>> Live from Barcelona, Spain it's theCUBE! Covering Cisco Live! Europe brought to you by Cisco and its ecosystem partners. >> Hello everyone, welcome back to theCube's live coverage here in Barcelona, Spain for Cisco Live! Europe 2019. We're at day three of three days of coverage I'm John Furrier with Dave Vellante Our next two guests we're going to talk about privacy data Michelle Dennnedy, VP and Chief Privacy officer at Cisco and Robert Waitman who is the Director of Security and Trust. Welcome back, we had them last year and everything we talked about kinda's happening on steroids here this year >> Yep. >> Welcome back >> Thank you glad to be here >> Thanks for having us >> So security, privacy all go hand in hand. A lot going on. You're seeing more breaches you're seeing more privacy challenges Certainly GDPR's going to the next level. People are, quote, complying here's a gig of data go figure it out. So there's a lot happening, give us the update. >> Well, as we suggested last year it was privacypalooza all year long running up to the enforcement deadline of May 25, 2018. There were sort of two kinds of companies. There's one that ran up to that deadline and said woohoo we're ready to drive this baby forward! And then there's a whole nother set of people who are still sort of oh my gosh. And then there's a third category of people who still don't understand. I had someone come up to me several weeks ago and say what do I do? When is this GDPR going to be a law? I thought oh honey you need a hug >> Two years ago, you need some help. >> And some companies in the US, at least were turning off their websites. Some media companies were in the news for actually shutting down their site and not making it available because they weren't ready. So a lot of people were caught off guard, some were prepared but still, you said people would be compliant, kind of and they did that but still more work to do. >> Lots more work to do and as we said when the law was first promulgated two and a half years ago GDPR and the deadline A, It's just one region but as you'll hear as we talk about our study it's impacting the globe but it's also not the end of anything it's the beginning of the information economy at long last. So, I think we all have a lot to do even if you feel rather confident of your base-level compliance now it's time to step up your game and keep on top of it. >> Before we get into some of the details of the new finding you guys have I want you to take a minute to explain how your role is now centered in the middle of Cisco because if you look at the keynotes data's in the center of a lot of things in this intent based network on one side and you've got cloud and edge on the other. Data is the new ingredient that's feeding applications and certainly collective intelligence for security. So the role of data is critical. This is a big part of the Cisco tech plan nevermind policy and or privacy and these other things you're in the middle of it. Explain your role within Cisco and how that shapes you. >> How we sort of fit in. Well it's such a good question and actually if you watch our story through theCUBE we announced, actually on data privacy day several years ago that data is the new currency and this is exactly what we're talking about the only way that you can operationalize your data currency is to really think about it throughout the platform. You're not just pleasing a regulator you're not just pleasing your shareholders you're not just pleasing your employee base. So, as such, the way we organize our group is my role sits under the COO's office our Chief Operations Office under the office of John Stewart who is our Chief Trust officer. So security, trust, advanced research all live together in operations. We have sister organizations in places like public policy, legal, marketing, the sales groups the people who are actually operationalizing come together for a group. My role really is to provide two types of strategy. One, rolling out privacy engineering and getting across inside and outside of the company as quickly as possible. It's something new. As soon as we have set processes I put them into my sister organization and they send them out as routine and hopefully automated things. The other side is the work Robert and I do together is looking at data valuation models. Working about the economics of data where does it drive up revenue and business and speed time to closure and how do we use data to not just be compliant in the privacy risk but really control our overall risk and the quality of our information overall. It's a mouth full >> So that's interesting and Robert, that leads me to a question when we've seen these unfunded mandates before we saw it with Y2K, the Enron backlash certainly the United States the Federal Rules of Civil Procedure. And the folks in the corner office would say oh, here we go again. Is there any way to get more value beyond just reducing risk and complying and have you seen companies be able to take data and value and apply it based on the compliance and governance and privacy policies? >> Dave that's a great question. It's sort of the thought that we had and the hypothesis was that this was going to be more valuable than just for the compliance reasons and one of the big findings of the study that we just released this week was that in fact those investments you know we're saying that good privacy is very good for business. It was painful, some firms stuck their head in the sand and said I don't want to even do this but still, going through the GDPR preparation process or for any of the privacy regulations has taken people to get their data house in order and it's important to communicate. We wanted to find out what benefits were coming from those organizations that had made those investments and that's really what came out in our study this week for international data privacy day we got into that quite a bit. >> What is this study? can you give us some details on it? >> It's the Data Privacy Benchmark study we published this week for international data privacy day. It's sort of an opportunity to focus on data privacy issues both for consumers and for businesses sort of the one day a year kind of like mother's day that you should always think of your mom but mother's day's a good day so you should always think of privacy when you're making decisions about your data but it's a chance to raise awareness. So we published our study this year and it was based on over thirty-two hundred responses from companies around the world from 18 countries all sorts of sizes of companies and the big findings were in fact around that. Privacy has become a serious and a boardroom level issue that the awareness has really skyrocketed for companies who are saying before I do business with you I want to know how you're using my data. What we saw this year is that seven out of eight companies are actually seeing some sales delay from their customers asking those kinds of questions. But those that have made the investment getting ready for GDPR or being more mature on privacy are seeing shorter delays. If you haven't gotten ready you're seeing 60% longer delays. And even more interestingly for us too is when you have data breaches and a lot of companies have them as we've talked about those breaches are not nearly as impactful. The organizations that aren't ready for GDPR are seeing three times as many records impacted by the breach. They're seeing system downtime that's 50% longer and so the cost of the whole thing is much more. So, kind of the question of is this still something good to do? Not only because you have to do it when you want to avoid 4% penalties from GDPR and everything else but it's something that's so important for my business that drives value. >> So the upshot there is that you do the compliance. Okay, check the box, we don't want to get fined So you're taking your medicine basically. Turns into an upside with the data you're seeing from your board. Sales benefit and then just preparedness readiness for breaches. >> Right, I mean it's a nice-- >> Is that right? >> That's exactly right John you've got it right. Then you've got your data house in order I mean there's a logic to this. So then if you figured out where your data is how to protect it, who has access to it you're able to deal with these questions. When customers ask you questions about that you're ready to answer it. And when something bad goes wrong let's say there is a breach you've already done the right things to control your data. You've got rid of the data you don't need anymore. I mean 50% of your data isn't used for anything and of course we suggest that people get rid of that that makes it less available when and if a breach occurs. >> So I got to ask you a question on the data valuation because a lot of the data geeks and data nerds like myself saw this coming. We saw data, mostly on the tech side if you invested in data it was going to feed applications and I think I wrote a blog post in 2007 data's going to be part of the development kits or development environment you're seeing that now here. Data's now part of application development it's part of network intelligence for security. Okay, so yes, check, that's happening. At the CFO level, can you value the data so it's a balance sheet item? Can you say we're investing in this? So you start to see movement you almost project, maybe, in a few years, or now how do you guys see the valuation? Is it going to be another kind of financial metric? >> Well John, it's a great point. Seeing where we're developing around this. So I think we're still in somewhat early days of that issue. I think the organizations that are thinking about data as an asset and monetizing its value are certainly ahead of this we're trying to do that ourselves. We probed on that a little bit in the survey just to get a sense of where organizations are and only about a third of organizations are doing those data mature things. Do they have a complete data map of where their stuff is? Do they have a Chief Data Officer? Are they starting to monetize in appropriate ways, their data? So, there's a long way to go before organizations