>> Live from Washington D.C. It's theCUBE covering AWS Public Sector Summit 2018 brought to you by Amazon web services and its ecosystem partners. >> Welcome back to Washington D.C. everybody you're watching theCUBE, the leader in live tech coverage I'm Dave Vellante, with John Furrier, we're covering the AWS public sector summit Barry Russell is here, the General Manager of Worldwide Business Development and Operations for the AWS marketplace and service catalog and he's joined by Dmitri Alperovitch who is the co-founder and CTO of CrowdStrike a hot new company, just raised a boatload of dough we're going to talk about that, but welcome gentleman, thanks for coming on theCUBE. Barry, let's start with you. So we saw Teresa put up a slide, I tried to count and it was over two hundred ISVs and SAS providers for GovCloud, the marketplace is booming. What's going on from your perspective? >> So we launched marketplace in the GovCloud at New York summit last year, back in 2017 and we launched it in a little over four hundred products that were available. The team is more than double that now, there's nine hundred and fifty or more products available. But the exciting thing for us is that today we're able to make SAS; SAS inscription, SAS contracts available from partners such as CrowdStrike. It just gives customers more flexibility and choice in how they deploy software into a region like GovCloud. >> So Dmitri, we're going to get into the funding and the news in a second. But from your standpoint, marketplace, why the attractiveness, no concerns, it's all systems go, go hard in. What's your perspective? >> Absolutely. AWS has been a huge partner for us since really the beginning of the company. We've built our entire business on AWS, we're cloud end point security vendors so we have a little agent that lives on every server, desktop, laptop, both on premise and cloud environments. But the back-end is all on AWS where we process mass amounts of data and the exciting thing in the last year or so in partnering with AWS is being able to offer that capability to their customers through the marketplace where every asset that you have on AWS can now be protected by CrowdStrike and we're very very excited about that and actually today, we launched our 'Falcon' is the name of our product on GovCloud, offering to target primarily the Federal Government as well as the state and local and other enterprises actually, that are interested in that high level of assurance that GovCloud provides. >> What specifically- can you just drill down the product I just want to make sure that we get that right. So, you're on Amazon, you're protecting Amazon end points within their cloud. That's great for Amazon commercial enterprises, repeat one more time the public sector piece, how does that work? Who's the customer? Is it just the agency, or is it also enterprises who work with that? Talk about the dynamics. >> So when you look at our customers it's a mix of large enterprises, about twenty percent of fortune 500 companies, and various federal agencies. Basically we install on every machine they have that runs Windows, Mac or Linux systems so servers, desktops, laptops, everything within their environment but there's no on-premise equipment. So the agent connects to our cloud which runs on AWS and we collect all the execution activities that are taking place and apply machine learning and artificial intelligence to discover security threats. So it's a big data problem and we collect over a hundred billion events every single day just to give you a sense of how much that is, in two days we process the amount of data that Twitter processes in a year. So, really huge amounts of data. >> So Barry, do you go out to partners, do you even have to sell them on this concept, are they beating down your door, what's that dynamic like? >> Yeah, we work with partners that, well first of all, we have to get them to architect for AWS. So, before we even think about listing a product in marketplace, Dmitri will tell you, they have to first architect to run well on AWS so that when the software is deployed or the customer accesses that environment, it's running optimally. And the customer is protecting both assets that they have running on AWS and On-Prem. I think vendors have really warmed up to the idea of marketplace as a sales channel for them. And the reason for that is we really serve two different types of customers. One type of customer who can go to the public marketplace website and subscribe to a product, deploy that and immediately purchase it. And then, for large enterprise and public sector federal government customers, we still have that feature of private offers, which enables the customer and the vendor to negotiate on price and terms but still transact digitally through marketplace and have it all seamlessly built by AWS. Lots of flexibility for sales teams that are in the field. >> Okay, so they work out the financial arrangements and you guys facilitate that experience? >> That's right. We handle the deployment, subscription and billing for the customer. >> So obviously, you know, the commercial space SAS is exploding. What are the drivers in federal, are they similar, what are the differences? >> For customers that are wanting to move to SAS based applications, I think it's pretty simple. Customers have reached a point where they don't necessarily want to manage the underlying infrastructure or software itself. So they're really looking to manufacturers like CrowdStrike who have a fully managed SAS based environment running on AWS. All the customer wants is the outcome the functionality of the software, for it to be performant and do what the vendor said that it was going to do. Managing all of that infrastructure and underlying technology, that's the expertise of the manufacturer themselves and the movement to SAS is all about simplifying for customers. >> How about CrowdStrike news I want to get to the valuation question. You guys are valued at over three billion dollars just reported on siliconangle.com and around the world you guys raised two hundred million dollars