>> From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hello, everybody, this is Dave Vellante, and welcome to this breaking analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VENN program. Erik, good to see you. >> Very nice to see you too, Dave. Hope you're doing well. >> Yeah, I'm doing okay, hanging in there. You know, you guys in New York are fighting the battle, looks like we're making some progress here, so all the best to you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/CISO panel last week and we're going to explain sort of what that's all about but one of the things that ETR does that I really like is they go deeper with anecdotal information, and it's almost like in depth interviews in these round tables. So they compliment their quarterly surveys and their other drilldown surveys with other anecdotal information from people in their communities, so it's a tried and true survey practice that adds some color to the data set. So guys, if you'd bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know, we just did intros. I wanted to ask Erik what ETR VENN is and then we will go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process, and how you guys do that? >> Yes, sure we should hire you for marketing, you just did a great job actually describing that, but about three years ago, what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to, and when it's happening, but it can't always tell you why it's happening. So leveraging a lot of my background in 20 plus years in journalism and the institution of Wall Street research, we decided to take the ETR community, the people that actually take the surveys and start doing interviews with them, and start doing events with them. And in enable to doing that, we're basically just trying to complement the survey findings and the data. So what we always say is that ETR will give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table, now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public, but you had a CIO of a global auto supplier, a CISO of a diversified holdings firm who actually had some hospitality exposure, but also some government contract manufacturing exposure, a chief architect of a software ISV, and a VP and CISO of a global hospitality resort chain. So you had three out of the four, Erik were really in industries that are getting hit hard, obviously you know the software company, may be a little bit better but, maybe you could add some color to that? >> Well actually the software company unfortunately was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well so this particular panel of CIOs and CISOs were actually in a very hard hit industries and are going to make sure we do two more follow ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call the whole reason we did this and as you know you spoke to my colleague and friend Sagar Kadakia who is the director of research for ETR. And we were nimble enough to actually change our survey while it was in the field to start collecting data on what the real time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it and then say, okay, let's start reaching out to these people and dig deeper, find out why it's happening and even more so is it permanent? And which vendors are going to win and which vendors might lose from it? So that was the whole reason we set up a series of calls, we've only conducted one so far, we have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals 'cause as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others, so it's important to get a wider cross-section. >> So guys, let's take a look at some of the budget impacts, the anecdotal sort of evidence that we gathered here, so let me just scan through it and then Erik, I'll ask you to comment. So, I mean like Erik said, some hard hit industries. All major projects, anything sort of next-gen have been essentially shelved, that was the ISV and then another one we cut at least 70% of the big projects moving forward, he mentioned ServiceNow actually called him out, but ServiceNow is a SaaS company, probably you know weather the storm here, but he did say, we've put that on hold. The best comment you know As-a-Service has Saved our Saas, (laughs) that one's great. And then we're going to get into some of the networking commentary, some really interesting things about how to support the work from home, you know we're kind of shifting from a hardened top into users, remote workers and then a lot of commentary on security, so you know that's sort of a high level scan and there's just so much information here, Erik but maybe you could sort of summarize on some of those, that commentary? >> Yeah, we should definitely dig in to each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out, their VPN didn't have enough bandwidth so there was a real quick uptake in spending, but longer term we're starting to see that these changes will become more permeant. So the real winners and losers right now, we're going to see on the losers side traditional networking, the MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing, it's expensive, it's difficult to ramp up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space, it's going to be impossible to ignore that going forward and some of our CIO and even CISO panelists said that change will be permanent. Also we're seeing at the same time, what they were calling a run SaaS and cloud, now we know these trends obviously were already happening but they're being exacerbated, they're happening even more quickly and more strong and I don't see that changing any time soon. That of course is at the expense of data centers, whether it be your own or hosted. Which has huge ramifications on on-prem hardware, even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation, we didn't necessarily expect all of our community members and IT decision makers to talk about them being possibly permanent, so that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-gen security vendors and the more traditional security or the legacy security players, that bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things, you talked about sort of the network shift and toward SD-WAN, what people have described to me is that they've got a hardened top, it's a hierarchal network, it's very well understood, and it's safe right, and now all of a sudden you got all these remote workers and so you've got to completely sort of rethink your whole network architecture, the other thing I want to grill into is your cloud commentary. There's a comment that I saw Erik, that really stood out, one of the folks said, I would like to see the data centers be completely deleted, if you will or closed down, I mean I think we're going to see you know, a lot more of this, obviously. Not only from the standpoint of, and you heard this a lot the kind of pay by the drink, but just generally getting rid of all that sort of so called non-differentiated heavy lifting as we often hear about. >> That is a extreme comment, I don't think everyone feels that way, but yes, the comment was made and we've heard that comment from other people as you and I both know the larger the enterprise the harder that is to go completely SaaS, but yeah, when a situation like this happens and seeing the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change, I was also shocked about that comment. That gentleman also stated that his executives outside of the IT area, the CEO, the CFO had never ever, ever wanted to discuss cloud, they did not want to discuss work from home, they did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah and so, right, I mean the whole work from home conversation that's to your point earlier, Erik, big chunks of COVID, you know the post COVID world are going to remain permanent, guys bring up the SaaS slide if you will, the SaaS commentary "As-a-Service-Saved our SaaS" as the wittiest quip award according to ETR, you know but you had, it was very interesting to hear folks, in fact I think somebody even called out, hey you know we expected Oracle to be auditing us but they're actually being very supportive as is IBM, SalesForce was an interesting comment Erik, one of the folks said they would share accounts you know on-prem but when they all do the work from home they had to actually buy some more. You also got Cisco with big props, Microsoft was called out, a lot of organizations actually allowing them to defer payments, so the SaaS vendors actually got very high marks, didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009, right after we we came out of the financial crisis. They have notoriously been a bad act, I don't know if they found religion and they decided to be nice to their customers, but every single person mentioned them as one of the vendors that was actually helping. That was very shocking. And then we all know that when bad situations happen people become opportunistic and right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead which is really nice to see. >> Yeah, I think the, I think anybody with a cloud realizes that hey, we have an opportunity here, the lifetime value of that customer whereas maybe in 2009 when Oracle didn't have a cloud they had to get people in a headlock to try to preserve their you know income statement. If we, let's go to the networking drilldown guys, that next slide, because Fortinet, some of the things that we've been reporting on is the sort of divergence in valuations between Fortinet and Palo Alto before this whole thing hit. Fortinet has done a really good job with it's cloud offerings, Palo Alto struggled a little bit with trying to figure out the sales compensation, is maybe a little bit behind, although both companies got strong props and I've talked to a number of customers and Palo Alto's going to be in the mix, but Fortinet from a cloud standpoint seems to be doing quite well, obviously networking, you know Cisco is the big gorilla there, but so and we also got call outs from guys like Trend Micro, which was interesting from some of the folks so your thoughts on this Erik? >> Yeah, I'll start in the networking side because this is something that I really, I've dug into quite amount in not only this panel but a lot of interviews and it really seems as if as networking refresh starts to come up and it's coming up with a lot of large importers, when your network refresh comes up, people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change, I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they were basically saying that from a permanency perspective, the freedom from MPLS will reduce our network spend by over half, while more than doubling or tripling our bandwidth. You can't ignore that, you're going to save me money and triple my bandwidth. And hey, by the way, my refresh is due, it's something that's coming and it's going to happen. And yes you mentioned a few, right, there's Viptela, there's VeloCloud, there's some big players like Cisco. But Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves and they just keep acquiring a portfolio to shift from their on-prem to next-gen. It's going to take some time, 'cause 70% plus of their revenue is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving and that's just one comment on the traditional networking versus the next-gen SD-WAN. >> And the customers have indicated you know it's not easy just to get off of their MPLS networks. I mean it takes time, it's like slowly pulling off the bandaid, but like many things COVID-19 is sort of accelerating that, we haven't talked about digital transformation, that came up. As a maybe more strategic initiative, but one that you know very clearly has legs. >> You know David, it's very simple, you just said it, people, when things are going well and they're comfortable they don't change and that's the same for an enterprise or a company, hey everything's great, our revenue's fine, why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I, because we know this is a theme, we know cloud adoption is there, we know digital transformation is there, but there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there, but in other interviews besides this I heard the phrase point of 40 everything, so through our R&D and through acquisitions, Fortinet has really expanded their portfolio. And right now is their time to shine because when you have smaller satellite you know offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price, when you have smaller branch offices and I actually I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and you know companies that can secure gateways, secure endpoints are obviously going to have momentum, Zscaler came up, you know I think that's and I tell you looking at I've done a couple of breaking analysis on security, and Fortinet has been strong in two dimensions, you know ETR as our audience is I think getting to know, we really look at two key metrics, one is a net score which is a measure of spending momentum and the other is market share, which is a measure of pervasiveness, and companies like Fortinet in security, you know show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is and I'm glad you brought up Zscaler too, very recently by strong request we did a very in depth research on Zscaler versus Palo Alto Prisma access. And they were very interested and this was before all this happened. You know does Palo Alto have a chance of catching up, taking share from Zscaler? And I've had the pleasure myself personally hosting Jay, the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler at the moment their technology is still ahead according to their answers there is no doubt, however there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe that parody of a feature set will shrink over time and then it'll come down to Palo Alto who obviously has a wider end-user interface. Now, what's happening today might change that because if I had to make a decision right now for my company on secure web gateway, I'm still probably going to got to Zscaler, it's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance, so in this panel as you brought up, Zscaler was mentioned numerous times as just the wave of the future along with CASB Brokers, right, whether you're talking about a Netskope or Forcepoint, all those people that also play in the CASB space, to secure your access, zero trust is no longer a marketing hype term, it is real and it is becoming more real by the week. >> And so I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed, what about startups? Are startups more risky in a crisis like this? And one of your panelists, I just loved his comment, he said, one of the things that I've always done, he said, you always hear about the guy, oh we're going to to the garden, we're going to check out the magic water, we'll pick out three guys in the upper right hand corner and test them out, he says, one of the things that I've always liked to do, is I'll pick two from the upper right, and I'll take one from the lower left, one of the emerging techs and I'll give them a shot, they won't win every time but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment and honestly if you're in charge of procurement, you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiation leverage and I can say, oh well I can always just take their contract. So it's silly not to do it from a business perspective, but from a technology perspective what we kept hearing from these people with the smaller vendors and my partner Peter Steube, my colleague and I we did the host together, we asked this question, really believing that the financial insecurity of the moment in the times would make smaller vendors not viable. We heard the exact opposite, what our panelists said was no, I'd be happy to work with a smaller vendor right now because they're going to give me pricing flexibility, they're going to work with me right now, I don't need to pay them upfront because we're seeing a permanent shift from CAPEX to OPEX and the smaller vendors are willing to work with me and I can pay them later. So we were actually surprised to hear that and glad to hear it because to connect to your other point, the other person who was talking about security in a platform approach versus best of breed, he said listen, platform approaches you're already with the vendor you can bundle a little bit, but the problem is if you're just going to acquire a new technology every time there's a new threat, the bad guys are just going to switch the threat and you can't acquire indefinitely so therefore best of breed with security will always beat platform and that's kind of a message to Palo Alto and Cisco in my opinion because they seem to be the ones fighting that out, even Microsoft now trying to say that they're a platform approach in security. >> Wow and it says to me the security business is going to as we predicted is going to stay fragmented because you're still going to get that best of breed, you know just like cloud is going to be fragmented and it's you know multiple vendors, ever since I've been in this business people are trying to consolidate the number of vendors but technology moves so quickly, it gives competitive advantage, Erik, awesome thank you so much for joining us, I'm looking forward to next Tuesday with the next VENN and love to have you back and talk about it any time, you're a great guest, thanks so much. >> Certainly! I'll do my best to get a better AV connection the next time guys, I apologize for that, but it was great talking to you guys. >> Hey, we're all learning you know, so thank you everybody for watching, this Dave Vellante for theCUBE and we'll see you next time. (upbeat music)

