address and you know with Big Idea halation we're trying to really accelerate that compliance right with the the you know the combination of our tools you know reduce the the cost and complexity of compliance and fundamentally keep up through a single interface so that users can know what to do with data at the point of consumption and I think that's the way to think about it well I don't know if you want to add something to that absolutely I think when Karen and I have been working on this for actually many months at this point but most companies don't have a business plan of just saying let's store as much data as possible without getting anything out of it but in order to get something out of it the ability to find that data rapidly and then analyze it so that decision makers make up-to-date decisions is pretty vital a lot of these things when they have to be done manually take a long time they're huge business issues there and so the ability to both automate data discovery and then cataloging across elation and big ID gives those decision makers whether the data steward the data analyst the chief data officer an ability to really dive deeper than they have previously with better speed you know one of the things that we've been talking about for a long time with big data as these data links and they're fairly easy to pull I mean you can put a bunch of data into a corpus and you you act on them but as you start to get across these silos there's a need for you know getting a process down around managing just not only the data wrangling but the policies behind it and platforms are becoming more complex can you guys talk about the product market fit here because there's sass involved so there's also a customer activity what's the product market fit that you guys see with this integration what are some of the things that you're envisioning to emerge out of this value proposition I think I can start I think you're exactly right enterprises have made huge investments in you know historically data warehouses data Mart's data lakes all kinds of other technology infrastructure aimed at making the data easier to get to but they've effectively just layered on to the problem so elations catalog has made it incredibly much more effective at helping organizations to find to understand trust to reuse and use that data so that stewards and people who know about the data can inform users who may need need to run a particular report or conduct a specific analysis can accelerate that process and compress the time the insights much much more than then it's are possible with today's technologies and if you if you overlay that on to the data privacy challenge its compounded and I think you know will it would be great for you to comment on what the data discovery capability it's a big ID do to improve that that even further yeah absolutely so as to companies we're trying to bridge this gap between data governance and privacy and and John as you mentioned there's been a proliferation of a lot of tools whether their data lakes data analysis tools etc what Big Idea is able to do is we're looking across over 70 different types of data platforms whether they be legacy systems like SharePoint and sequel whether they be on pram or in the cloud whether it's data at rest or in motion and we're able to auto populate our metadata findings into relations data catalog the main purpose there being that those data stewards and have access to the most authentic real time data possible so on the terms of the customer value they're going to see what more built in privacy aware features is its speed but you know what I mean the problem is compounded with the data getting that catalog and getting insights out of it but for this partnership is it speed to outcome what does the outcome that you guys are envisioning here for the customer I think it's a combination of speed as you said you know they can much more rapidly get up to speed so an analyst who needs to make a decision about specific data set whether they can use it or not and know at the point of analysis if this data is governed by policies that has been informed by big IDs so the elation catalog user can make a much more rapid decision about how to use that the second piece is the complexity and costs of compliance they can really reduce and start to winnow down their technology footprint because with the combination of the discovery that big ID provides the the the ongoing discovery the big ID provides and the enterprise it data catalog provided violation we give the framework for being able to keep up with these changes in policies as rules and as companies change so they don't have to keep reinventing the wheel every time so we think that there's a significant speed time the market advantage as well as an ability to really consolidate technology footprint well I'll add to that yeah yeah just one moment so elation when they helped create this marketplace seven years ago one of the goals there and I think we're Big Ideas assisting as well as the trusting confidence that both the users of these software's the data store of the analysts have and the data that they're using and then the the trust and confidence are building with their end consumers is much better knowing that there is the this is both bi-directional and ongoing continuously you know I've always been impressed with relations vision it's big vision around the role of the human and data and it's always been impressive and yeah I think the world spinning in that direction you starting to see that now William I want to get your thoughts with big id because you know one of