in a round of funding. Total capitalization is about four hundred million, roughly? >> Yeah, over four hundred million. >> OK. So you're feeling good today, right? >> Very good. More than anything else it's an indication of our growth, we've doubled the company in terms of revenue last year. We had a year over year increase of five hundred percent in terms of one million dollar deals we've closed. So it's really an indication that we're separating ourselves from the rest of the pretty crowded endpoint security marketplace and establishing ourselves as a leader. >> And what's the money going to be used for? Mostly expansion, sales, marketing? >> It's further expansion, our growth internationally sales and marketing, engineering, helping build out more of the platform capabilities. >> I want to get your take on the cloud because you guys built your business on day one. We were commenting off-camera saying that with our company we have never owned a data center. Have you ever owned a data center? >> We do a few things, small things, but most of our stuff is on AWS. >> So, for the people out there trying to do cloud that don't have that clean sheet of paper of a start-up like you guys were seven years ago. The key to success, to really take advantage of the cloud, not just migrate to it, but actually use it. >> Well, you know, it's interesting in security it's been an interesting journey because when we started back in 2011, doing security in the cloud was a heresy. In fact, I remember meetings with major banks back in those days when we were telling them about our plans and how we're going to do security in a very different way. They said 'This sounds intriguing, but we'll never be a customer because we'll never do cloud." Now, most of these guys are customers, so the mindset has definitely changed a lot. And what we're seeing now is actually our competitors that for years have been trying to compete with us by saying 'Well we're on-premise, CrowdStrike is cloud, you can't trust cloud.' Now they're desperately trying to move to the cloud and of course, unless you build it natively in the cloud to begin with it's very very hard to do. You can't just put an appliance in a data center and call it a cloud, and that's what they're struggling with. >> How do customers determine whether something- How does it pass the smell test? You know, you can say you do things, what's the flaw in having that non-optimized fully cloud-ready, or born in the cloud solution? What's the test? >> That's a great question. So, one test is scalability. We replace a lot of our competitors because they just couldn't scale. Because they used traditional sequel-based databases, single appliances, not a multi-tenet environment, they deploy it to two hundred thousand end points and the thing just comes crashing down. So that's one big thing and then in terms of better security, unless this is what the cloud really gives you in security, unless you can aggregate all of this data, and we process a hundred billion events per day and do machine learning on that data to try and discover new types of attacks, you're not leveraging the benefits of the cloud you're not delivering better protection. >> We've had many interviews over the years, Dave and I, around security with Amazon. You took a lot of heat on it being not secure turns out the cloud is actually becoming more secure, you're an expert in security, you've done a lot of thread analysis over the years looking at your bio and you're successfully leading a great company. Hackers love to attack where the data is, so the cloud's complexity, if you will, or its distributive nature, makes it less hackable, some say. What's your take on that? How do you view that opportunity? So say, look at it, if I put everything in one spot, I can brute-force it, or I'm going to get hacked. What's your take on using the cloud as an opportunity to have better security? >> You know, in this day and age almost every single company that is not concerned in moving to the cloud is making a huge mistake because the reality is, when you look at the security teams that Amazon has, or other cloud providers have, they are way ahead of virtually everyone in this market. They're way ahead of the big banks that have a lot of money,6 they're certainly way ahead of the federal government, so you're getting the best of the best and security technologies they have the same level of scale that we do in terms of seeing all these types of attacks and can react a lot faster. So yes, while it may present itself as a bigger target the reality is that you'll be getting a much higher level of protection than you can ever do yourself. >> So what's the inside scoop on the tipping point? You were talking before, years ago, financial services, customers for example said 'Never, we'll never go to the cloud'. We've had many interviews, 'that's an evil word.' >> That's right. >> What was the tipping point? Was it the realization that companies like Amazon could do a better job? Was it fear of missing out? Was it economics? Was it the losses that they were taking? What was it? >> I think it was a combination of everything. It's funny because in those days we actually asked them, 'Well, how did you feel about virtualization when it came out? I bet you didn't like that either.' 'No, we didn't like that, now we use the virtualization.' 'How do you feel about open source?' 