are really getting the value out of that data. >> But the signals are showing that there's value in the data. Obviously the number of sales there's some upside to compliance not just doin it to check the box there's actually business benefits. So how are you guys thinking about this cause you guys are early adopters or leaders in this how are you thinking about the data measurement of it? Can you share your insights on that? >> Yeah, so you know, data on the balance sheet Grace Hopper 1965, right? data will one day be on the corporate balance sheet because it's in most cases more valuable than the hardware that processes. This is the woman who's making software and hardware work for us, in 1965! Here we are in 2019. It's coming on the balance sheet. She was right then, I believe in it now. What we're doing is, even starting this is a study of correlation rather than causation. So now we have at least the artifacts to say to our legal teams go back and look at when you have one of our new improved streamline privacy sheets and you're telling in a more transparent fashion a deal. Mark the time that you're getting the question. Mark the time that you're finishing. Let's really be much more stilletto-like measuring time to close and efficiency. Then we're adding that capability across our businesses. >> Well one use case we heard on theCUBE this week was around privacy and security in the network versus on top of the network and one point that was referenced was when a salesperson leaves they take the contacts with them. So that's an asset and people get sued over it. So this again, this is a business policy thing. so business policy sounds like... >> Well in a lot of the solutions that exist in the marketplace or have existed I've sat on three encrypted email companies before encrypted email was something the market desired. I've sat on two advisory boards of-- a hope that you could sell your own data to the marketers. Every time someone gets an impression you get a micro cent or a bitcoin. We haven't really got that because we're looking on the periphery. What we're really trying to do is let's look at what the actual business flow and processes are in general and say things like can we put a metric on having less records higher impact, and higher quality. The old data quality in the CDO is rising up again get that higher quality now correlate it with speed to innovation speed to close, launch times the things that make your business run anyway. Now correlate it and eventually find causal connections to data. That's how we're going to get that data on the balance sheet. >> You know, that's a great point the data quality issue used to be kind of a back office records management function and now it's coming to the fore and I just make an observation if you look at what were before Facebook fake news what were the top five companies in the United States in terms of market value Amazon, Google, Facebook was up there, Microsoft, Apple. They're all data companies and so the market has valued them beyond the banks, beyond the oil companies. So you're starting to see clearer evidence quantifiable evidence that there's value there. I want to ask you about we have Guillermo Diaz coming up shortly, Michelle and I want to ask you your thoughts on the technical function. You mentioned it's a board level issue now, privacy. How should the CIO be communicating to the board about privacy? What should that conversation be like? >> Oh my gosh. So we now report quarterly to the board so we're getting a lot of practice We'll put it that way. I think we're on the same journey as the security teams used to you used to walk into the board and go here's what ransomware is and all of these former CFOs and sales guys would look at you and go ah, okay, onto the financials because there wasn't anything for them to do strategically. Today's board metrics are a little soft. It's more activity driven. Have you done your PIAs? Have you passed some sort of a third party audit? Are you getting rejected for third party value chain in your partner communities? That's the have not and da da da. To me I don't want my board telling us how to do operations that's how we do. To really give the board a more strategic view what we're really trying to do is study things like time to close and then showing trending impacts. The one conversation with John Chambers that's always stuck in my head is he doesn't want to know what today's snapshot is cause today's already over give me something over time, Michelle, that will trend. And so even though it sounds like, you know who cares if your sales force is a little annoyed that it takes longer to get this deal through legal well it turns out when you multiply that in a multi-billion dollar environment you're talking about hundreds of millions of dollars probably a week, lost to inefficiency. So, if we believe in efficiency in the tangible supply chain that's the more strategic view I want to take and then you add on things like here's a risk portfolio a potential fair risk reporting type of thing if we want to do a new business Do we light up a business in the Ukraine right now versus Barcelona? That is a strategic conversation that is board level. We've forgotten that by giving them activity. >> Interesting what you say about Chambers. John you just interviewed John Chambers and he was the first person, in the mid 90s to talk about a virtual close, if you remember that. So, obviously, what you're talking about is way beyond that. >> Yeah and you're exactly right. Let's go back to those financial roots. One of the things we talk about in privacy engineering is getting people's heads-- the concept that the data changes. So, the day before your earnings that data will send Chuck Robbins to jail if someone is leaking it and causing people to invest accordingly. The day after, it's news, we want everyone to have it. Look at how you have to process and handle and operationalize in 24 hours. Figuring out those data stories helps it turn it on its head and make it more valuable. >> You know, you mentioned John Chambers one of the things that I noticed was he really represented Silicon Valley well in Washington DC and there's been a real void there since he retired. You guys still have a presence there and are doing stuff there and you see Amazon with Theresa Carlson doing some great work there and you still got Oracle and IBM in there doing their thing. How is your presence and leadership translating into DC now? Can you give us an update of what's happening at-- >> So, I don't know if you caught a little tweet from a little guy named Chuck Robbins this week but Chuck is actually actively engaged in the debate for US federal legislation for privacy. The last thing we want is only the lobbyists as you say and I love my lobbyists wherever you are we need them to help give information but the strategic advisors to what a federal bill looks like for an economy as large and complex and dependent on international structure we have to have the network in there. And so one of the things that we are doing in privacy is really looking at what does a solid bill look like so at long last we can get a solid piece of federal legislation and Chuck is talking about it at Davos as was everyone else, which was amazing and now you're going to hear his voice very loudly ringing through the halls of DC >> So he's upping his game in leadership in DC >> Have you seen the size of Chuck Robbins? Game upped, privacy on! >> It's a great opportunity because we need leadership in technology in DC so-- >> To affect public policy, no doubt >> Absolutely. >> And globally too. It's not just DC and America but also globally. >> Yeah, we need to serve our customers. We win when they win. >> Final question, we got to get wrapped up here but I want to get you guys a chance to talk about what you guys announced here at the show what's going on get the plug in for what's going on Cisco Trust. What's happening? >> Do you want to plug first? >> Well, I think a few things we can add. So, in addition to releasing our benchmark study this week and talking about that with customers and with the public we've also announced a new version of our privacy data sheets. This was a big tool to enable salespeople and customers to see exactly how data is being used in all of our products and so the new innovation this week is we've released these very nice, color created like subway maps, you know? They make it easy for you to navigate around it just makes it easy for people to see exactly how data flows. So again, something up on our site at trust.cisco.com where people can go and get that information and sort of make it easy. We're pushing towards simplicity and transparency in everything we do from a privacy standpoint and this is really that trajectory of making it as easy as possible for anyone to see exactly how things go and I think that's the trajectory we're on that's where the legislation both where GDPR is heading and federal legislation as well to try to make this as easy as reading the nutrition label on the food item. To say what's actually here? Do I want to buy it? Do I want to eat it? And we want to make that that easy >> Trust, transparency accountability comes into play too because if you have those things you know who's accountable. >> It's terrifying. I challenge all of my competitors go to trust.cisco.com not just my customers, love you to be there too go and look at our data subway maps. You have to be radically transparent to say here's what you get customer here's what I get, Cisco, here's where my third party's. It's not as detailed as a long report but you can get the trajectory and have a real conversation. I hope everybody gets on board with this kind of simplification. >> Trust.cisco.com we're going to keep track of it. Great work you guys are doing. I think you guys are leading the industry, Congratulations. >> Thank you. >> This is not going to end, this conversation continues will continue globally. >> Excellent >> Thanks for coming on Michelle, appreciate it. Robert thanks for coming on. CUBE coverage here day three in Barcelona. We'll be back with more coverage after this break.