>> From theCUBE Studios in Palo Alto, in Boston connecting with alt leaders all around the world, This is a CUBE conversation. >> Hello everybody, this is Dave Vellante and welcome to this Breaking Analysis. I'm here with Erik Bradley, who's the managing director of ETR and runs their VEN program. Erik good to see you. >> Very nice to see you too Dave. Hope you're doing well. >> Yeah, I'm doing okay hanging in there. You know, you guys in New York are fighting the battle. Looks like we're making some progress here so, you know, all the best, you and your family and the wider community. I'm really excited to have you on today because I had the pleasure of sitting in on a CIO/ CISO panel last week. And we're going to explain sort of what that's all about, but one of the things ETR does that I really like is they go deeper with anecdotal information and it's almost like in-depth interviews in these round tables. So they compliment their quarterly surveys, and their other drill down surveys, with other anecdotal information for people in their community. So it's a tried and true survey practice that adds some color to the dataset. So guys if you bring up the agenda, I want to share with the audience what we're going to talk about today. So, we'll talk a little bit about, you know we just did intros, I want to ask Erik, what ETR VENN is and then we'll go through some of the guests, but if we go back to Erik, explain a little bit about VENN and the whole process and how you guys do that. >> Yeah sure, we should hire you for marketing. You just did a great job, actually, describing that, but about three years ago what we decided was, ETR does an amazing job collecting the data. It can tell you what's happening, who it's happening to and when it's happening. But it can't always tell you why it's happened. So leveraging a lot of my background in twenty-plus years in journalism and institutional Wall Street research, we decided to take the ETR community, the people that actually take the surveys, and start doing interviews with them and start doing events with them. And enable to doing that, we're basically just trying to compliment the survey findings and the data. So what we always say is that ETR will always give you the quantitative answer and VENN will give you the qualitative answer. >> Now guys, let's bring up the agenda slide again, let's take a look at the folks that participated in the round table. Now, for ETR's clients, they actually know the names and the titles and well the company that these guys work for. We've anonymized it for the public. But you had a CIO of a Global Auto Supplier, a CISO of a Diversified Holdings Firm, who actually had some hospitality exposure but also some government contract manufacturing exposure. Chief Architect of a Software ISV and a VP and CISO of a Global Hospitality Resort Chain. So you had three out of the for, Erik, were really in industries that are getting hit hard. Obviously the software company maybe a little bit better. But maybe you can add some color to that. >> Well actually the software company, unfortunately, was getting hit hard as well because they're a software ISV that actually plays into the manufacturing space as well. So, this particular panel of CIOs and CISOs were actually in a very hard hit industries. And are going to make sure we do two more follow-ups with different industry verticals to make sure we're getting a little bit of a wider berth and collect all of that information in a better way. But coming back to this particular call, the whole reason we did this, and as you know, you spoke to my colleague and friend, Sagar Kadakia, who is the Director of Research for ETR, and we were nimble enough to actually change our survey while it was in the field, to start collecting data on what the real-time impact was on the COVID-19 pandemic. We were able to take that information, extrapolate it, and then say okay let's start reading out to these people and dig deeper. Find out why it's happening and even more so, is it permanent? And which vendors are going to win and which vendors might lose from it. So that was the whole reason we set up the series of calls. We've only conducted on so far. We have another one this coming Tuesday as well with four entirely new panelists that are going to be from different industry verticals because, as you astutely pointed out, these verticals were very hard hit and not all of them are as hard as others. So it's important to get a wider cross-section. >> So, guys let's take a look at some of the budget impacts the anecdotal evidence that we gathered here. So let me just scan through it and then Erik, I'll ask you to comment. So, you know, like Erik said, some hard hit industries. All major projects, anything sort of next-generation, have been essentially shelved. That was the ISV. And then another one, we cut at least 70% of the big projects moving forward. He mentioned ServiceNow actually calls them out, but the ServiceNow is a SaaS company they'll probably, you know, weather the storm here. But he did say we've put that on hold. The best comment, you know, "As-a-service has Saved our SaaS." (Erik laughs) That one's great. And then we're going to get into some of the networking commentary. Some really interesting things about how to support the work from home. You know, kind of shifting from a hardened top into remote workers. And then a lot of commentary on security. So, you know, that's sort of a high level scan and there's just so much information here Erik, but maybe you could sort of summarize on some of that commentary. >> Yeah, we should definitely dig into each of those sectors a little more, but to summarize what we're seeing here was the real winners and losers are clear. Not everyone was prepared to have a work from home strategy. Not everyone was prepared to send their workers out. Their VPN wasn't, they didn't have enough bandwidth. So there was a real quick uptick in spending, but longer term we're starting to see that these changes will become more permanent. So the real winners and losers right now, we're going to see on the loser's side traditional networking. The MPLS networking is in a lot of trouble according to all the data and the commentary that we're seeing. It's expensive, it's difficult to ramp to up bandwidth as quickly as you need and it doesn't support remote. So we're seeing that lose out and the winners there are in the SD-WAN space. It's going to be impossible to ignore that going forward and some of our CIO and CISO panelists said that change will be permanent. Also, we're seeing, at the same time, what they were calling a "SaaS and Cloud". Now, we know these trends obviously were already happening but they're being exacerbated. They're happening even more quickly and more strong. And I don't see that changing any time soon. That, of course, is at the expense of network, I'm sorry, data centers. Whether it be your own or hosted. Which has huge ramifications on on-prem hardware. Even the firewall providers. So what we're seeing here is obviously we know things are going to be impacted by this situation. We didn't necessarily expect all of our community members and IT decision-makers to talk about them being possibly permanent. So that on a high level was something that was extremely interesting. And the last one that I would bring up is that as we make this shift towards working from home, towards remote access, you also have to align yourself with the security that can support that. And one of the things that we're seeing in our data side on ETR, is a widening bifurcation between the next-generation security vendors and the more traditional security or the legacy security players. That bifurcation just keeps getting wider and wider and this situation could be the last straw. >> So I want to follow up on a couple of those things. You're talking about sort of the network shift you know, towards the SD-WAN. What people have described to me is that they got a, you know, a hardened top. It's a hierarchical network. It's very well understood and it's safe, right? And now all of a sudden you got all those remote workers and so you've got to completely soft of rethink your whole network architecture. The other thing I want to drill into is your Cloud commentary. There's a comment that I saw, Erik, that really stood out. One of the folks said, "I would like to see the data centers "be completely deleted, if you will, or closed down." I think we're going to see, you know, a lot more of this obviously. Not only from the standpoint of, and you heard this a lot, the kind of paid by the drink. But just generally getting rid of all that sort of so-called non-differentiated heavy-lifting as we often hear about. >> That is a extreme comment. I don't think everyone feels that way. But, yes, the comment was made and we've heard the comment from other people. As you and I both know, the larger the enterprise the harder that is to go completely SaaS. But yeah, when a situation like this has and see the inflexibility of their on-prem infrastructure, yes it becomes something that really has to be addressed and it can become a permanent change. I was also shocked about that comment. That gentleman also stated that his executives outside of the ITs area, the CEO, the CFO, had never ever, ever wanted to discuss Cloud. They did not want to discuss work from home. They did not want to discuss remote access. He said that conversation has changed immediately and to the credit of the actual IT companies out there, the technology companies, they're doing everything they can with this opportunity to make that happen. >> Yeah, and so you're right the whole work from home conversation. To your point earlier, Erik, big chunks of COVID, the post-COVID world are going to remain permanent. Guys bring up the SaaS slide if you will. The SaaS commentary, "As-a-Service Saved our SaaS." "The wittiest quip award" going to the ETR. You know, but you had, what's very interesting to hear folks, in fact I think somebody even called out, "Hey," you know, "we expected Oracle to," you know, "be auditing us but they're actually being supportive "as is IBM." Salesforce was an interesting common, Erik. One of the folks said they would share accounts on-prem, but when they all do the work from home they had to actually buy some more. You also got Cisco with big props. Microsoft was called out. A lot of organizations actually allowing them to defer payments. So the SaaS vendors actually got very high marks didn't they? >> They really did and even I wrote that summary and it was difficult to write that about Oracle because we all know that they're infamous for auditing their own customers in 2009 right after we came out of financial crisis. They have notoriously been a-- I don't know if they found religion and they decided to be nice to their customers, but every-single person mentioned them as one of the vendors that was actually helping. That was very shocking. And we all know that when bad situations happen people become opportunistic. And right now it's really seeming that the SaaS vendors understand that they need a longterm relationship with these customers and they're being altruistic instead. Which is really nice. >> Yeah I think that anybody with a Cloud realizes that hey, we have an opportunity here that the lifetime value of that customer, whereas maybe in 2009 when Oracle didn't have a Cloud, they had to get people in a headlock to try to persevere their, you know, income statement. Let's go to the networking drill down guys, that next slide because Fortinet, some of the things we've been reporting on is the sort of divergence in evaluations between Fortinet and Palo Alto before this whole thing hit, Fortinet has done a really good job with its Cloud offerings. Palo Alto struggles a little bit with trying to figure out the sales compensation, is maybe a little bit behind. Although both companies got strong props and I've talked to a number of customers, Palo Alto is going to be in the mix. Fortinet, from a Cloud standpoint, seems to be doing quite well? Obviously networking, Cisco is the big gorilla there. But we also got call outs from guys like Trend Micro which was interesting, from some of the folks. So, your thoughts on this Erik. >> Yeah, I'll start on the networking side because this is something that I've really, I've dug into quite amount, in not only this panel, but a lot of interviews and it really seems as if as networking refresh starts to come up, and it's coming up with a lot of large enterprises, when your network refresh comes up people are going to do an RFP for SD-WAN. They are sick and tired of paying MPLS network vendors and they really want to look at something else. That was even prior to this situation. Now what we're hearing is this is a permanent change. I particularly had one person say, I wanted to find this quote real quickly if I can, but basically they basically saying that, "From a permanency perspective, the freedom from MTLS "will reduce our networks spend by over half "while more than doubling or tripling our bandwidth." You can't ignore that. You're going to save me money and triple my bandwidth, and hey by the way, my refresh is due. It's something that's coming and it's going to happen. And yes, you mentioned the few right? There's Viptela, there's Velocloud, there's some big players like Cisco. The Palo Alto just acquired CloudGenix in the midst of all of this. They just went and got an SD-WAN player themselves. And they just keep acquiring a portfolio to shift from their on-prem to next-generation. It's going to take some time, because 70% plus of their revenues is still on-prem hardware, but I do believe that their portfolio that they're creating is the way the world is moving. And that's just one comment on the traditional networking versus the next-generation SD-WAN. >> And the customers have indicated, you know it's not easy just to get off of their MPLS network. I mean it takes time, it's like slowly pulling of the bandaid. But, like many things, COVID-19 is sort of accelerating that. We haven't talked about digital transformation. That came up as a maybe more strategic initiative. But one that very clearly has legs. >> You know, David, it's very simple. You just said it. People, when things are going well and they're comfortable, they don't change. And that's the same for an enterpriser company. Hey, everything's great, our revenue's fine. Why would we do this? We'll worry about that next year. Then something like this happens and you realize wow, we've been dragging our feet. That digital transformation that we've been talking about, and we've been a little bit slow to accept, we need to accept it, we need to move now. And yes, it was another one of the major themes and it sounds silly for researchers like you and I because we know this is a theme. We know Clouded option is there, we know digital transformation is there. But, there are still a lot of people that haven't moved as quickly as they should and this is going to be that final catalyst to get them there, without a doubt. Quickly on your point of Fortinet, I was actually very impressed with the commentary that came from that because Fortinet is sometimes one of those names that you think of that maybe plays in a smaller pool or isn't as big as some of the 800 pound gorillas out there. But in other other interviews besides this I've heard the phrase coined of "Forti-everything". So through RND and through acquisition, Fortinet has really expanded the portfolio and right now is their time to shine because when you have smaller satellite, you know, offices and branches that you need to connect, they're really, really good at it. And you don't always want to call a Palo Alto and pay that price when you have smaller branch offices. And I actually, I was glad you brought up Fortinet because it's not a name that we get to herald that often and it was deserving from this panel. >> Yeah and, you know, companies that can secure gateways, secure endpoints, obviously going to have momentum. Zscaler came up, you know I think that, and I'll tell ya, looking at, I've done a couple of breaking analysis on security and Fortinet has been strong in two dimensions. You know ETR is, as our audience is I think getting to know. We really look at two key metrics. One is net score, which is a measure of spending momentum, and the other is market share, which is a measure of pervasiveness. And companies like Fortinet, in security, show up on both of those dimensions so it's notable. >> Yes, it certainly is, it is. And I'm glad you brought up Zscaler too. Very recently by client request, we did a very in-depth research on Zscaler versus Palo Alto Prisma Access and they were very interested. This was before all this happened, you know. Does Palo Alto have a chance of catching up, taking share from Zscaler. And I've had the pleasure, myself, personally hosting Jay the CEO of Zscaler at an event in New York City. And I have nothing but incredible respect for the company. But what we found out through this research is Zscaler, at the moment, their technology is still ahead, according to their answers. There's no doubt. However, there doesn't seem to be any real secret sauce that will stop Palo Alto from catching up. So we do believe the parody of feature set will shrink over time. And then it will come down to Palo Alto obviously has a wider and user base. Now, what's happening today might change that. Because if I had to make a decision right now, for my company on secure web gateway, I'm still probably going to go to Zscaler. It's the name. If I had to choose that in a year from now, Palo Alto might have had a better chance. So in this panel, as you brought up, Zscaler was mentioned numerous times as just the wave of the future. Along with CASB brokers right? Whether you're talking about a Netskoper or Forcepointer. All those people that also play in CASB space to secure your access. Zero trust is no longer a marketing-hype term. It is real and it is becoming more real by the week. >> And so, I want to kind of end on one of the other comments that really struck me because we're constantly talking about okay, do you go with a portfolio of a suite of services or do you go with best of breed? What about startups? Are startups more risky in a crisis like this? And one of your panelists, I just love this comment, he said, "One of things that I've always done," he said, "You always hear about the guy, "oh we're going to go to the gardener, we're going to "check out the magic water, we'll pick out three guys "in the upper right hand corner and test them out." He says, "One of the things I always like to do, "I'll pick two from the upper right "and I'll take one from the lower left." One of the emerging, text, "And I'll give em a shot." It won't win every time, but then he called out FireEye as one of the organizations that he found early that gave them competitive advantage. >> Right. >> Love that comment. >> It's a great comment. And honestly if you're in charge of procurement you'd be stupid not to do that. Not only just to see what the technology is, but now I can play you off the big guys because I have negotiating leverage and I can say oh, well I could always just take their contract. So it's silly not to do it from a business perspective. But from technology perspective, what we kept hearing from these people with the smaller vendors. My partner Peter Steube, my colleague and I, we did the host together, we asked this question really believing that the financial insecurity of the moment and the times would make smaller vendors not viable. We heard the exact opposite. What our panelists said was, "No, I'd be happy "to work with a smaller vendor right now "because they're going to give me pricing flexibility, "they're going to work with me right now. "I don't need to pay them upfront "because we're seeing a permanent shift from CapEx to OpEX, "and the smaller vendors are willing to work with me and I can pay them later." So we were actually surprised to hear that and glad to hear it because, to connect to your other point, the other person who was talking about security and the platform approach versus best of breed, he said "Listen, platform approaches you're already "with the vendor, you can bundle a little bit. "But the problem is, if you're just going to acquire "a new technology every time there's a new threat, "the bad guys are just going to switch the threat. "And you can't acquire indefinitely. "So therefore, best of breed with security "will always beat platform." And that's kind of a message to Palo Alto and Cisco, in my opinion, because they seem to be the ones fighting that out. Even Microsoft now, trying to say they're a platform approach in security. >> Well and this says to me the security business, as we predicted, is going to stay fragmented because you're still going to get that best of breed. You know, just like Cloud is going to be fragmented and it's, you know, multiple vendors. Ever since I've been in this business people are trying to consolidate the number of vendors, but technology moves so quickly, it gives competitive advantage. Erik, awesome! Thank you so much for joining us. I'm looking forward to next Tuesday with the next vendor and love to have you back and talk about it anytime. You're a great guest, thanks so much. >> Certainly, I'll do my best to get a better AV connection the next time guys, I apologize for that. But it was great talking to you tonight. >> Hey we're all learning, you know so, thank you everybody for watching, this is Dave Vellante for theCUBE and we'll see you next time. (upbeat music)