'No, no. We hated it. Now we use it.' Right, so it's a journey for a lot of companies. Whenever something new comes out that's a big paradigm shift. But a few years in typically they realize the adoption. What we're seeing now particularly in the public sector is that realization that the commercial sector went through probably three or four years ago. And now we're seeing the big push and the executive order from the present that you have to adopt cloud, that you have to move to modern IT infrastructure and we're seeing a lot of success and the federal government agencies are realizing we need to do security in particular very differently and the cloud is a huge differentiator. >> How about, anything you can add to that Barry? Your perspectives on it? >> No, we're seeing enterprise customers and not just in financial services but across all industries. On the public sector side, you have organizations like GoodWill or City and Newport and then on the enterprise side, you have really large organizations like Siemens or 3M that are not only leveraging AWS but have also started leveraging solutions that are available in the marketplace and I think that in the past couple of years we have seen a turn both in the enterprise customer and in public sector customers that are really starting to adopt cloud and move to that as their primary mechanism. >> And we have seen in the last year huge adoption of the public sector across many sensitive agencies they're starting to adopt our solution on the GovCloud platform because they're seeing the benefits of that security model. >> It's a no-brainer, really, if you look at the speed and scale that you can do things, but you've got to check the boxes of the public sector, a little bit different than the commercial enterprise. So, talk about the public sector we're here at the public sector summit, it's like a reinvent in and of itself of that ecosystem. What does the current landscape look like? What's the orientation? What's the posture of their technology strategies? What's their appetite? Can you guys just give us some color commentary on the public sector customers? >> Sure, go ahead? >> Yeah. You know, one of the reasons that GovCloud was built and stood out was to give customers that needed FedRAMP or ITAR compliancy, you know and an opportunity to operate those workloads that they were moving over. Here's what I would say, you know, it's not just traditional public sector customers, like government agencies or the federal government that are operating in GovCloud, it's also enterprise customers that serve those needs. So there's this cross-section of pollination of customers and server team partners that are serving the federal government and government entities and large educational institutions or state and local government. But they want the same level of innovation, scale, they want to free up their developers to develop new applications and services for the citizens that they serve. They want all of the same things that the enterprise customers that we've been talking about have had for a number of years. They want the exact same thing. >> The paradigm shift, Dmitri, we were talking off-camera about the public sectors looking to the private sector because there's leadership there. No-one says, 'Hey, let's just do what the government does, there's no real- the inefficiencies that use cases there. You mention paradigm shift. How has the paradigm of operating and servicing and selling and delivering product value to the public sector changed? I mean, we still hear, the Oracle, thing was in the news about the DOD JEDI project? So the old way of selling and procuring is changing? >> It is, and the fact that customers can now leveraging Amazon and buy through the marketplace, all of these services directly from Amazon without having to go do separate contracting vehicles and separate prosumers, but the other benefit you get is the SAS deployment model in times of value. Traditional security solutions as an example take literally twelve to eighteen months to deploy. We had an agency in the US government that bought our solution recently and deployed throughout the entire agency in two weeks. So that ability to automatically get value of the solution helps secure the enterprise is something that you can only achieve with a cloud-based solution. >> I talk to a lot of people in D. C., we've been covering, opening up more coverage here it's still hot-market for the cloud area and certainly government as well. And then, in an off-the-record conversation, I won't say the name, but he says 'Look, I can't deny the Amazon solution, this cloud-native stuff is amazing, when have prices ever gone up? They don't, they go down, but they take more account-control because they get more penetration. So the prices go down. In the old way, prices went up! So, again, this is the shift in the mindset where you get more business, but you're driving the prices down at the element level. Is this the key thing that you're hearing too? >> Absolutely, and when you look at some of the customers that, I don't want to speak for you, but that Amazon has acquired in terms of intelligence community and others that you would never think would ever move to the cloud given the sensitivity that they have, and yet they've realized that to do things differently, to accomplish their mission, they have to use the cloud. So we're absolutely seeing that paradigm shift and the nice thing is that it's coming both from the bottom-up with these agencies realizing that they have to do things differently, and there is support in the White House in terms of IT modernization that we need to adopt the cloud to be successful. >> So do you feel like we'll finally start turning the corner in security? What I mean by that, is if you look at some of the metrics about, OK, a company gets infiltrated, they don't even realize it for whatever, two hundred and seventy five days, we spend more on security every year but we feel less secure. Is the cloud beginning to change that or are some of those metrics or even subjective measurements, I'm happy to spend more but I want to be more secure, are we starting to see the fulfillment of that promise? >> Absolutely, no question about it. And I'll give you a very concrete example. We actually launched, two weeks ago, a guarantee. If you're a customer using our service and you get breached on a system we protect, we pay up to a million dollars of various costs that you have because we believe that we can actually secure you and we're willing to put our money where our mouth is and establish that guarantee and there's no one in the industry that is doing anything like that. >> That's putting your money where your mouth is, I mean that's fantastic, usually these guarantees give a free month of service. >> No, no, no. We will pay cash to reimburse