the things is challenging out there from what we're hearing is you know people want to protect the sensitive data obviously with the hacks and everything else and personal information there's all kinds of regulation and believe me state by state nation by nation it's crazy complex at the same time they've got to ensure this compliance tripwires everywhere right so you have this kind of nested complex web of stuff and some real security concerns at the same time you want to make data available for machine learning and for things like that this is the real kind of things that the problem has twisted around so if I'm an enterprise I'm like oh man this is a pain in the butt so how are you guys seeing this evolve because this solution is one step in that direction what are some of the pain points what are some of the examples can you share any insights around how people are overcoming that because they want to get the data out there they want to create applications that are gonna be modern robust and augmented with whether it's augmented AI of some sort or some sort of application at the same time protecting the information and compliance it's a huge problem challenge your thoughts absolutely so to your point regulations and compliance measures both state-by-state and internationally they're growing I mean I think when we saw GDP our four years ago in the proliferation of other things whether it be in Latin America in Asia Pacific or across the United States potentially even at the federal level in the future it's not making it easier to add complexity to that every industry and many companies individually have their own policies in the way that they describe data whether what's sensitive to them is it patent numbers is it loyalty card numbers is it any number of different things where they could just that that enterprise says that this type of data is particularly sensitive the way we're trying to do this is we're saying that if we can be a force multiplier for the individuals within our organization that are in charge of the stewardship over their data whether it be on the privacy side on the security side or on the data and analytics side that's what we want to do and automation is a huge piece of this so yes the ID has a number of patents in the machine learning area around data discovery and classification cluster analysis being able to find duplicate of data out there and when we put that in conjunction with what elations doing and actually gave the users of the data the kind of unprecedented ability to curate deduplicate secure sensitive data all by a policy driven automated platform that's actually I think the magic gear is we want to make sure that when humans get involved their actions can be made how do I say this minimum minimum human interaction and when it's done it's done for a reason of remediation so they're there the second step not the first step here I'll get your thoughts you know I always riff on the idea of DevOps and it's a cloud term and when you apply that the data you talk about programmability scale automation but the humans are making calls whether you're a programmer and devops world or to a data customer of the catalog and halation i'm making decisions with my business I'm a human I'm taking action at the point of design or whatever this is where I think the magic can happen your thoughts on how this evolves for that use case because what you're doing is you're augmenting the value for the user by taking advantage of these things is is that right or am i around the right area yeah I think so I think the one way to think about elation and that analogy is that the the biggest struggle that enterprise business users have and we target the the consumers of data we're not a provider to the information suppliers if you will but the people who had need to make decisions every single day on the right set of data we're here to empower them to be able to do that with the data that they know has been given the thumbs up by people who know about the data connecting stewards who know about the subject matter at hand with the data that the analyst wants to use at the time of consumption and that powerful connection has been so effective in our customers that enabling them to do in our analytical work that they just couldn't dream of before so the key piece here is with the combination with big ID we can now layer in a privacy aware consumption angle which means if you have a question about running some customer propensity model and you don't know if you can use this data or that data the big ID data discovery platform informs the elation catalog of the usage capabilities of that given data set at the moment the analyst wants conduct his or her analysis with the appropriate data set as identified by the stewards and and as endorsed by the steward so that point in time is really critical because that's where the we can we can fundamentally shrink the decision sight yeah it's interesting and so have the point of attack on the user in this case the person in the business who's doing some real work that's where the action is yeah it's a whole nother meaning of actionable data right so you know this seems to where the values quits its agility really it's kind of what we're talking about here isn't it it is very agile on the differentiation between elation and big idea in what we're bringing to the market now is we're also bringing flexibility and you meant that the point of agility there is because we allow our customers to say what their policies are what their sense of gait is define that themselves within our platforms and then go out find that