>> Narrator: From theCUBE Studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE Conversation. >> Hey, welcome to this CUBE Conversation. I'm John Furrier, Host of theCUBE here in Palo Alto, California, for a special conversation with an industry analyst who's been, who travels a lot, does a lot of events, covers the industry, up and down, economically and also some of the big trends, to talk about how the at scale problem that the COVID-19 is causing. Whether it's a lot of people are working at home for the first time, to at scale network problems, the pressure points that this is exposing for what I would call the mainstream world is a great topic. Zeus Kerravala, Founder and Principal Analyst at ZK Research, friend of theCUBE. Zeus, welcome back to theCUBE. Good to see you remotely. We're, as you know, working in place here. I came to the studio for, with our quarantine crew here, to get these stories out, 'cause they're super important. Thanks for spending the time. >> Hi, yeah, thanks, it's certainly been an interesting last couple months and we're probably, maybe half way through this, I'm guessing. >> Yeah, and no matter what happens the new reality of this current situation or mess or whatever you want to call it is the fact that it has awakened what us industry insiders have been seeing for a long time, big data, new networks, cloud native, micro-services, kind of at scale, scale out infrastructure, kind of the stuff that we've been kind of covering is now exposed for the whole world to see on a Petri dish that is called COVID-19, going, "Wow, this world has changed." This is highlighting the problems. Can you share your view of what are some of those things that people are experiencing for the first time and what's the reaction, what's your reaction to it all? >> Yeah, it's been kind of an interesting last couple of months when I talk to CIO's about how they're adapting to this. You know, when, before I was an analyst, John, I was actually in corporate IT. I was part of a business continuity plans group for companies and the whole definition of business continuity's changed. When I was in corporate IT, we thought of business continuity as being able to run the company with a minimal set of services for a week or a month or something like that. So, for instance, I was in charge of corporate technology and financial services firm and we thought, "Well, if we have 50 traders, can we get by with 10", right? Business continuity today is I need to run the entire organization with my full staff for an indefinite period of time, right? And that is substantially different mandate than thinking of how I run a minimal set of services to just maintain the bare minimum business operations and I think that's exposed a lot of things for a lot of companies. You know, for instance, I've talked to so many companies today where the majority of their employees have never worked remote. For you or I, we're mobile professionals. We do this all the time. We travel around. We go to conferences. We do this stuff all, it's second nature. But for a lot of employees, you think of contact center agents, in store people, things like that, they've never worked from home before. And so, all of a sudden, the new reality is they've got to set up a computer in the kitchen or their bedroom or something like that and start working from home. Also for companies, they've never had to think about a world where everybody worked remotely, right? So the VP in Infrastructure would have, the cloud apps they have, the remote access technology they have was set up for a subset of users, maybe 10%, maybe 15%, but certainly not everybody. And so now we're seeing corporate networks get crushed. All the cloud providers are getting crushed. I know some of the conferencing companies, the video companies are having to double, triple capacity. And so I think to your point when you started this, we would have seen this eventually with all the data coming in and all the new devices being connected. I think what COVID did was just accelerate it just to the point where it's exposed to everything at once. >> Yeah, and you know, I have a lot of, being an entrepreneur and done a lot of corporate legal contracts. The word force majeure is always a phrase that's a legal jargon, which means act of God or so to speak, something you can't control. I think what's interesting to your point is that the playbook in IT, even some of the most cutting edge IT, is forecasting some disruption, but never like this. And also disaster recovery and business continuity, as you mentioned, have been practices, but state of the art has been percentages of overall. But disaster recovery was a hurricane, or a power outage, so generators, fail over sites or regions of your cloud, not a change in a new vector. So the disruption is not disruption. It's an amplification of a new work stream. That's the disruption. That's what you're saying. >> Yeah, you know, that's correct. Business continuity used to be very data center-focused. It was, how do I get my power? How do I create some, replicate my office and have 50 desks in here, instead of 500? But now it's everybody working remotely, so I got to have ways for them to collaborate. I have to have ways for them to talk to customers. I have to have ways for them to deliver services. I have to enable people to do what they did in the office, but not in the office, right? And so that's been the big challenge and I think it's been an interesting test for CIO's that have been going through digital transformation plans. I think it's shifted a lot of budgets around and made companies look at the way they do things. There's also the social aspect of a job. People like to go to the office. They like to interact with co-workers. And I've talked to some companies where they're bringing in medical doctors, they're bringing in psychologists to talk to their employees, because if you're never worked from home before, it's quite a big difference. The other aspect of this that's underappreciated, I think, is the fact that now our kids are home, right? >> John: Yeah. (laughter) >> So we've got to contend with that. And I know that the first day that the shelter in place order got put in place for the San Francisco area, a new call, I believe a new version of Call of Duty had just come out. You know, we had some new shows pop up in Netflix, some series continuances. So now these kids who are at home are bored. They're downloading content. They're playing games. At the same time, we're trying to work and we're trying to do video calls and we're trying to bring in multiple video streams or even if they're in classrooms, they're doing Zoom-based calls, that type of thing, or using WebEx or an application like that, and it's played havoc on corporate networks, not just company networks, and so... >> Also Comcast and the providers, AT&T. You've got the fiber seems to be doing well, but Comcast is throttling. I mean, this is the crisis. It's a new vector of disruption. But how do you develop... >> Yeah, YouTube said that they're going to throttle down. Well, I think what this is is it makes you look at how you handle your traffic. And I think there's plenty of bandwidth out there. And even the most basic home routers are capable of prioritizing traffic and I think there's a number of IT leaders I've talked who have actually gone through the steps of helping their employees understand how you use your home networking technology to be able to prioritize video and corporate voice traffic over top. There are corporate ways to do that. You know, for instance, Aruba and Extreme Networks both offer these remote access points where you just plug 'em in and you're connected through a corporate network and you pick up all the policies. But even without that, there's ways to do with home. So I think it's made us rethink networking. Instead of the network being a home network, a WiFi network, a data center network, right, the Internet, we need to think about this grand network as one network and then how we control the quality of a cloud app when the person's home to the cloud, all the way back to the company, because that's what drives user experience. >> I think you're highlighting something really important. And I just want to illustrate and have you double down on more commentary on this, because I think, you know, the one network where we're all part of one network concept shows that the perimeter's dead. That's what we've been saying about the cloud, but also if you think about just the crimes of opportunity that are happening. You've got the hacker and hacking situation. You have all kinds of things that are impacted. There's crimes of opportunity, and there's disruption that's happening because of the opportunity. Can you just share more and unpack that concept of this one network? What are some of the things that business are thinking about now? You've got the VPN. You've got collaboration tools that sometimes are half-baked. I mean, I love Zoom and all, but Zoom is crashing too. I mean, WebEx is more corporate-oriented, but not really as strong as what Zoom is for the consumer. But still they have an opportunity, but they have a challenge as well. So all these work tools are kind of half-baked too. (laughing) >> Well, the thing is they were never designed... I remember seeing in an interview that Chuck Robbins had on CNBC where he said, "We didn't design WebEx to support everybody working from home". It just, that wasn't even a thought. Nowhere did he ever go to his team and say, build this for the whole world to connect, right? And so, every one of the video providers and the cloud collaboration providers have problems, and I don't really blame them, because this is a dynamic we were never expecting to see. I think you brought up a good point on the security side. We, a lot has been written about how more and more companies are moving to these online tools, like Zoom and WebEx and applications like that to let us communicate, but what does that mean from a security perspective? Now`all of sudden I have people working from home. They're using these Web-based applications. I remember a conversation I had about six months ago with one of the world's most famous hackers who does nothing but penetration tests now. He said that the cloud-based applications are his number one entry point into companies and to penetrate them, because people's passwords and things like that are fairly weak. So, now we're moving everything to the cloud. We're moving everything to these SaaS apps, right? And so now it's creating more exposure points. We've got fishers out there that are using the term COVID or Corona as a way to get people to click on links they shouldn't. And so now our whole security paradigm has blown up, right? So we used to have this hard shell we could drop around our company. We can't do that anymore. And we have to start worrying about things on an app-by-app basis. And it's caused companies to rethink security, to look at multi-factor authentication tools. I think those are a lot better. We have to look at Casb tools, the cloud access tools, kind of monitor what apps people are using, what they're not using. Trying to cut down on the use of consumer tools, right? So it's a lot for the security practice to take ahold of too. And you have to understand, even from a company standpoint, your security operations center was built on the concept they pull all their data into one location. SOC engineers aren't used to working remotely as well, so that's a big change as well. How do I get my data analyzed and to my SOC engineers when they're working from home? >> You know, we have coined the term Black Friday for the day after, you know, Thanksgiving. >> Thanksgiving, yeah. >> You know, the big surge, but that's a term to describe that first experience of, holy shit, everyone's going to the websites and they all crashed. So we're kind of having that same moment now, to your point earlier. So I want to read a statement that was on Nima Baidey's LinkedIn. He's at Google now, former Pivotal guy. You probably know him. He had a little graphic that says, "Who led the digital transformation of your company?" It's got a poll with a question mark. "A) Your CEO, B) your CTO, or C) COVID-19"? And it circles COVID-19 and that's the image and that's the meme that's going around. But the reality is it is highlighting it and I want to get your thoughts on this next track of thinking around how people may shift their focus and their spend, because, hey, hybrid cloud's great and multicloud's the next big wave, but screw multicloud. If I can't actually fix my current situation, maybe I'll push off some of the multicloud stuff or maybe I won't. So, how do you see the give and get of project prioritization, because I think this is going to wake everyone up. You mentioned security, clearly. >> Yeah, well, I think it has woken everybody up and I think companies now are really rethinking how they operate. I don't believe we're going to stop traveling. I think once this is over, people are going to hop back on planes. I also don't believe that we'll never go back into the office. I think the big shift here though, John, is we will see more acceptance to hire people out of region. I think that it's proved that you don't have to be in the office, right, which will drive these collaboration tools. And I also think we'll see less use of desktop phones and more use of video means. So now that people are getting used to using these types of tools, I think they're starting to like the experience. And so voice calls get replaced by video calls and that is going to crush our networks in buildings. So we've got WiFi 6 coming. We've got 5G coming, right. We've got lots of security tools out there. And I think you'll see a lot of prioritization to the network and that's kind of an interesting thing, because historically, the network didn't get a lot of C level time, right? It was those people in the basement. We didn't really know what they did. I'm a former network engineer. I was treated that way. (laughing) But most digital organizations now have to come to the realization that they're network-centric, and then so the network is the business and that's not something that anybody's ever put a lot of focus on. But if you look at the building blocks of digital IoT, mobility, cloud, the writing's been on the wall for a while, and I've written this several times. But you need to pay more attention to the network. And I think we're finally going to see that transition, some prioritization of dollars there. >> Yeah, I will attest you have been very vocal and right on point on that, so props to that. I do want to also double amplify your point. The network drives everything, that's clear. I think the other thing that's interesting and used to be kind of a cliche in a pejorative way is the user is the product. I think that's a term that's been coined to Facebook. You know, you're data. You're the product. If you're the product, that's a problem, you know. To describe Facebook as the app that monetizes you, the user. I think this situation has really pointed out that yes, it's good to be the product. The user value and the network are two now end points of the spectrum. The network's got to be kick ass from the ground up, but the user is the product now, and it should be, in a good way, not exploiting. So I think if you're thinking about user-centric value, how my kid can play Call of Duty, how my family can watch the new episode on Netflix, how I can do a kick ass Zoom call, that's my experience. The network does its job. The application service takes advantage of making me happy. So I think this is interesting, right. So we're getting a new thing here. How real do you think that is? Where are we on the spectrum of that nirvana? >> I think we're rapidly approaching that. I think it's been well documented that 2020 was the year that customer experience become the number one brand differentiate, right. In fact, I think it was actually 2018 that that happened, but Walker and Gartner and a few other companies would be 2020. And what that means is that if you're a business, you need to provide exemplary customer service in order to gain share. I think one of the things that was lost in there is that employee experience has to be best in class as well. And so I think a lot of businesses over-rotated the spin away from employee experience to customer experience, and rightfully so, but now they got to rotate back to make sure their workers have the right tools, have the right services, have the right data, to do their jobs better, because when they do, they can turn around and provide customers better experience. So this isn't just about training your people to service customers well. It's about making sure people have the right data, the right information to do their jobs, to collaborate better, right. And there's really a tight coupling now between the consumer and the employee, or the customer and the employee. And, you know, Corona kind of exposed to that, 'cause it shows that we're all connected, in a way. And the connection of people, whether they're the customers or employees or something, that businesses have to focus on. So I think we'll see some dollars sign back to internal, not just customer facing. >> Yeah, well, great insight. And, first of all, we all connect to your great CUBE alumni. But you're also right up the street in California. We're in Palo Alto. You're in San Mateo. You literally could have driven here, but we're sheltering in place. >> We're sheltered in place. >> Great insight and, you know, thanks for sharing that and I think it's good content for people, you know, be aware of this. Obviously they're living in it right now, but I think the world is going to be back to business soon, but it's never going to be the same. I think it's digital... >> No, it'll never be the same. I think this is a real watershed point for the way we work and the way we treat our employees and our customers. I think you'll see a lot of companies make a lot of change. And that's good for the whole industry, 'cause it'll drive innovation. And I think we'll have some innovation come out of this that we never saw before. >> Quick final word for the folks that are on this big wave that's happening. It's reality. It's the current situation now. What's your advice for them as they get on their surfboard, so to speak, and ride this wave? What's your advice to them? >> Yeah, I think use this opportunity to find those weak points in your networks and find out where the bottlenecks are, because I think having everybody work remotely exposes a lot of problems in processes and where a lot of the hiccups happen. But I do think my final word is invest in the network. I think a lot of the networks out there have been badly under-invested in, which I think is why people get frustrated when they're in stadiums or hotels or casinos. I think the world is shifting. Applications and people are becoming network-centric. And if those don't work, nothing works. And I think that's really been proven over the last couple months. If our networks can't handle the traffic and our networks can't handle what we're doing, nothing works. >> You know, you and I could do a podcast show called "No Latency"... >> (mumbles) so it'll be good. >> Zeus, thanks for coming on. I appreciate taking the time. >> No problem, John. >> Stay safe. And I want to follow up with you and get a check in further down the road, in a couple days or maybe next week, if you can. >> Yeah, looking forward to it. >> Thanks a lot. Okay, I'm John Furrier here in Palo Alto Studios doing the remote interviews, getting the quick stories that matter, help you out, and (mumbles) great guest there. Check out ZK Research, a great friend of theCUBE, cutting edge, knows the networking. This is an important area. The network, the users' experience is critical. Thanks for coming and watching today. I'm John Furrier. Thanks for watching. (lighthearted music)