various expenses and set a response, legal fees, everything else that comes into it. >> Congratulations for taking that step. I mean, others are going to have to follow. >> That's good leadership. One of the guys on the stage from the CIA, Dave, you had the quote said that security-- >> Cloud security on its worst day- Cloud security on its very worst day is far better than my client's server systems. (John laughs) >> So there it is, to your point, OK, let's get the plug in for you guys. So you've got eight months of you starting to work together in the marketplace. >> We did. >> Tell us about that relationship, how's it going? What do you guys do? You're selling products together? Give a quick update on the relationship between that. >> Okay, so our Falcon platform in the last eight months has been on marketplace where customers that are coming in, and provisionary resources on EC2, on AWS can immediately get Falcon to protect those resources and that has been a fantastic growth area for us. We've also been partnering on the new GuardDuty offering that Amazon launched last year we're the intelligence provider for that platform. So it's been a great partnership we're looking to do a lot more, in particular with the GovCloud in the public sector. >> Last word? >> Well for us now, we're able to have a solution we can recommend to customers that's fully SAS-based, running on AWS and proven in its capability so, you know, it's great to partner with their sales and alliance team on the commercial and public sector side. We're going to look forward to seeing what we can do for the rest of the year. >> Well, Barry, thanks for coming back again it's great to have you on theCUBE and Dmitri, wonderful, and congratulations on the raise and making some progress, really appreciate your insights. >> Thank you so much. >> You're welcome. >> Alright, keep it right there buddy, John Furrier and I will be back with Stu Miniman, we're live from AWS Public Sector Summit. You're watching theCUBE.

(upbeat music) >> Well good to have you with us here as we continue the AWS startup showcase and we're joined now by the CEO of BigID, Dmitri Sirota. And Dmitri good afternoon to you? How are you doing today? >> I'm pretty good, it's Friday, it's sunny, it's warm, I'm doing well. >> Then that's a good start, yeah. Glad to have you with us here. First off, just about BigID and when you look at I would assume these accolades are, they are quite a showcase for you. Well economic forum technology pioneer. Forbes cloud 100, business insider startup the watch. I mean, you are getting a lot of attention, obviously for... >> Yep. >> And well-deserved, but when you see these kinds of recognitions coming your way- >> Yep. >> First of what does that do to inspire, motivate and fuel this great passion that you have? >> Yeah, look I think all of these recognitions help, I think affirm, I think what we aspire to be right? Provide the preeminent solution for helping organizations understand their data and in so doing, be able to address problems in privacy and protection and perspective. And I think that these recognitions are part of that as our customers, as our partners like AWS. So they're all part of that ad mixture. And I think they contribute to a sense that we're doing some pioneering work, right as they work from the world economic forum recognized. So I think it's important. I think it's healthy. It encourages kind of cooperative spirit at the company. And I think it's, you know, it's very encouraging for us to continue and build. >> So let's talk about BigID, a little bit for our viewers who might not be too familiar. You are a fairly new company, raised 200 million so far, five years of operations coming up on five years. >> Yep. >> But talk about your sweet spot in terms of the variety of services they provided in terms of protection and security. >> Yeah, sure. So we were founded with really this kind of precept that organizations need to have a better understanding of their data. I think when we got started about five years ago. Most organizations had some view of their data, maybe a few of their files, maybe their databases. What changed is the emerging privacy regulations like GDPR and CCPA later forced companies to rethink their approach to data understanding data knowledge, because part of the kind of the core consumption of privacy is that you and me and other individuals have a right to their data the data actually belongs to us. Similar to when you deposit a check in a bank. That money you deposited is yours. If you ever want to withdraw it, the bank has to give it back to you. And in a similar way, these privacy regulations require organizations to be able to give back your data or delete it or do other things. And as it happens there was no real technology to help companies do that, to help companies look across their vast data estates and pick out all the pieces of information all the detritus that could belong to Dimitri. So it could be my password, it could be my social security, it could be my click stream, it could be my IP address, my cookie. And so we developed from the ground up a brand new approach to technology that covers the data center and the cloud, and allow organizations to understand their data at a level of detail that never existed before. And still, I would argue doesn't exist today. Separate from BigID. And we describe that as our foundational data discovery in depth, right? We provide this kind of multidimensional view of your data to understand the content and the context of the information. And what that allows organizations to do is better understand the risk better meet certain regulatory requirements like GDPR and CCPA. But ultimately also get better value from their data. And so what was pioneering about us is not only that level of detail that we provided almost like your iPhone provides you four cameras to look at the world. We provide you kind of four lenses to look at your data. But then on top of that we introduced a platform that allowed you to take action on what you found. And that action could be in the realm of privacy so