data classify and catalog at etc like that's giving them that extra flexibility the enterprise's today need so that it can make business decisions and faster and I actually operationalize data guys great job good good news it's I think this is kind of a interesting canary in the coal mine around the trends that are going on around how data is evolving what's next how you guys gonna go to market partnership obviously makes a lot of sense technical integration business model integration good fit what's next for you guys I'm sorry I mean I think the the great thing is that you know from the CEO down our organizations are very much aligned in terms of how we want to integrate our two solutions and how we want to go to market so myself and will have been really focused on making sure that the skill sets of the various constituents within both of our companies have the level of education and knowledge to bring these results to bear coupled with the integration of our two technologies well your thoughts yeah absolutely I mean between our CEOs who have a good cadence to care to myself who probably spend too much time on the phone at this point we might have to get him a guest bedroom or something alignments a huge key here ensuring that we've enabled our field to - and to evangelize this out to the marketplace itself and then doing whether it's this or our webinars or or however we're getting the news out it's important that the markets know that these capabilities are out there because the biggest obstacle honestly to adoption it's not that other solutions or build-it-yourself it's just lack of knowledge that it could be easier it could be done better that you could have you could know your data better you could catalog it better great final question to end the segment message to the potential customer out there what it what about their environment that might make them a great prospect for this solution is it is it a known problem is it a blind spot when would someone know to call you guys up in this to ship and leverage this partnership is it too much data as it's just too much many applications across geographies I'm just trying to understand the folks watching when it's an opportunity to call you guys welcome a relation perspective there that can never be too much data they the a signal that may may indicate an interest or a potential fit for us would be you know the need to be compliant with one or more data privacy regulations and as well said these are coming up left and right individual states in the in addition to the countries are rolling out data privacy regulations that require a whole set of capabilities to be in place and a very rigorous framework of compliance those those requirements and the ability to make decisions every single day all day long about what data to use and when and under what conditions are a perfect set of conditions for the use of a data catalog evacuation coupled with a data discovery and data privacy solution like big I well absolutely if you're an organization out there and you have a lot of customers you have a lot of employees you have a lot of different data sources and disparate locations whether they're on prime of the cloud these are solid indications that you should look at purchasing best-of-breed solutions like elation and Big Ideas opposed to trying to build something internally guys congratulations relations strengthening your privacy capabilities with the big ID partnership congratulations on the news and we'll we'll be tracking it thanks for coming I appreciate it thank you okay so cube coverage here in Palo Alto on remote interviews as we get through this kovat crisis we have our quarantine crew here in Palo Alto I'm John Fourier thanks for watching [Music] okay guys

>> From the Silicon Angle Media office, in Boston Massachusetts, it's the Cube. Now, here's your host, Dave Vellante. >> Hi everybody, welcome to this Cube Conversation here in our studios, outside of Boston. My name is Dave Vellante. I'm here with Matt Carroll, who's the CEO of Immuta. Matt, good to see ya. >> Good, nice to have me on. >> So we're going to talk about governance, how to automate governance, data privacy, but let me start with Immuta. What is Immuta, why did you guys start this company? >> Yeah, Immuta is an automated data governance platform. We started this company back in 2014 because we saw a gap in the market to be able to control data. What's happened in the market as changes is that every enterprise wants to leverage their data. Data's the new app. But, governments want to regulate it and consumers want to protect it. These were at odds with one another, so we saw a need of creating a platform that could meet the needs of everyone. To democratize access to data and in the enterprise, but at the same time, provide the necessary controls on the data to enforce any regulation, and ensure that there was transparency as to who is using it and why. >> So let's unpack that a little bit. Just try to dig into the problem here. So we all know about the data explosion, of course, and I often say data used to be a liability, now it's turned into an asset. People used to say get rid of the data, now everybody wants to mine it, and they want to take advantage of it, but that causes privacy concerns for individuals. We've seen this with Facebook and many others. Regulations now come into play, GDPR, different states applying different regulations, so you have all these competing forces. The business guys just want to go and get out to the market, but then the lawyers and the compliance officers and others. So are you attacking that