>> Live from Boston, Massachusetts, it's The Cube, covering AWS re:Inforce 2019. Brought to you by Amazon web services and its ecosystem partners. >> Hey, welcome back everyone. It's The Cube's live coverage here in Boston, Massachusetts for AWS re:Inforce. This is Amazon web services' inaugural security conference around Cloud security. I'm John Furrier. My host Dave Vellante. We've got special guest, we've got another CSO, Dan Meacham, VP of Security and Operations at Legendary Entertainment. Great to see you. Thanks for coming on The Cube. >> Oh, thank you. It's a very pleasure to be here. >> We had some fun time watching the Red Socks game the other night. It was the best night to watch baseball. They did win. >> Was it ever. >> Always good to go to Fenway Park, but we were talking when we were socializing, watching the Red Socks game at Fenway Park about your experience. You've seen a lot of waves of technology you've been involved in. >> Yes, yes. >> Gettin' dirty with your hands and gettin' coding and then, but now running VP of Security, you've seen a lot of stuff. >> Oh. >> You've seen the good, bad, and the ugly. (laughing) >> Yeah, fun business. >> It is. >> You guys did Hangover, right? >> Yes. >> Dark Knight. >> Yes. >> Some really cool videos. >> Good stuff there, yeah. And it's just amazing cause, you know, how much technology has changed over the years and starting back out in the mid-eighties and early nineties. Sometimes I'm just like, oh, if I could only go back to the IPXSX days and just get rid of botnets and things like that. (laughing) That'd be so much easier. Right? >> The big conversation we're having here, obviously, is Amazon's Security Conference. What's your take on it? Again, security's not new, but their trying to bring this vibe of shared responsibility. Makes sense because they've got half of the security equation, but you're seeing a lot of people really focusing on security. What's your take of, so far, as an attendee? >> Well, as we look and, cause I like to go to these different things. One, first to thank everybody for coming because it's a huge investment of time and money to be at these different shows, but I go to every single booth to kind of take a look to see where they are cause sometimes when we look at some of the different technology, they may have this idea of what they want the company to be and they're maybe only a couple years old, but we may see it as a totally different application and like to take those ideas and innovate them and steer them in another direction that kind of best suits our needs. But a lot of times you see a lot of replay of the same things over and over again. A lot of folks just kind of miss some of the general ideas. And, um, this particular floor that we have, there's some interesting components that are out there. There's a lot of folks that are all about configuration management and auto correction of misconfigured environments and things like that. Which is good, but I think when we look at the shared responsibility model and so forth, there's some components that a lot of folks don't really understand they really have to embrace in their environment. They think, oh it's just a configuration management, it's just a particular checklist or some other things that may fix something, but we really got to talk about the roots of some of the other things because if it's not in your data center and it's out somewhere else, doesn't mean you transfer the liability. You still have the ownership, there's still some practice you got to focus on. >> Take us through the Cloud journey with Legendary. You put some exchange service out there. Continue. >> Yes, and so as we started bringing these other different SaaS models because we didn't want to have the risk of if something went down we lost everything, but as we did that and started embracing Shadow IT, because if this worked for this particular department, we realized that there wasn't necessarily a applicable way to manage all of those environments simultaneous. What we mean after the standpoint, like we mentioned before, the MFA for each of these different components of the Cloud applications. So that naturally led us into something like single sign-on that we can work with that. But as we started looking at the single sign-on and the device management, it wasn't so much that I can't trust you devices, it's how do I trust your device? And so that's when we created this idea of a user-centric security architecture. So it's not necessarily a zero trust, it's more of a, how can I build a trust around you? So, if your phone trusts you based off of iometrics, let me create a whole world around that, that trust circle and build some pieces there. >> Okay, so, let me just interrupt and make sure we understand this. So, you decided to go Cloud-First. You had some stuff in colo and then said, okay, we need to really rethink how we secure our operations, right? So, you came up with kind of a new approach. >> Correct. >> Cloud approach. >> Absolutely. And it's Cloud and so by doing that then, trying to focus in on how we can build that trust, but also better manage the applications because, say for example, if I have a collaboration tool where all my files are, I may want to have some sort of protection on data loss prevention. Well, that Cloud application may have its own piece that I can orchestrate with, but then so does this one that's over here and this one over here and so now I've got to manage multiple policies in multiple locations, so as we were going down that piece, we had to say, how do we lasso the security around all these applications? And so, in that particular piece, we went ahead and we look forward at where is the technology is, so early on, all we had were very advanced sims where if I get reporting on user activity or anomalies, then I had limited actions and activities, which is fine, but then the CASB world ended up changing. Before, they were talking about Shallow IT, now they actually do policy enforcement, so then that allowed us to then create a lasso around our Cloud applications and say, I want to have a data loss prevention policy that says if you download 5,000 files within one minute, take this action. So, before, in our sim, we would get alert and there were some things we could do and some things we couldn't, but now in the CASB I can now take that as a piece. >> So more refined >> Exactly. >> in policy. Now, did you guys write that code? Did you build it out? Did you use Cloud? >> We work with a partner on help developing all this. >> So, when you think about where the CASBs were five years ago or so, it was all about, can we find Shadow IT? Can we find where social security numbers are? Not necessarily can I manage the environment. So, if you were take a step back to back in the old days when you had disparate in network architecture equipment, right? And you wanted to manage all your switches and firewalls, you had to do console on each and every one. Over time as it progressed, we now had players out there that can give you a single console that can get in and manage the entire network infrastructure, even if it's disparate systems. This is kind of what we're seeing right now within the Cloud, where on the cusp of it, some of then are doing really good and some of them still have a lot of things to catch up to do, but we're totally stoked about how this is working in this particular space. >> So, talk about, like, um, where you are now and the landscape that you see in front of you. Obviously, you have services. I know you. We met through McAfee, you have other, some fenders. You have a lot of people knocking on your doors, telling you stuff. You want to be efficient with your team. >> Yes. >> You want to leverage the Cloud. >> Yes. >> As you look at the landscape and a future scape as well, what're you thinking about? What's on your mind? What's your priorities? How're you going to navigate that? What're some of the things that's driving you? >> (sighing) It's a cornucopia of stuff that's out there. (laughing) Depending on how you want to look at it. And you can specialize in any particular division, but the biggest things that we really want to focus on is we have to protect out data, we have to protect our devices, and we have to protect our users. And so that's kind of that mindset that we're really focused on on how we integrate. The biggest challenges that we have right now is not so much the capability of the technology, because that is continually to evolve and it's going to keep changing. The different challenges that we have when we look in some of these different spaces is the accountability and the incorporation and cooperation because a incident's going to happen. How are you going to engage in that particular incident and how are you going to take action? Just because we put something in the Cloud doesn't mean it was a set and forget kind of thing. Because if it was in my data center, then I know I have to put perimeter around it, I know I got to do back-ups, I know I got to do patch management, but if I put it in the Cloud, I don't have to worry about it. That is not the case. So, what we're finding a lot is, some of these different vendors are trying to couch that as, hey we'll take care of that for you, but in fact, reality is is you got to stay on top of it. >> Yeah. And then you got to make sure all the same security practices are in there. So, the question I have for you is: what's the security view of the Cloud versus on premise (muttering) the data's in the perimeter, okay that's kind of an older concept, but as your thinking about security in Cloud, Cloud security versus on premise, what's the difference? What's the distinction? What's the nuances? >> Well, if we go old-school versus new-school, old-school would say, I can protect every thing that's on prem. That's not necessarily the case that we see today because you have all this smart technology that's actually coming in and is eliminating your perimeter. I mean, back in the day you could say, hey, look, we're not going to allow any connections, inbound or outbound, to only outside the United States cause we're just a U.S.-based company. Well, that's a great focus, but now when you have mobile devices and smart technology, that's not what's happening. So, in my view, there's a lot of different things that you may actually be more secure in the Cloud than you are with things that are on prem based off of the architectural design and the different components that you can put in there. So, if you think about it, if I were to get a CryptoLocker in house, my recovery time objective, recovery point objective is really what was my last back-up. Where if I look at it in the Cloud perspective, it's where was my last snapshot? (stuttering) I may have some compliance competes on there that records the revision of a file up to 40 times or 120 times, so if I hit that CryptoLocker, I have a really high probability of being able to roll back in the Cloud faster than I could if I lost something that was in prem. So, idly, there's a lot more advantages in going with the Cloud than on prem, but again, we are a Cloud-First company. >> Is bad user behavior still your biggest challenge? >> Is it ever! I get just some crazy, stupid things that just happen. >> The Cloud doesn't change that, right? >> No! (laughing) No, you can't change that with technology, but a lot of it has to be with education and awareness. And so we do have a lot of very restrictive policies in our workforce today, but we talk to our users about this, so they understand. And so when we have things that are being blocked for a particular reason, the users know to call us to understand what had happened and in many cases it's, you know, they clicked on a link and it was trying to do a binary that found inside of a picture file of all things on a web browser. Or they decided that they wanted to have the latest Shareware file to move mass files and then only find out that they downloaded it from an inappropriate site that had binaries in it that were bad and you coach them to say, no this is a trusted source, this is the repository where we want you to get these files. But my favorite though is, again, being Cloud-First, there's no reason to VPN into our offices for anything because everything is out there and how we coordinate, right? But we do have VPN set up for when we travel to different countries with regards to, as a media company, you have to stream a lot of different things and, so, if we're trying to pitch different pieces that we may have on another streaming video-on-demand service, some of those services and some of those programmings may not be accessible into other countries or regions of the world. So, doing that allows us to share that. So, then, a lot of times, what we find is we have offices and users that're in different parts of the world that will download a free VPN. (laughing) Because they want to to be able to get to certain types of content. >> Sounds good. >> And then when you're looking at that VPN and that connection, you're realizing that that VPN that they got for free is actually be routed through a country that is not necessarily friendly to the way we do business. They're like, okay, so you're pushing all of our data through that, but we have to work through that, there's still coaching. But fortunately enough, by being Cloud-First, and being how things are architected, we see all that activity, where if was all in prem, we wouldn't necessarily know that that's what they were doing, but because of how the user-centric piece is set-up, we have full visibility and we can do some coaching. >> And that's the biggest issue you've got. Bigtime, yes? Visibility. >> What's a good day for a security practitioner? >> (laughing) A good day for a security practitioner. Well, you know, it's still having people grumpy at you because if they're grumpy at you, then you know you're doing you job, right? Because if everybody loves the security guy, then somebody's slipping something somewhere and it's like, hey, wait a minute, are you really supposed to be doing that? No, not necessarily. A good day is when your users come forward and say, hey, this invoice came in and we know that this isn't out invoice, we want to make sure we have it flagged. And then we can collaborate and work with other studios and say, hey, we're seeing this type of vector of attack. So, a good day is really having our users really be a champion of the security and then sharing that security in a community perspective with the other users inside and also communicating back with IT. So, that's the kind of culture we want to have within out organization. Because we're not necessarily trying to be big brother, we want to make it be able to run fast because if it's not easy to do business with us, then you're not going to do business with us. >> And you guys have a lot of suppliers here at the re:Inforce conference. Obviously, Amazon, Cloud. What other companies you working with? That're here. >> That're here today? Well, CrowdStrike is a excellent partner and a lot of things. We'll have to talk on that a little bit. McAfee, with their MVISION, which was originally sky-high, has just been phenomenal in our security architecture as we've gone through some of the other pieces. We do have Alert Logic and also Splunk. They're here as well, so some great folks. >> McAfee, that was the sky-high acquisition. >> That is correct and now it's MVISION. >> And that's the Cloud group within McAfee. What do they do that you like? >> They brought forth the Cloud access security broker, the CASB product, and one of the things that has just been fascinating and phenomenal in working with them is when we were in evaluation mode a couple of years ago and were using the product, we're like, hey, this is good, but we'd really like to use it in this capacity. Or we want to have these artifacts of this intelligence come out of the analytics and, I kid you not, two weeks later the developers would put it out there in the next update and release. And it was like for a couple of months. And we're like, they're letting us use this product for a set period of time, they're listening to what we're asking for, we haven't even bought it, but they're very forward-thinking, very aggressive and addressing the specific needs from the practitioner's view that they integrated into the product. It was no-brainer to move forward with them. And they continue to still do that with us today. >> So that's a good experience. I always like to ask practitioners, what're some things that vendors are doing that either drive your crazy or they shouldn't be doing? Talk to them and say, hey, don't do this or do this better. >> Well, when you look at your stop-doing and your start doing list and how do you work through that? What really needs to be happening is you need your vendor and your account manager to come out on-site once a quarter to visit with you, right? You're paying for a support on an annual basis, or however it is, but if I have this Cloud application and that application gets breached in some way, how do I escalate that? I know who my account manager is and I know the support line but there needs to be an understanding and an integration into my incidents response plan as when I pick up the phone, what' the number I dial? And then how do we engage quickly? Because now where we are today, if I were to have breach, a compromised system administrator account, even just for 20 minutes, you can lose a lot of data in 20 minutes. And you think about reputation, you think about privacy, you think about databases, credit cards, financials. It can be catastrophic in 20 minutes today with the high-speed rates we can move data. So, my challenge back to the vendors is once a quarter, come out and visit me, make sure that I have that one sheet about what that incident response integration is. Also, take a look at how you've implemented Am I still on track with the artchitecture? Am I using the product I bought from you effectively and efficiently? Or is there something new that I need to be more aware of? Because a lot of times what we see is somebody bought something, but they never leveraged the training, never leveraged the support. And they're only using 10% of the capability of the product and then they just get frustrated and then they spend money and go to the next product down the road, which is good for the honeymoon period, but then you run into the same process again. So, a lot of it really comes back to vendor management more so than it is about the technology and the relationship. >> My final question is: what tech are you excited about these days? Just in general in the industry. Obviously security, you've got the Cloud, you're Cloud-First, so you're on the cutting edge, you've got some good stuff going on. You've got a historical view. What's exciting you these days from a tech perspective? >> Well, over the last couple of years, there's been two different technologies that have really started to explode that I really am excited about. One was leveraging smart cameras and facial recognition and integrating physical stock with cyber security stock. So, if you think about from another perspective, Cameras, surveillance today is, you know, we rewind to see something happen, maybe I can mark something. So, if somebody jumped over a fence, I can see cause it crossed the line. Now the smart cameras over the last three or four or five years have been like, if I lost a child in a museum, I could click on child, it tells me where it is. Great. Take that great in piece and put it in with your cyber, so now if you show up on my set or you're at one of our studios, I want the camera to be able to look at your face, scrub social media and see if we can get a facial recognition to know who you are and then from that particular piece, say okay, has he been talking trash about our movies? Is he stalking one of our talent? From those different perspectives. And then, moreover, looking at the facial expression itself. Are you starstruck? Are you angry? Are you mad? So, then that way, I know instantly in a certain period of time what the risk is and so I can dispatch appropriately to have security there or just know that this person's just been wandering around because they're a fan and they want to know something. So, maybe one of those things where we can bring them a t-shirt and they'll move on onto their way and they're happy. Versus somebody that's going to show up with a weapon and we have some sort of catastrophic event. Now, the second technology that I'm really pretty excited about. Is when we can also talk a little about with the Five G technology. So, when everybody talk about FIJI, you're like, oh, hey, this is great. This is going to be faster, so why are we all stoked about things being super, super fast on cellular? That's the technical part. You got to look at the application or the faculty of things being faster. To put it into perspective, if you think about a few years ago when the first Apple TV came out, everybody was all excited that I could copy my movies on there and then watch it on my TV. Well, when internet and things got faster, that form factor went down to where it was just constantly streaming from iTunes. Same thing with the Google Chrome Cast or the Amazon Fire Stick. There's not a lot of meat to that, but it's a lot of streaming on how it works. And so when you think about the capability from that perspective, you're going to see technology change drastically. So, you're smartphone that holds a lot of data is actually probably going to be a lot smaller because it doesn't have to have all that weight to have all that stuff local because it's going to be real-time connection, but the fascinating thing about that, though, is with all that great opportunity also comes great risk. So, think about it, if we were to have a sphere and if we had a sphere and you had the diameter of that sphere was basically technology capability. As that diameter grows, the volume of the technology that leverages that grows, so all the new things that come in, he's building. But as that sphere continue to grow, what happens is the surface is your threat. Is your threat vector. As it continue to grow, that's going to continue to grow. (stuttering) There's a little but of exponential components, but there's also a lot of mathematical things on how those things relate and so with Five G, as we get these great technologies inside of our sphere, that threat scape on the outside is also going to grow. >> Moore's law in reverse, basically. >> Yeah. >> Surface area is just balloon to be huge. That just kills the perimeter argument right there. >> It does. >> Wow. And then we heard from Steve and Schmidt on the keynote. They said 90% of IOT data, thinking about cameras, is HTTP, plain text. >> Exactly. And it's like, what're you-- >> Oh, more good news! >> Yeah. (laughing) >> At least you'll always have a job. >> Well, you know, someday-- >> It's a good day in security. Encrypt everywhere, we don't have time to get into the encrypt everywhere, but quick comment on this notion of encrypting everything, what's your thoughts? Real quick. (sighing) >> All right, so. >> Good, bad, ugly? Good idea? Hard? >> Well, if we encrypt everything, then what does it really mean? What're we getting out? So, you remember when everybody was having email and you had, back in the day, you had your door mail, netscape navigator and so forth, and thought, oh, we need to have secure email. So then they created all these encryption things in the email, so then what happens? That's built into the applications, so the email's no longer really encrypted. >> Yeah. >> Right? So I think we're going to see some things like that happening as well. Encryption is great, but then it also impedes progress when it comes to forensics, so it's only good until you need it. >> Awesome. >> Dan, thanks so much here on the insights. Great to have you on The Cube, great to get your insights and commentary. >> Well, thank you guys, I really appreciate it. >> You're welcome. >> All right, let's expecting to steal is from noise, talking to practitioner CSOs here at re:Inforce. Great crowd, great attendee list. All investing in the new Cloud security paradigm, Cloud-First security's Cube's coverage. I'm John Furrier, Dave Vellante. Stay tuned for more after this short break. (upbeat music)

