>> Male: Live from Las Vegas. It's theCUBE covering Veritas Vision 2017. Brought to you by Veritas. (upbeat music) >> Welcome to Las Vegas, everybody. This is the Cube and we are here covering Veritas Vision 2017. It's the hashtag Vtas, V-T-A-S Vision, and this is Day one of two days of coverage here. I'm with Stu Miniman. My name is Dave Vellante. Jane Allen and Jay Cline are here from PwC. Jane is a partner and principal and Jay is a partner. Folks, welcome to the Cube, good to see you. >> Thank you. >> Thank you. >> Thanks for having us. >> So PwC leading global consultancy, I would say one of the top three, four, easily. Top 2. Maybe even top 1. >> Jane: Yes. >> I mean, you guys are gold standard for global. You solve problems that most people can't even begin to touch, except for a handful of companies. Jane, let's start with you. What's hot these days in your world? >> So I lead a practice, an information governance practice here at PwC, founded in a lot of folks with technology, legal support, regulatory backgrounds. And it pertains to all companies these days, right? How do you manage your data, to manage all the risks and reap the benefits of it. Certainly a hot topic and certainly with your privacy regulations on board, cyber risk, and just again all the benefits of data that companies are trying to take advantage of. It's been a growing consultancy practice and something that's very relevant to companies of all industries. >> Jay, we've heard a lot today about GDPR. I know it's something that you've been knee-deep in. What do people need to know about GDPR? >> I think GDPR boils down to one proposition, being able to prove that you have control over people's data. I think that summarizes the 72 different requirements of GDPR. >> Yeah, so GDPR, for those of you who don't know, General Data Protection Regulation, came out of the EU. One person on theCUBE called it a socialist agenda. (Jane laughs) But it's serious business, and if you can't ... I mean, actually, Jay, summarize, you know, what people should know about the exposure. I mean, essentially you have to be able to identify personal information and be able to delete that personal information on request, right, for any European Union citizen? >> Resident or citizen. >> Right, okay. >> That's right. >> So if somebody walks into Joe's pizza shop and says I want to sign up a bingo card to get, you know, mailings and your emailings, technically speaking, that person, if they wanted to do business in the EU, is responsible, is that right? >> You've got to know 360 degree view of all the personal data that you have of your employees, your consumers, your customers. You've got to be able to produce evidence on demand that you have this level of control. And whenever somebody comes in and asks for access to their data, to correct it, to export it, to their email, or to erase it, you've got to know whether you can deny that request or do you have to fulfill it, and you usually only have 30 days to fulfill it. >> So is this one of the hotter topics going on in your world these days? And what percent of your clients are actually prepared? >> I'll let Jay comment on how many are prepared, but you know, I think most companies, frankly, are trying to figure out how to be compliant and what is it they actually need to do. But it is a hot topic. I think even before GDPR, the landscape was already complex, right? People are trying to respond to litigation investigations, retention requirements from regulations, cyber risk, how do we manage it? And it's all about, what data do we have, where is it, and what are we doing with it, and how are we controlling it? And those questions are already there. GDPR highlights it. And with a May 2018 deadline, I mean, it's really putting the spotlight on this topic. >> Oh, yeah, that's one little, the fact that we forgot to mention, the clock is ticking. We're down under a year. So how about customer readiness? >> I think when we cross the one-year milestone in May, a lot of boards got exercised. The phone started ringing off the hooks, because they realized, we only have one more budget cycle to get this done. And so now I think, they're realizing that because GDPR hits the tech stack, and the IT budgets had already been planned for, the release cycles had already been put in place, they're now starting to ask, well, we can't get everything done by next May. What are the most important high-risk things that we do need to get done? And there's going to be more spillover work after May, I think. >> I think this highlights something that was already present in terms of the need for cross-functional senior leadership to pay attention to this, right? This isn't just a legal or privacy topic. It isn't just an IT topic. This really hits across organization and these folks need to work together. >> Jane, could you help us kind of uplevel a little bit. If I look at information governance, you mentioned it's super complex. You know, every company I talked to, they're deploying more and more sass. In the keynote this morning, Veritas said most of their customers have at least three clouds. We find, you know, absolutely it's, the strategy, especially if I start, oh, well, just different groups start using things, then how do I govern it? Do I even worry about security and backup and everything like that? How does this fit in the overall picture for most customers? >> Well, I guess that's what's interesting, right? There's no one right way of doing this right. And so it depends on your business, your industry, your customer base, your geographic location and outreach, and the data landscape. And you have to make smart decisions of what works within your corporate business culture even, of what is it that we need to keep and how we need to keep it and enable, you know, our engineers, our users, our customers, to leverage data, but also manage our risks. And there's just not one way to look at it. But again it goes down to really knowing what control you have, what you have, and where is it, right? But that's what's interesting, is for every company to figure out how is the best way for them to tackle it. >> So who's driving the information governance bus these days? I mean, with Sarbanes-Oxley it was the CFO. With the federal rules of civil procedure, it was kind of the general council. Who's really sort of in charge today? >> Well, I mean, depending on who owns it in an