>>Welcome to the cubes, continuing coverage of AWS reinvent 2021. I'm your host, Lisa Martin. We are running one of the industry's most important and largest hybrid tech events of the year. This year with AWS and its ecosystem partners. We have two life studios, two remote studios, and over 100 guests. So stick around as we talk about the next 10 years of cloud innovation, I'm very excited to be joined by another Lisa from Zscaler. Lisa Lorenzen is here with me, the field CTO for the Americas. She's here to talk about ZScaler's mission to make doing business and navigating change a simpler, faster, and more productive experience. Lisa, welcome to the program. >>Thank you. It's a pleasure to be here. >>So let's talk about Zscaler in AWS. Talk to me about the partnership, what you guys are doing together. >>Yeah, definitely. Z scaler is a strategic security ISV partner with AWS. So we provide AWS customers with zero trust, secure remote access to AWS, and this can improve their security posture as well as their user experience with AWS. These scaler recently announced that we are the first and only cloud security service to achieve the FedRAMP PI authorization to operate. And that FedRAMP ZPA service is built on AWS gov cloud. ZScaler's also an AWS marketplace seller where our customers can purchase our zero trust exchange services as well as request or high value security assessments. We're excited about that as we're seeing a rapid increase in customer adoption as these scaler via the AWS marketplace, we vetted our software on AWS edge services that support emerging use cases, including 5g, IOT, and OT. So for example, Zscaler runs on wavelength, outposts, snowball and snowcones, and Zscaler has strategic partnerships with leading AWS service providers and system integration partners, including Verizon NTT, BT, Accenture, Deloitte, and many of the leading national and regional AWS consulting partners. >>Great summary there. So you mentioned something I want to get more understanding on this. It sounds like it's a differentiator for CSO scale. You said that you guys recently announced to the first and only cloud security service to achieve FedRAMP high. Uh, ATO built on AWS gov cloud. Talk to me about and what the significance of that is. >>I L five authorization to operate means that we are able to protect federal assets for the department of defense, as well as for the civilian agencies. It just extends the certification of our cloud by the government to ensure that we meet all of the requirements to protect that military side of the house, as well as the civilian side of the house. >>Got it super important there, let's talk about zero trust. It's a super hot topic. We've seen so many changes to the threat landscape during the pandemic. How are some of the ways that Z scaler and AWS are helping customers tackle this together? >>Well, I'd actually like to answer that by telling a little bit of a story. Um, Growmark is one of our Z scaler and AWS success stories when they had to send everyone home to work from home overnight, the quote that we had from is the users just went home and nothing changed. ZPA made work from anywhere, just work, and they were able to maintain complete business continuity. So even though their employers might have had poor internet service at home, or, you know, 80 challenging infrastructure, if you've got kids on your wifi bunch of kids in the neighborhood doing remote school, everyone's working from home, you don't have the reliability or the, maybe the bandwidth capacity that you would when you're sitting in an office. And Zscaler private access is a cloud delivered zero trust solution that leverages dynamic resilient, TLS encrypted tunnels to connect the user to an application rather than putting an end point on a network. >>And the reason that's important is it makes for a much more reliable and resilient service, even in environments that may not have the best connectivity I live out in the county. I really, some days think that there's a hamster on a wheel somewhere in my cable modem network, and I am a consumer of this, right. I connect to Z scaler over Zscaler private access, I'm protected by Zscaler internet access. And so I access our internal applications that are running in AWS as well this way. And it makes a huge difference. Growmark really started with an SAP migration to AWS, and this was long before the pandemic. So they started out looking for that better user experience and the zero trust capability. They were able to ensure that their SAP environment was dark to the internet, even though it was running in the cloud. And that put them in this position to leverage that zero trust service when the pandemic was upon us, >>That ability or that quote that you mentioned, it just worked was absolutely critical for all of us in every industry. And I'm sure a lot of folks who were trying to manage working from home, the spouses from home kids doing, you know, school online also felt like you with the hamster on the wheel, I'm sure their internet access, but being able to have that business continuity was table-stakes especially early on for most organizations. We saw a lot of digital transformation, a lot of acceleration of it in the last 20 months during the pandemic. Talk to me about how Z scaler helps customers from a digital transformation perspective and maybe what some of the things were that you saw in the last 20 months that have accelerated >>Absolutely. Um, another example, there would be Jefferson health, and really, as we saw during the pandemic, as you say, it accelerated a lot of the existing trends of mobility, but also migration to the cloud. And when you move applications to the cloud, honestly, it's a complex environment and maybe the controls and the risk landscape is not as well. Understood. So Z scaler also has another solution, which is our cloud security posture management. And this is really ensuring that your configuration on your environment, that those workloads run in is controlled, understood correctly, coordinated and configured. So as deference and health migrated to the cloud first model, they were able to leverage