>> Live from Las Vegas, it's theCUBE, covering AWS re:Invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. (upbeat music) >> Welcome back, here on theCUBE, (mumbles) to continue our coverage at AWS re:Invent with Sands. This is actually one of seven sites all around town, that are hosting various sessions. We heard a lot our guests saying, "it's so exciting." There's this spot for this particular expertise. Then I boo, Uber across town, I go to this spot, because that's how big this show's become, and how dynamic this show has become. We are on day three, and I'm here with Rebecca Knight, and also joined by Eric Boerger, who is a technology specialist at McAfee. Hello Eric good to see you. >> Hello, thanks for having me today, this is wonderful. >> You bet, well we've had a couple of your colleagues on already. I mean Markus Strauss is one who comes to mind. Talk about the database you're on the cloud side of things, cloud security. >> I am. I'm a technology specialist here at McAfee. My role is to help our customers as they're moving into the cloud, understanding where their security pitfalls may be, and implementing the right technologies and security tools to help make sure that their transition into the cloud is as secure as possible. >> So what's the big picture on that? Alright so security first and foremost in the cloud, that's probably, well certainly one of the big questions people have right. >> Absolutely, that tends to be the biggest question is, "how can I make sure that as I'm doing this transition to the cloud, that I'm not just throwing assets out there, and finding that I have issues later, but how can I bake security into them from the beginning." And that's really where we at McAfee are trying to sit back and identify where customers are having their challenges, and make sure that our tools are able to be positioned and developed correctly to address those issues. >> So what are some of the most common challenges that you see? >> So some of the most common challenges that we see in terms of problems are misconfigured accounts. That's a very common issue that we see in a lot of breach reports. Somebody setup a data repository, doesn't put the right security mechanisms in place, and all of a sudden now all of the confidential data that's been breached. >> Out the door. >> A second problem we see is a lot of, especially within the IAS space, organizations are standing up new instances of workloads, and the security teams aren't necessarily being informed that they're actually putting these workloads, or computer assets online, so now they're coming online without any protections, or any audit capability in place to make sure they're meeting their own security best practices guidelines that their organizations may have developed. >> Yeah we were talking earlier with probably one of your competitors actually, and they were talking about breaches. We're talking about. They said, "Their estimation 90 percent, are created, or made possible by mistakes." >> Absolutely. >> I mean, you agree with that? Is that our... >> I cannot agree anymore with that. Because the problem is, is that, the ability and the agility of the cloud, is both a positive, it allows us to be extremely flexible and agile as we're developing, but it also allows us to move so fast that we may be outpacing what our own knowledge levels are for being able to secure those. And that's tended to be one of the biggest hindrances that we see, is a developer gets enabled to go through and create a MS3 Bucket, put a lot of data in there, but at the same point they don't implement any tools behind it, or any security behind that. So it's not necessarily their fault, it's just they don't understand what security requirements are to implement in the cloud. >> And that's where you come in. So talk a little bit about your solutions and about how you approach the problem. >> Absolutely. So we have a wide variety of solutions here at McAfee, to help address those issues. That's everything from our Skyhigh McAfee Casb product, to help do account identifications and discovery of rogue accounts. And then some of our tools, like our virtual network IPS. That's able to do packet level inspection to apply a deeper level of security onto those systems. And then of course our Cloud Workload Security Product. That's something that is able to help you discover any of those rogue assets, and identify systems that may have already been breached based upon the network communication that's already occurring on those systems. >> Yeah you're kind of this cat and mouse game, aren't you, in terms of security, because you're trying to stay one step ahead of some actors who are very skilled at maintaining an edge. >> Absolutely. >> I mean how do you sleep at night Eric? >> So moving to the cloud is an area that once you feel that... Once you have the right tools in place, it'll help you actually sleep a lot easier, knowing that there's audit tools in the background, that are able to continuously monitor your workloads, identify if you have misconfigured accounts, if you have systems that are missing, needed information. You may have a requirement to have something like an integrity monitoring tool in place for some of your workloads, and this is a, with our tools, we can actually monitor and tell you if you're out of compliance with any of those baseline requirements. >> So how do you help the companies, the customers that want to move to the cloud, but also be sort of a hybrid, or maybe keep some of their stuff on PRIM, how do you make it easier for them? >> And that's a very common question that we hear over and over is, "I want to move to the cloud, but I'm not ready to go all in yet." So what we've actually done, is we've developed a lot of same discovery tools, can be used on premise. So that as they're building out their private clouds, whether it's in an open sac implementation, or via VMware, we can still do the same discovery, the same identification of misconfigured workloads. Now that also brings us to, as they move more into the cloud, it's already there, it's able to help them with their hybrid environment space, and that can either be managed on premise or from the cloud directly. So that when they're ready to move all their management infrastructure to the cloud, our tools are already there and ready for them. >> Now you're really good at what you do, but as you know, you're not the only game in town. >> We're not. >> So what's your differentiation then in terms of your cloud offering? What do you think this is what McAfee does better than anybody else? >> So what we feel that we really do better than anybody else, is be able to integrate a full security picture in a unified console management. So this is giving us the ability to do deployment of our own tool sets. Being able to do things such as integration with our Skyhigh product, and being able to pull back from the Casb view to help pull in a unified view. That's where we really feel that we've got a lot of unique factors in the cloud space to help our customers as they're moving. Plus the ability to be not just cloud focused, but still hybrid. Being able to protect those private data centers. We see a lot of companies who are going pure cloud, but they say, "Well if you had something on a premise, we don't care about it anymore, because it's not in the cloud." We feel with our background and our strengths in security we can really help address those concerns. >> So you're a technology specialist, that is your job title, >> It is. >> but in so many of these migrations and big digital transformations, the technology is really the easy part. And what's so much harder is getting the people onboard with the changes. Getting them to adopt and embrace and keep using the solutions. First of all, do you see this kind of resistance, and then also how do you overcome those challenges? >> Absolutely, the challenge is getting people to adopt to the cloud, and then continually be integrative with the newest tools that are coming available from the security standpoint and side is always a problem. The developers are very agile, they want to move at the speed of development. Which means going back and talking to security and saying, "hey by the way, I'm doing these things," doesn't always happen. So this is where we want to be able to give you a continuous monitoring ability to say hey, "somebody went through and stood something up." Security was completely outside of the loop. Bring them back in so that they can get the visibility, the alerting. And this is even where we've created some new features, that we announced on stage yesterday to be able to be integrated with the Amazon security hub. This is where we really feel that being able to help augment as Amazon's developing tools providing our security insight, to make sure that once again, as the developers are taking advantage of some of the newest features, we're there with them. >> And what was the driver of that? I mean how did you get to that point? >> So this is part of our partnership with Amazon. We actually have a great foundational relationship where we have a lot of our products have gone through a best practices review. And we have well architecture review stamps on a lot of the products that we have in the marketplace. This is due to the tight security integrations that we've had work with Amazon. That we're invited to be one of the first partners into the security hub, and you're going to see this out of additional products as we move forward with our new capabilities in the cloud. >> Yeah I hate to, I mean we have just a few minutes left, and I hate to dive into a big topic here, but on the other side of that security coin is compliance. Right, you got to be concerned about that. It's governments, you got to be concerned about that. And that's a whole new can of worms especially today with whether you're dealing with company concerns, state, federal concerns, and even European concerns. >> Absolutely, and the data privacy is another major concern with the compliance. It's not just what do I have, but how is it being used, how's it being utilized, and that's where with some of our products we've actually gone through and have build our full DLP engine into discovery of any of your data that exists within the cloud. So if you put data in as three, we can go through, scan it, identify if there's any PII data, alert upon it, give you controls of that. And then from a workload perspective side, we have tools that can go through and feed in your own templates. To say that I need to be PCI compliant, I need to meet HIPAA compliance. Be able to audit that workload, and give a continuance summary report back to the management teams to say hey, "I have auditors coming in, how am I in compliance, and then tell me what I need to do to address those gaps that I found from my cloud workloads." >> Solving problems. >> Solving problems. >> That's what it's all about right there. >> He's the best, that's right. >> Alright, I want you around more often. (laughing) We got a lot of problems to be solved, we appreciate it Eric, thank you for your time here at AWS re:Invent. >> Thank you very much for the time today. >> Good to have you, thanks for the McAfee story. Back with more from Las Vegas right after this. You're watching theCUBE. (upbeat music)

>> Live from Bellevue, Washington, it's theCUBE, covering Smartsheet ENGAGE'18. Brought to you by Smartsheet. >> Welcome back to theCUBE's continuing coverage of Smartsheet ENGAGE 2018. I am Lisa Martin, sitting here in Bellevue, Washington with a couple of Smart Sheeters. Next to me is Ben Canning, the VP of Product Management. >> Hey Ben. >> Hey. >> And Ignacio Martinez, the VP of Security, Risk and Compliance. Guys, thank you so much for carving out time in a very packed event agenda to come and chat with us on theCUBE. >> Happy to be here. >> Happy to be here. >> So, this is a really interesting event, couple of things that really stood out to me, this morning in the key note, as I was telling you, we cover a lot of events here on theCUBE, of all sizes, and it was really interesting how your CEO Mark Mader, who was on the program earlier this morning, went out into the audience and talked about ENGAGED in action. I thought that was fantastic. And asked customers, randomly, three customers I think, how are you being empowered by Smartsheet? And how these customers were able to get up and articulately talk about the value that Smartsheet is delivering to their business. I thought that customer connection was really quite memorable. And then additionally, product management, when Jean Thoreau came out, and to a round of applause, a number of times, during announcements of the enhancements and features and what that really. >> Multi assign too. >> Yes, what that really, sort of, said to me, is you guys deliver software that is a facilitator of collaboration that is essential to drive businesses, digital transformation, et cetera, but you're collaborating with them because clearly they were very happy to hear about a number of these announcements today. >> Yeah we have very, very passionate customers and it's one of the great things about working here and working with these customers. We're super focused on what do those customers need and how do we enable them to get those things done. We don't typically get imposed from the top down by IT. You're using Smartsheet because you chose to use it. It's the thing that makes your life easier. And we never forget that and we never forget that we need to keep that close connection with our customers and I think you see it here, at the conference today. >> You do, you got 50 customers plus speaking in breakout sessions, which for an event that's got about 2000 people, it's huge percentage. >> Yeah. >> Some great announcements. Before we get into some of the risk and compliance stuff Ignacio, Ben walk us through maybe a high level of some of the key enhancements that were announced this morning. >> Well, so we talked about a lot of things today. I think we had over 23 total announcements. Things from the range of multiple, being able to sign multiple people in the grid, to Dynamic View, which we're incredibly excited about, that allows you to have custom views on a sheet and control who gets access to which view. Really opens up tremendous new possibilities for Smartsheet. Some of the things that I get super excited about, I work a lot in the platform and administrative space. We've announced a number of things this week that are all about helping IT administrators and system admins, manage Smartsheet much more effectively when it gets to large scale. And I'll highlight a couple of them. One is the directory integration capability that we've done. We hear a lot from our customers that managing individual Smartsheet users gets kind of hard once you get over a number and I want to be able to see all the people in my organization and be able to share with them and assign tasks with them, even if they're not yet Smartsheet users. So what we announced today was a way to integrate active directory with Smartsheet so that the company directory of all the users in the company is automatically synchronized into Smartsheet so that those users can be, you can assign things to them, you can @ mention them, they'll show up in the grid with their faces and all their departmental information. It makes it much easier to manage users inside your organization. So when 100 people join the team, they automatically show up in Smartsheet. When someone leaves the organization, they get de-provisioned. And it makes it much easier to collaborate with folks throughout your organization than it ever has been before. So we're really excited to announce that as a product for our enterprise customers, starting a little bit later this year. >> Excellent. You've got customers, I was reading, doing my prep for the show, over 75,000 customers in 190 countries, of all industries. >> Yes. And I imagine, some of the things that we've heard guys from your customers on the program today that they're really benefiting from are the visibility, the configurability of the technology, the ability to have accountability, to not only improve workforce productivity, but to be able to eliminate duplicate tasks, give project owners and initiative owners full visibility, whereas they did not have that full visibility before. Ignacio, another big announcement that came out today, was what you guys are doing in the federal space. So tell us a little bit about FedRAMP, what that is and how you are working with them. >> Sure so without boring you to death on FedRAMP, I'll give you a quick overview. FedRAMP is a requirement of the federal government. It's a program developed by the government to essentially certify or authorize cloud service providers like Smartsheet to be meeting a certain security level of compliance, to be deployed in the federal agency space. So the federal government, every agency, is required to abide by it. So they should be selecting providers that have gone through FedRAMP authorization. So it is essentially security compliance program that companies voluntarily put themselves through to enable themselves to do work in the federal space. And very happy to announce, this morning, that we were not only announcing our intent to develop a program and a product to enter the federal space, to have been selected by the FedRAMP program to go through what they call FedRAMP Connect. That's an accelerated process where the FedRAMP office selects cloud service providers that they feel, based on application, have a high level of demand in the federal agency space. So they select those providers and work very closely with us to go through that compliance exercise and get authorized to be FedRAMP authorized in the FedRAMP program. So the reason the government does that is they have a strong desire to get products like Smartsheet deployed quickly among the federal agencies, because those people, think of them as an enterprise, they want all those great features that Ben talked about that we bring to enterprises in the public sector, they want them in the government agency sector as well. So we are very pleased that we were selected to go through this program and get a product to the market place in the federal space to help them improve how they work as well. >> So this isn't an entry into federal, 'cause Smartsheet has great presence and traction in federal, NASA, the National Institutes of Health and Veterans Administration. I also saw from your website, you've got customers using Smartsheet in city governments and state governments but this FedRAMP Connect Program, you mentioned it as an accelerator, but I think I heard you say that this was from demand from users, so this is that validation coming from the best place it can, right? >> Yeah it's essentially demand in the federal market place. So we're going to go through on an accelerated basis and what that does, you're right, we are currently deployed in a large number of federal agencies, state and local government, but in those cases, we'll get deployed on a limited basis, because we don't have FedRAMP authorization and they will be careful about where we're deployed. Achieving FedRAMP authorizations gives those federal government agency CIOs and CISOs the ability to say, Smartsheet can be deployed agency wide because it's now authorized under the FedRAMP Program. >> So let's talk about that from a product, maybe innovation standpoint. One of the things that's very clear from today, is how collaborative Smartsheet is with its customers and how influential they are in product innovation. From a federal perspective, you mentioned, Ignacio, that a lot of times they have