problem? Maybe you could describe that problem a little further and talk about how you guys... >> Yeah, absolutely. As you described, there's over 150 privacy regulations being proposed over 25 states, just in 2019 alone. GDPR has created or opened the flood gates if you will, for people to start thinking about how do we want to insert our values into data? How should people use it? And so, the challenge now is, you're right, your most sensitive data in an enterprise is most likely going to give you the most insight into driving your business forward, creating new revenue channels, and be able to optimize your operational expenses. But the challenge is that consumers have awoken to, we're not exactly sure we're okay with that, right? We signed a YULU with you to just use our data for marketing, but now you're using it for other revenue channels? Why? And so, where Immuta is trying to play in there is how do we give the line of business the ability to access that instantaneously? But also give the CISO, the Chief Information Security Officer, and the governance seems the ability to take control back. So it's a delicate balance between speed and safety. And I think what's really happening in the market is we used to think about security from building firewalls, we invested in physical security controls around managing external adversaries from stealing our data. But now it's not necessarily someone trying to steal it, it's just potentially misusing it by accident in the enterprise. And the CISO is having to step in and provide that level of control. And it's also the collision of the cloud and these privacy regulations. Cause now, we have data everywhere, it's not just in our firewalls. And that's the big challenge. That's the opportunity at hand, democratization of data in the enterprise. The problem is data's not all in the enterprise. Data's in the cloud, data's in SaaS, data's in the infrastructure. >> It's distributed by it's very nature. All right, so there's a lot of things I want to follow up on. So first, there's GDPR. When GDPR came out of course, it was May of 2018 I think. It went into effect. It actually came out in 2017, but the penalties didn't take effect till '18. And I thought, okay, maybe this can be a framework for governments around the world and states. It sounds like yeah sort of, but not really. Maybe there's elements of GDPR that people are adopting, but then it sounds like they're putting in their own twists, which is going to be a nightmare for companies. So, are you not seeing a sort of, GDPR becoming this global standard? It sounds like, no. >> I don't think it's going to be necessarily global standard, but I do think the spirit of the GDPR, and at the core of it is, why are you using my data? What was the purpose? So traditionally, when we think about using data, we think about all right, who's the user, and what authorizations do they have, right? But now, there's a third question. Sure, you're authorized to see this data, depending on your role or organization right? But why are you using it? Are you using it for certain business use? Are you using it for personal use? Why are you using this? That's the spirit of GDPR that everyone is adopting across the board. And then of course, each state, or each federal organization is thinking about their unique lens on it, right? And so you're right. This is going to be incredibly complex. And the amount of policies being enforced at query time. I'm in my favorite, let's just say I'm in Tableau or Looker right? I'm just some simple analyst, I'm a young kid, I'm 22, my first job right? And I'm running these queries, I don't know where the data is, right? I don't know what I'm combining. And what we found is on average in these large enterprises, any query at any moment in time, might have over 500 thousand policies that need to be enforced in real time. >> Wow. >> And it's only getting worse. We have to automate it. No human can handle all those edge cases. We have to automate. >> So, I want to get into how you guys actually do that. Before I do, there seems to be... There's a lot of confusion in the marketplace. Take the word data management, data protection. All the backup guys are using that term, the database guys use that term, GOC folks use that term, so there's a lot of confusion there. You have all these adjacent markets coming together. You've got the whole governance risk and compliance space, you've got cyber security, there's privacy concerns, which is kind of two sides of the same coin. How do you see these adjacencies coming together? It seems like you sit in the middle of all that. >> Yeah, welcome to why my marketing budget is getting bigger and bigger. The challenge we're facing now is I think, who owns the problem right? The Chief Data Officer is taking on a much larger role in these organizations, the CISO is taking a much more larger role in reporting up to the board. You have the line of business who now is almost self-sustaining, they don't have to depend on IT as much any longer because of the cloud and because of the new compute layers to make it easier. So who owns it? At the end of the day, where we see it is we think there's a next generation of cyber tools that are coming out. We think that the CISO has to own this. And the reason is that the CISO's job is to protect the enterprise from cyber risk. And at the core of cyber risk is data. And they must own the data problem. The CDO must find the data, and explain what that data is, and make sure it's quality, but it is the CISO that must protect the enterprise from these threats. And so, I see us as part of this