the scalers workload posture to measure and control that risk. Again, it's environment where the combination of AWS and Z scaler together gives them a flexible, resilient solution that they can be confident is correctly configured and thoroughly locked down. >>And that's critical for businesses in any organization, especially as quickly as how quickly things changed in the last 20 months or so I do wonder how your customer conversations have has changed as I introduced you as the field CTO of the America's proceeds killer. I'm sure you talk with a lot of customers. How has the security posture, um, zero trust? How has that risen up within the organizational chain? Is that something that the board is concerned about? >>My gosh, yes. And zero trust really has gone through the Gartner hype cycle. You've got the introduction, the peak of interest, the trough of despair, and then really rising back into what's actually feasible. Only zero trust has done that on a timeline of over a decade. When the term was first introduced, I was working with firewall VPN enact technology, and frankly, we didn't necessarily have the flexibility, the scalability, or the resilience to offer true zero trust. You can try to do that with network security controls, but when you're really protecting a user connecting to an application, you've got an abstraction layer mismatch. What we're seeing now is the reemergence of zero trust as a priority. And this was greatly accelerated honestly by the cybersecurity executive order that came out a few months ago from the Biden administration, which made zero trust a priority for the federal government and the public sector, but also raised visibility on zero trust for the private sector as well. >>When we're looking at zero trust as a way to perhaps ward off some of these high profile breaches and outages like the colonial pipeline, whole situation that was based on some legacy technology for remote access that was exploited and led to a breach that they had to take their entire infrastructure offline to mitigate. If we can look at more modern delivery mechanisms and more sophisticated controls for zero trust, that helps the board address a number of challenges ranging from obviously risk management, but also agility and cost reduction in an environment where more than ever belts are being tightened. New ways of delivering applications are being considered. But the ability to innovate is more important than ever. >>It is more important than ever the ability to innovate, but it really changing security landscape. I'm glad to hear that you're seeing, uh, this change as a result of the executive order that president Biden put down in the summer. That's good news. It sounds like there's some progress being made there, but we saw, you mentioned colonial pipeline. We saw a lot in the last 20, 22 months or so with ransomware becoming a household word, also becoming something that is a matter of when companies in any industry get hit and versus if it's no longer kind of that choice anymore. So talk to me about some of the threats and some of the stats that Z scaler has seen particularly in the last 20, 22 months. >>Oh gosh. Well, let's see. I'm just going to focus on the last 12 months, cause that's really where we've got some of the best data. We've seen a 500% increase in ransomware delivered over encrypted channels. And what that means is it's really critical to have scalable SSL inspection that can operate at wire speed without impeding the user experience or delay in critical projects, server communications, activities that need to happen without any introduced in any additional latency. So if you think about what that takes the Z scaler internet access solution is protecting users, outbound access in the same way that Zscaler private access protects access to private resources. So we're really seeing more and more organizations seeing that both of these services are necessary to deliver a comprehensive zero trust. You have to protect and control the outbound traffic to make sure that nothing good leaks out, nothing bad sneaks in. >>And at the same time, you have to protect and control the inbound traffic and inbound is, you know, a much broader definition with apps in the data center in the cloud these days. We're also seeing that 30% of malware is delivered through trusted applications like file shares or collaboration tools. So it's no longer enough to only inspect web traffic. Now you have to be able to really inspect all flavors of traffic when you're doing that outbound protection. So another good example where Z scaler and AWS work together here is in Amazon workspaces. And there's a huge trend towards desktop as a service, for example, and organizations are starting to recognize that they need to protect both the user experience and also the connectivity onward in Amazon workspaces, the same way that they would for a traditional end user device. So we see Z scaler running in the Amazon workspaces instances to protect that outbound traffic and control that inbound traffic as well. >>Another big area is the ransomware infections are not the problem. It's the result. So over half of the ransomware infections include data theft or leakage. And that is a double whammy because you get what's called double extortion where not only do you have to pay to unlock your machines, but you have to pay not to have that stolen data exposed to the rest of the world. So it's more important than ever to be able to break that kill chain as early as possible to ensure that the or the server traffic itself isn't exposed to the initial infection vector. If you do happen to get an infection vector that sneaks through, you need to be able to control the lateral movement so that it doesn't spread in your environment. And then if both of those controls fail, you also need the outbound protection such as CASBY and DLP to ensure that even if they get into the environment, they can't exfiltrate any of the data that they find as a result. We're seeing that the largest security risk today is lateral movement inside the corporate network. And that's one of the things that makes these ransomware