- So our first prediction relates to how data governance is likely to change in a global basis. If we believe that we need to turn more data into work, businesses haven't generally adopted many of the principles associated with those practices. They haven't optimized to do that better. They haven't elevated those concepts within the business as broadly and successfully as they have, or as they should. We think that's gonna change, in part, by the emergence of GDPR, or the General Data Protection Regulation. It's gonna go in full effect in May 2018. A lot has been written about it. A lot has been talked about. But our core issues ultimately are, is that the dictates associated with GDPR are going to elevate the conversation on a global basis. And it mandates something that's now called the Data Protection Officer. We're gonna talk about that in a second, Dave Elonte. But it is going to have real teeth. So we were talking with one Chief Privacy Officer not too long ago who suggested that had the Equifax breach occurred under the rules of GDPR, that the actual fines that would have been levied would have been in excess of $160 billion dollars, which is a little bit more than the $0 dollars that has been fined thus far. Now we see new bills introduced in Congress, but ultimately our observation and our conversation with a lot of Chief Privacy Officers or Data Protection Officers is that in the B to B world, GDPR is going to strongly influence not just how businesses behave regarding data in Europe, but on a global basis. - A lot of the undertone is, "Cloud, cloud, cloud, governance, governance, governance," is the two, kind of the drivers I've been seeing as the forces this week is a lot of people trying to get their act together on those two fronts. And you can kind of see the scabs on the industry. Some people haven't been paying attention and they're weak in the area. Cloud is absolutely going to be driving the big data world, because data's horizontal, cloud's the power source to that. You guys have been on that. What's your thoughts? What other drivers and currents-- first of all do you agree with what I'm saying? And what else did I miss? I mean, security is obviously in there, but-- - Absolutely, so I think you're exactly right on. So, obviously governance security's a big deal. Largely being driven by the GDPR regulation that's happening in Europe. But I mean, every company today is global, so everybody's essentially affected by it. So I think data up til now has always been a kind of opportunistic thing, that there's a couple guys in the organization who are looking at it as, "Oh, let's do some experimentation, "let's do something interesting here." Now it's becoming government mandate. And so I think there's a lot of organizations who are, like to your point, getting their act together, and that's driving a lot of demand for data management products. So now people say, "Well, if I gotta get my act together, I don't want to have to hire armies of people to do it. Let me look for automated, machine-learning based ways of doing it," so that they can actually deliver on the audit reports that they need to deliver on, ensure the compliance that they need to ensure, but do it in a very scalable way. - Me as a customer come to an enterprise say, "I don't want any of my data stored." It's up to you to go delete that data completely, right? That's the term that's being used, and that goes into effect in May. How do you make sure that that data gets completely deleted by that time the customer has. How do you get that consent from the customer to go do all this? So there's a whole lot of challenges as data as multiplies. How do you deal with the data? How do you create insights to the data? How do you pay the consent on the data? How do you be compliant on the data? You know, how do you create the policies that's needed to generate that data? All those things needs to be, those are the challenges that enterprise is facing. - Digital transformation's accelerating, data protection's being disrupted, millions of jobs are coming in. You guys are playing a role. What is the role that Druva is playing in the digital transformation acceleration? - Absolutely. You think about the world, right, and you think of companies like Domino's or Tesla, they think they are softer companies, right, they deliver, the server they deliver a softer approach of the traditional business model. In the heart of this transformation of enterprise is becoming softer, digitalized, is the data at the core. And data today will outlive most systems. And the more and more fragmented your approach to data becomes, you store data on prem, in the cloud, everywhere in between, the data management has to become more and more centralized. So Druva is in the core of this transformation making a data transformation and making sure your data architextures the future of a better approach of manageablity and protection with a Druva platform. - You guys had a busy month this month. You got a couple big news we're gonna be talking about today. Funding and next generation platform. Walk us through that. - Absolutely, so we have two big news to announce today. The first one being $80 million dollars of capital raised, led by Revolt Capital, followed by most of their investors, including Sequoia. Excellent in iron capital. And then the number two being announcing a whole new Druva cloud platform, which holistically takes our entire product portfolio and puts it together in a nice, simplistic approach to manage your entire information workload in a single platform in the could. - The first question is mind is is everybody ready for GDPR? The answer is "no". Have they started into the journey to get, have they started getting on the racetrack, right? On the road? Yes. Yeah, it depends on the maturity of the organization. Some people have just started building a small strategy around GDPR. Some people have actually started doing assessment to understand how complex is this beast and regulation. And some people have just moved further in the journey of doing assessment, but they're now putting up changes in their infrastructure to handle remediation, right? Things like, for example, consent management. Things about, things like deletion. It could be very big deal to do, right? So they are making changes to the infrastructure that they have or the IT systems to manage it effectively. But I don't think there's any company which probably can claim that they have got it right fully end to end.

(electronic music) >> Narrator: Live from Barcelona, Spain. It's theCUBE covering Cisco Live 2018. Brought to you by Cisco, Veeam, and theCUBE's ecosystem partners. >> Hey welcome back everyone, this is theCUBE's exclusive live coverage here at Barcelona, Spain for Cisco Live 2018 Europe. I'm John Furrier, the co-founder of SiliconANGLE Media and co-host of theCUBE with my partner co-host this week, Stu Miniman, host theCUBE hundreds of events also an analyst at Wikibond.com. Our next guest is Rowan Trollope, who's the SVP and General Manager of the applications division groups plural applications. Welcome to theCUBE, good to see you again. >> Good to see you, too. >> So you did the Keynote up on stage here in Europe and, obviously, Europe is the 2018 kickoff. So it's officially Cisco Live Europe but it's 2018. >> Rowan: Welcome to 2018, it's here. Europe is a big exploding area. You got GDPR on the horizon, you got sophisticated customers, lot of networking, lot of cloud discussions, lot of futuristic views in your speech. How is Cisco changing now? That just really nailed it in the Keynote. What is the future vision that you see for Cisco? >> You're really seeing a new Cisco emerge at this point, I think. A software-defined, faster-paced company, frankly. The idea that what got us here won't get us there, we have to reinvent the company. We have to reinvent what we'd done for so long. And that's what the team is doing. And that was, what was so impressive, frankly, about the network intuitive launch last year was just how dramatically that team had reimagined the concept of, in this case, campus networking, right? But we know that it doesn't stop there. As David said yesterday, it's going to go into the data center, it's going to apply across the rest of, and even the cloud. >> One of the things that Cisco's always had and observe in just as an industry participant over the past 30 years is, you know when open standards TCP/IP came out, that created an industry. So much happened from there, but Cisco's been an enabling company. You guys enable people to be successful. That's always been kind of the network stack. The disruption from going after the old SNA and DECnet protocols, Sonova protocols. >> You're going back before me. (laughing) >> Yeah, but going forward and your speech was not about looking back, it was about looking forward. So now, how is Cisco going to be enabling that future generation of customers, stakeholders, developers, and where is that value going to be unlocked? Where's it going to come from? >> I think that if we were to have a history book and be living the world 2050 right now and then we had a book called the history of the internet, the last 50 years, what would that book say? And how would it talk about 2018 and the world we live in today? And I bet you that it would sort of almost be quaint or sort of Jurassic era internet to the users of 2050 or the inhabitants, the citizens of 2050. That we would look back on this era that we're in today and just say, "Wow, I can't, could you believe the." You know I could imagine my kids are like, "You guys had all these security problems? "Oh my God that's crazy, how could you have lived that way?" >> You carried a phone around? (laughing) >> Yeah, like this is crazy, in other words, we kind of haven't even really started with the internet yet. We just tried a few things and it seems pretty cool and we know there's a few problems and one of them's like, "Gosh, it can't be so manual." We know we're going to have to fix that. "Gosh, it can't be so insecure." We know we're going to have to fix that. "Oh my gosh, this cloud thing's "pretty cool but turns out there's "a little more complexity." We solve that, you know, as well. So it's really going through those things and, at least the way my brain works, it's kind of that I put myself in the future and look backwards and it helps me to sort of think that, gosh, we just got to really think about this in a bigger way and start moving faster. >> Rowan, I love that. If they go