organization, looks a little different, usually legal and/or privacy, and oftentimes they are within the same group. >> Dave: So a chief privacy officer? >> Yeah. >> General counsel obviously involved, IT? >> Sometimes the compliance office again, depending how that's structured, but generally in that legal compliance privacy realm. >> Right. Okay, and when I think about some of those previous, you know, generations, Sox in particular, but also I guess FRO, CP. There was an effort within the company, because the ROI was just like, oh, we got to do this. It was like, okay, what does it cost to not comply, you know. >> Jane: Yeah. >> They would try to thread that needle. But there was always a faction that said, hey, we can... And consultancies were part of this. We can actually get value out of this. It's an opportunity to clean up your data, maybe to get rid of stuff, maybe you can reclaim some wasted space or, you know, et cetera, et cetera. Is that the way it is today with GDPR? And maybe we could unpack that a little bit. >> Yeah. One of the first steps that you have to take for GDPR, is to discover where all of your European personal data is, so data discovery effort. And in doing that, we've had a number of clients that for the first time, they've really put together a view of how they make money using data. And they're finding data, their chief marketing officer is finding data they didn't know they had. And so now they're able to monetize that data if they can use it responsibly within the privacy regulations of GDPR. So marketing is oftentimes funding, helping IT and Legal fund their GDPR efforts. >> And I think one of the other benefits is, if you have to go through this exercise to be compliant, but then you get additional insights in your data and you know where to invest more for those additional business opportunities, then at least hopefully you're reaping, again, more ROI off the effort. >> Well, I know the clock's ticking and there's a sort of virtual gun to organization's heads, but getting into that whole value notion, monetization, most organizations that we talked to, they don't really have an understanding of how data fuels monetization. Not necessarily monetizing the data, but how it contributes to monetization. What do you see in the customer base? >> This is the biggest area I think where GDPR is going to morph after May of 2018. I think the companies that can protect their exposure to this regulation, by going through the same processes to find out where their data is, they are positioned to monetize that data, to take advantage of new market opportunities, in Europe in particular. >> Okay. By the way, we should mention that this actually, the law is in effect, it's just the penalties aren't being-- >> Jay: Right. >> invoked at this point in time, right? >> Jay: That's right. >> So the recital is one-year grace period? And a lot of people are thinking, well, maybe we'll get another year of grace period. It's going to be really interesting to see how that goes down. And presumably the EU's going to go after the big pockets, right? I mean, those are the guys who have to be most concerned about this. But what about that midsize company? For your midsize clients, what are you advising them, that may not have the budgets of the big guys? >> We've been advising our clients that there are actually three ways that you can get hit by GDPR. The one that everybody's talking about is the famous 4% fine on your global revenues. That's what the regulators would impose on you if they discovered that you had an egregious violation of privacy. But there's another way that people aren't talking about that's going to be live on May 25th of 2018. And that's a new litigation risk for B2C. Anybody in the B2C space, even if you're midsize, if you violate the rights of a class of people, they can sue you on May 25th. And you can bet there are going to be law firms that are going to take advantage of this new situation. >> Dave: So they can sue you as individuals? >> As a class of individuals. There's also for people in the B2B space, we're seeing right away the contracting risk. And RFPs, they're saying as a condition to bid for this work, you've got to be able to sign that you are GDPR compliant. So you'll be locked out of the European market if you're B2B and you're not ready on May 2018. >> So we were talking off-camera. I was sort of struggling with trying to understand the direct fit with technology, Jay, and I thought you had a good answer. So what's technology's role in all of this? I mean, technology, can it help us get out of this problem? >> There's two parts where technology's very important. First is just discovering where your data is. That takes a lot of technology tools based on your tech stack, to be able to have an ongoing real-time data map. But the other one, the harder part, is responding to these individual rights requests, to ask for where their data is, to correct it, to delete it, to have that 360 view of individuals throughout your information environment. I think that takes IT to a new level. It hits all parts of the tech stack. >> All right. Because an individual can essentially say, I need to know what you know about me, right, that's part of it? >> Well, exactly. And a lot these companies that collect customer data and structured systems, they weren't really built for this type of exercise, to go through and search for something and actually dispose of it. And so companies are having to think very tactically. Okay, can I do this across all my different systems? And then certainly an unstructured data stores, again, what's there and how do we figure that out? >> So in the keynote this morning, we heard about GDPR. It looked like there was... I called it the doomsday clock, what was up on the wall. Can you bring back, how is Veritas doing? How are they helping customers with information governance and GDPR? >> Well, I think one of the really exciting things they demoed and talked about there is some of the data scanning or data profiling information, whether it be the classification or reporting out in terms of what is in this unstructured stores. Again, in order for companies to figure out what it is that they need to do process and technology wise is, what do we have out there again? And they're giving and enabling customers with some of their tools to be able to get some insights there, which I think is really