that you could solve for some of the privacy use cases like data rights or consent or consumer privacy preferences or data protection data security, so that you can remediate. You can do deal with data lifecycle management. You could deal with encryption, et cetera. Or ultimately what we call a data governance or data perspective, this idea of being able to get value from your data but doing so in a privacy and security preserving way. So that's kind of the conception we want to help you know, your data. And then we want to help you act on your data so that your data is both secure. It's both compliant , but ultimately you get value from your data. >> Now we get into this, helping me know my data better because you you've talked about data you know and data you don't right? >> Dimitri: Yeah. >> And you're saying there's a lot more that we don't or a company doesn't know. >> Dimitri: Yeah. >> Than it's aware of. And I find that still kind of striking in this day and age. I mean with kind of the sophistication of tools that we have and different capabilities that I think give us better insight. But I'm still kind of surprised when you're saying there's all a lot of data that companies are housing that they're not even aware of right now. >> They're not and candidly they didn't really want to be for a long, long time. I think the more you know sometimes the more you have to fix, right? So there needed to be a catalyzing event like these privacy regulations to essentially kind of unpack, to force a set of actions because the privacy regulation said, no, no, no you need to know whether you want to or not. So I think a lot of organizations for years and years outside of a couple of narrow fields like HIPAA, PCI unless there was a specific regulation, they didn't want to know too much. And as a consequence there, wasn't really technology to keep up with the explosion in data volumes and data platforms. Right? Think about like AWS didn't exist when a lot of these technologies were first built in the early 2000's. And so we had to kind of completely re-think things. And one thing I'll also kind of highlight is the need or necessity is not just driven by some of these emerging privacy regulations, but it's also driven by the shift to the cloud. Because when you have all your data on a server in a data center in New Jersey, you could feel a false sense of security because you have doors to that data center in New Jersey and you have firewalls to that data center in New Jersey. And if anybody asks you where your sensitive data you could say, it's in New Jersey! But now all of a sudden you move it into the cloud and data becomes the perimeter, right? It's kind of naked and exposed it's out there. And so I think there's a much greater need and urgency because now data is kind of in the ethos in the air. And so organizations are really kind of looking for additional ability for them to both understand contextualize and deal with some of the privacy security and data governance aspects of that data. >> So you're talking about data obviously AWS comes to mind, right? >> Dimitri: Yeah. And the relationship that you have with them it's been a couple of years in the making things are going really well for you and ultimately for your customers. What is it about this particular partnership that you have with AWS that you think has allowed you to bring that even more added value at the end of the day to your customer base? >> Look, our customers are going to AWS because its simplicity to kind of provision their applications, their services, the cost is incredibly attractive, the diversity of capabilities that AWS provides our customers. And so we have a lot of larger and midsize and even smaller organizations that are going to AWS. And it's important for us to be where our customers are. And so if our customers are using Red Sheriff, or using S creator, using dynamo or using Kinesis or using security hub. We have to be there, right? So we've kind of followed that pathway because of they're putting data in those places, part of our job is provide that insight and intelligence to our customers around those data assets, wherever they are. And so we build a set of capabilities and expertise around the broader AWS platform. So that we could argue that we can help you, whether you keep your data in S3 whether you keep it Dynamo, whether you keep it in EMR, RDS, Aurora, Athena the list goes on and on. We want to be that expert partner for you to kind of help you know your data and then tend to take action on your data. >> So the question about data security in general, obviously as you know, there are these major stories of tremendous breach that's right. >> Yep. >> Stayed afterwards, in some cases. >> Bad guys. >> Yeah, really bad guys and bad smart guys, unfortunately and persistent to say the least. How do you work with your clients in an environment like that? Where, you know, these threats are never ending, >> Yep. >> They're becoming more and more complex. And the tools that you have are certainly robust but at the end of the day, it's very difficult. If not impossible to say a 100% bulletproof, right? >> Yeah. >> It's if you are absolutely safe with us. But you still try, you give these insurances because of your sophistication that, should give people some peace of mind. Again, it's a tough battle your in. >> Yeah. So I think the first rule of fight club is that, to solve a problem, you need to know the problem, right? You can't fix what you can't find, right? So if you're unaware that there's a potential compromise in your data, potential risk in your data maybe you have passwords in a certain data store and there's no security around that. You need to know that you have passwords in a certain data store and there's no security around that. >> Because unless you know that first, there's no ability for you to solve it. So the first part of what we do that kind of know your data that K-Y-D, is we help organizations understand what data do they have that potentially is at risk, may violate a regulatory requirement like GDPR or CCPA, things of that sort. So that's kind of