back in the history book and it was like, okay, that era networking, dominated by Cisco, tracked by ports and revenue and the old Cisco and the seven dwarfs. Now the future era: software, it's applications. What defineds who Cisco is in the market and how do we track who the winners and losers are? >> Well, I think what you said earlier is right. Cisco is an enabling company and Cisco is a special kind of company, frankly. I think a different kind of company than what you see out there in the world. We're a company that has created orders of magnitude more value than we've captured. And we've captured a lot but when you think about some companies don't do that. Some companies create, almost capture the same amount of volume that they create or they keep almost all of it for themselves. And there's some notable current examples, but I won't name names, where they're really capturing almost all the value that they're creating. Cisco's a different kind of company. We're creating a platform for society, frankly, to be able to exist on this planet in a meaningful way in the future and it reminds me, the way that Cisco is, it reminds me of a great line that's been going around recently which is, "A society grows great when men plant "trees whose shade they know they will never sit in." And that's how I think about the next generation infrastructure. This is going to take a long time to get out there. And we are creating that future for our next generation, but doesn't mean that we have to wait. We need to get started now. There's urgency. >> Rowan, one of the observations that we made yesterday, Stu and I were talking about it when we were walking in this morning is, we usually talk about competition but not this year. It's almost as if this point in history, it's not about competition being names of other companies; the competition is being on the right side of history. >> Right. >> And so you bring up this point, right this is really clear, but the question is architecturally, there's some decisions that companies, and companies are trying to face this, your customers are trying to figure out I want to be on the right side of history because that future is coming. What in your mind's eye is that architecture, obviously software, billion connected devices, I get that, but specifically, what is the history line going to look like? What line, where should people be on, what side of history do you see unfolding that customers can go to for safe harbor to put the 20 year plan together for their business? >> You know I think right now we're at a moment where customers do have to make choices but the choice is pretty clear to everyone. It isn't like there's a lot of questions. We know that the network needs to be reinvented. We've built the products and they're here now. So it's really about, do you start now? And in my view, it's sort of a matter of life or death. Except for many of these companies, waiting is not an option. So, I think that the dividing line on history will be did you get started? Did you transform your business at that time? If you didn't, it's unlikely that your company will be around for very long. And so that will sort of define the future in my mind. It's who got started early. Who said, "Okay, now is the time "we got to get onto this stuff," >> And in 10BASE networking, in context, great message, love that. That's certainly an architecture that's data driven. But not a lot of data driven constructs in the Keynotes, probably in the sessions there are, but what's the role of data? Obviously we had your Chief Privacy Officer Michelle Dennedy on earlier, she was awesome, data is now the asset that will probably value businesses so you have on the app side we had the collab team over, it's a platform, not just a tool, a set of tools that's throwing off data. This data is the instrumenting valuation for companies. How are you looking at this and how does Cisco evolve to skate to where the puck will be? Cause it's still early but developing really fast on the data front. >> I think that academics today and a lot of Cisco thought leaders would agree with this, are looking at a next-generation networking principle called Information-Centric Networks, or data oriented networking architectures. And it's the idea that current networking architectures are based on the N10 principle, which are systems-based. System A connects to system B and they can send bits. Well, the next generation networks not going to be system-based, it's going to be information-based, which means I don't ask for the Microsoft.com URL and then get the IP address and connect to a system. I find out, I want to see, show me the product list for Microsoft and the network serves me that up. And Microsoft publishes it and says, I have that information. So when someone asks for it, I say I have it and I publish it. So the network abstracts to a higher level that is at the data layer, not at the connectivity layer and that is what I think is going to happen over time. Is you're going to see this continuing abstraction up the stack of all this infrastructure where it gets easier and easier and easier for developers to interact with the infrastructure. >> So here's a philosophical question for you. Network theory, we all know how packets move around, folks may or may not care, if they don't are in that business. >> Rowan: We care. >> Well I mean someone in the business might not care how OSPF routing protocol works but I mean it's a network theory. Social networking and IoT are connected devices, they're nodes on a network. How do you take that DNA of being competent in network DNA to applications that are inherently more graph databases? More network-oriented where attention, reputation, intent, context, it's always been like a search paradigm, not a networking-moving packet paradise. So, I guess my question is, how do you connect those two worlds, how does Cisco do that? Cause you do dominate the network, network theory, network graphs. >> Yeah, I think that, you said it's a philosophical question so I can give you a philosophical answer. You know, we live in a world today where we don't actually really access the internet. We access it through companies that have put a business model on top of it. You go to Google or any other search engine, that's the case. So they've essentially layered this data-oriented layer on top of the network already. But you're paying for it. And you're paying a price because if you search and you search and I search, we're going to get three different answers. I mean this whole idea of filter bubbles and what's going on with social networks today is a true phenomenon. And the internet was never really meant to be that way. So I think there's an opportunity for us to reimagine that. And some of the basic, sort of, principles of the network can be reconsidered. Now, obviously, we've got the short-term things we need to do over the next few years like have companies deploy our new gear and buy our stuff and everything else. But we are thinking about these next generations, I'd say pretty keenly and, you know, I think that the infrastructure of the future, the way that I think about it, does provide a much higher level of abstraction to the network than what we have today. >> They're making it programmable, you mean. Making it resilient. >> Yeah, as a developer, I shouldn't have to worry about standing up a server. I should be able to write some code and publish some data and subscribe to data and that's it. >> Rowan, I loved actually the open of your Keynote. You talked about it's a new era and a new infrastructure. We've seen Cisco change the dynamic; the applications, some of the acquisitions you made, the push much deeper into software. What are some of the biggest challenges you face there 'cause I think we agree, if Cisco is alive and thriving in 2015, we don't think of it as infrastructure networking company. So, what's the biggest challenge for the company to move that way, up the stack. >> Well, I think the biggest challenge is how quickly we moved. I think that we have to constantly be challenging ourselves to move faster. We know, I think we have a pretty good sense for where the future is going and what we'd like to create. The question is how quickly can we and our customers move. And we have to make it easier for our customers. So advance services plays a big part in that. That's why we have such a big investment there and why we're so over-rotating onto staffing that for the network intuitive. The collaboration business is going through the same transformation, IoT in the same way. So really, we're racing to keep up with our customers as much as they're racing to keep up with us. And that's the biggest opportunity and challenge, I think, for the company right now. Is can we move fast enough. And if we do, a $40 stock price will look like, you know, again, quaint. >> So developers are going to be a key role. Obviously a developer-focused, developer.Cisco.com. You guys had that around for a long, long time. You guys, when vertically-integrated Cisco works great, Cisco on Cisco, as you go out and have more APIs and things like Uber Nettes with cloud-native open up more non-Cisco. One trend we're seeing here at Cisco Live is a lot of developers that aren't necessarily a hardcore network guys are coming into the Cisco fold. That's going to be more of the trend going forward. How do you view and what does Cisco need to do to capture that mind share and convert them into valuable participants in the community building on top of Cisco, because integration with non-Cisco related things, whether it's open source and/or other systems be imbedding into the sales force and what not. That has to be the new normal for you guys. What's your view on that and how do you drive that forward? >> I think companies of the future, next generation companies, there's not going to be a distinction between tech companies and non-tech companies. Every company will be a tech company and you won't have sort of the difference between the application and your business. The application is your business. So the app is your business and you're a tech company and that's that. And all companies will be that way, essentially. Powered by software. In that kind of a world, it's developers that are key to delivering on your company's mission. And so I think developers will continue to accelerate. We see the DevNet zone grows here every year. It's phenomenal, it's bigger than ever this year. And the examples in the programmability that we've been adding