next wave of cyber tools that are coming out. There's other companies that are equally in our stratosphere, like BigID, we're seeing AWS with Macy doing sensitive data discovery, Google has their data loss prevention service. So the cloud players are starting to see, hey, we've got to identify sensitive data. There's other startups that are saying hey, we got to identify and catalog sensitive data. And for us, we're saying hey, we need to be able to consume all that cataloging, understand what's sensitive, and automatically apply policies to ensure that any regulation in that environment is met. >> I want to ask you about the cloud too. So much to talk to you about here, Matt. So, I also wanted to get your perspective on variances within industries. So you mentioned Chief Data Officers. The ascendancy of the Chief Data Officers started in financial services, healthcare, and government where we had highly regulation industries. And now it's sort of seeped into more commercial. But it terms of those regulated industries, take healthcare for example. There are specific nuances. Can you talk about what you're seeing in terms of industry variance. >> Yeah, it's a great point. Starting with like, healthcare. What does it mean to be HIPPA compliant anymore? There are different types of devices now where I can point it at your heartbeat from a distance away and I can have 99 percent accuracy of identifying you, right? It takes three data points in any data set to identify 87 percent of US citizens. If I have your age, sex, location, I can identify you. So, what does it mean anymore to be HIPPA compliant? So the challenge is how do we build guarantees of trust that we've de-identified these DESA's, cause we have to use it, right? No one's going to go into a hospital and say, "You know what, I don't want you to say my life. "Cause I want my data protected," right? No one's ever going to say that. So the challenges we face now across these regulated industries is the most sensitive data sets are critical for those businesses to operate. So there has to be a compromise. So, what we're trying to do in these organizations is help them leverage their data and build levels of proportionality, to access that right? So, the key isn't to stop people from using data. The key is to build the controls necessary to leverage a small bit of the data. Let's just say, we've made it indistinguishable. You can only ask Agriculture and Statistics the question. Well, you know what, we actually found some really interesting things there, we need to be a little bit more useful, it's this trade-off between privacy and utility. It's a pendulum that swings back and forth. As someone proves I need more of this, you can swing it, or just mask it. I need more of it? All right, we'll just redact some of the certain things. Nope, this is really important, it's going to save someone's life. Okay, completely unmasked, you have the raw data. But it's that control that's necessary in these environments, that's what's missing. You know, we came out of the US Intelligence community. We understood this better than anyone. Because highly regulated, very sensitive data, but we knew we needed the ability to rapidly control. Well is this just a hunch, or is this a 9-11 event? And you need the ability to switch like that. That's the difference and so, healthcare is going through a change of, we have all these new algorithms. Like Facebook the other day said, hey, we have machine learning algorithms that can look at MRI scans, and we're going to be better than anyone in the world at identifying these. Do you feel good about giving your data to Facebook? I don't know, but we can maybe provide guaranteed anonymization to them, to prove to the world they're going to do right. That's where we have to get to. >> Well, this is huge, especially for the consumer, cause you just gave several examples. Facebook's going to know a lot about me, a mobile device, a Fit Bit, and yet, if I want to get access to my own medical records, it's like Fort Knox to try to get, please, give this to my insurance company. You know, you got to go through all these forms. So, you've got those diverging objectives and so, as a consumer, I want to be able to trust that when I say yes you can use it, go, and I can get access to it, and other can get access to it. I want to understand exactly what it is that you guys do, what you sell. Is it software, is it SAS, and then let's get into how it works. So what is it? >> Yeah, so we're a software platform. We deploy into any infrastructure, but it is not multi-tenant so, we can deploy on any cloud, or on premises for any customer, and we do that with customers across the world. But if you think about at the core of what is Immuta, think of Immuta as a system of record for the CISO or the line of business where I can connect to any data, on any infrastructure, on any compute layer, and we connect into over 61 different storage platforms. We then have built a UI where lawyers... We actually have three lawyers as employees that act as product managers to help any lawyer of any stature take what's on paper, these regulations, these rules and policies, and they digitize it essentially, in active code. So they can build any policy they want on any data in the ecosystem, in the enterprise, and enforce it globally without having to write any code. And then because we're this plane where you can connect any tool to this data, and enforce any regulation because we're the man in the middle, we can audit who is using what data and why. In every action, in any change in policy. So, if you think about it, it's