double extortion situations, such a problem. >>Last question for you. And we've got about a minute left. I'm curious, you said over 50% of ransomware attacks are now double extortion. How do you guys help customers combat that? So >>We really deliver a solution that eliminates a lot of the attack surface and a lot of the risks. We have no inbound listener, unlike a traditional VPN. So the outbound only connections mean you don't have the external attack surface. You can write these granular policy controls to eliminate lateral movement. And because we integrate with customer's existing identity and access management, we can eliminate the credential exposure that can lead to a larger spread in a compromised environment. We also can eliminate the problem of unpatched gateways, which led to things like colonial pipeline or some of the other major breaches we've seen recently. And we can remove that single point of failure. So you can rely on dynamic optimized traffic distribution for all of these secure services. Basically, what we're trying to do is make it simpler and more secure at the same time, >>Simpler and more secure at the same time is what everyone needs regardless of industry. Lisa, thank you for joining me today, talking about Zscaler in AWS, zero trust the threat landscape that you're seeing, and also how's the scaler and AWS together can help customers mitigate those growing risks. We appreciate your insights and your thoughtfulness. >>Thank you >>For Lisa Lorenzen. I'm Lisa Martin. You're watching the cubes coverage of AWS reinvent stick around more great content coming up next.

>> from our studios in the heart of Silicon Valley, Palo Alto, California. It is a cute conversation. >> Everyone. Welcome to this Special Cube conversation here at the Palo Alto Cube Studios. I'm John for a host of Cuba here. Moritz man is the head of the product management team at Open Systems A G. Great to see you again. Thanks for coming in. >> Hey, John. Thanks for having me. >> So last time we spoke, you had your event in Las Vegas. You guys are launching. You have a new headquarters here in Silicon Valley. Opened up this past spring. Congratulations. Thank you. >> Yeah, it's a great, great venue to start, and we set foot on the Silicon Valley ground. So to make our way to >> I know you've been super busy with the new building and rolling out, expanding heavily here in the Valley. But you guys were in the hottest area that we're covering Security Cloud security on premise, security. The combination of both has been the number one conversation pretty much in the cloud world right now. Honestly, besides a normal cloud, native cloud I t hybrid versus multi cloud out. See, that continues to be the discussion I think there's no more debate around multi cloud in hybrid public clouds. Great people gonna still keep their enterprises. But the security equation still is changing this new requirements. What's the latest that you guys are seeing with respect to security? >> Yeah. So, John, what we see is actually that cloud adoption had happens at different speeds. So you have usually the infrastructure of the service. Adoption would happens in a quite controlled way because there's a lift in shift. Do you have your old data center? You you take it and you transferred into azure I W S O G C P. But then there's also uncontrolled at option, which is in the SAS space. And I think this is where a lot off data risk occur, especially the wake off GDP are on where we see that this adoption happens. Maurin a sometimes control, but sometimes in a very uncontrolled way, >> explain that the uncontrolled and controlled expansion of of how security and multi cloud and cloud is going because this interesting control means this this plan's to do stuff uncontrolled means it's just by other forces explain uncontrolled versus controls >> eso controlled specifically means the IittIe team takes as a project plan and aches servers and workloads and moves them in a controlled fashion or in a dedicated project to the cloud. But what happened in the business world of business I t is actually did use those share content at any time with any device at any at any time and in all locations. So this is called the Mobile Enterprise on the Cloud First Enterprise. So it means that the classical security perimeter and the controls in that are my past, actually, by the path of least resistance or the shortest path >> available. And this is the classic case. People use Dropbox with some, you know, personal things. They're at home, they're at work, a p I based software. That's what you're getting at the >> and the issue of this is that that the data that has bean, like contained an pera meters where, you know, as it Caesar, where your data is. This has bean deployed too many edge devices, too many mobile devices, and it's get it gets shared, a nun controlled way. >> We'll get a couple talk tracks would like to drill down on that, because I think this is the trend. We're seeing a pea eye's dominant. The perimeter on the infrastructure has gone away. It's only getting bigger and larger. You got I, O. T and T Edge just and the networks are controlled and also owned by different people. So the packets of moving on it that's crazy so that that's the reality. First, talk track is the security challenge. What is the security challenge? How does a customer figure out what to do from an architectural standpoint when they're dealing with hybrid and multi cloud? So first of >> all, um, customers or BC enterprises try need to re think their infrastructure infrastructure centric view off the architecture's. So the architecture that had been built around data send us needs to become hybrid and multi cloud aware. So that means they need to define a new way off a perimeter, which is in cloud but also in the covering. Still the old, so to say, legacy hyper data center set up, which has the data still in the old data center and at the same time, they need to open up and become the cloud themselves, so to say, and but still draw a perimeter around their data and they users and not and their applications and not so much anymore around the physical