to the network, to the collaboration portfolio, every time I come here, it blows my mind. And so I think that's certainly a vision of the future, when you come and take a look at what's going on here. You can see that the developer is the key for those businesses of the future and we're going to service them. I mean, that is our mission is to get very, very focused on servicing developers with the platforms that we're building. >> If you had to extract out and describe to a college buddy or customer or friend, they asked you, "Rowan, what's the big wave "that you're riding for the next 20 years?" These waves are coming. We're seeing a lot of examples of crypto and blockchain on one end, really active, you certainly got cloud as a wave, data AI as a wave. Is it all one big wave? I mean waves of innovation come once a generation this size. We've said on theCUBE, we think it's the biggest wave we've seen in a long, long time. I mean right now, it's a combination of all those things. Your thoughts of the wave, how would you describe that to someone. >> I think the biggest and most meaningful thing to us is the connectivity of everything. I think that's probably the big one. Data comes along with that, all the other parts of it come along with it. But, if you think about the history of where we've been, for the last 30 years the internet was largely here and here. That's where it is. >> Like that remote. (laughing) >> And it's not in your lights and it's not in your cameras and it's not in the desk and it's not in your chair, but it will be. That to me is the biggest transformation. It's going to take a long time. You know, I think we've been talking about this transformation for a long time but as we get to that level of connectivity, as we get to that level of pervasiveness of the network, that's the biggest transformation to me is that the network goes from here to everywhere. >> And the common threads to your point is data, cloud, no-no, data, network-- >> Yep, cloud, security-- >> And software. >> Yeah, I mean look-- >> Things that'll never change. There will always be data, there will always be the network. >> Yep, and there will always be compute of some sort or another. We just think that if you look at our portfolio, we are really well positioned to create that next generation infrastructure. We've got the products now in many, across the boards. And we're thinking about, when you think about data as one of the most interesting things I think about, one of the most important transitions for the company is around data. It's about pivoting our focus from moving packets to addressing data. And what we want to be ultimately for in enterprise is a central nervous system and the real-time platform for data. We're not going to be the database. We're not going to be the analytics company. We're going to be that real-time source of information. You could think about it as a nervous system for a business. >> You're taking your network DNA and expanding it. Not trying to land grab new trends. >> No I think there's plenty of work for us to do. >> Rowan, a final question, what's the vibe here in Barcelona? Obviously, great Keynote. Stu and I both really enjoyed, love the vision. And then the meaty part of the intent that came after was great. What's going on, your conversations in the hallway, customers, dinners, what's the vibe like here in Europe for Cisco this year? >> Well, it's a thrilling vibe, especially down here on the show floor and right here at the epicenter of that which is the DevNet, sort of workshops and all the things that are going on, they're packed. So I think if you're going to come down, get down here soon because they are just absolutely filled up and so, that's one thing. I think a tremendous amount of optimism for the company is what I'm picking up as I talk to customers. People that have been coming up to me have been just very excited about Cisco's future and very excited about our vision and very excited about what we're doing and what we are doing together. I think the idea that Cisco is a different kind of company. We're the kind of company that is an enabler for our customers to do great things. And that, to me, is a very noble pursuit. >> Alright, Rowan Trollope, SVP and general manager applications Cisco, headlining Cisco Live 2018 here in Europe. This is theCUBE's live coverage from the DevNet zone here in Barcelona. I'm John Furrier, Stu Miniman. More live CUBE coverage after this short break. Thanks for watching.

>> Narrator: Live from Las Vegas, it's The Cube, covering NetApp Insight 2017, brought to you by NetApp. >> Welcome back to our live coverage. It's The Cube here in Mandalay Bay in Las Vegas. I'm John Furrier, the co-host and co-founder of SiliconANGLE Media, with Keith Townsend my co-host, CTO Advisor. Our next two guests is Sheila Fitzpatrick, the Chief Privacy Officer for NetApp, and Michael Archuleta, CIO HIPPA and Information Security Officer at San Rafael Hospital. Thanks for joining us. >> Thank you. >> Thank you very much. >> Great topic, privacy, healthcare, ransomware, all these hacks going on, although it's not a security conversation, it really is about how data is changing, certainly with the HIPAA, which has got a history around protecting data, but is that good? So, all kinds of hornets' nest of issues are going on. Michael, all for the good, right? I mean, everything's for the good but, at what point are things foreclosed, the role of the tech? What's your update on healthcare and the role of data, and kind of the state of the union? >> Yeah, absolutely. So, data right now, is one of those assets that's really critical in a healthcare organization. When you look at value-based care, on improvements, utilization of real-time data, it's really critical that we have the data in place. But the thing though is, data is also very valuable to hackers, so it is really a major problem that we're basically having in healthcare organizations, because right now, healthcare organizations are one of the most attacked sectors out there. I was basically stating that there's an actual poll out there that stated that 43% of individuals don't even know what ransomware is. And you figure, in healthcare organizations, we're really behind the curve when it comes to technology. So when you bring that into, and you say okay guys, what's ransomware, what's cyber security? What's a breach? Everyone's like, well I-- >> Malware, resilient things. >> I don't know what it is. So it becomes an issue, and the thing though is the culture has not been fully developed in organizations like healthcare, because we're so behind in the curves. But what we've been focusing a lot on, is employee cyber security awareness, kind of bringing in that culture, having individuals understand, because as you were stating too, I mean, healthcare information is 10-times, 20-times more valuable than a Social Security and a credit card, on the dark net right now. If you figure, PHI contains a massive amount of data, so it is very profitable, and these individuals go in, hack these systems, because of course, healthcare organizations are so easy to hack, they place it out on the dark net, you go out, you buy some Bitcoins, you can go and have some good identity theft going on. And I mean, we have a massive issue here in the States, with substance abuse, so if you want basically a script, or you want multiple scripts with different identities, go out there and purchase those specific things. So, it is a problem, and then on my standpoint is, imagine if this was your mother's, your father's, your grandma's, any family member's information. That's why data is so valuable, and it's so critical that we take care of the information as securely as possible, but it starts with the people, because I always say at the end of the day, our employees hold the keys to either letting the individuals stay out, or inviting them in. So it is a problem, absolutely. >> Sheila, I want to get your thoughts, 'cause obviously this segment here is why data privacy is always one of the top-five concerns for CXOs. And obviously, the tagline NetApp has for the show is "Change the World With Data". There's a lot of societal impacts going on. We're seeing it every day, in front of our eyes, certainly here in Vegas and then throughout the world, with hacks, Equifax just still in memory there. And there's going to be another Equifax down the road. The hackers are out there, lots of security concern. You've got developers that are getting on the front lines, getting closer to business, that's a trend in the tech business. Data privacy has always been important, but this means that there's a confluence of two things happening right now, that's really that collision course: technology and policy. Privacies and policy things that people spend a lot of time trying to get right, and for all the right reasons, but I'll make some assumptions here, and could foreclose and all penaltize them, put a penalty for the future. How should CEOs, COOs, CDOs, Chief Data Officers, chief everybody, they're all CXOs, think about privacy? >> Well I think it starts with the fundamental, and you're absolutely right, there's a real misperception out there, around privacy. And I always tell people, people that know me know that my pet peeve is when people say to me we have world-class security, therefore we're good on privacy. I literally want to slap them, because they're not the same thing. If you think about-- >> She's closer to John. >> Yeah, you better move that way. If you think about the analogy of the wheel, data privacy is that full life-cycle of the wheel. It's that data that you're collecting, from the time you collect it to the time you destroy it. It's the legal and regulatory requirements that say what you can have, what you can do with that data, obtaining the consent of the individual to have that data. Certainly, protecting that data is very important, that's one spoke on that wheel, but if you're only looking at encryption, that wheel's not going to turn, 'cause you're literally encrypting data you're not legally allowed to have. So if you think about the healthcare industry, where I absolutely agree, the data that you deal with is one of the most valuable data and sensitive data individuals can have, but often times, even healthcare organizations don't even know what they're collecting, or they're collecting data that maybe they don't necessarily need, or they only think about protecting that protected health information, but they don't think about the other