transformative. I think people have been talking about these things from either a legal discovery standpoint, certainly a cyber risk. And I think this is just really adding on. So again, these tools help enable all of them, but certainly for GDPR. >> You have to get this first step right, the data discovery and classification, because if you scope GDPR too big, your compliance costs are through the roof. But if you scope it too small, your exposure's too big. So having a good discovery and classification approach, is critical to the success of your GDPR program. >> Has the industry solved the classification problem? I mean, for years, you really struggled to classify data. You could classify, you know, maybe data in an email archive, but data became so distributed by its very nature. Has that problem been solved? >> I would say no, but I've certainly seen a huge uptick in companies that actually finally just biting the bullet and getting themselves organized. But again, at least doing it because, hey, we need to figure it out for GDPR and privacy, we need to figure it out for cyber security controls, we need to figure it out for e-discovery, and just regular records management and how long we need to keep things. And so I think they recognize, wait, this satisfies a lot of different needs. But I don't know that there's an easy solution to it either. >> And the best practice organizations have automated that presumably, 'cause otherwise it's not going to scale, right? >> In the long-term that's what they're seeking, right, but you need to get the structure right, so you need to have file plans and organization of the information that makes sense to your employees and the way you do work, and then hopefully tie that back, knowing the data life cycle, to be able to classify things based on role, based on access, based on data type. So there's a lot of upfront work, but ultimately that's the-- >> So that's a taxonomical exercise, is that right? >> It is. That's a fancy word. >> Okay. But that's a heavy lift. And then it changes. >> It is, it is. But I think. Again, there's multiple benefits to that. >> Sure. >> And then going forward, you've got things in order for all those reasons. You can leverage the power of the technology, and then your functional groups and what work they do. People know what work they do, how long it generally it needs to be kept. And if you kind of can marry those two things from the business, the technology side, you can get set up and lauch. >> And then you can automate the policies around data retention. >> Exactly. >> What's your relationship specifically with Veritas? >> Well, you know, they're a client of ours, but we're also a client of theirs. >> Dave: Okay. >> I guess we're friends on a number of different angels and whatnot. But our practice tends to... Or we are technology agnostic in general, but we definitely want to stay on top of the different leaders in the industry. So that when we go to our clients, we can recommend, hey, these these are the top two or three that we believe could help you based on your situation, based on your data landscape, and be able to advise in that regard. So Veritas, between the backup tools, their e-discovery, and certainly some of the things they're doing on, you know, information governance and GDPR, is certainly one of the key providers that our clients should consider. >> So, I have sort of set up this discussion with a little background on PwC, clearly one of the leading consultancies out there. I would point to global, footprint, your deep industry expertise, you understand technology, you've been around, you know, you've got deep relationships. So other than those, what's the big difference, you know? Why PwC? And you can repeat some of those if you want. Probably be more articulate than I was. >> I think one thing that's different is what we call the end-to-end approach, where there might be other companies that have some of the qualities that you've talked about. But with GDPRs, it hits across five to ten different budgets in an enterprise. And we'll take a company through a transformational journey across all of them. We have auditors, and we have lawyers, and technologists, forensic scientists. GDPR really hits across all the functions of the enterprise. Because of our scale, we can hit all of these. Whereas other providers will take different slices of that. >> I would also add, PwC looks at our clients as forever clients. We're not looking for a one transaction and see you later. I mean, we look at them in terms of we want to be a firm that supports and partners them, whether it be on the consulting side, audit, tax, whatnot. And so we look at that that way in terms of trying to support them. And maybe that's just one point solution, maybe it's broader. But we'll bring the right experts to the table that fits for that client. And so we always want to think about it that way. While we might have ways and approaches that we leverage, hey, if they've got a specific need or a specific specialty, we'll bring the right expert to the firm. >> So that leads me to like my last question, which is, so it sounds like GDPR, and in chain of the context of that answer, is not just a tactical sort of pain relief project. Is it part of more strategic digital transformations? Are you able to make that connection? Or are people just in too much of a rush to fix the pain? >> No. Jay and I were talking about this earlier today. I mean, I'll use the example of some of the cloud transformation that companies are going through, right, if they haven't already, and thinking about their data and how they operate differently. And wait a minute, we don't need to forklift all of our data over. Let's think about it. And oh, by the way, let's make sure we're compliant with GDPR, right? So there's a number of different ways that you can kind of pull in different pieces that are helpful to clients. I think there were a number of different aspects to that, that we were talking about. So it's certainly something front and center, but it's not a one time, let's check the box and move on exercise either. >> Awesome. All right. We got to go. Thanks very much for coming the Cube. >> Thank you. >> Thanks. >> It's good to meet you guys. All right, keep it right there, everybody. We'll be back with our next guests. This is theCUBE. We're live from Veritas Vision 2017 in Las Vegas. We'll be right back. (techno music)