the first level of value because you can't solve for something you can't, you're unaware of, right? You need to be able to see it and you need to be able to understand it. And so our ability to kind of both understand your data and understand what it is, why it is, whose it is where it came from, the risk around it lets you take action on that. Now we don't stop there. We don't stop at just helping you kind of find the problem. We also help you understand if there's additional levels of exposure. Do you have access control around that data for instance. If that data is open to the world and you just put a bunch of passwords there or API keys or credentials, that's a problem. So we provide this kind of holistic view into your data and to some of the security controls. And then most importantly, through our application platform our own apps, we provide ways for you to take action on that. And that action could take many forms. It could be about remediating where you delegate to a security owner and say, hey, I want you to delete that data. Or I want you to encrypt that data. It could be something more automated where it just encrypts everything. But again, part of the value and virtue of our platform is that we both help you identify the potential risk points. And then we give you in the form of apps that sit on top of our platform, ways to take action on it, to secure it, to reduce it, to minimize the risk. >> Because these threats are ever evolving. Can you give us a little, maybe inside peek under the tent here, a bit about what you're looking at in terms of products or services down the road here. So if somebody is thinking, okay. What enhanced tools might be at my disposal in the near term or even in the longterm to try and mitigate these risks. Can you give us an idea about some things you guys are working on? >> Yeah. So the biggest thing we're working on I've already kind of hinted at this is really the kind of first in industry platform, in our category companies that look at data and by platform i mean, something like where you can introduce apps. So AWS has a platform. People can introduce additional capabilities on top of AWS. In the data discovery classification arena, that had never been the case because the tools were very, very old. So we're introducing these apps and these apps allow you to take a variety of actions. I've mentioned a few of them, there's retention. You can do encryption, you can do access control, you could do remediation, and you could do breach impact analysis. Each of these apps is kind of an atomic unit of functionality. So there's no different than on your iPhone or your Android phone. You may have an Uber app, when you click on it, all of a sudden your phone looks like an Uber application. You may have an app focused on Salesforce, you click on it, all of a sudden your phone looks like a Salesforce application. And so what we've done is we've kind of taken this kind of data discovery, classification and intelligence mechanism that kind of K-Y-D I referenced. And then we built a whole app platform. And what we're going to start announcing over the coming months, is more and more apps in the field of privacy, in the fields of data security or protection, and even the fields of data value what we call perspective and that's and we're actually coming out with an announcement shortly on this app marketplace. And there'll be BigID building apps, but you know what, there's going to be a lot of third parties building apps. So companies that do intrusion detection and integrations and all kinds of other things are also building apps on BigID. And that's an exciting part of what you're going to see coming from us in the coming weeks. >> Great. Well, thanks for the sneak peek and wait I feel like I just barely scratched the surface of it. Governance, compliance, right? Regulation, you have so many balls in the air but obviously you're juggling them quite well and we wish you continued success, job well done. Thanks, Dimitri. >> Dimitri: Thank you very much for having me. (upbeat music)

(upbeat music) >> Well good to have you with us here as we continue the AWS startup showcase and we're joined now by the CEO of BigID, Dmitri Sirota. And Dmitri good afternoon to you? How are you doing today? >> I'm pretty good, it's Friday, it's sunny, it's warm, I'm doing well. >> Then that's a good start, yeah. Glad to have you with us here. First off, just about BigID and when you look at I would assume these accolades are, they are quite a showcase for you. Well economic forum technology pioneer. Forbes cloud 100, business insider startup the watch. I mean, you are getting a lot of attention, obviously for... >> Yep. >> And well-deserved, but when you see these kinds of recognitions coming your way- >> Yep. >> First of what does that do to inspire, motivate and fuel this great passion that you have? >> Yeah, look I think all of these recognitions help, I think affirm, I think what we aspire to be right? Provide the preeminent solution for helping organizations understand their data and in so doing, be able to address problems in privacy and protection and perspective. And I think that these recognitions are part of that as our customers, as our partners like AWS. So they're all part of that ad mixture. And I think they contribute to a sense that we're doing some pioneering work, right as they work from the world economic forum recognized. So I think it's important. I think it's healthy. It encourages kind of cooperative spirit at the company. And I think it's, you know, it's very encouraging for us to continue and build. >> So let's talk about BigID, a little bit for our viewers who might not be too familiar. You are a fairly new company, raised 200 million so far, five years of operations coming up on five years. >> Yep. >> But talk about your sweet spot in terms of the variety of services they provided in terms of protection and security. >> Yeah, sure. So we were founded with really this kind of precept that organizations need to have a better understanding of their data. I think when we got started about five years ago. Most