connect any tool to any data, control it, any regulation, and prove compliance in a court of law. >> So you can set the policy at the data set level? >> Correct. >> And so, how does one do that? Can you automate that on the creation of that data set? I mean you've got you know, dependencies. How does that all work? >> Yeah, what's a really interesting part of our secret sauce is that one, we could do that at the column level, we can do it at the row level, we can do it at the cell level. >> So very granular. >> Very, very granular. This is something again, we learned from the US Intelligence community, that we have to have very fine grained access to every little bit of the data. The reason is that, especially in the age of data, is people are going to combine many data sets together. The challenge isn't enforcing the policy on a static data set, the challenge is enforcing the policy across three data sets where you merge three pieces of data together, who have conflicting policies. What do you do then? That's the beauty of our system. We deal with that policy inheritance, we manage that lineage of the policy, and can tell you here's what the policy will be. >> In other words, you can manage to the highest common denominator as an example. >> Or we can automate it to the lowest common denominator, where you can work in projects together recognizing hey, we're going to bring someone into the project that's not going to have the level of access. Everyone else will automatically change it to the lowest common denominator. But then you share that work with another team and it'll automatically be brought to the highest common denominator. And we've built all these work flows in. That was what was missing and that's why I call it a system of record. It's really a symbiotic relationship between IT, the data owner, governance, the CISO, who are trying to protect the data, and the consumer, and all they want to do is access the data as fast as possible to make better, more informed decisions. >> So the other mega-trend you have is obviously, the super power of machine intelligence, or artificial intelligence, and then you've got edge devices and machine to machine communication, where it's just an explosion of IP addresses and data, and so, it sounds like you guys can attack that problem as well. >> Any of this data coming in on any system, the idea is that eventually it's going to land somewhere, right? And you got to protect it. We call that like rogue data, right? This is why I said earlier, when we talk about data, we have to start thinking about it as it's not in some building anymore. Data's everywhere. It's going to be on a cloud infrastructure, it's going to be on premises, and it's likely, in the future, going to be on many distributed data centers around the world cause business is global. And so, what's interesting to us is no matter where the data's sitting, we can protect it, we can connect to it, and we allow people to access it. And that's the key thing is not worrying about how to lock down your physical infrastructure, it's about logically separating it. And that's why what differentiates us from other people is one, we don't copy the data, right? That's the always the barrier for these types of platforms. We leave the data where it is. The second is we take all those regulations and we can actually, at query time, push it down to where that data is. So rather than bring it to us, we push the policy to the data. And what that does is that's what allows us, what differentiates us from everyone else is, it allows us to guarantee that protection, no matter where the data's living. >> So you're essentially virtualizing the data? >> Yeah, yeah. It's virtual views of data, but it's not all the data. What people have to realize is in the day of apps, we cared about storage. We put all the data into a database, we built some services on top of it and a UI, and it was controlled that way, right? You had all the nice business logic to control it. In the age of data, right? Data is the new app, right? We have all these automation tools, Data Robot, and H20, and Domino, and Tableau's building all these automation work flows. >> The robotic process automation. >> Yeah, RPA, UI Path, the Work Fusion, right? They're making it easier and easier for any user to connect to any data and then automate the process around it. They don't need an app to build a unique work flows, these new tools do that for them. The key is getting to the data. And the challenge with the supply chain of data is time to data is the most critical aspect of that. Cause, the time to insight is perishable. And so, what I always tell people, a little story, I came from the government, I worked in Baghdad, we had 42 minutes to know whether or not a bad guy in the environment, we could go after him. After that, that data was perishable, right? We didn't know where he was. It's the same thing in the real world. It's like imagine if Google told you, well, in 42 minutes it might be a good time to go 495. (laughter) It's not very useful, I need to know the information now. That's the key. What we see is policy enforcement and regulations are the key barrier of entry. So our ability to rapidly, with no latency, be able to connect anyone to that data and enforce those policies where the data lives, that's the critical nature. >> Okay, so you can apply the policies and you do it quickly, and so now you can help solve the problem. You mentioned a cloud before, or on prem. What is the strategy there with regard to various clouds and how do you approach multi-clouds? >> I think cloud is what used to