live from Las Vegas it's the cube covering Dell technologies world 2019 to you by Dell technologies and its ecosystem partners welcome back to the cube Lisa Martin with Dave Volante hey Dave you too day two of the cubes coverage of Dell technology world 2019 from Las Vegas and as John Ferrier said yesterday with you guys did your open this is a a cube cannon of content we've got two sets three days of coverage excited to welcome to light back to the program but a couple of new guys from Deloitte joining us we have Bob black Dell technologies Global Alliance lead and principal from Deloitte Bob it's great to have you on the program thank you're having us both of you and Louise spend vanina's VP of cloud business development at Deloitte thanks so much for joining us welcome so guys yesterday's keynote was fantastic it really started with this electric and I think that started with the fact that Michael Dell came out to Queen music which I loved but also today Jeff Clarke shot out of a cannon as well one of the things that he talked about was the Dell technologies five key imperatives for IT modernization one of them being hybrid cloud strategy for multi cloud journey we've been talking about multi cloud for a long time it's a big theme here we're gonna get into that with you guys and specifically get the rise of hybrid cloud but before we get into that Bob let's start with you kind of set the stage about your tenure at Deloitte you are an industry veteran so tell us a little bit about your expertise and kind of some of your thoughts on some of the things you've heard the last two days sure well thanks for that for having us so again my name is Bob black I'm the global lead alliance partner for the deltek for Deloitte I've been with the firm for about a little less than three years now I actually came to the firm because I really my former employee really neglected to focus a lot on infrastructure and hybrid cloud right so when I saw this as an opportunity to come to going and and really fashion what that what that should look like at the marketplace and so I think as serving in this role you know we've been able to really drive a lot of what that hybrid cloud messaging throughout the white for a lot of our customers and Louise tell us a little bit about your background well thank you I've been with the firm now for about two years actually came in via an acquisition of a company called day one solutions where we helped kind of provide a shot in the arm in our overall cloud go to market but my experience is I've worked at cloud providers like AWS I've worked with the technology OEMs as well so I've seen this seen the space change for quite some time so this is the second Dell technologies world lots of news yesterday this whole journey a lot of collaboration yesterday as well between really kind of VMware as a linchpin of driving a lot of what Dell technologies is doing we saw a Microsoft on stage everything is about collaborating listening to the customer and enabling customers to be successful in this challenging but very true multi cloud world talk about some of the announcements Bob we'll start with you some of the things that you're hearing and what that without Deloitte can help Dell technologies customers with a successful hybrid cloud strategy what are some other trends you're seeing and hearing well yeah so thank you so I mean it was something else was yesterday we're very fascinating and you know one of the things that we have been seeing in the marketplace is a lot of our clients are restarting to repatriate their applications back from public cloud fact on-premises and that's not to you know say anything bad about the public cloud but what we're seeing is a lot of our clients have thousands or if not tens of thousands of applications in a legacy portfolio that simply are not conducive for public cloud and when there was a shift out to public cloud I think that you know a lot of our clients adopted this lift and shift or Rijo sling type of methodology and most of our clients really didn't find the value in there that they thought they were going to get right they weren't able to modernize the application they weren't saving any money they had dual IT fractured operations and so for because of our reason we're starting to see a lot of that repatriation back on premises and Ilana and I think a lot of our clients see that it's somewhat of a failure but I think what we see this is an opportunity right you know public cloud is a great tool in the toolbox and when it's incorporated with as you heard here up on the stage yesterday you know the data center other other areas on premises and the edge right you can really put together a cohesive hybrid cloud strategy and that's what's really going to drive value of our clients so we've you know we've worked successfully with a number of clients on things like BMC and AWS and yesterday's announcement on VMware and Microsoft and now of course Dell cloud I think is only going to accelerate the adoption of those technologies and solutions to help our clients adopt a hybrid multi cloud strategy I'll add to that I think it's it's kind of an evolution relieve our industries if you go back to the ten years of history of the cube look at how much has changed and and software-defined OEM abstract eight the OS or application away from the hardware component that's been happening for some time and you're now starting to see you know the other side of that from the public cloud moving to on-premises as well so you know really the hybrid definition if it's seamless data and applications across environments will just continue to move to that model and there's some ironies that I want to come back to but I want to ask you Bob but you said some of your clients feel like it was a failure do you feel like it was an edict from up on high go to the cloud and they really didn't have a clear strategy to affect the operating model and that's why they ended up where they are or were there other factors I think so we kind of dubbing at some one times as a management by in-flight magazine if you will right you know this you know I remember talking about client she told me that she had to move everything all her storage out to cloud and when we asked her why this is well that's what everybody else is doing I assume I have to do the same thing right so I looked you know we're not here to disparage anything in the