personal data they collect. They collect information on your name, your phone number, your home address, dependent information, emergency contact. That's not protected health information. That's personal data that's covered under privacy laws. >> Here's the dilemma I want to ask you guys to react to, because this is kind of the reality as we see it on The Cube. We go to hundreds of events a year, talk to a lot of thought leaders and experts. You guys are on the field every day. Here's the dilemma: I need to innovate my business, I got to do a digital transformation. Data is the new competitive advantage. I got a surface data, not in batch basis, real-time, so I can provide the kinds of services in real-time, using data, at the same time that's an innovative, organic growing, fast-paced technological advancement. At the same time, I'm really nervous, because the impact of ransomware and some of these backlash events, cause me to go pause. So the balancing out between governance and policy, which could make you go slower, versus the let's go, move fast, break stuff, you know, let's go build some new apps. I want to go faster, I want to innovate for my business and for my customers, but I don't want to screw myself at the same time. How do you think about that? How do you react to that? And how do you talk to customers about that when they try to figure it out? >> So that's something, that's an area that I spend a lot of time talking out, 'cause I'm very fortunate that I get to travel the globe and I'm meeting with our customers all over the world. And those same issues, they want to adapt to new technology. They want to invest in the cloud, they want to invest in AI, in internet-of-things, but at the same time, I keep going back to, it's like building a house, you have to start with the ground floor. You have to build your privacy compliance program, and understand what data do you need in order to drive your business? What data do you need to sort your customers, your patients, your employees? Once you've determined that fundamental need and what your legal requirements are, that's when you start looking at technology. What's the right technology to invest in? You don't start that journey by deciding on technology and then fit the data in. You have to start with what the data is, and what you want to do with that data, what service you're trying to provide, and what the basics are, and then you build up. >> So foundationally, data is the initial building block. >> Absolutely. You don't build a house by starting with the second floor. If you start looking at tools and technology to begin with, that house is going to collapse. So you start with the data and then you build up. >> Michael, you're on the front lines, and the realities are realities. Your thoughts? >> Absolutely. So you know, you have some excellent points. The thing is, at the end of the day, I always say security at times is inconvenience. I mean, we add two-factor authentication, we add all these additional fundamentals in what we basically do, but the bottom line is we're trying to secure this data. There has to be security governance, to really focus on okay, this is the information you need. We need to kind of go through legal, we need to go through compliance, and we need to kind of determine that this is going to be ease-of-access for your group, and we need to make sure that we are keeping you secure as well too. The bottom line is innovation, of course, it won't do so much disruption, et cetera. It's absolutely amazing. You know, I love innovation, honestly, but we still have to have some governance, and focus on that in keeping it secure, keeping it focused, and having the right individuals really-- >> How do you tackle that as a team, with your team? It's cultural organizational behavior, or project management, product planning. How do you deal with the balance? >> Well at the end of the day, the CEO of NetApp basically states it starts from the top down. You really have to have a data-driven CEO that basically understands at least the fundamentals of cyber security, information technology, innovation, have those all combined and together and having that main focus of governance, so everyone has that full fundamentals of understandment, if that makes sense. >> Let's talk tech. You know, we've talked at the high level. I love it that you brought in the global conversation into this, you're taking a global view. We talked a little bit before the show, there's a mismatch in taxonomy. Here in the U.S., we're focused first on security, maybe, and then secondarily on this concept of PII, which really doesn't exist outside of the U.S. Now we have GDPR. Talk to us about the gap in understanding of GDPR, and what we consider as PII, here in the U.S., and where U.S. companies need to get to. >> Okay, that's a great question. So, the minute an individual talks about PII, you automatically go, U.S.-centric, understanding that you must operate in a purely domestic environment. The global term for personal data is personal data, it's not PII. There is a fundamental difference: in the U.S. there is a respect for confidentiality, but there's no real respect for privacy. When you talk about GDPR, that is the biggest overhaul in data protection laws in 25 years. It is going to have ramifications and ripple-effect across the globe. It is the first extra-territorial data privacy law, and under GDPR, personal data is defined as any piece of information that is identifiable to an individual, or can identify an individual either directly or indirectly. But more importantly, it has expanded that definition to include location data, IP address, biometric information, genetic information, location data. So if you have that data and you say well I can't really tie that back to a person, if you can go through any kind of technology process to be able to tie it back to a person, it is now covered under GDPR. So one of the concepts under GDPR is privacy by design. So it's saying that you have to think about privacy very similar to where we've always sat about security up front, when you're investing in new technology, when you're investing in a new program, you need to think about, going back to what I said earlier, what data do you need? What problem are you trying to solve? What do you absolutely have to have to make this technology work? And then, what is the impact going to be on personal data? So I absolutely agree, security is incredibly important, because you need to build a fortress around that data. If you haven't dealt with the privacy component of GDPR, and other data protection laws, security would be like me going down and robbing a bank, coming home and putting that money in the vault in my house, locking it up, and going that money's secure, no one can get to it. When the police come knocking on my door, they're not going to care that I have that locked in a vault. That's not my money. And you have to think about personal data the same way, and certainly healthcare information the same way. You need the consent of the individual, and you need to articulate what you're going to do with that data, be transparent. So the laws are not trying to inhibit or prohibit technology, they're just trying to get you to think about-- >> So Michael, as we think about this, how it impacts GDPR specifically, the healthcare industry talked to dinner about this a little bit. We're talking about medical records, doctors, medical professionals like to keep as much data as possible. Researchers want to get to as much data as possible. What are some of the ramifications or considerations at least, for the medical industry? >> Yeah, absolutely. So you know, on your standpoint there, as you stated, at the end of the day when we basically look and we focus on our security governance, we go over the same fundamentals as you are going. What information is basically needed to access that information for the patient? What is needed from the physician's standpoint? What is needed from the nurse's standpoint? Because the thing is, we don't just open it up to everyone, like on a coming in by different specific job functionalities, you know. We kind of prioritize and put different levels of this is the level of data this individual basically needs, versus this individual. And the thing is, the beauty about what we basically have focused on a lot too, is we developed the overall security governance committee that kind of focuses on the specific datas from HIPAA, high-tech, and the different laws that we're focused on in healthcare. And you know, we really have started focusing a lot on two-factor authentication with accessing information, so we're really utilizing some of those VASCO tokens, RSA tokens, with algorithm changes, et cetera. But at the end of the day, the thing is, the main focus is what information do you need? And the bottom line too is, it has to have that specific culture of understanding that cyber security and data is very important. And the thing is, on a physician's standpoint, they want access to everything, literally everything, and that's understandable, because these individuals are saving lives, but the thing is though, there has to be governance in place, and they have to have that understanding that this can be an issue moving forward. These are the potential problems of a breach that could basically happen, this is the information that you need. If there's more information that is needed, it will go through the security compliance governance committee. >> It's a hard job. They want the nirvana, they want the holy grail, they want everything right there. Thanks for coming on, appreciate making aware of the data, privacy issues. Sheila, thanks so much for coming on. >> Thank you. >> Michael, I'll give you guys the final word on how management teams and executives should align around this important objective? Because there's some inconvenience, it happening in the short term, but automation is coming, machine learning, all this great stuff is being promised. Looks good off the tee as they say in golf. But, the reality is that there's a lot of lip service out there. So the taglines, oh, we're strong on privacy. So, walking the talk is about having a position, not just the tagline or the talking points, having a positioning around it first, and getting an executive alignment. So final point: what's your advice to folks out there who either are thinking this through hard? Is it a matter of reducing choices, evaluation? What is your thoughts on how to attack and think