be an infrastructure as a service game, is now becoming a compute game. I think large, regulated enterprises, government, healthcare, financial services, insurance, are all moving to cloud now in a different way. >> What do you mean by that? Cause people think infrastructure as service, they'll say oh that's compute storage and some networking. What do you mean by that? >> I think there's a whole new age of software that's being laid on top of the availability of compute and the availability of storage. That's companies like Databricks, companies like Snowflake, and what they're doing is dramatically changing how people interact with data. The availability zones, the different types of features, the ability to rip and replace legacy warehouses and main frames. It's changing the ability to not just access, but also the types of users that could even come on to leverage this data. And so these enterprises are now thinking through, "How do I move my entire infrastructure of data to them? "And what are these new capabilities "that I could get out of that?" Which, that is just happening now. A lot of people have been thinking, "Oh, this has been happening over the past five years," no, the compute game is now the new war. I used to think of like, Big Data, right? Big Data created, everyone started to understand, "Ah, if we've got our data assets together, "we can get value." Now they're thinking, "All right, let's move beyond that." The new cloud at our currents works is Snowflake and Databricks. What they're thinking about is, "How do I take all your meta-data "and allow anyone to connect any BI tool, "any data science tool, and provide highly performance, "and highly dependable compute services "to process petabytes of data?" It's pretty fantastic. >> And very cost efficient and being able to scale, compute independent of storage, from an architectural perspective. A lot of people claim they can do that, but it doesn't scale the same way. >> Yeah, when you're talking about... Cause that's the thing is you got to remember, these financial systems especially, they depend on these transactions. They cannot go down and they're processing petabytes of data. That's what the new war is over, is that data in the compute layer. >> And the opportunity for you is that data that can come from anywhere, it's not sitting in a God box, where you can enforce policies on that corpus. You don't know where it's coming from. >> We want to be invisible to that right? You're using Snowflake, it's just automatically enforced. You're using Databricks, it's automatically enforced. All these policies are enforced in flight. No one should even truly care about us. We just want to allow you to use the data the way you're used to using it. >> And you do this, this secret sauce you talked about is math, it's artificial intelligence? >> It's math. I wish I could say it was like super fancy, unsupervised neural nets or what not, it's 15 years of working in the most regulated, sticky environments. We learned about very simple novel ways of pushing it down. Great engineering's always simple. But what we've done is... At query time, what's really neat is we figured a way to take user attributes from identity management system and combine that with a purpose, and then what we do is we've built all these libraries to connect into all these dispert storage and compute systems, to push it in there. The nice thing about that is prior to this what people were doing, was making copies. They'd go to the data engineering team and they'd say hey, "I need to ETL this "and get a copy and it'll be anatomized." Think about that for a second. One, the load on your production systems, of all these copies, all the time, right? The second is CISO, the surface area. Now you've got all this data that in a snapshot in time, is legal and ethical, might change tomorrow. And so, now you've got an increase surface area of risk. Like that no-copy aspect. So the pushing it down and then the no-copy aspect really changed the game for enterprises. >> And you've got providence issues, like you say. You've got governance and compliance. >> And imagine trying, if someone said to you, imagine Congress said hey, "Any data source that you've processed "over the past five years, I want to know if "there was these three people in any of these data sources "and if there were, who touched that data "and why did they touch it?" >> Yeah and storage is cheap, but there's unintended consequences. People are, management isn't. >> We just don't have a unified way to look at all of the logs cross listed. >> So we started to talk about cloud and then I took you down a different path. But you offer your software on any cloud, is that right? >> Yeah, so right now, we are in production on Immuta's Marketplace. And that is a managed service, so you can go deploy in there, it'll go into your VPC, and we can manage the updates for you, we have no insight into your infrastructure, but we can push those updates, it'll automatically update, so you're getting our quarterly releases, we release every season. But yeah, we started with AWBS, and then we will grow out. We see cloud is just too ubiquitous. Currently, we still support though, Bigquery, Data Praq, we support Azure, Data Light Storage version two, as well as Azure Databricks. But you can get us through Immuta's Marketplace. We're also investing in ReInvent, we'll be out there in Vegas in a couple weeks. It's a big event for us just because obviously, the government has a very big stake in AWBS, but also commercial customers. It's been a massive endeavor to move. We've seen lots of