public cloud it is a great you know tool for a lot of our clients it's just making sure that we have that integration that seamless integration of applications and data between you know both on-premises and cloud and that really starts with a really well thought out strategy it actually starts out even before that with trying to understand your applications many of our client made the application and this is hard for me saying this as an infrastructure guy right but the application should drive the placement right and I think a lot of our clients struggle with what makes up their application portfolio right what are the attributes that that make up the application that will help determine the placement of of those applications themselves well that's why I mean I'm interested in how Deloitte looks at infrastructure because Bob you were saying your previous firm really wasn't all in on infrastructure kind of infrastructure I met but when you think about a firm like Deloitte global capabilities deep industry expertise application you know keep those infrastructures more horizontal how do you guys look at the the opportunity why does it form structure so important to you well it's really to support next generation applications right again going back to if you think of hybrid as an approach of seamless integration across environments and you start developing these new applications towards you know different operating models or service oriented models the underlying infrastructure is not really built for that so you're gonna need to go through IT modernization refresh is within a new type of technologies and maybe what you were doing before so these applications I think move away from kind of legacy environments to more modernize type environments cloud or on-premises ultimately you're gonna have to address that IT on-premise need so what is that path for a customer who like you were saying Bob who thought well we've really failed at this they they went to public cloud because everybody else was suddenly I mean we all know time is a major issue that with any every business transforming because first survival and for competitive advantage how do you help a customer take that what they perceive as a failure and a lot of times that can be a positive effort right gotta opportunity to learn align exactly give us an example it may be a favorite customer by name or industry where you said alright we let's step back we have to have a strategy you're evaluating all these applications letting them as you said both drive where they should be run how they should be deployed how they should be secured how do you kind of help that repatriation it from a speed perspective so they can get to market faster and turn that failure of a failure into a success yeah I'll give you one example I mean we working with we're working with a retail client not too long go and you know they had they bought the you know they drank the kool-aid in decided they went through everything on some public clown right but again what they found was unless you're willing to refactor an application right to take advantage of cloud-based services and more agile nature of application development what they found was and it wasn't really providing the value that they were hoping for right and so again when you're left with that lift and shift with a tree hosting strategy it just didn't really provide anything so what we wanted to do is work with them to kind of put together a business case a more well defined strategy to say hey look let's let's let's accept the fact that these applications are not conducive to the cloud and right and how do we drive value across the entire application portfolio across both on-premises and in the public cloud right and then I think the other thing that we need to talk about too is I think a lot of times and it's been brought up here several times is I think a lot of lot of clients out there they talk about public cloud and the data center but that's it right there we're going to start to see distributed computing in the edge right we're going I think a lot of clients forget that people need to get to the cloud there's going to be this edge competing right so the journey starts there but it certainly doesn't end there either yeah it kind of comes to mind another insurance client that we had a large insurance company and they're a major cloud adopter but overall it represents still a small portion of their overall IT but they need that speed to market so leveraging technologies like pivotal to be able to quickly obtain that and then but as far as their overall application strategy every net new generation app they're gonna try to they're a cloud first mandate as well and we're seeing that a lot more prevalent from I will explore this a little bit because I saw stat I had some IDC survey so the 80% of companies say that half their workloads are gonna come back on Prem by I don't know when but anyway that repatriation conversation so okay so the insurance company their claims app going into the cloud but if if I'm a CIO and you're gonna bring back workloads I want that experience to be very cloud like I want the tool chains to be similar so obviously some of the announcements here today but that's non-trivial so I presume that's where you guys come in okay you guys you guys do well with complex so how do you help customers create that cloud variants that can substantially mimic the public cloud on-premise yeah and so very much we took first take a look at the operating model right if the in the way that they've adopted cloud mostly Cline's have been kind of a workload by workload and you start having these siloed environments of operations but what they want is the premise of you know how you operate cloud we know for the way that you do the rest of your legacy applications for IT so the evolution has been is they want to take a look at this holistically across all of their enterprise portfolio but not just from a technology enablement organization change you know can you bring in the right talent can you retain the right talent you know and is this the kind of environment where you can enable them to go create you know those things that might provide a bit of bigger ROI to market as well as automate and relentlessly where you can in how you approach services so I have a thesis I want to test with you guys so and I've been saying a few times this week at multi cloud