organizations had some view of their data, maybe a few of their files, maybe their databases. What changed is the emerging privacy regulations like GDPR and CCPA later forced companies to rethink their approach to data understanding data knowledge, because part of the kind of the core consumption of privacy is that you and me and other individuals have a right to their data the data actually belongs to us. Similar to when you deposit a check in a bank. That money you deposited is yours. If you ever want to withdraw it, the bank has to give it back to you. And in a similar way, these privacy regulations require organizations to be able to give back your data or delete it or do other things. And as it happens there was no real technology to help companies do that, to help companies look across their vast data estates and pick out all the pieces of information all the detritus that could belong to Dimitri. So it could be my password, it could be my social security, it could be my click stream, it could be my IP address, my cookie. And so we developed from the ground up a brand new approach to technology that covers the data center and the cloud, and allow organizations to understand their data at a level of detail that never existed before. And still, I would argue doesn't exist today. Separate from BigID. And we describe that as our foundational data discovery in depth, right? We provide this kind of multidimensional view of your data to understand the content and the context of the information. And what that allows organizations to do is better understand the risk better meet certain regulatory requirements like GDPR and CCPA. But ultimately also get better value from their data. And so what was pioneering about us is not only that level of detail that we provided almost like your iPhone provides you four cameras to look at the world. We provide you kind of four lenses to look at your data. But then on top of that we introduced a platform that allowed you to take action on what you found. And that action could be in the realm of privacy so that you could solve for some of the privacy use cases like data rights or consent or consumer privacy preferences or data protection data security, so that you can remediate. You can do deal with data lifecycle management. You could deal with encryption, et cetera. Or ultimately what we call a data governance or data perspective, this idea of being able to get value from your data but doing so in a privacy and security preserving way. So that's kind of the conception we want to help you know, your data. And then we want to help you act on your data so that your data is both secure. It's both compliant , but ultimately you get value from your data. >> Now we get into this, helping me know my data better because you you've talked about data you know and data you don't right? >> Dimitri: Yeah. >> And you're saying there's a lot more that we don't or a company doesn't know. >> Dimitri: Yeah. >> Than it's aware of. And I find that still kind of striking in this day and age. I mean with kind of the sophistication of tools that we have and different capabilities that I think give us better insight. But I'm still kind of surprised when you're saying there's all a lot of data that companies are housing that they're not even aware of right now. >> They're not and candidly they didn't really want to be for a long, long time. I think the more you know sometimes the more you have to fix, right? So there needed to be a catalyzing event like these privacy regulations to essentially kind of unpack, to force a set of actions because the privacy regulation said, no, no, no you need to know whether you want to or not. So I think a lot of organizations for years and years outside of a couple of narrow fields like HIPAA, PCI unless there was a specific regulation, they didn't want to know too much. And as a consequence there, wasn't really technology to keep up with the explosion in data volumes and data platforms. Right? Think about like AWS didn't exist when a lot of these technologies were first built in the early 2000's. And so we had to kind of completely re-think things. And one thing I'll also kind of highlight is the need or necessity is not just driven by some of these emerging privacy regulations, but it's also driven by the shift to the cloud. Because when you have all your data on a server in a data center in New Jersey, you could feel a false sense of security because you have doors to that data center in New Jersey and you have firewalls to that data center in New Jersey. And if anybody asks you where your sensitive data you could say, it's in New Jersey! But now all of a sudden you move it into the cloud and data becomes the perimeter, right? It's kind of naked and exposed it's out there. And so I think there's a much greater need and urgency because now data is kind of in the ethos in the air. And so organizations are really kind of looking for additional ability for them to both understand contextualize and deal with some of the privacy security and data governance aspects of that data. >> So you're talking about data obviously AWS comes to mind, right? >> Dimitri: Yeah. And the relationship that you have with them it's been a couple of years in the making things are going really well for you and ultimately for your customers. What is it about this particular partnership that you have with AWS that you think has allowed you to bring that even more added value at the end of the day to your customer base? >> Look, our customers are going to AWS because its simplicity to kind of provision their applications, their services, the cost is incredibly attractive, the diversity of capabilities that AWS provides our customers. And so we have a lot of larger and midsize and even smaller organizations that are going to AWS. And it's important for us to be where our customers are. And so if our customers are using Red Sheriff, or using S creator, using dynamo or using Kinesis or using security hub. We have to be there, right? So we've kind of followed that pathway because of they're putting data in those places, part of our job