infrastructure. >> So taking, changing their view of what a security product is, Is that really what you're getting at? >> Yeah, So the issues with the product point solution was that they fixed a certain part off off a tactile issue. So if you take a firewall in itself, firewall back then it was like a entry door to a big building, and you could could decide who comes out goes in. Now. If the the kind of the walls of the building are vanishing or arm or more FIC, you need to come over the more integrated concept. So having these stacked appliance and stacked security solutions trying to work together and chain them doesn't work anymore. So we think and we see that, >> Why is that? Why doesn't it work? Because in >> the end, it's it's it's hardly two to operate them. Each of those points solutions have their own end off life. They have their own life cycle. They have their own AP eyes. They have their own TCO, as all that needs to be covered. And then there's the human aspect where you have the knowledge pools around >> those technologies. So as an enterprise you have to content to continuously keep the very scar security experts to maintain content continues the depreciating assets running right, >> and they're also in it. We weren't built for tying into a holistic kind of platform. >> Yeah, What we see is that that enterprises now realize we have data centers and it's not accepted reality that you can abstracted with the cloud. So you have You don't own your own servers and buildings anymore. So you have a PAX model to subscribe to Cloud Service is and we think that this has to happen to security to so shift from cap ex to our pecs and the same way also for operational matters >> securities. The service is a crepe is a small I want to ask you on that front you mentioned mobile users. How do you secure the mobile uses when they use cloud collaboration? Because this is really what uses expect, and they want How do you secure it? >> So be secured by by actually monitoring the data where it actually gravitates, and this is usually in the cloud. So we enforce the data that is in transit through, ah, proxies and gators towards the cloud from the endpoint devices, but also then looking by AP eyes in the cloud themselves to look for threats, data leakage and also sandbox. Certain activities that happened. There >> are the next talk talk I want to get into is the expansion to hybrid and multi cloud so that you guys do from a product standpoint, solution for your customers. But in general, this is in the industry conversation as well. How how do you look at this from a software standpoint? Because, you know, we've heard Pat Gelsinger of'em were talking about somewhere to find Data Center S d n. Everything's now software based. You talk about the premiere goes away. You guys were kind of bring up a different approaches. A software perimeter? Yeah, what is the challenge for expanding to multi cloud and hybrid cloud? >> So So the challenge for enterprise and customers we talked to is that they have to run their old business. Gardner once called it by motile business, and it's still adopting not one cloud, but we see in our surveys. And this is also what market research confirms is that customers end up with 2 to 3 loud vendors. So there were will be one or two platforms that will be the primary to their major majority of applications and data gravity. But they will end up and become much more flexible with have running AWS, the old Davis Center. But it was the G, C, P and Azure, or Ali Baba glowed even side by side, right tow cover the different speeds at what their own and the price runs. And >> so I gotta ask you about Cloud Needed was one of the things that you're bringing up that just jumps in my head. And when I got to ask, because this is what I see is a potential challenge. It might be a current challenges when you have kubernetes growing such a rapid rate. You see the level of service is coming online much higher rate. So okay, people, mobile users, they're using the drop boxes, the boxes and using all these FBI service's. But that's just those wraps. As a hundreds and thousands of micro service is being stood up and Tauron down in there, you guys are taking, I think, an approach of putting a perimeter software premieres around these kinds of things, but they get turned on enough. How do you know what's clean? It's all done automatically, so this is becoming a challenge. So is this what you guys mean when you say software perimeter that you guys could just put security around things at any time? Is that explain this? >> Yeah, So? So if you talk about the service match so really mashing cloudy but native functions, I think it's still in the face where it's, I would say, chaos chaotic when you have specific projects that are being ramped up them down. So we draw a perimeter in that specific contact. So let's say you have You're ramping up a lot off cloud a function AWS. We can build a pyramid around this kind off containment and look especially for threats in the activity locks off. The different component is containers, but from from a design perspective, this needs to be, uh, we need to think off the future because if you look at Mike soft on AWS strategy, those containers will eventually move Also back to the edge. Eso were in preparing that to support those models also cover. Bring these functions closer back again to the edge on We call that not any longer the when, ej but it will become a cloud at at actually. So it's not an extension of the land that comes to the data. It's actually the data and the applications coming back to the user and much closer. >> Yeah. I mean, in that case, you could define the on premises environment has an edge, big edge, because this is all about moving, were close and data around. This is what the new normal is. Yeah, So okay, I gotta ask the next question, which is okay, If that's true, that means that kubernetes becomes a critical part of all this. And containers. How do you guys play with that at all? >> So we play with us by by actually looking at data coming from that at the moment. We're looking at this from a from a data transit perspective. We But we will