it's all the hype but I think it's been a symptom of multi vendor shadow IT line of business initiatives and now we sort of have this you know airline magazine home s and and I think executives are realizing wow we have to get control of this provide the agility of the cloud the cost structure potentially but also the corporate edicts of security and compliance is that a valid premise is that how we got here has it been more deliberate than that and you know where do you see it going yeah I mean we've seen somebody even from this M&A right well you might be all-in with one cloud provider predominantly and you're continuing to move in that direction so you can gain some maturity before you introduce a multi cloud model but what happens we can just made an acquisition of something very strategic to your company oh crap they're on there with some other completely different kind of provider and then but you still have to roll that into how your overall IT governance so again these are just areas of the conversation where it's at a completely different level than you know which console are you going to use we'll try to manage all and that's and it's it depends whether or not you've sort of migrated into the the acquirers cloud or you leave it alone yeah but but how do you make how do you help customers make that distance I mean you're at the board level you're dealing with CIOs application heads line of business heads I mean your Deloitte you get some visibility I think we'll just kind of go back to what I was saying earlier right I think having a better view of the application portfolio is what's going to start that process right you know again going back to what I said earlier the we have clients who have thousands and thousands of applications and and they have they don't have the slightest clue on what's in that portfolio let alone the attributes that make up those those applications right so really starting there to understand you know what's important to them what are their requirements understanding that application portfolio a little bit more right and and marrying those with those requirements that's what's really going to drive a lot of these decision-making we have one of our methods of engagement is something we start off with in a kind of a shorter sprint model or our cloud value calculator and really trying to quantify what's that what's that investment really worth what are we what do we expect back you know are you moving it for TCO reasons or is there something that more profound that can happen back to the bottom line of the business and really try to put it in those type of terms then you know just a technology move yeah because I was thinking you know the cost of repatriation has got to be pretty significant so in terms of looking at and working with say the retail customer that you mentioned or the insurance example Luis that you mentioned when you're helping them identify the right strategy and really looking at the business imperatives for doing this quickly this repatriation what are some of the business outcomes that say this retailer is achieving that makes this repatriation cost expense very much worth it yeah I think it's I think it's peak right you know I mean we talked about cost a lot but I mean cost has become less of a factor in decision-making I mean our clients regardless the industry they're looking for speed to market right you know how do I deliver services how do I change faster than my you know my competitors right you know so it's it's it's it really right now it's all about speed how do I do things faster you know obviously cost is a factor of that right but you know beating your competitor out to the month I mean we always talk about you know regardless with the company is there everybody's a technology company all right and I actually believe that right you know so if the faster that you can do the faster you get your products and services to market that's what spread that's what's really does this customer this retail customer have it hey where we are 2x faster to market now that we've gone through this yeah as a matter of fact I don't know if we can't talk about some of those specifics but yeah they have definitely seen an uptick in the speed the market to be able to deliver new services to help drive business with the strategic foundation that they derive with you guys yes I'll add you know the other thing is regulations are changing worldwide right every day when Tina data sovereignty laws whatever it may be and if your cloud provider is not in that region or doesn't have the same level of services that you have say in the US what do you do so again other reasons for kind of having those does that reap retried it repatriated model so that you can kind of go wherever you need to go as far as your business expansion excellent guys I wish we had more time there's so much to talk about here but Louise Bob thanks so much for stopping by the Conservatives County with David mean we appreciate it have a great rest of your show Thank You Jay thank you Lisa our pleasure for Dave Volante I'm Lisa Martin live from Las Vegas if you thought your heard dogs barking by the way you weren't imagining that we are right next to Michael's angel paws one of my favorite parts of this entire event with about 15,000 people or so you're watching the cube live from day 2 of our coverage of gel technology world 2019 thanks for watching [Music]

>> Live from Barcelona, Spain. It's the cue covering Sisqo, Live Europe. Brought to you by Cisco and its ecosystem partners. >> Welcome back to Sisqo. Live in Barcelona, Day Volant with my co host to Mina and you're watching the Cube, the leader in live coverage of Day one of a three day segments that we're doing here at Cisco Live. Barcelona Bread Hartmann is here is the CTO of Cisco Security Group and we think a Cube alum from way back, way, back way back. Great to see you again. Thanks for coming on. So we're gonna talk about workload security? What's that? What is working? What >> is workload security? So it's really the whole idea of how people secure applications today because applications aren't built the way they used to be. You know, it's not the idea that you have an application that's just sitting running on a server anymore. Applications are actually built out of lots of lots of components. Those components may run in a typical data center. They may run in the cloud. It may be