>>from around the globe it's the >>cube >>presenting >>Future Cloud one event. A >>world of >>opportunities >>brought to you by Cisco. We're here with Dejoy Pandey a VP of emerging tech and incubation at Cisco. V. Joy. Good to see you welcome. >>Good to see you as well. Thank you Dave and pleasure to be here. >>So in 2020 we kind of had to redefine the notion of agility when it came to digital business or you know organizations, they had to rethink their concept of agility and business resilience. What are you seeing in terms of how companies are thinking about their operations in this sort of new abnormal context? >>Yeah I think that's a great question I think what what we're seeing is that pretty much the application is the center of the universe and if you think about it the application is actually driving brand recognition and the brand experience and the brand value. So the example I like to give is think about a banking app uh recovered that did everything that you would expect it to do. But if you wanted to withdraw cash from your bank you would actually have to go to the ATM and punch in some numbers and then look at your screen and go through a process and then finally withdraw cash. Think about what that would have, what that would do in a post pandemic era where people are trying to go contact less. And so in a situation like this the digitization efforts that all of these companies are going through and the modernization of the automation is what is driving brand recognition, brand trust and brand experience. >>Yeah. So I was gonna ask you when I heard you say that, I was gonna say well but hasn't it always been about the application? But it's different now, isn't it? So I wonder if you talk more about how the application is experience is changing? Yes. As a result of this new digital mandate. But how should organizations think about optimizing those experiences in this new world? >>Absolutely. And I think, yes, it's always been about the application, but it's becoming the center of the universe right now because all interactions with customers and consumers and even businesses are happening through that application. So if the application is unreliable or if the application is not available is untrusted insecure, uh, there's a problem. There's a problem with the brand with the company and the trust that consumers and customers have with our company. So if you think about an application developer, the weight he or she is carrying on their shoulders is tremendous because you're thinking about rolling features quickly to be competitive. That's the only way to be competitive in this world. You need to think about availability and resiliency, like you pointed out and experience, you need to think about security and trust. Am I as a customer or consumer willing to put my data in that application? So velocity availability, security and trust and all of that depends on the developer. So the experience, the security, the trust, the feature velocity is what is driving the brand experience now. >>So are those two tensions that say agility and trust, you know, zero trust used to be a buzzword now, it's a mandate. But are those two vectors counter posed? Can they be merged into one and not affect each other? Does the question makes sense? Right? Security usually handcuffs my speed. But how do you address that? >>Yeah, that's a great question. And I think if you think about it today, that's the way things are. And if you think about this developer, all they want to do is run fast because they want to build those features out and they're going to pick and choose a purpose and services that matter to them and build up their app and they want the complexities of the infrastructure and security and trust to be handled by somebody else is not that they don't care about it, but they want that abstraction so that is handled by somebody else. And typically within an organization we've seen in the past where there's friction between Netapp, Succop cited hopes and the cloud platform teams and the developer on one side and these these frictions and these meetings and toil actually take a toll on the developer and that's why companies and apps and developers are not as agile as they would like to be. So I think, but it doesn't have to be that way. So I think if there was something that would allow a developer to pick and choose, discover the apis that they would like to use, connect those api is in a very simple manner and then be able to scale them out and be able to secure them and in fact not just secure them during the run time when it's deployed, we're right off the back when the fire up that I'd and start developing the application, wouldn't that be nice? And as you do that, there is a smooth transition between that discovery connectivity and ease of consumption and security with the idea cops, netapp psych ops teams and see source to ensure that they are not doing something that the organization won't allow them to do in a very seamless manner. >>I want to go back and talk about security but I want to add another complexity before we do that. So for a lot of organizations in the public cloud became a staple of keeping the lights on during the pandemic. But it brings new complexities and differences in terms of latency security, which I want to come back to deployment models etcetera. So what are some of the specific networking challenges that you've seen with the cloud? Native architecture is how are you addressing those? >>Yeah. In fact, if you think about cloud, to me that is a that is a different way of seeing a distributed system. And if you think about a distributed system, what is at the center of the distributed system is the network. So my my favorite comment here is that the network is the wrong time for all distribute systems and modern applications. And that is true because if you think about where things are today, like you said, there's there's cloud assets that a developer might use in the banking example that I gave earlier. I mean if you want to build a contact less app so that you get verified, a customer gets verified on the app. They walk over to the ATM and they were broadcast without touching that ATM. In that kind of an example, you're touching the mobile Rus, let's say, Ohio escapees, you're touching