further Maur integrate into their eighties AP eyes and actually become part off the C I C D. Process that building then actually big become a security function in approval and rolling out a cannery to certain service mesh. And we can say, Well, this is safe for this is unsafe This is, I think, the eventual goal to get there. But But for now, it's It's really about tracking the locks of each of those containers and actually having a parent her and segmentation around this service mash cloud. So to say, >> I think you guys got a good thing going on when you talk about this new concept that's of softer to find perimeter. You can almost map that to anything you get. Really think everything has its own little perimeter workload. Could be moving around still in these three secure. So I gotta ask on the next talk Trek is this leads into hybrid cloud. This is the hottest topic. Hybrid cloud to me is the same as multi cloud. Just kind of get together a little bit different. But hybrid cloud means you're operating both on premises and in the cloud. This is becoming a channel most si si SOS Chief admission Security officers. I don't want to fork their teams and have multiple people coding different stacks. They don't want the vendor lock in, and so you're seeing a lot of people pulling back on premises building their own stacks, deploying in the cloud and having a seamless operation. What is your definition of hybrid? Where do you see hybrid going? And how important is it? Have a hybrid strategy. >> So I think the key successfactors of a hybrid strategy is that standards standardization is a big topic. So we think that a service platform that to secure that like the SD when secure service platform rebuilt, needs to be standardized on operational level, but also from a baseline security and detection level. And this means that if you run and create your own work, those on Prem you need to have the same security and standard security and deployment standard for the clout and have the seamless security primary perimeter and level off security no matter where these these deployments are. And the second factor of this is actually how do you ensure a secure data transfer between those different workloads? And this is where S T win comes into play, which acts as a fabric together with when backbone, where we connect all those pieces together in a secure fashion >> where it's great to have you on the Q and sharing your insight on the industry. Let's get into your company. Open systems. You guys provide an integrated solution for Dev Ops and Secure Service and Security Platform. Take a minute to talk about the innovations that you guys were doing because you guys talk a lot about Casby. Talk a lot about integrated esti when but first define what Casby is for. The audience doesn't know what Casby is. C. A S B. It's kicked around all of the security conscious of your new to security. It's an acronym that you should pay attention to so defined casby and talk about your solution. >> Eso casby isn't theory. Aviation means cloud access security we broker. So it's actually becoming this centralized orchestrator that that allows and defines access based on a trust level. So saying, um, first of all, it's between networks saying I have a mobile workforce accessing SAS or I s applications. Can't be it in the middle to provide security and visibility about Where's my data moving? Where's married? Where do I have exposure off off GDP, our compliance or P C. I or he power risks And where is it exposed to, Which is a big deal on it's kind of the lowest level to start with, But then it goes further by. You can use the Casby to actually pull in data that that is about I s were close to toe identified data that's being addressed and stored. So are there any incidentally, a shared data artifacts that are actually critical to the business? And are they shared with extra resource is and then going one step further, where we then have a complete zero trust access model where we say we know exactly who can talkto which application at any time on give access to. But as everything this needs to be is in embedded in an evolution >> and the benefit ultimately goes to the SAS applications toe, have security built in. >> That's the first thing that you need to tackle. Nowadays, it's get your sass, cloud security or policy enforced on, but without disrupting service on business on to actually empower business and not to block and keep out the business >> can make us the classic application developer challenge, which is? They love to co they love the build applications, and what cloud did with Dev Ops was abstracted away the infrastructure so that they didn't have to do all this configuration. Sister. Right? APs You guys air enabling that for security? >> Exactly. Yeah. So coming back to this multi protein product cloud would, which is not keeping up anymore with the current reality and needs of a business. So we took the approach and compared death ops with a great service platform. So we have engineers building the platform. That's Integrated Security Service Platform, which promotes Esti Wen managed Detection response and Caspi Service is in one on the one platform which is tightly integrated. But in the in the customer focus that we provide them on or Pecs model, which is pretty, very predictable, very transparent in their security posture. Make that a scalable platform to operate and expand their business on. >> And that's great. Congratulations. I wanna go back for the final point here to round up the interview for the I T. Folks watching or, um, folks who have to implement multi cloud and hybrid cloud they're sitting there could be a cloud architect that could be an I T. Operations or 90 pro. They think multi cloud this in hybrid club. This is the environment. They have to get their arms around. How? What >> should they >> be thinking about? Around multi cloud and hybrid cloud. What is it, really? What's the reality now? What >> should they be considering for evaluation? What are some of the key things that that should be on their mind when they're dealing with hybrid cloud and all the opportunity around it? >> So I think