the same requirements as enterprises and other organizations in the private sector, but how are you guys working together? Are there tweaks and enhancements that you need to make to the technology as part of the FedRAMP Connect Program? >> Yeah for sure. So one of the, FedRAMP institutes a very strict regime of compliance, audit, security controls, onto the product. And it ensures that we're really operating at the highest level of rigor and delivering a service that is highly reliable, highly scalable, fully audited and secure. So that requires us to invest in all of those areas. And the nice thing about FedRAMP, for even the non-federal customers, is that we make those investments consistently across the service. So while FedRAMP is an isolated instance of Smartsheet, all of Smartsheet can take advantage of the practices and procedures. We don't want to have to do things two different ways for two different parts of the service, so we impose a lot of those same practices and procedures and hardening of the service, across the board. And so that helps us to meet our promise to our customers that are not federal customers, that we're delivering a true enterprise grade fully scaled and reliable solution that they can depend on. >> And the flip side is true. Everything that Ben's team is working on, as you said, the customers cheer when we announce something, it was on our roadmap because they wanted it. So our federal customers, they would want and desire the same things that Ben's team has been developing, automation, any of those tools, because they want to work efficiently and effectively and collaborate the same way all of the private sectors do. >> Exactly. >> Yeah that's right. I mean you saw that this morning, in the keynote, right, where we heard from the North Carolina Department of Transportation. This is a federal agency that's using the power of Smartsheet to build a solution in mere days, rather than having to outsource it or wait for a large scale IT spend and RFP and all of those things. We're empowering these agencies to build solutions. The people on the ground are able to put together a solution that is really saving people's lives. >> That, exactly, Hurricane Florence that just hit, that's a life and death situation. >> Yeah and it was breathtaking and sort of moment of pride to see how quickly they were able to put that together and that's the power of Smartsheet. So we're really excited to bring that to the rest of the federal government. We see a tremendous amount of desire from them for that. >> So Ignacio, in terms of the FedRAMP Connect Program, you mentioned it's going to allow an acceleration of this process. What would it normally take if you weren't part of this Connect Program? I'm just curious how much advantage you'll get but you'll be able to pass through to your federal and non-federal customers. >> Yeah so very good point, good question. The statistics you often see thrown around about companies, cloud service providers, that want to get a product into the FedRAMP authorization space, is they'll spend on average a couple years, two years, and a million plus dollars. So it's not a small task to get FedRAMP authorized. Being part of that FedRAMP Connect accelerated program, we're working with what's called the JAB, the Joint Advisory Board, so the top three CIOs of the FedRAMP Program, they work along side us if we're wiling to invest the time and the dollars to take our product through to do it on this accelerated basis. So it is literally a joint effort, hand in hand, working with the FedRAMP office, the auditors we use for it, and our people to demonstrate that we've got the enterprise great security and that we can meet the ongoing monitoring submissions that have to be done. >> So the cost avoidance of a million dollars from two years, what are you expecting? And if you can't share that, that's okay, I'm just curious, is it going to be six months, a year? >> Well if you look at the FedRAMP Connect Program, on average, it runs approximately six months. So it's back and forth. It's a three way collaboration between the cloud service provider, the FedRAMP office and the auditors, but that program, their goal is to get it into approximately a six month timeline. So we were announced last week, so I think we said, our goal is to work with them on that timeline and early in calendar year 2019, is the timeline end that we all have on our radar. >> That's like Back to the Future acceleration, no wonder you're excited about that. >> We are and we're going to try to go faster than that, if we can manage it on the product side, but we'll see how quickly it goes. >> Well that's one of the things, that not only is that validation from the users within the federal government that they want this. But Ben, as you were saying we're not developing things in isolation or certain features for this market and this market can't use it, this is all going to be accelerating, I imagine, what Smartsheet is innovating to deliver to all segments globally. >> Yeah I think that's right. We see an increasing need for manageability and security capabilities within the platform. And our customers are asking for this across the board. Great example, another feature we announced today, is what we call the event monitoring service. So enterprise IT wants to understand who is doing what on the system. They want to be able to impose business rules, make sure that highly confidential information isn't being shared inappropriately. So we've invested in a system that we announced today that basically keeps track of all events that happen within the system, anything that's shared, new documents that are created and so forth, and gives the IT administrator a way to track that feed and make business decisions on the basis of it. Integrating with other CASB Solutions to drive business rules. So for example, we have customers that are using this system today to keep track of all of the attachments that are being added into their environment. When they see an attachment being added, they're able to go and look at that attachment and make sure that if it's a highly confidential thing, and that it's shared with an inappropriate set of folks, then they can take business action automatically to manage that environment. And that's the kind of security and audit control that enterprises need in order to feel comfortable deploying Smartsheet at wide scale. So we're very excited to be able to offer that to those enterprise administrators and help them foster Smartsheet adoption in the company. >> So some of the things that we've talked about today are this is technology that was designed for the business user, I've used it. I think I read a quote from Mark Mader that may have been from the press release for the IPO a few months ago, that said, in the beginning in the early days, 12 years ago, there were critics that said, why are you guys building this on a spreadsheet construct, and his answer and Smartsheet's answer, at a very small company, at that time, was 500 million people are familiar with this, so building something for business users, lines of business, finance, IT, sales, for example, tools that I as a marketing person don't need to be an IT expert. I don't need to even know what an API is or what it stands for, right. But you're also now, as you were saying, some of the new enhancements to facilitate IT, so what's that, kind of, yin and yang with designing a tool that is for the average user and ensuring that the IT folks who weren't probably involved in the first place, are able to manage this successfully? >> Yeah well it's definitely a balance that we have to maintain. We can never lose sight of the fact that the end user is at the center of what we do. And that we have to design for solutions that end users can implement themselves and that's at the heart of what Smartsheet does. At the same time, we look at IT administrators as partners. We know that the users love what the product does. They're desperate for it. And in general, I find that IT administrators are not trying to get in the way of what their users want. They want to be the hero and they want to be able to say, yes. So part of my job is to make sure that I give them the tools to enable them to get to a yes. That I can show them that we are secure enough, reliable enough and scalable enough, that we meet their strategic enterprise needs, that we integrate with the other systems that they have so that they're not building an island that they're going to have to deal with and doesn't connect with the rest of their estate and that they've got the tools to manage at scale, so that I'm not asking them to go one by one adding a thousand users, that's just not nice and fair. So I think we keep the end user, the business user, at the center and we look at IT as a partner and we try to find ways to help them get to yes with the product. And I don't think those two things are really in conflict. >> It's interesting, dealing with CIOs of our customers, they'll tell you, it's very strange, and it goes back to what you said earlier, value. So CIOs are tasked with delivering the most value for their organization, doing more for less, efficiently. And that often means selection of tools that then they have to go and force into an organization and deal with users that might be less than happy. I've had CIOs tell me on the phone, I have people putting together petitions to make Smartsheet the tool that we use across the organization. And so he said, that makes my life easy. I just need to work with you guys to make sure you've got the security, you've got all the tools I need as a CIO to protect the enterprise, but I don't have to worry about user acceptance. That's unique spot and we love it when the CIOs say, this makes my life easier with everything we're doing with Smartsheet. >> Oh that's music to your ears. >> Yeah it totally is. I mean, I met with a tech CIO recently as part of our enlist, talking to him about, oh well are you going to come to ENGAGE? And oh well you know, we're busy and we don't have a thing, and I said, oh you know actually there's eight people from your company, business users that are attending. >> Nice. That are attending the conference on their own dime and you can see the light bulb go off in his eyes and he's like, okay if eight people from our business groups are paying their own money to go to a tech conference, that's something I need to be paying attention to. How can you help me get my arms wrapped around this and help our users so it's a nice position to be in. >> It absolutely is. Well congratulations on being in the FedRAMP Connect Program and we're excited to hear next year all the great things coming out of that. And Ben, Ignacio, thanks so much for stopping by. >> Thanks for having us. >> It's busier than ensuring with us what's going on from your perspectives. >> Thanks a lot, thanks for having us. >> We want to thank you for watching theCUBE. I'm Lisa Martin live from Smartsheet ENGAGED, 2018 in Bellevue, Washington. Stick around. I'll be right back with Jeff Frick and our next guest.

(intense orchestral music) >> Hello everyone and welcome to theCUBE Conversation here in Palo Alto, at theCUBE studios. I'm John Furrier, we're here with a special conversation with Fortinet's John Maddison, senior vice president of products and solutions with Fortinet. Welcome to theCUBE Conversation. >> Good to be here again. >> So you guys have some hard new today hitting, it's called the FortiNAC, Forti, like Fortinet, Forti, N-A-C, network access control. >> Right. >> Significant announcement for your guys, take a minute to explain the announcement. >> Yeah, so about two months ago we acquired a company called Bradford Networks. They compete, provide products in the network access control arena. Other companies in that space, so people like ForeScout or Cisco or HP. We think it's a very important space because it's going to be the foundations for IOT security. You probably heard a lot of buzz around IOT security. And there's different levels of IOT security. There's that for the enterprise, there's that for cloud, et cetera and so, for us, this is an important announcement because it gives us that added visibility now to IOT devices via the fabric. >> And the product, is it an appliance? Is it software? What's the product making? >> It's both. You can do a virtual machine version. It's also an appliance. It comes in different levels. The key for it though is the scalability because with IOT devices, we're not talking 100 devices anymore, we're talking millions of devices so what it's able to do is look across many different protocols and devices and provide that visibility of just about any device attaching to your network. >> Who's the target audience for FortiNAC? Is it the data center? Is it the cloud? Is it the remote? Where's the product actually sit? >> Well it's more by industry, so certain industries will have lots more of these types of devices attaching. So think of manufacturing for example. The medical industry as well. And so those are the real, education's another one, so it's more by vertical and it's really focused on campuses, large campuses or remote offices or even manufacturing plants where, again, these devices are attaching to your network. >> And they'll sit at the edge, monitoring what's coming in and out? Is that the purpose? >> Well that's the neat thing about it, it doesn't have to sit at the edge and see all the traffic. What it does is interrogate existing devices at the edge. It could be a switch, it could be a router, it could be an access point, and from that information it can make an assessment of what the device is attaching and then apply a policy. >> So this is part of a bigger holistic picture? We've have conversations with Fortinet in the past, a few conversations certainly around security, with cloud it's the top conversation, on premise it's the top conversation. You guys also have some complimentary products involved like the security fabric and the connectors. Does this fit into that? Take a minute to explain the relevance of how FortiNAC works with the security fabric and the connectors? >> Yeah, last time I was here I explained our fabric and so the fabric is basically something, is a set of Fortinet products, solutions in a way, that are very tightly integrated into the network or into the customer's ecosystem, and then once you've built that you then provide automation systems across for protection, detection and response. And the whole idea is to make sure you're covering what we call the digital attack surface. The digital attack surface now includes, obviously IOT devices, so gaining this visibility from FortiNAC, making sure the information is available to our fabric is crucial for us to make sure we can protect the digital attack surface. >> And for customer's the fabric is a holistic view, the NAC is a product that sits in the campuses or within the network that kind of communicates in the fabric? Is that right? >> Right. So the NAC can see all the IOT devices attaching and then it integrates back into the fabric. The fabric can then apply a policy, so the fabric can see everything now From IOT to the campus, to the WAN, to the data center, to the cloud and if, for example, those IOT devices are communicating with something in the cloud the fabric can see end to end and apply, for example, a segmentation policy, end to end, all the way through the infrastructure. >> You know what I love about having conversations with Fortinet is that you guys spark two types of conversations, use cases and then product technology conversation. This obviously is an IOT kind of product. It makes a lot of sense, you got a little SD-WAN in there. This is the top conversation around enterprises and people looking at cloud an/or looking at re-platforming around cloud operations, it's the cloud architect, it's the network architect. >> Yeah. >> These guys are really being asked to redo things, so how does the IOT fit into this? What is the product? What is the FortiNAC do for IOT from a use case standpoint and then product and technology? >> That's a good conversation because recently, maybe the last 18 months, instead of talking about a point solution, instead of talking about a specific use case, customers want to put all those use cases together and then produce a longer term, more holistic architecture. So now they have a cyber security architect, security architects as well as networking architects. And they want to look at their infrastructure, because that's the things that's changing the most right now. Sure, the threat landscape's out there and the cyber criminals are changing and stuff, et cetera but it's really that infrastructure that's changing the most because they've moving to flexible WAN systems or cloud and so they want it integrated, end to end, over a long time period. So what they want to be able to do is to automate, that's the key word, is automation. It's to make sure all these devices attaching are part of the security automation architecture and then they comply that security policy automatically to that device. >> You know one of the things that's a big trend in the industry is having network guys and people who are managing infrastructure, move from a command line interface, DLI, to automation. >> Mm. >> You mentioned that. How does the FortiNAC extend the security fabric? Because you guys essentially have that holistic view with the fabric. So now you have this IOT capability. How is that device extending the security fabric and what's the benefits to the buyer? >> Yeah, so the fabric has visibility obviously at the next generation firewall, we also have deployment of access points and switches. But obviously there are other companies with vast deployments of switches, I can name a few, and access points and so if they weren't our switches we couldn't necessarily see those devices attaching. And so what FortiNAC does, it comes in and provides us that now complete visibility. It doesn't matter if it's our infrastructure switches and APs, it can be somebody else's. FortiNAC can interrogate and talk to those devices and not only gain that visibility but if we decide there's a certain security posture we want to apply to some IOT device, we don't know what it is, we want it segmented, restrict it's access. Then the fabric can then tell the FortiNAC device to provide control and segmentation back to it. >> So they're working together? >> Working together and it gives us now complete visibility of the IOT devices. >> Let's talk about some the trends around segmentation. We heard, certainly recently at VMworld about micro segmentation's been one of the key things. A lot of top architects, both network and cloud and software are looking at micro segmentation or segmentation in general around the network. Why is it important and what are some of the use cases that you guys are seeing around segmentation? >> It's extremely important but it's a very complex problem in that even though our customer's have bought a lot of different security products from different vendors and different infrastructure, one of the things they don't always realize is they bought a lot of different orchestration systems, a lot of command and control systems and those are key in the future because those systems determine what the infrastructure looks like. You NAC system is kind of an orchestration system, allowing different devices to come on/off the network. SD-WAN has it's own orchestration system. You talked about micro segmentation, things like VMware and NSX and Cisco ACI, all the clouds have their own orchestration systems as well. AWS, Azure, and so what's interesting is none of them really talk to each other. They're more focused on looking after their part of the infrastructure. Now to do segmentation end to end you really need to have end to end orchestration across all those systems. If I want to orchestrate, as I said, that IOT communication with a select application in the cloud, I need to orchestrate all the way through those orchestration systems. >> You need an orchestration or the orchestration system that you have in the cloud. (laughing) >> You need a mother of all orchestrators in some way but I don't think that's ever going to happen and so what's going to happen, really, is your security architecture and segmentation will be specific to a platform or fabric as we're building and then your fabric has to connect into the orchestration systems to tell it what's going on within that section of the orchestration. Again, if it's a NAC system, I can just explain, I know these IOT devices are attaching, let me apply a policy to those. If I know the WAN