about, and start moving the ball down the field, on privacy? >> Well that's a great question. I think certainly at NetApp, and as you mentioned earlier, our executive team, and certainly George Kurian, our CEO, absolutely has a philosophical belief in that fundamental right to privacy, and respects the fact that privacy is key to what we do. It has become a competitive advantage, almost in an accidental way, because we take it so seriously. It's a matter of balance. Absolutely, we need to take advantage of new technology. We're a technology company, we're building technology, but we also have to respect the fact that we operate around the world, and there are laws that we have to comply with, and those laws dictate what data we can and cannot have, and what we can do with that data. So it's that balance between data's our greatest asset, we need to protect it, it can also be our greatest detriment if we're not treating it in a respectful manner, and if we're not building technology that enables our customers to protect that fundamental right to privacy. >> Michael, from a management team perspective, obviously, have functioning with an alignment, implies a well-oiled machine. Now always the case these days. But how do you get there? What's your advice? >> You know, my advice is speak the language. CEOs, CFOs, administration, they basically don't want to hear this tech lingo at times, okay? Have them understand the basic fundamentals of what cyber security is, what it can do to the operations of an organization, what a breach can do financially to an organization. Really have those kind of put in place. Bring that story to the Board of Directors, have them kind of focusing on the fundamentals on this is why we're protecting our information, and this is why it is so critical to keep this information safe. Because the thing is, if you don't know how to tell the story, and if you don't know how to sell it, and really sell it to the point, you will not be successful-- >> That's a great point, Michael. And you know, we hear all the time too, the trend now is, IT has always been kind of a cost center. Security and data governance around privacy should be looked at not so much as a profit center, but as a, you could go out of business. So you don't treat it as maximizing your efficiency on costs, the effectiveness of privacy is a stay-in-business table stake. And that has an impact on revenue, so it's quasi-top line. >> Well absolutely. If you think about the sanctions under the new GDPR alone, you could have one data privacy violation that could, the sanction could be equal to four-percent of your annual global turnover. So it is something-- >> It's a revenue driver. >> It's a revenue driver. It's something you need-- >> It's a revenue saver. >> Yeah. Well for some companies-- >> It's a revenue saver. >> It's become a revenue driver. Yeah, absolutely. >> Most people think P&L, oh, the cost structure, profit center. If net profit, and then sales, this is a new dynamic where risk management actually is a profit objective. >> Absolutely. >> Absolutely. >> Guys, great topic. We should continue this back in California. >> I'd love to. >> Michael, thanks for coming on and sharing the CIO perspective. >> Thank you very much. >> Great content. It's The Cube, breaking it down here, getting all the data and keeping it public. That's our job is to make all our data public and sharing it on SiliconANGLE.com and TheCube.net. More live coverage here in Las Vegas, with NetApp Insight 2017, after this short break. (electronic theme music) >> Narrator: Calling all barrier-breakers: status quo-smashers.

live from austin texas it's the cube covering deli MC world 2016 brought to you by delhi MC now here are your hosts dave vellante and stu minimus welcome back to dell emc world at austin texas 2016 this is the cube the worldwide leader in live tech coverage dale skiffington is here sees the chief privacy officer at dell she's joined by nick koo koo koo roo was a vice president of big data practice at mastercard folks welcome to the cube thanks for coming on thank you having us very important topic a privacy security I like to talk to them as two sides of the same coin but Dale why don't you start it off tell us what you guys are talking about here at Delhi MC world thanks well oftentimes you're right privacy and security are two really different topics to talk about and Nick will cover a lot this afternoon about the importance of securing data in order to have a successful big data program but privacy is also a concern to our shareholders and stakeholders and that is privacy deals with what information do you collect what information how do you use that information and who to whom do you should with whom do you share it and that's a little different than securing the data and our regulators and our customers are getting increasingly concerned about those issues and so it requires some governance some thought to be put into those programs and that's what we're going to talk about today and it's interesting Nick because in 2006 when the Federal Rules of Civil Procedure enabled or required organizations to retain and produce electronic material it instantly became the notion that data was a liability and everybody wanted to understand okay when can i delete it when can I get rid of it and then when this big data mean occurred all of a sudden data becomes an asset in a big way even though it's always been an asset we know that but in a bigger way it was almost like a bit flip and it sort of changed the attitude is that a reasonable description and how did that affect how you approached privacy well part of it is is you're absolutely right he became an asset everyone started wanted to monetize the data that they were carrying because there were great nuggets that set inside that data so we started talking about security you know the original he's talked about personally identifiable information right and that's what everyone's at name address phone numbers you know you many email addresses but then it started to turn into as we started to bring other sources of data such as Facebook Twitter all that data that sits out there in social media together we started to realize other pieces of information needed to be secure as well so now you've broaden the way that you want to take look at security because all this unstructured data starts to come in where you can identify people through a picture a photograph through a twitter feed what you want to be able to say is how do I protect them as much as I protect someone's credit card or someone's personally identifiable name address and phone number tell what talk about your role at Adele it's interesting to have a chief privacy officer on a tail and now of course Delhi MC he opens up a whole new can of worms if I could say that yes so together with our chief information security officer who looks at the policies that procedures around securing data my team is responsible for the policies procedures and controls relating to the use of the data so you know in terms of the reason why our session today is called the ethical use of data is because the laws are lagging a little bit in terms of requiring certain things to be put in place about the use they're starting to develop but what each regulator has said in the US and Europe and elsewhere is they've given companies and technology companies a chance to put in good governance in place and they've asked the companies to put in internal review boards and an accountable responsible individuals in those organizations to make good decisions about the use of data and that's what a chief privacy officer helps the organization do develop the governance structure and help with the accountability of the use of decisions around using data so they obviously the big discussion going on like this inside of MasterCard and Nicki we're talking about everybody wants to monetize the data or figure out how data can help them monetize so how do you deal with that you know analytics and you know you guys talk about the creepy factor I always worried the Amazon knows more about me than I do you know what I'm out of something and I'm reordering and my patterns and and that's kind of creepy so how do you deal with that you know part of what we do and my side of the house is we anonymize the data in many cases for that type of analysis so we try to take that personally identifiable information out of the analysis so again I can we call it an autumn is a shin where we actually on the front end say I don't care who you are what I care about is your are your patterns and can I figure out what those patterns are to create affinities so by taking them out front end and anonymizing the data doing the analysis on it and then potentially at the back end our customers re identifying those people that we have anonymized on the front end that makes it a little bit better because it's no longer a creepy factor per se because when you work with someone like Dale and what the usage of that data is in many cases when you do that analysis it's doing it for the good of that person so that person either a gets a healthier lifestyle be gets to see the products and services that they want to see or want to be able to you know purchase or whatever so again for us it's been able to understand how we protect the individual as you look through the entire analysis string and that's what we do on the advisor size with our customers so that's cool but the chief marketing officer he or she lets you identify that individual you know the the customer of one you know that one-to-one personal interaction how do you square that circle well that's actually we work with the marketing team they always say that well we have a population of 5 million in our database and I want to look at all five minutes like yes you can look at all 5 million but anonymize them because most cases you're going to send us your data scientists and there's 20 or 30 data scientists that could be working on these five million to create your campaigns they don't need to know names phone numbers or addresses so secure the data so that you're not carrying identifiable information through the ecosystem only at the very end when you say out of that population of 5 million mr. marketer here's the half a million that have a high propensity to do what you're asking do is when you re identifier so at that particular point you haven't put 5 million people at risk you've actually put half a million people what you want them to do which is the propensity to