they're they're like, four key pieces. Oneness. Um, they think they still have to start to think strategic. So what? It's a platform and a partner That helps them to plan ahead for the next 3 to 5 years in a way that they can really focus on what their business needs are. This is the scalability aspect. Secondly, it's a do. We have a network on security, our architecture that allows me to grow confidently and go down different venues to to actually adopt multi clouds without worrying about the security implication behind it. Too much, uh, and to implement it. And third is have this baseline and have this standardized security posture around wherever the data is moving, being at Mobil's being it SAS or being on Prem and in clouds workloads, the fourth pieces again, reading, thinking off where did you spend most of my time? Where do I create? Create value by by defining this framework so it really can create a benefit and value for the enterprise? Because if you do it not right your not right. You will have a way. You will end up with a an architecture that will break the business and not accelerated. >> Or it's made head of product that open systems here inside the Cube studios. Um, great job. Must love your job. You got the keys. A lot of pressure. Security being a product. Head of product for security companies. A lot of pressure before we wrap up. Just give a quick plug for the company. You guys hiring you have a new office space here in Redwood City. Looks beautiful. Give a quick shared play for the company. >> Yeah. So open systems the great company to work with. We're expanding in the U. S. On also, Amy, uh, with all the work force. So we're hiring. So go on our website. We have a lot off open positions, exciting challenges in a growth or into workspace. Andi. Yeah. As you said, security at the moment, it's one of the hottest areas to be in, especially with all the fundamental changes happening in the enterprise and architecture. I d landscape. So yeah, >> and clouds securing specifically. Not just in point. The normal stuff that people used to classify as hot as hot as Hades could be right now. But thanks for coming on. Strong insights. I'm jumping with Cuba here in Palo Alto with more Morris Man is the head of product management for open systems. Thanks for watching.

>> live from Orlando, Florida It's the que covering accelerate nineteen. By important, >> Welcome back to the cubes. Continuing coverage of Fortinet Accelerate twenty nineteen. Live from Orlando, Florida Lisa Martin with Peter Births and we're pleased to welcome back to the Cube. One of our alumni. John Madison, the executive vice president of Products and Solutions from Fortinet. John, It's great to have you back on The Cube >> is great to be here again. >> Lots of momentum. That fourteen that is coming into twenty nineteen with I can't believe we're in April. Already, lots of growth in revenue product revenue was up. You guys talked about the expansion of the partner network with some of your fabric ready partners on already today. You talked about this third generation and security. How fortunate is uniquely delivering that for our viewers who you weren't didn't have the opportunity to attend. Your keynote kind of talked to us about that in this hybrid world. How is supporting that delivering this third generation? What makes you guys difference? >> Yeah, so we talk about the third generation now. Everyone has different generations. That's fine. We call it the security driven networking, and it's really the Genesis ofthe forty nine for a long time in bringing together networking and security into one place. I think these days or in the past, people have built out the networks, the network layer. Then they try and connect users and applications. And they go, Wait a minute, this person security over here in a bit, over here and over there in our mind, start with both. Start with a security driven networking concept. Make sure it works end to end, and that will be the most sophisticated, most secure application and network you can have. >> And what enable supporting that to deliver this unique. Because a number of times today and Ken's key nodes, I think Patrice as well. I can't recall if yours competition came up where the audience was shown the strength in numbers that fourteen that has what makes us unique and what you're delivering. One of >> the key differentiators from the start is being making sure we can run a routing stacks. Sometimes today he referred to as ehs tea. When Stax or so security stacks in a very small footprint, and to do that, you need to spend a lot of money on what we call security processes which go inside our appliances, but to make sure that runs very fast. But having said that, I definitely think customer is going to be in a hybrid world forever for a very long time, at least anyway, where not only appliances but also virtual machines and FBI security. We also talk about this fabric concept that ables to cover the incomplete digital attack surface. So there's a very important point, and we find a lot of customers now agreed that they want to consolidate. They want to make it simpler. They need to move faster to this digital world, and anyway, you have to do that is through a consolidated >> approach. So let's build on this. They want to consolidate. They want to make it simpler, more common, and how the policies and management now along comes. Yet what's the dynamic there? >> But what's happening is that all the people referred to the perimeter disappearing. Okay, that's happening to a certain extent because data's moving into cloud. You've got different one implementations, but what's happening when you do that is to creating New Edge is a really good example, a zesty wherein which used to be very closed off. The one used to be something that connects branch offices back to the data center, but nobody got involved in that. Well, now you're opening up that when two different types of transport mechanism you're creating an edge I always refer to these edges is being created by different trust levels. There is a maybe a secure trust level here, less trust here. It creates an edge, and