is provide that insight and intelligence to our customers around those data assets, wherever they are. And so we build a set of capabilities and expertise around the broader AWS platform. So that we could argue that we can help you, whether you keep your data in S3 whether you keep it Dynamo, whether you keep it in EMR, RDS, Aurora, Athena the list goes on and on. We want to be that expert partner for you to kind of help you know your data and then tend to take action on your data. >> So the question about data security in general, obviously as you know, there are these major stories of tremendous breach that's right. >> Yep. >> Stayed afterwards, in some cases. >> Bad guys. >> Yeah, really bad guys and bad smart guys, unfortunately and persistent to say the least. How do you work with your clients in an environment like that? Where, you know, these threats are never ending, >> Yep. >> They're becoming more and more complex. And the tools that you have are certainly robust but at the end of the day, it's very difficult. If not impossible to say a 100% bulletproof, right? >> Yeah. >> It's if you are absolutely safe with us. But you still try, you give these insurances because of your sophistication that, should give people some peace of mind. Again, it's a tough battle your in. >> Yeah. So I think the first rule of fight club is that, to solve a problem, you need to know the problem, right? You can't fix what you can't find, right? So if you're unaware that there's a potential compromise in your data, potential risk in your data maybe you have passwords in a certain data store and there's no security around that. You need to know that you have passwords in a certain data store and there's no security around that. >> Because unless you know that first, there's no ability for you to solve it. So the first part of what we do that kind of know your data that K-Y-D, is we help organizations understand what data do they have that potentially is at risk, may violate a regulatory requirement like GDPR or CCPA, things of that sort. So that's kind of the first level of value because you can't solve for something you can't, you're unaware of, right? You need to be able to see it and you need to be able to understand it. And so our ability to kind of both understand your data and understand what it is, why it is, whose it is where it came from, the risk around it lets you take action on that. Now we don't stop there. We don't stop at just helping you kind of find the problem. We also help you understand if there's additional levels of exposure. Do you have access control around that data for instance. If that data is open to the world and you just put a bunch of passwords there or API keys or credentials, that's a problem. So we provide this kind of holistic view into your data and to some of the security controls. And then most importantly, through our application platform our own apps, we provide ways for you to take action on that. And that action could take many forms. It could be about remediating where you delegate to a security owner and say, hey, I want you to delete that data. Or I want you to encrypt that data. It could be something more automated where it just encrypts everything. But again, part of the value and virtue of our platform is that we both help you identify the potential risk points. And then we give you in the form of apps that sit on top of our platform, ways to take action on it, to secure it, to reduce it, to minimize the risk. >> Because these threats are ever evolving. Can you give us a little, maybe inside peek under the tent here, a bit about what you're looking at in terms of products or services down the road here. So if somebody is thinking, okay. What enhanced tools might be at my disposal in the near term or even in the longterm to try and mitigate these risks. Can you give us an idea about some things you guys are working on? >> Yeah. So the biggest thing we're working on I've already kind of hinted at this is really the kind of first in industry platform, in our category companies that look at data and by platform i mean, something like where you can introduce apps. So AWS has a platform. People can introduce additional capabilities on top of AWS. In the data discovery classification arena, that had never been the case because the tools were very, very old. So we're introducing these apps and these apps allow you to take a variety of actions. I've mentioned a few of them, there's retention. You can do encryption, you can do access control, you could do remediation, and you could do breach impact analysis. Each of these apps is kind of an atomic unit of functionality. So there's no different than on your iPhone or your Android phone. You may have an Uber app, when you click on it, all of a sudden your phone looks like an Uber application. You may have an app focused on Salesforce, you click on it, all of a sudden your phone looks like a Salesforce application. And so what we've done is we've kind of taken this kind of data discovery, classification and intelligence mechanism that kind of K-Y-D I referenced. And then we built a whole app platform. And what we're going to start announcing over the coming months, is more and more apps in the field of privacy, in the fields of data security or protection, and even the fields of data value what we call perspective and that's and we're actually coming out with an announcement shortly on this app marketplace. And there'll be BigID building apps, but you know what, there's going to be a lot of third parties building apps. So companies that do intrusion detection and integrations and all kinds of other things are also building apps on BigID. And that's an exciting part of what you're going to see coming from us in the coming weeks. >> Great. Well, thanks for the sneak peek and wait I feel like I just barely scratched the surface of it. Governance, compliance, right? Regulation, you have so many balls in the air but obviously you're juggling them quite well and we wish you continued success, job well done. Thanks, Dimitri. >> Dimitri: Thank you very much for having me. (upbeat music)