part of a sass solution. So you got all these different components that need to be plugged together. So questions How do you possibly secure that when you have all these pieces? Containers, virtualized, workloads, all working together? That's the big question >> written often times by different people. >> Different people's services. Yeah, Matt Open source. Right. So all that somehow has to come together and you have to figure out how to secure. That's the question. >> So what did you used to do with applications? Securities Just kind of figured out the end and bolted on. >> Pretty much. I mean, yeah, historically, people would do their best to secure their application. It would be kind of monolithic, you know, or, you know, three tier yet of, you know, the Web here after your database, that sort of thing. And then you'd also depend a lot on the infrastructure. Depend on firewalls. You depend on thing's on the edge to protect the application. The problem is, there's not so much of an edge anymore. When in that world I described you can't really relies so much on that infrastructure anymore. That's the shift of the world. We know. >> Also, what's the prescription today? How do you solve that problem? >> You know, there's a lot of ad hoc work, and so this whole notion. A lot of people talk about Deb set cops these days, or sometimes it's, you know, Deb Opsec girl. But you know, there's always different versions of that. But the whole idea of the de bop swirl the way people build applications today and the security world, its security ops world are coming, either coming together are colliding or crashing, right? And so it's it's getting those things to work. So right now, the way Deb ops and SEC cops works today is not particularly well, a lot of manual work. Ah, a lot of kind of ad hoc scripts, but I will say probably over the last year, there's a lot more awareness than we need to figure this out. To be able to merge these two things together. That's kind of the next day. >> Print one. Wanna bring us inside that a little bit because if you, you know, listen to the Dev ops people. It's you know, we've got a new C i. C. We need to move fast. And there was the myth out there. Oh, well do and my faster or am I secure? And, you know, I was reading some research recently. And they said, Actually, that's a false tradeoff. Actually, you can move fast and be more secure. But you raised a risk because you said if these are two separate things and they're not working in lob stacked and it's not secure every step of the way in that part of your methodology, then you're definitely >> going to security exactly right. And there's a basic question of how much of a responsibility that developers have to provide security anyway. I mean, historically, we don't really necessarily trust developers to care that much about security. Now, as to your point these days, without, you know the way people develop software today, they need to care more about it. But typically it was the security operations. Folks that was their responsibility of developers could do whatever they wanted, and the security folks kept them safe. Well, again, as you said, you can't do that anymore. So the developers have to pull security into their development processes. >> Yeah, when I go to some of the container shows or the surveillance shows, the people in the security space are like chanting up on state security is everyone's responsibility. It hasn't traditionally been the >> case it has not. And so it's really work. What companies are working on now is how to the security operations people fit into that development process and what are the tools? And again, it's a long, complicated set of infrastructure and other sorts of tools. But that's sort of the point that Cisco we're really working on on evolving the security products and technologies. So exactly it fits into that process. That's the goal. >> So I'm sure there's a maturity Mahler or a spectrum. When you talk to customers, maybe we could poke it that a little bit sort of described that. So you're really just really talking about a world where it's team sport. The regime is everybody's gotta gotta be involved. But but oftentimes that, working for different people, someone working for the C e O. Maybe some the CTO from the sea so different companies contract, there's >> providers all >> that right partners. So so what is that spectrum look like? And how are you helping customers, you know, take that journey. >> So not surprisingly, companies that are born in the cloud they're like, This is old news. It's like, This is how they, how they deal with it every day. They A lot of those companies have lower risk deployments. Anyway, the organizations that are really early days on this, or the ones that have lots of existing investment and all that data center stuff, and they're trying to figure out how this is gonna work. You know, you talk to a typical bank, for example, you know, their core business processes of how they protect money. They're not going to move to the cloud, right? So how did they evolve? And they, by the way, they have to do with compliance requirements on all this other stuff they can't They can't play too fast and loose, so that's an example of something that's early days. But they are also working a lot in terms of Ah, evolving, moving to the cloud and having TTO be able to support that, too. >> So when you engage with with Cline, I presume you're tryingto assess kind of where they're at and then figure out where they want to go, and then how to best get him there. So, yeah, what is Cisco's role in helping him get? >> And so first of all, of course, I represent, you know, the business group that builds the security products, right? So a lot of this, and the reason why my group is so interested in this and and our security Francisco so interested is this really represents the future of security. This idea of having a much more embedded into the applications is supposed to purely being in the infrastructure. So what we're seeing for typical customers, like, if I roll the clock back a year ago and we talked about things like Deb set cops, they're like, Yeah, kind of an interesting problem. The one we just talked about what it's like, not quite ready for it now. This is, I think, every C so you know, chief security officer, I talked to very aware, have active engagements about how they're working with their nabobs groups