you absolutely need to protect all those edges. >> Would give us an example that So, for example, when you say differentiated trust levels, my edge might be at a customer location. Is that kind of what versus my edge might be in a branch office? Is that what you mean by different trust level? Push that concept for >> you know, It's more, for example, if I got a branch office and I've got one connective ity going back to my data center that's encrypted and secure. But I've also opened up connected to the Internet, the trust level between that encrypted link on my connection to the to the Internet's very different Internets open. Anyone can see they're so that trust level between those two is very different. and that's what creates the edge. >> And so, therefore, that becomes a key feature in how we design different edge implementations. It >> is. It's also a key requirement on what type of deployment Mody use have appliances have virtual machines. We have clouds, containers. AP eyes going forward. I'm finding that customers are still very reluctant to put software implementations of firewalls against the Internet. Appliances are hardened. They run faster. Having said that, inside the cloud, obviously, and inside software defined data centers virtual fine. >> Where some of those customer concerns that you're hearing >> well, I think what happens is, you know, if you putting a piece of software against the Internet, it's open to all sorts of attack. It's the same as giving I P addresses to anything. It's like a factory that creates an edge as well, and you need to harm that age against that. >> And how can Estevez When How Why is this such a crucial component of digital transformation? >> You know, sometimes markets are over hyped. I remember the Casby marketplace a few years ago. It just was a feature. To be honest, I think sd one extremely important. The reason is important is the SD one controller. That controller eventually tells users and devices how to get to the applications. And so I tell customers that investment for you is extremely important. You need to own it. You need to make sure it's flexible. Need to make sure it's secure. And so I think the SD, where marketplace or one edge is the kind of larger term for it is extremely important investment for customers. Do >> you anticipate that? I mean, you guys invested. You guys put forward a lot of products, made a number of different announcements again, going back to that notion of simplicity, that notion of consolidation. What is the breaking point for your typical group in terms of the complexity of that they can accommodate and absorbed? When we start adding additional function within the overall network, especially from a security standpoint, >> well, I think it's a bit broken already. They're really struggling to keep up from our perspective. No, today we announced our forty or sixty twos are major operating system, and what we try and do is consolidate functionality as much as possible. Inside our fabric through a single console, there was single operations capability, so it's easier for the operations people. For this critique people to implement things and find information. Ross implementing order made in mechanisms like security ratings. We should do a background run off best practices, for example, that make it again easier for those those teams to run a full analysis. What's going on? >> So was it about three hundred features roughly roughly >> accountable individually? >> Okay, good. We'LL do a recount of that, but a tremendous amount of feature addition to forty OS announced today. What are some of the things business outcomes? Peter and I were talking about outcomes with several of our guests earlier. Business outcomes, New revenue streams New product's going to market faster, the also being able to become less reactive, maybe more proactive in terms of security codes. Can you walk us through some of the outcomes that fourteen customers can expect to achieve from some of the O. S announcement in the handsome? It's already >> talked about one, which was the consolidation, which means they can do multiple things with single platform us, an important one for them. Also, some of the some of the cost savings around that's on the operational cost savings. I think also for our partners. For example, they like the fact that we're keeping that we keep adding services on top of that fabric. They can take those services, then apply them to their customers and make sure they can add value inside as well. So there's two angles to it. The one is making sure our customers are better protected. They can consolidate, save money, invest better training and then to our partners so that they can provide more value to their customers. >> So one of the things we're talking about is the fact that you have invested in a six it's and security processing units and content processing units, etcetera, that are capable of accelerating the rate at which these crucial security algorithms run. That opens up That creates additional capacity to add more function both for you as well as your partners. Are you starting to see some of your ecosystem grow faster as they better exploit that inherent power and performance that you have within your appliances and devices? >> Definitely. I think we're seeing new partners come from new areas. It also fragments of it, and that's why we announced this new partner initiative going forward, which is a bit more customizable, but but I, you know, I do think that going forward, both our customers and our partners are looking for more of an architecture approach again. If you go back five years, here's a box and off you go and install it, and we're good on again When you saw the security threats. Yes, we produce a point solution to fix the normal way. Keep moving on. They're now looking at architectures over the next five years, known only just cybersecurity architectures but Network Inc architectures, storage architectures and all coming together. So we definitely need to train our partners. I think here we had over fifty of are what we call Network's network security expert. Eight. It's the highest level of