links are a certain type then I apply that policy. >> And this is the benefit of a holistic fabric because that's kind of where it ties together, right? >> It is, so you build a holistic security fabric and then you let the different infrastructure orchestrators, like VMware, or an SD-WAN vendor or a NAC vendor, do their job, really focus on the infrastructure. >> And you guys help those guys out, big time, with the orchestration side of it? >> Well we can connect into the orchestration systems and we just use it to make sure the security component is doing well. They're more focused on making sure the infrastructure delivers the applications to the end user. >> They do their job, you do your job. >> Exactly. >> Take a minute to explain for the folks out there, explain segmentation and what it is and why is it important for networks? >> A very simple example of segmentation, a couple of years ago there was a bank that got hacked in one of the countries, I think it was the Philippines or something like that, and what they found out was that in that particular country they didn't have the same security infrastructure in place so they got in through that particular branch and came all the way back into the core network and so a very simple segmentation policy they put in place was that, I'm going to segment by countries. So I'm not going to let this country's network access the core data center, if I give it a certain trust level. Segmentation can mean physical countries. It can mean I'm going to segment my intellectual property off. I could be segmenting by functions. Don't let those sales people anywhere near the intellectual property. You can also segment by identity. So segmentation means many different things, you have to apply, I think different levels of segmentation depending on your applications. >> And this is proven, too? We've heard this in many conversations in theCUBE. We had one guy from the US government saying, "We have these critical infrastructure pieces in the United States, why would we let anyone outside the United States access it?" >> Yeah. >> That's a great example. >> I mean if you go to critical infrastructure, you're even more dangerous. I mean most of the infrastructure's been air gapped. It's been totally air gapped, you can't get at it but that's changing as more of those devices become IOT and you have to let some access that. >> And this is where IOT is a challenge that we're seeing. This is one of the problems? >> It's IOT. You know that category is often referred to these days as OT, operational technology. >> Talk about end points, we're hearing endpoints being discussed, like hey, you connect the endpoints, your endpoint strategy, network strategy. Kind of elusive for some, describe why networking the endpoints is an important feature or is it? When people think of the endpoint of the network what are they really talking about? >> Well I think it's become more important. It's interesting if you go back 10 years or so even 15 years, you have a lot of endpoint vendors. Semantics, MacAfees, Trend Micros, Microsoft, I think, is now the largest endpoint security vendor. Then you have a different set of networking vendors, ourselves and some other names out there I can't remember. But, they're totally separated and so to look at your network, give you visibility to policy and segment, you need to be able to see the endpoints and the network together. The security fabric makes sure that you can at least see the endpoint. You may not provide the full stack of security, you may leave that to your endpoint vendor still but your network should be able to see your endpoint and vice versa, and you should be able to see what's communicating between the two. >> I'd like to talk about SD-WAN, but before we go there, just to kind of close out IOT, talk about Fortinet's differentiation and advantages when you talk about convergence between IOT and access technology. >> So the base technology's NAC, network access control, which is in place there but our advantage really is now scale, we can see huge amounts of IOT devices which are attaching and then take action not only at the access level but all the way into the cloud. >> SD-WAN has become a really hot topic. It's a huge market. >> Yeah. >> It's in the billions in terms of spend, it connects devices, campuses and devices but cloud's had a big renaissance within the SD-WAN market. Talk about what's going on with SD-WAN and how the security fabric and the FortiNAC fit into that because it's not your grandfather's SD-WAN market anymore as the expression goes. >> No. Well it's in that class of everything's being software defined, fair enough. But I think this marketplace, if you go even three years ago, was dominated because all the, you've got two marketplaces. You've got what I call the retail, which is distribute enterprise, thousands and thousands inside which already went to a UTM infrastructure. And then you had the branch office, which was more connected, in fact, it just had a simple router in there, it was connected back to the data center which then would go into the internet. And so what's happened is these branch offices they need more and more access to the cloud, more cloud applications are running. You need to provider QOS against those applications and then also these large corporations have decided they don't want to pay, it's a lot of money to get certain, high quality EPLS circuits, when they can get faster circuits through DSL and other mechanisms and so they wanted more flexibility around the wide area network. >> So commodity network access which is, you know, cloud non and EPLS, were high priced, secure. You get now more cloud access, this is translating to more traffic or is it? Is that the driver in all this? >> Well that's what happens and then you get more traffic going through there, it's the same with the next gen firewall right now and people saying, "There's a refresh going, we don't know why." the reason for it is, when you're in your office you're more than likely communicating with the cloud versus your local databases and so the same for the branch office, there's more traffic going through there, it's more encrypted, they want flexibility, they want HA modes, if that goes down now, you've got a big productivity problem with your employees there. And so this whole market sprung from nowhere only three or four years ago and is already in, as you say, in the billions of dollars. There's a lot of acquisition's already happened, consolidation. In our mind it's very important but what's just a important as all those elements is security. If I open up my branch office now to an internet connection, I need best of breed securities on that device and so we've been building SD-WAN, what I call core functionality, for some time, inside our fabric. It's quite a natural integration now of security into that. In fact some recent tests we did with SS Labs, we got highly recommended, for not only the SD-WAN features but that core security. Today SD-WAN vendors will say, well I'll just go and get some security solution from somewhere and bolt it on or attach it on, provide it through the cloud and that's fine but longterm, again, if you come back to that coordination, that orchestration, across two different systems, it's going to become hard. >> And the other complicating factor in this, aside from the infrastructure component, is that a lot of the SAS applications that people are buying, whether it's shadow IT or just off the shelf, or there's Dropbox or any of these services that are SAS based, cloud based, that's creating less of a perimeter. >> Yeah, when it all comes back, technology called CASB is providing that interface into that world through APIs and it all comes back to making sure that all your mechanisms of protection, detection, control are available to all your systems. If I've got some SD-WAN device somewhere and I need to check where this is going, I can use my application database or if I need to check if I'm going to this cloud, I use my CASB API. And so it comes back to a platform approach, a fabric approach. >> John, what's the SD-WAN approach for Fortinet? How do you guys do it? Why should people care? What's the differentiation? Why Fortinet for SD-WAN? What's the approach? >> Integrated in one word. That is, you don't need two boxes, you don't need two VMs, you don't need a box plus a cloud, it's all integrated on the system, best of breed SD-WAN functionality, best of breed tested by third party security which allows you then to have a much more cost effective solution. I think our TCO in the test as a 10th, or a 100th of some of the leading vendors outside there because you're bringing two vendors together and it's gets very costly. >> Alright, I'm going to put you on spot, I'm going to put my cynical hat on. So you're saying integrate security with SD-WAN? I'm going to say, hey, why not just keep it separate? Why integrate? >> Because the two functions need to work together. Where's the firewall going to go? Is it going to go in the cloud or is it going to go here? Who decides on the policy? If something happens, segmentation, who's deciding on segmentation policy? Usually two different companies, they don't really talk apart from maybe, there's an API leak in the security capabilities but to our mind, again, it comes back to that end to end segmentation and that's what a lot of the, I would say, the larger infrastructure vendors are trying to do. I want infrastructure all the way to devices being added, through my campus, through my SD-WAN, data center and cloud and if you've got multiple vendors, again, all over the place, there's no way you're going to be able to coordinate that. >> Alright, so I'll put my IT practitioner hat on. Okay, so I get that, so probably less security manual risk for human error, but I really want to automate. My goal is to automate some of these IT functions, get better security end to end, does this fit that requirement? >> Yeah, so from an automation perspective, we're building in some tools of our own but what we're finding more and more is that from an IT, as you said, they've gone out and built some dev ops capability. Ansible's a good example there. So what we're doing is making sure that, in fact, a lot of our partners and our SEs have already built these scripts and put them on GitHub, well now Microsoft Hub or whatever you want to call it. So we're taking those in and we're QAing them, making sure they're a high quality and then making them available to our customers and our partners through there. So this dev ops world, especially with cloud moving so fast, has become very important and to us it's a very important area we want to make available to our partners and customers. >> One of the things that's talked about a lot is SSL inspection, is that important? What do you guys do there? >> I think it's extremely important in that, a lot of enterprises have switched it off. The reason they switched it off is because when you switch it on it almost kills your performance. There was a recent, again an SS Labs test that was doing next gen firewall testing for SSL and some vendors' performance decreased by 90% and basically it was useless, you had to turn it off. A lot of enterprises want to switch it on. To switch it on, you need a system that has the performance capabilities. I think we decreased around 15%. The law of physics say you've got to decrease in some way but 15%'s a lot better than 90%. And you've got to switch that on because otherwise it's just a giant hole in your firewall. >> John, talk about the cloud because cloud now has multiple tracks to it. Used to be straight public cloud. Obviously on premise is this hot hybrid cloud, multi cloud is the center of the controversies, it's been validated. We see Amazon Web Services announcing something with VMware validation that you're going to start to see an on premises and cloud and some cloud native, born in the cloud companies will be out there. How do you guys extend the security fabric for those two cloud use cases? How does the Fortinet products scale to the cloud? >> Yeah, two good points. Again, a few years ago, I'd ask customers about cloud and say, "Yeah we're going to takes some steps in AWS." Now it's I've got four clouds, what's the next cloud I'm going to put inside there? I've got global clouds around the world. It's kind of interesting that there is this mad rush and it's still going on into public cloud but then I still see some people trying to do hybrid cloud and put some stuff inside their data centers. Some customers don't want that data leaving, regardless. Some people can't move mainframe applications out there so there's always going to be a hybrid world for some time but the key is multi cloud security in that, more than likely, your AWS security systems are not going to work inside a Google cloud, are not going to work inside your Azure cloud, are not going to work inside some of the data center pieces. And so hybrid cloud and multi cloud security Are really important, so for us the ability to support all those clouds, and it's not just saying, well I can put my firewall VM inside AWS. There's a whole set of deep integrations you need to do, to make sure you're inside their automation systems, you can see visibility, there's a lot of practices around compliance, et cetera, so it's actually a big task for each of us to make sure that we're compliant across the set of functions for each of those clouds. >> My final question is going to be around customer impact. If we zoom out, look at the marketplace and I'm a CIO or CXO, I'm a big time, busy enterprise architect or CIO, I'm so busy, I've got all this stuff going on, why Fortinet? Explain to me why are you important in my world? What should I be thinking about? What are some of the opportunities and challenges that I might face? What should I look at? I want to go to the cloud as much as possible because there's some benefits there. I want on premises to be as seamless as possible to the public cloud. I want rock solid security. I want to have the ability to use SAS apps. >> Right. >> Have programmable networks and have a great development team building top line revenue for my business. How can you help me? >> Is that all? (laughing) I think CIOs and CXOs are happier dealing with less vendors. The trouble is with some very large vendors, they just slow down the development side. I think what we bring to the table and by the way we're not the third largest cyber security company out there, what we try and bring is a broad approach, a broad product set so you can have different things from us as well at integrate into your current set but we try to keep very agile and fast with our developments because otherwise you'll fall behind the infrastructure, you'll fall behind the cyber threats. You know, GDPR, for example, over the last year, you've got to keep up with that. What we bring to the table is now a reasonably large company, we're five and a half thousand employees. A very large R and D budget, we try and move very fast. A large product set, all integrated through our fabric but again, we try and stay as agile and as fast moving as possible. Where we can't do it organically, we try and do it organically so our system integrate very well, where we can't do it, then we'll go and make smaller acquisitions, Bradford Networks was an example of that for IOT but I think we're building now a much better relationship with the CIO and CXO level and becoming one of their strategic partners going forward. >> Talk about the community that you guys have built because I've noticed, and I've seen you guys, certainly over the past couple years, that RSA I think a year and half, two years ago, you're working with a lot of industry partners. It's not just Fortinet by themselves, you work within the industry itself. >> Yeah, because people are building their ecosystem and they've made some decisions and hey want you to integrate inside those so we have about 50 partners now where they use our API to provide integration so they built our API and although we've mentioned FortiNAC today, we have APIs, for example, for ForeScout and other NAC vendors so if they've chosen that specific vendor, then we're fine, we'll integrate that inside our fabric. Will it have the level of integration that we have? Probably not, but at least you can see, have visibility, for example. I think the technology we've been building in the last year or so is something called fabric connectors which is a much, much deeper integration into the platforms so we have connectors for VMware NSX, for Cisco ACI, for AWS, and this provides a two way communication and that two way communication is important for one word, and that's automation. So once you can see things, once you direct policy backwards then you can start stitching together these objects and provide that end to end automation. >> Final question for you, a lot of the leading enterprises and businesses out there that are using technology to build digital business, whether it's from developers all the way down under the hood into the network, are all betting on multi cloud. Clearly that's obvious to us and that's pretty much being picked up by mainstream now. So early adopters that are leading the charge are multi cloud. If I'm betting on multi cloud, why Fortinet? Why should I be working with you guys? >> Because we're committed to supporting all those clouds. And as I said, it's no easy task to support, I think we support six clouds now, to go through all the different items and integrations across that, we're committed to that. We've got probably the most expansive integration across the most security products inside the industry and we'll continue to do that going forward. >> John, thanks for spending the time. John Maddison, senior vice president products and solutions at Fortinet here inside the special CUBE Conversation with the big news today, the FortiNAC new product integrating with the security fabric, IOT, SD-WAN, cloud solutions for multi cloud and IT. As automation comes down the road really fast, we're here in theCUBE bringing it to you. I'm John Furrier, thanks for watching. (intense orchestral music)