infrastructure. Most of our deals now are on cloud infrastructure. >> Great, so tell us about the company. You've raised, I think in a Series B, about 28 million to date. Maybe you could give us the head count, and whatever you can share about momentum, maybe customer examples. >> Yeah, so we've raised 32 million to date. >> 32 million. >> From some great investors. The company's about 70 people now. So not too big, but not small anymore. Just this year, at this point, I haven't closed my fiscal year, so I don't want to give too much, but we've doubled our ARR and we've tripled our LOGO count this year alone and we've still got one more quarter here. We just started our fourth quarter. And some customer cases, the way I think about our business is I love healthcare, I love government, I love finance. To give you some examples is like, COGNO is a really great example. COGNO and what they're trying to solve is can they predict where a child is on the autism spectrum? And they're trying to use machine learning to be able to narrow these children down so that they can see patterns as to how a provider, a therapist is helping these families give these kids the skills to operate in the real world. And so it's like this symbiotic relationship utilizing software, surveys and video and what not, to help connect these kids that are in similar areas of the spectrum, to help say hey, this is a successful treatment, right? The problem with that is we need lots of training data. And this is children, one, two, this is healthcare, and so, how do you guarantee HIPPA compliance? How do you get through FDA trials, through third party, blind testing? And still continue to validate and retrain your models, while protecting the identity of these children? So we provide a platform where we can anonymize all the data for them, we can guarantee that there's blind studies, where the company doesn't have access to certain subsets of the data. We can also then connect providers to gain access to the HIPPA data as needed. We can automate the whole thing for them. And they're a startup too, there are 100 people. But imagine if you were a startup in this health-tech industry and you had to invest in the backend infrastructure to handle all of that. It's too expensive. What we're unlocking for them, I mean yes, it's great that they're HIPPA compliant and all that, that's what we want right? But the more important thing is like, we're providing a value add to innovate in areas utilizing machine learning, that regulations would've stymied, right? We're allowing startups in that ecosystem to really push us forward and help those families. >> Cause HIPPA compliance is table stay compulsory. But now you're talking about enabling new business models. >> Yeah, yeah exactly. >> How did you get into all this? You're CEO, you're business savvy, but it sounds like you're pretty technical as well. What's your background? >> Yeah I mean, so I worked in the intelligence community before this. And most of my focus was on how do we take data and be able to leverage it, either for counter-terrorism missions, to different non-kinetic operations. And so, where I kind of grew up in is in this age of, think about billions of dollars in Baghdad. Where I learned is that through the computing infrastructure there, everything changed. 2006 Baghdad created this boom of technology. We had drones, right? We had all these devices on our trucks that were collecting information in real time and telling us things. And then we started building computing infrastructure and it burst Hadoop. So, I kind of grew up in this era of Big Data. We were collecting it all, we had no idea what to do with it. We had nowhere to process it. And so, I kind of saw like, there's a problem here. If we can find the unique little, you know, nuggets of information out of that, we can make some really smart decisions and save lives. So once I left that community, I kind of dedicated myself to that. The birth of this company again, was spun out of the US Intelligence community and it was really a simple problem. It was, they had a bunch of data scientists that couldn't access data fast enough. So they couldn't solve problems at the speed they needed to. It took four to six months to get to data, the mission said they needed it in less than 72 hours. So it was orthogonal to one another, and so it was very clear we had to solve that problem fast. So that weird world of very secure, really sensitive, but also the success that we saw of using data. It was so obvious that we need to democratize access to data, but we need to do it securely and we need to be able to prove it. We work with more lawyers in the intelligence community than you could ever imagine, so the goal was always, how do we make a lawyer happy? If you figure that problem out, you have some success and I think we've done it. >> Well that's awesome in applying that example to the commercial business world. Scott McNeely's famous for saying there is no privacy in the internet, get over it. Well guess what, people aren't going to get over it. It's the individuals that are much more concerned with it after the whole Facebook and fake news debacle. And as well, organizations putting data in the cloud. They need to govern their data, they need that privacy. So Matt, thanks very much for sharing with us your perspectives on the market, and the best of luck with Immuta. >> Thanks so much, I appreciate it. Thanks for having me out. >> All right, you're welcome. All right and thank you everybody for watching this Cube Conversation. This is Dave Vellante, we'll see ya next time. (digital music)