and are actively seeking for tools and technology to support them. So to me, that's a good sign that it's you know, the world is moving in this direction, and as a security vendor, we need to evolve, too. So that means things like evolving the way firewalls work. For example, it's not just about firewall sitting at the edge. It means distributing firewall functionality. It means moving functionality into the public cloud like a Ws and Google and Azure. It means moving security up into the application itself. So it's a very different world than just a box sitting on the edge. That's that's the journey. And we're on that journey, too. And the industry is I mean, it's not a solve problem for exactly how to do >> that. If we go back to the early days were talking about, you know, that when the Cube started twenty ten, Security really wasn't a board level topic back then. >> It's at least not for every company. There's certainly company. Yeah, but not now. It's like you're right. Every company cares about it, >> right, and it comes up. But every quarterly knowing, you know, certainly every every annual meeting. Um, so So what? Should Sasha, the technical Seaside CEO CTO. If they're invited into the board meeting, how should they be communicating to the board about security, what >> it's run its? And and to your point, I mean typically these days for most major corporations in the world, the chief security officer is often presenting at every board meeting because cyber risk it's such a big, big part of that risk. And this is a challenge, right? Because to try to communicate all the tech required to manage that risk to aboard Not so easy, right? It's like, yeah, China count. How many now, where threats stopped. It's like, what do they do with that? If you talk to our our chief security officer, Steve Martino here, it's Cisco. I mean, he talks a lot about, first of all, having visibility, you know, being able to show how much visibility, how much can we see? And then how much can we control and show that the organization is making more and more progress in terms of just seeing what's out there so you don't know broke devices and then putting controls in place? So you need some pretty. You know, the big animal pictures communication of being able to manage that. But you can never come in and say, Yep, guaranteed. We're secure, you know, are given a number. It kind of has no meaning >> but strategy. Visibility, response. You know, mechanisms preparedness. What? The response. You know, protocol is that that's the level of it sounds like >> showing, you know, maturity of the process is really on the ability to take that on a supposed to getting into the weeds of, you know, all the metrics that stone. >> So we've had multi vendor for a long time, and even then, the network space, there's a lot of different pieces of the environment. How is multi cloud different from a security >> standpoint? Yeah, so the issue there and kind of what I was hinting that we talk about the way people build applications, is that all those vendors, they all do security differently. Everyone that scary differently s'all good, I mean and for example, Amazon, Google, Microsoft. They're all making massive investments to secure their own clouds, which is awesome, but they're always also different. And then you have the SAS vendors. You talked to sales force drop box in box. They have different security mechanisms. And then, of course, you have different ones in the enterprise. So from a chief security officer standpoint reporting to the board, they want one policy. You know, we want to protect sensitive corporate data, and then you have maybe one hundred different security policies across all these, All this mess. That's why it's different trying to manage the complexity and get the policies, toe work and get enforced across all those platforms. You can't force it all to be the same. So a lot of what we're working on, a really tools to do that so you can fitting back into that develops process. You, Khun, define high level policies of how do you control that data and then map it? Toe all those different platforms? That's that's the gold. That's how we that's how we get there. Make progress. >> She had a picture up in the keynotes today. It had users. Device is kind of on one side of the network and then applications in data on the other side of the network and then the network in the middle right and all those pieces fitting in. How does that affect how you think about security? We've talked a lot about application securing the application. Are you thinking similarly about the data or the devices, or even the users? You know bad user behavior will trump great security every time. Where do those other pieces fit into the context? >> Of course, that's a big reason why we just acquired duo security. You know, very significant acquisition there, which is exactly around trust of human beings as well as the device, is a key component that Sisko didn't have before that and fits in exactly to that point. I was a key strategic piece of that of trust, defining trust, and you know that it's in. Obviously, we already do lots on the device side. You know, we do things like identity service engine to enforce access. You know, with the network, we have more and more on the application side. Not so much in the data side yet, I mean, but as we move up the sack and of the application, it'll be around data, too. But the network is a natural convergence point there, and the whole idea of having security embedded right into that network is, of course, you know why. Why Francisco, right, that's security is a critical thing that needs to be embedded and everything that Cisco does. >> Well, you've got an advantage and that you could do the deep packet inspection you hear in the network. I mean, that's what >> visit bill I mean, Maturity is is really all about visibility. Don't visibility of nothing. And Cisco has this incredible foot print. Incredible telemetry across the world. I mean, all the statistics around Talos you probably seen it's a huge right and that's that's. Ah, that's a big advantage that we have to really provide security. >> Right? Awesome. Well, Bret, thanks for for coming back on The Cube was great to see you. My pleasure, tuk. Alright, alright. Keep right there, Everybody Stupid Open day! Volante, You're watching the cue from Cisco Live, Barcelona! Stay right there. We'LL be right back.