>> Presenter: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the theCUBE. We're in downtown San Francisco with RSA North America 2018 40,000 plus professionals talking about security, enterprise security. It's a growing field, it's getting baked into everything. There's a whole lot of reasons that this needs to be better and more integrated into everything that we do, as opposed to just kind of a slap on at the end. And, who better to have on, who's investing at the cutting edge, keeping an eye on the startups than Sean Cunningham, our next guest. He's a managing director ForgePoint Capital, the newly named, so welcome to ForgePoint Capital, I guess. (Sean laughs) >> Thanks, Jeff, we're pretty excited about it. So, we were branded Trident Capital Cybersecurity. We're a 300 million dollar cybersecurity only fund, we closed the fund about a year and a half ago. We've invested in a dozen companies, and we decided that now is a great time to rebrand ForgePoint really tells more about what we're doing, we're forging ahead with our Series A, Series B funded companies, as well as a few growth equity. So, it made a lot of sense, but we're pretty excited about the market, and obviously RSA, with 1700 cybersecurity companies makes it interesting. >> Right, so you've been at this for a while. I wonder if you can speak to some of the macro trends as we've seen the growth of cloud, the growth of IoT will soon be more industrial IoT, enabled by 5G. We've got all these automated systems and financial services trading, and ad tech that we're going to see more and more of that automated transaction happening. You've got APIs and everything's connected to everything else to enable my application. So, really really exciting, and huge, growing threat surface if you will, but at the same, these are the technologies that are driving forward. So, what are you seeing from your, seat at the table some of the newer, more innovative startups? >> Jeff, I think you should probably tell me. You have all the answers there. >> I talked to a lot of smart people, that's the benefit of the job. >> I think the only two buzzwords you left off was Bitcoin and fraudulent payments. >> Oh, we can work a little blockchain in if you want. >> Yeah, but it is absolutely a bit of an interesting environment. I've been doing it since 2000 with Intel Capital for 15 years, but what's really changed, what hasn't changed is the fact that it's all about the hackers are able to monetize this. So, that's not going away. The biggest change are the, I guess, overt nation state attacks. So, between all of those things, the drivers are just continuing to force cybersecurity to become better and better. And, that's why the innovative startups are really, you're seeing these 1700, because the legacy companies can't fix these problems. And, you know, you talk about all these different paths for hackers to get in. It's absolutely the case and we are really big on areas, as you mentioned Jeff, the automation. It has to be about automating. It has to be about having a real solution for a real problem. You know, you look at, let's say 1500 of these security startups, a lot of them are about technology for the sake of technology. So, we're pretty excited about a couple of areas. One, is application security. If you think about the Equifax hack, you know, it's as simple as getting into the website and being able to hack into all of the PII data if you will. And, we've invested in a company called Prevoty and what they do is they make it easy for the application security folks to meet with the DevOps folks and inject the software into these applications. The reason why that's really interesting is, if you think about how long it takes for the DevOps guys to get all their new updates out, through that whole cycle, when you could automate that process and reduce that time to market, that's what it's really all about. >> So, what's your take on GDPR. You know, it's past a little while ago, the enforcement comes into place next month. It's weird what's going on with Facebook right now. I don't ever hear GDPR in the conversation of what's going on, and yet, it's just around the corner and it seems like it would be part of that conversation. DC is just king of a Y2K moment, where there's a lot of buzz and the date hits and we get past it and then we kind of move on with our lives, or is this really a fundamental shift in the way that companies are going to have to manage their data? >> Well, I can show you my scars from investigating compliance companies. I think the winners in that space, from a business standpoint are going to be the consultant companies, initially and at some point then, the legacy guys are going to be also involved, as well as some of the startups. But, clearly, until you see some of the large penalties happen, there's not going to be a lot of movement. There's going to be a lot of hand waving and consulting firms are trying to figure out what's your problem, how do we solve it. So, you're going to see, I'm sure, around the floor a lot of GDLP stuff, but we're being very cautious about where we invest there because, as you say, Y2K and a lot of this is going to be a lot fud. The legacy guys are going to say, oh we can handle that. Same as they did with cloud. Look how long it's taking cloud to get adopted, my God. I mean-- >> Right. >> GDRP is a big piece of that. We did investments in that space, around CASB, it's called. And, we invested in a company called Prelert. It had great traction, but then it just kind of topped out. So, it's going to be investable space and there's going to be a lot of money dumped in there because it's, you know, the Lemming effect. All VCs are going to follow that. >> Right. >> We'll see what happens. >> And then on the cloud, you know, with the growth of public cloud with Amazon and Azure and Google Cloud Platform, and they've got significant resources that they're investing into the security of their clouds and their infrastructure. And, yet, we still hear things happen all the time where there's some breach because somebody forgot to turn a switch from green to blue, or whatever. How did the startups, you know, kind of find their path within these huge public cloud spaces to find a vector that they can concentrate on, that's not already covered by some of these massive investments that the big public cloud people are making? >> Yeah, I think some of the, you know you point something out, I mean we got to think about cloud, you think about the public cloud, you think of private cloud and hybrid model and so on. I think that's really where things are going to to be for a while. The big guys, the big companies, enterprises are not putting a lot of their crown jewels out in the public clouds, yet. And, so the private clouds are equally important to them. And, so they have to be secured. And, the public cloud, you know, there's definitely they have some good security, but they quietly are implementing security from innovative companies also. They're not as public about it because they want to have they're already secure, so don't worry about me, but there's a lot of opportunity there. >> Okay, and then when CIOs are talking about security and thinking about security, ultimately they cannot be 100 percent secure, right, it's just you cannot be. >> It's called job security. >> Yeah, job security for us, right. But, I was thinking of this kind of as an insurance model. At some point, you get kind of the law of diminishing returns and you got to start making business trade-offs for the investment. How are these people thinking about this, at the same time, seeing their competitors and neighbors showing up on the cover of the Wall Street Journal breach after breach after breach? What's the right balance? How should they be thinking about managing risk, and thinking of a risk problem as opposed to kind of a castle problem? >> Yeah, and that's the biggest problem with CIOs and CSOs right now. It's all about what's good enough. Where do I reach that threshold? And, so there is definitely buyer fatigue. And, I think it's a matter, there are companies out there that look at the risk profile and are actually giving ratings of, what is your environment look like. We just invested in a spin out from, we helped spin out a company called CyberCube out of Symantec, and it's insurance. And, they're looking at, from a cyber insurance perspective, of what's your risk profile within your organization and selling and that data from Symantec as well as the data they have and going back to the insurance, the under buyer and saying, hey, we can show you the risk profile of this company and you can properly price your cyber insurance now. We all know how large the cyber insurance market is, so there's a lot of opportunities in that space to really look at the risk factors. >> Alright, well before I let you go, to go visit all the 117 startups, which will be looking for your cheque, I'm sure. >> Human ATM. >> What is one or two things that you think about in some of the more progressive startups that you talk about that still hasn't kind of hit the public eye yet. That they should be thinking about, or that we're going to be talking about in a couple years that's still kind of below the radar? >> Yeah, you know, if I told you then everyone else would be-- >> That's true. >> So, I have to be a little careful. You know, I think the interesting thing is, you know, a bit of a contrarian view. Is, if you think about consumer space, people don't really want to invest. Investors don't want to put money in the consumer, but you think about Symantec again, LifeLock. Identity protection, 2.3 billion dollars Symantec paid to get LifeLock. That's a lot of money. But, if you think about five years ago, how many consumers would pull out their Visa card to buy security. So, we think that there's really a potential opportunity on the consumer side. Now, AV is pretty well scorched earth. A lot of places, a lot of these endpoint things are scorched earth, but consumer might be an interesting place to be able to take these enterprise applications and, what I call, the consumerization of security, and take some of those interesting application and solutions and bring them down to the consumer in a bundle type of environment. >> Yeah, well certainly with all the stuff going on with Facebook now, people's kind of reawakening at the consumer level of what's really happening would certainly be fuel for that fire. >> We have an investment in a company called IDEXPERTS, which does breach remediation and our goal right now is we're continuing to add products from that space to be able to give the consumers a very robust offering. >> Alright, Sean, well thanks for taking a few minutes out of your day from prospecting. >> Yeah, pleasure. >> Over on the floor, he's Sean Cunningham, I'm Jeff Frick. You're watching theCUBE from RSA North America 2018 in downtown San Francisco. Thanks for watching, I'll see you next time. (upbeat music)

(clicking) >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're at PagerDuty Summit in San Francisco at Pier 27, I got to look at it. I've never been here before. It's a cool facility right on the water, between Pier 39 and the Bay Bridge. We're really excited to have back, I can't believe it's been like three years. To have Sheila Jordan, she's a CIO of Symantec and last we saw you was, I looked it up it was Service Now Knowledge 2014. >> Yes that's correct. >> Sheila, great to see you. >> Sheila: Nice to see you. Thanks for being here. >> Absolutely. So I think when we first talked you were just starting in your role in Symantec and now you're three years into it, you just got off a panel about leading digital transformation, so just give us kind of a general view of what you've been up to and how has that journey been progressing? >> Right, well it's been quite a journey and I would say that it's been really a transformational journey. So the vision for Symantec really is to become the largest cyber security company in the world. And that vision really started two, two and half years ago and I'd say that today it's a reality. When I was hired, I was actually hired to in source IT, so we completed that and then when we went through the Veritas separation, so we separated the company with Veritas which was a pretty significant separation. And then subsequently we've acquired four or five companies, we've recently acquired the Blue Coat company, which with that acquisition, we get our CEO Greg Clark. And then we've also acquired some other companies on the consumer side so the LifeLock business is really tied to our consumer digital safety. So we've been very busy and now we've just announced a small divestiture on our website security business. So lots of acquisitions, lots of change, lots of transformation, that really would been bringing into the organization. >> Jeff: Right and you talked on the panel your job is you got to keep the lights on and keep things moving. Then you've got this acquisition and in your case big, the split the divestiture. But then you still want to innovate and you've talked about looking at new applications, and I thought a really interesting comment you made was about shadow IT. >> Right >> And shadow IT is not all bad. There's a reason that somebody decided to take that action. And really they're trying to understand why? And what was the application requirement? And not just throw it out as unauthorized use. Pretty interesting lesson. >> Sheila: Well a couple things on that. Working in an engineering organization you can't ignore when there's apps being used and come up, because there's a need. Obviously there's a need that the IT organization isn't providing and so what it that need? And what is that capability that the organization is looking for? Now the cool thing is we have technology called CASB which is the Cloud Access Security Broker. That allows us to look at the entire environment of what both cloud applications of who's using what. So for example, we are sanctioned and our standard is box, but I can look across the organization and see what cloud applications we're using and if Drop Box appears, that's a question to say no that doesn't make sense, our standard's box. But the reality is is that all other applications that might be coming out of the engineering organization's using, we should be asking ourselves why? What capability are we not delivering? And how do we bring that into the IT arsenal? >> Jeff: Right, right. And essentially you bring up the box example because another thing you talked about on the stage was your cloud adoption. So kind of you threw out a number, 62%. So I'm not exactly sure what 62% is. But where was it when you got there? What is 62%? What are you measuring? And there's conversations about direct ROI but it's a much more complicated formula than just a simple ROI. >> Yes it really is, and I would say that first of all, from an IT perspective, I think any CIO has the obligation to help the organization run, change, and grow. And forward thinking CEOs really understand that technology can be used to not only run the company, that's kind of old school legacy total cost of ownership costs. Really super important, but it's not only run, but how do you use the technology to change and grow? So when you have opportunities like Saas, that allow the CIOs to have, reduce our total cost of ownership, be more agile, have the Saas providers update their products and solutions and all of that, that's kind of on the Saas providers. It makes our job a little easier or different I'd say. What I mean by that is the role of the CIO hasn't changed. Our job is to protect the company's assets. All of our company's assets and our data whether that's customer data, employee data, partner data. And yet five or seven years ago, it was these monolithic applications it was a private data center. on-prem physical data center. It was massive or monolithic geopcs. All of that has changed. So the role hasn't changed but now we've got to think about Saas applications. Cloud, infrastructure as a service. Public cloud on the infrastructure side. We think about all the applications that are coming in on our mobile devices. We think about IOT, we think about structured and unstructured data. Our role is the same, but how we have to manage that complexity to help our companies and enable our companies run, change, and grow; it's just very different. >> Jeff: And then you get involved in kind of investigating how the second order impacts? Kind of the law of unintended positive consequences by going to a Saas application, for instance. Or going to some of these platforms that doesn't show up in the simple ROI analysis. >> No, I agree with that. But I also think it's total cost of ownership but it's also as important today, as a agility. Everyone wants to get to market faster. Everyone wants to feel to be more productive. So it's really the combination of both total cost of ownership and agility. >> Yeah you said an interesting thing too. "Speed is a habit." Which is a really interesting quote. Because everybody wants speed. >> Absolutely >> And we just had another guest who talked about speed actually does correlate to better software. Because it forces you to do that. But everybody wants speed. You got to have it. So the other, you were all over, I got notes. We could go on all day. I won't go on all day, but somebody talked about what are the limits? What are the limits of applications? As you made a really interesting comment that at the end of the day, it's just about the data flow, and having a horizontal view from your seat. You may find that there's other ways to skin that cat based on what other people are doing. >> Sheila: Right, so I would say one of the reasons I love being in IT, is we see horizontally. There's many functions in the company that see in those silos, but we get to see horizontally which means we see the redundancies in an organization and some of the gaps. And so and as the world changes, that it's less about these monolithic, huge applications, but more about cloud and Saas. It really becomes important about the data flow. Where is the data? Not only is it in that say sales force application, but how does that sales force application move to a box? And how does that content move from box to say some of the collaboration tools in technology and how does that move and flow? Our role has to be about, one: Understanding the data flow and really where that exists. And how do we enable the entire business? Every function to be even more productive. But also how we protect and secure that. So, I think it's so exciting that not only are we doing, our view in IT is to deliver that unified, end to end experience. And it all comes down to the reference architecture approach. But the other part why I'm so excited about Symantec is because we're moving into the notion and the vision of having an integrated cyber defense platform. And I'll explain that for one second. Because historically, the security business has been really fragmented. Point solutions to protect every layer of your architecture. So whether you had a point solution in infrastructure, or end points, or data, or at the web gateway layer. Whatever that was, and what happened is, over time, our recent report would suggest that a large enterprise has anywhere between 65 and 85 security products in there enterprise. Large, large enterprise. >> 65 to 85. >> Security products >> Point solutions. >> In their enterprise. (Jeff chuckles) Yeah and so >> Tough to manage. >> It becomes, yeah it really does. One of the visions that Greg Clark and Mike Fey have for our company, is why can't we be, and deliver this integrated, cyber defense platform? Because it's really connected. We then have products that will live at each layer of the architecture but connected. And so the really super cool thing about that, is that the white spaces between those fragmented products, really are breeding grounds for the bad guys to come in and stay awhile and sit and watch and observe. If you have all that legacy technology and legacy applications, it just becomes a breeding ground. And when you have an integrated cyber trends platform that actually allows it to be much more integrated and really reduce some of the risks and all for our CEOs and customers, a better opportunity to effectively manage their environment. >> Right and you guys are a security company, but also you're a CIO of trying to protect stuff. So you're in a really good spot. Cause the other thing that's happening is this radical increase in the tax services. Especially as we go beyond cloud and APIs to edge economy and IOT devices. As you kind of look at the future of both for protecting your own stuff but also helping to deliver the products for your customers, if the security space is really really rapidly evolving. >> Rapidly evolving and becoming even more important. Because again, the flow of data from your sales force application to your mobile device to IOT back to a content solution. Back to some of the collaboration. The flow of data, is now app to app, or Saas to Saas. Saas to device, device to infrastructure as a service, so it really is the flow of data is so dynamic, and so security becomes just super critical to make sure we're securing that data in motion. >> Right, Right. Yeah it's crazy. And even if you have the most secure systems, you might have lapses in protocol which we hear like some of the CAWS breaches, where somebody didn't configure something right. Alright so, I could keep you here all day (Sheila chuckles) But I won't. But I want to give you that last word. What's next? And there was a little bit of conversation on the panel, so I want to open that up again. As you kind of look forward or, the cloud thing's kind of done, the API thing is kind of done as you look forward, what's kind of the next ... Never say five years in this business. Next couple years, you're excited about the move in the industry forward. >> Sheila: Well I actually think, and I know it might be an overused term, but I really think that we're just scratching the surface on AI artificial intelligence and machine learning. We're using a lot of that in our products today and how we're building our security products. But when I think about corporate IT, and I think about how we deliver statistics and information about our business. So transactional reporting on bookings and revenue and forecast and expenses, there needs to be a better, more predictive way of analyzing that data and understanding it in a much more sophisticated AI. Machine learning that we get our customer insights. And we really start to use those insights into building out that kind of knowledge as we move forward. I look forward to really beginning to really really have some strategies on AI and machine learning in corporate IT. >> Alright, well Sheila Jordan it was great to see you. Hopefully it won't be >> Nice to see you! >> Three years >> Three years till we see you again! CIO of Symantec. I'm Jeff Frick. You're watching theCUBE from PagerDuty Summit San Francisco. Thanks for watching. >> Sheila: Thank you so much. (upbeat electronic music)