architecture and half of the partners, But going forward, we see much more partner involvement in architecture approach on. Our customers want that because they don't want to have a point solution that's out of date in a year's time or a new threat comes along and makes it redundant. >> So how are you? You mentioned you mentioned network security and storage. What other things are starting to inform that architectural approach that you're taking. >> It's everything now. So we know the factories now a completely automated all that. If utilities of I P addresses are running almost all the way down to the end point, just everything has more flexibility and more open eso. Definitely All that information's bouncing around inside I ot devices inside the wire inside data centers on all that data needs protecting. That's the key of protecting the data. And to do that again, we keep saying you need tohave. An integrated approach to networking and security >> Has the customer work with forty Net and your partner ecosystem to achieve that integrated approach. Assuming that there is a, you know, an enterprise out there that's got a spectrum of hybrid multiplied environment with the spectrum of Security point Solutions pointed it in a different components of an infrastructure. How do you help them on that journey of taking the many disparate security solutions and leveraging the power of fourteen and your partners to get that integrated, truly integrated, consolidate consolidated view? It's a couple >> of steps, maybe, maybe many steps. The first one is, oh, customers don't want to throw everything else straightaway. So what they want to do is build to integrating Connect. So we have some of our partners. Here, for example, are fabric ready partners way have connectors. We build into their platforms and orchestration systems, and that's their first step. Once they get there, they start looking across to see what they can to consolidate. So can they take a specific solution from this and I'm bringing inside? And then eventually they start to look at the long term architecture if they're moving APS to the cloud or they want to open up their wear or the one who provide kind of SD functionality inside their branch, So it's definitely a phase approached. I don't see many customers. Some customers would take an application and created from scratch inside the cloud. They can't do that with their infrastructure, the kind just completely wipe it clean. Start again. It's definitely more of a phase approach. >> So if you think about the face approach on you, talk way heard from, uh, we heard from the sales of sport side the notion that the S P s the service providers want greater customization. The enterprise wants a different level of access to the core technologies, so that they could do not customization. Not exactly remember Jack with the term was what What degree will customers retain control over how that architecture gets implemented versus what degree is going to get baked into the stack itself? A >> bit of >> both, I think, you know, for most customers, they're running towards a digital platform on. They need to own the digital powerful. If they give up complete control, how do they control that destiny going forward? So they want to own the digital platform, but they haven't got the resources to do everything. So that allows saw some to service providers and carriers. Some of the partners, for example. But I'm going to keep coming back to this. They want to get to a point in five years time, but they've got a digital footprint, is very flexible, but they also want to make sure it's very secure because as you open up that digital footprint, you opening up all these different edges. Inside the network, >> it's coherent, which is the are contested approach. Yes, because if they don't have a coherent approach to doing it, they don't know what interfaces are or are not competent, and that includes interfaces with partners. >> Yeah, they have to look forward and say I'm gonna implement X amount in the cloud. Arnot gonna have some edge compute going on here. I want to shake. Make sure my branches have the best quality of service for these certain applications that go back to this. So they would look at all those parameters and an architect, something from there. >> So we know that security network, security app, security info, security cloud security is our imperatives for every industry. But I didn't notice that the breakouts today feature. I think there's a couple of vertical features healthcare, financial services, retail. I was just curious. Are theirs just great use cases that show the potential power of forty nets technologies? Or are those industries that are either early adopters or maybe more leading edge? Because they have such a tremendous amount of data that needs to be secured as their ecosystem does this? >> Yeah. So the industry verticals, I think I think for the very large ones, they're very similar. All of them have I ot this expanding order and wanna have a flexible land system. Almost got something. Some computer power in the cloud and the edge going forward. So I know there's differences and industries. For the very large enterprises, it's the problem. Seems the same. This huge organizations, and they have all of these things going on in the right corner at you. Calm down, Toa mid enterprise. I think there's more reason to consolidate. But you seymour differences in the way the approach, things like health care that really, really focused on that healthcare kind of security of devices inside hospitals, et cetera. Education. Oh, they need to connect in these big data banks. Transfer the research information. So big organizations, I say pretty much the same problem. Midsize organizations become more relevant to the specific industry. >> Well, John, thank you so much for carving out some time to speak with Peter and need Today. We appreciate that. And it's exciting to see and feel the mo mentum the forty Niners bringing into twenty nineteen. >> Well, thanks for inviting me. >> Our pleasure. We want to thank you for your time is well for Peter. Boris. I'm Lisa Martin. You're watching the Cube