purchase or the propensity to taking action so again at the end is when you re identify and say these are the number of these are the people we should be sending a mail or two or an email to or so an offer and that narrows the threat correct matrix if I use that term and and reduces the risk very much stuff to the consumer and obviously to the organization yeah and that's why when we work with people like our privacy officers it's what are you trying to do in the analysis so that we can understand that data usage because that becomes important with what the data is that's carried through the analysis phase you may not have to carry gender you may not have to carry ethnic background you may not have to carry and these other markers that could put someone as Anna you can identify someone with so if we can keep those out it's how you're using the data and the analysis at the end and to follow up on that you know so that's the what the privacy office does it works with the business when they are envisioning a particular use of data and application a product that's going to do some of these analytics we work with them to design that product to avoid some of these risks sometimes you can sometimes the answer is we absolutely need that personal information because that's the purpose of that particular project and in those cases then we look at did you have permission from the data subject to do what you want to do with the data and if not does the society good outweigh the risks and can you mitigate those risks in certain ways so that's the balancing act that we do and that's when we decide when it's past that creepy line or when it hasn't because my role within the company is to advocate for the data subject to make sure that their expectations are being met by Del I wonder if we can unpack another use case which is fraud detection which is advanced so rapidly in the last 10 years it used to be six months and you find maybe something happened you had a look at your own statements and now you're getting texts and very proactive but certainly a lot of information has to be accessible but it's very narrow in terms of the individual can you talk about that using yeah the one thing that we find from our customers are the people we work with when you talk about fraud people don't mind that you're watching because you're reducing their liability you're reducing someone from stealing that credit card from them or being able to run up charges so when you talk about protecting someone protecting someone's digitalpersona their wallet they're willing to give and take a little bit on what information they provide to you they don't mind that you know that Pam in austin texas today and then someone's trying to charge in you know guitar at the same day they understand that it's not a privacy issue but i want to ask you about the pendulum is kind of swung like I said it used to be it would take forever to find out if there was some kind of fraud and then it became like this flawed of false positives and and and it seems to be getting better and presumably it's because a big data analytics but I wonder if you could talk absolutely our fraud teams matter of fact at mastercard we work very hard to reduce the false positives because that creates a bad experience for both the user as well as the issue of that card right so what we try to do all the times you can continue to do learning machine learning the artificial intelligence how to reduce that as you also look at people's patterns is this person a professional traveler or always traveling so that goes into the algorithm which are take a look at a false positive around fraud do they buy these types of goods with their credit cards so going you start to look at the protection and you start to add those rules into it and you start to actually reduce it it's all about learning it's not just one and done those algorithms have to be constantly updated in real time in some cases so that you're constantly in a learning phase you're building models and iterating those models and that's always a challenge but I'd love to talk about that if we have time but but I wanted to ask you Dale talk about deep learning Michael was talking a lot about machine learning and deep learning and part of his visionary discussion this morning what's the role of transparency how do you guide your constituents in terms of transparency what are the guidelines how transparent when to be trans Aaron yeah that's a great question and you know transparency was where the privacy profession lived 10 years ago it was all about giving the consumers notice about why you're collecting the data and using it consistent with that notice and being very visible with privacy statements and you know there's lots of laws around that now where you have to give specific notices the problem with big data is the power of it is using the data in ways that you didn't envision when you collected the data and that is the dilemma for privacy and big data and that's where the privacy community is trying to develop some tools for organizations to do a balancing act of okay the consumer didn't know that when they gave you that data it was going to be used for this purpose but they're not it's good its tangential to that use so that would be an acceptable use but if it's going to so surprised the consumer that you're using the data for you really need to go back and get reap Reaper missioned and in some countries it's an opt-in permission I'm going to mix Pam law spam and do not call laws seem trivial doesn't it you were mentioning off camera that I think it's your CISO is participates in public policy through the Obama administration is that as that was it you say so it's part of our DNA is security and securing the data our CEOs made a tremendous commitment to make sure that we can apply our best practices into and help the community understand how to make sure the data is secure because that's a digital persona we consider ourselves to be stewards of data not owners of data someone has entrusted us with that we want to make sure that we're constantly contributing back how to make sure it's secure and used right as we take a look at that how about regional nuances local laws haha describe sort of what you're seeing there how you address those complexities yeah so a good example is the new European regulation that's going into effect may of 2018 that has a new specific requirement about profiling automated decision that's used for marketing purposes you have to have an opt-in for using that data companies are going to struggle with how to implement that but nonetheless it's a new law and that law has four percent of annual revenue as a potential penalty Wow so it may get this straight you have to opt-in to be automated profiled automated profiling where it's going to be used for certain types of purposes decisions and you know what they're really trying to avoid is the things that the Obama administration came out with a big data report as well discrimination decisions that are made about insurance and credit etc that are automated decisions and then marketing decisions on those you know with that data the law now requires very specific opt-in and and transparency boy that's going to be tricky yeah the other thing for us is which was just described as working with people is the ability to tag that data as it's being brought in so as you think a big day that ingestion that tagging of that data and carrying the metadata what types of data needs to be tagged what types of data you have to be watching out for was it an opt-in versus an opt-out all that adds into understanding the power of what big data can do to protect both the individual and the company from being able to do something wrong with information so the nice part is with big data you can do that so again we're working with our customers and with the privacy officers understand how you do your data classifications what data needs to be tagged and then to be able to follow that full lineage through the entire ecosystem and obviously that has to be done at the point of creation correct otherwise it's it's not going to scale and and technology helps you solve that problem and that's been a challenge for years but it's a day where that actually works now yeah there's a lot of great partners and we're here at you know Dell world WMC world and they're here as well to help on that ingestion of data as it's coming in to start to tag it and to start to index and catalog it if that's the power of what big data can help you with because before you had to do it individually now you can actually use the tools you can use AI to actually understand about that information coming in to do that tagging to create that lineage it's very very important and very powerful especially as we start looking at what's coming down the road till you get involved in in helping guide solutions is that sir we have a process that is called the privacy impact assessment process and it's in the life cycle development of our products and services so much like the security reviews that are done when we when we commercialize a product we now are interjecting ourselves with a privacy review so if that project or product development or application is intending to use big data analytics as part of it we will we will help guide the business whether they need to build in opt-in consents what it is that what do they want to do with the product and what kinds of things are from a compliance perspective there do they need to build in so that we are at the table with our business partners all right we got a rep and Nick I'll give you the last word to mean so festive as the big data analytics I'll call you a visionary you know what's the future hold where's your focus in the next you know near the midterm you know under stay right with the ethics world and and probably always tell people what we're asking now is just because you have the data doesn't mean you have to use the data just because you have that information you've got to become a parent and start to be able to put some parameters around how that data is use so people in the privacy world you need to bring them to the table so again just because you have it doesn't mean you should be using it and now it's better to be a parent then just let people run crazy right Nick Goodell thanks very much for coming too i love this conversation is fascinating thank you for working do all right keep right to everybody will be back this is dell emc world from Austin Texas this is the cube right back