Cloud API is where the back end might sit, you're touching on primary purpose, maybe it's an oracle database or a mainframe even where transactional data exists, you're touching branch pipes were the team actually exists and the need for consistency when you withdraw cash and you're carrying all of this and in fact there might be customer data sitting in Salesforce somewhere. So it's cloud API is a song premise branch, it's ass is mobile and you need to bring all of these things together and over time you will see more and more of these API is coming from various as providers. So it's not just cloud providers but saAS providers that the developer has to use. And so this complexity is very very real and this complexity is across the wide open internet. So the application is built across this wide open internet. So the problems of discovery ability, the problems of being able to simply connect these apis and manage the data flow across these apis. The problems of consistency of policy and consumption because all of these areas have their own nuances and what they mean, what the arguments mean and what the A. P. I. Actually means. How do you make it consistent and easy for the developer? That is the networking problem. And that is a problem of building out this network, making traffic engineering easy making policy easy, making scale out, scale down easy, all of that our networking problems. And so we are solving those problems. Uh Francisco >>Yeah the internet is the new private network but it's not so private. So I want to go back to security. I often say that the security model of building a moat, you dig the moat, you get the hardened castle that's just outdated now that the queen is left her castle. I always say it's dangerous out there. And the point is you touched on this? It's it's a huge decentralized system and with distributed apps and data, that notion of perimeter security, it's just no longer valid. So I wonder if you could talk more about how you're thinking about this problem and you definitely address some of that in your earlier comments. But what are you specifically doing to address this? And how do you see it evolving? >>Yeah, I mean that that's that's a very important point. I mean I think if you think about again the wide open internet being the wrong time for all modern applications, what is perimeter security in this uh in this new world? I mean it's to me it boils down to securing an API because again, going with that running example of this contact lists cash withdrawal feature for a bank. The FBI wherever it sits on tram branch sas cloud, IOS android doesn't matter that FBI is your new security perimeter and the data object that is trying to access is also the new security perimeter. So if you can secure ap to ap communication and P two data object communication, you should be good. So that is the new frontier. But guess what? Software is buggy? Everybody's software not saying Cisco software, everybody's Softwares buggy. Uh software is buggy, humans are not reliable and so things mature, Things change, Things evolve over time. So there needs to be defense in depth. So you need to secure at the API layer had the data object layer, but you also need to secure at every layer below it so that you have good defense and depth if any layer in between is not working out properly. So for us that means ensuring ap to ap communication, not just during long time when the app has been deployed and is running, but during deployment and also during the development life cycle. So as soon as the developer launches an ID, they should be able to figure out that this API is security uses reputable. It has compliant, it is compliant to my my organization's needs because it is hosted, let's say from Germany and my organization wants a P is to be used only if they are being hosted out of Germany. So compliance needs and and security needs and reputation. Is it available all the time? Is it secure and being able to provide that feedback all the time between the security teams and the developer teams in a very seamless real time manner? Yes, again, that's something that we're trying to solve through some of the services that we're trying to produce in SAN Francisco. >>Yeah, I mean those that layered approach that you're talking about is critical because every layer has, you know, some vulnerability and so you you've got to protect that with some depth in terms of thinking about security, how should we think about where where Cisco's primary value add is, I mean it's parts of the interview has a great security business. Is growing business. Is it your intention to to to to add value across the entire value chain? I mean obviously you can't do everything so you've got a partner but so has the we think about Cisco's role over the next I'm thinking longer term over the over the next decade. >>Yeah, I mean I think so. We do come in with good strength from the runtime side of the house. So if you think about the security aspects that we haven't played today, uh there's a significant set of assets that we have around user security around around uh with with do and password less. We have significant assets in random security. I mean the entire portfolio that Cisco brings to the table is I don't run time security. The security checks aspects around posture and policy that will bring to the table. And as you see, Cisco evolve over time, you will see us shifting left. I mean I know it's an overused term, but that is where security is moving towards. And so that is where api security and data security are moving towards. So learning what we have during runtime. Because again, runtime is where you learn what's available and that's where you can apply all of the M. L. And I models to figure out what works what doesn't taking those learnings, Taking those catalogs, taking that reputation database and moving it into the deployment and development life cycle and making sure that that's part of that entire they have to deploy to runtime chain is what you will see Cisco do overtime. >>That's fantastic phenomenal perspective video. Thanks for coming on the cube. Great to have you and look forward to having you again. >>Absolutely. Thank you. Pleasure to be here. >>This is Dave Volonte for the cube. Thank you for watching. Mhm. >>Mhm mm.