(upbeat music) >> Welcome to this CUBE conversation. I'm Dave Nicholson and we are recapping the Citrix launchpad series. This series presents announcements on LinkedIn live on a variety of subjects, specifically cloud, security, and work. Three topics that I think all of us are keenly aware of going through the last 18 months of the pandemic. Citrix has taken time to sort of regroup and look at ways that security can be improved so that it isn't a hindrance for members of staff, but instead offers a unified integrated way of dealing with security across all of the variety of situations we find ourselves in today. Everything from a mobile device in a cafe through actually working back in the office when we get the opportunity to, to accessing information on a company issued laptop in a home office, secured networks, unsecured networks, secured browsers, unsecured browsers, the permutations are nearly endless. So Citrix has taken an interesting point of view, starting from the perspective of zero trust, meaning everything must be authenticated. They apply contextualism to their strategies. So the context and the posture of the access, the device, the location, all of those matter so that security protocols are tailored to help enhance productivity and security instead of, again, being a hindrance. So I highly recommend you go to the Citrix launchpad site dedicated to security. Two senior Citrix execs, Tim and Joe, will go through great detail on the announcements, but let's recap a little bit from an overview perspective. The first is this idea of secure private access. You combine that with secure internet access, and now you have a package that allows this contextual security posture that can change and adapt based upon varying conditions. Additionally, they have announced a partnership with Google where all of these capabilities are built into the Chrome OS. So now you have a device level native support for these protocols. They're also talking about bot management as something that is critical to security, moving forward. Bots out fishing, you want to kill them. You don't want them getting into your system, but there are some bots that are okay that have poking around in your environment. So again, go into the details with Tim and Joe. Having said that, I am delighted to have a very special guest here. Friend of theCUBE, veteran of theCUBE, author, advisor, author of the book, Cyber Minds and Tech Executive, Shira Rubinoff, is going to join us in just a moment. (upbeat music) Hello, and welcome to this special CUBE conversation. I'm Dave Nicholson, and we are recapping the Citrix launchpad series with a focus on the topic of security. Now, whenever we're going to talk security on theCUBE, we have a CUBE veteran and smartest person on cybersecurity that we know, Shira Rubinoff. She's a cybersecurity executive author and advisor, specifically author of the excellent book on the subject, Cyber Minds. Shira, welcome back to theCUBE. >> Thank you. Pleasure to be here. >> How are you today? >> Doing great, always great to be on theCUBE and talk to you folks and certainly be part of something from Citrix. >> Well, that might be the last pleasant thing that we say, because we are surrounded by security threats. So are you ready to get serious? >> Oh, always with a smile, serious with a smile. >> So, one kind of overriding question that a lot of people have now, if you're an IT executive, you've experienced a complete change in the world from so many different angles, but how has the pandemic changed the way you think of security? What are the dynamics at play, things that are different now that we couldn't have anticipated maybe two or three years ago? >> Interesting question. Certainly, if we look at the scope and the ecosystem of the way that organizations operated, it was pretty much in the high 90% of people being in the office with just the few percentage being working from home. And that had to shift literally overnight to literally the flip side of it, having the multitude of the organization work from home, work remotely, and maybe the few people that had to be in the office were there. So all of a sudden organizations were left with this, how do we secure down our organization? How do we keep our employees safe? How do we keep our organization safe? How do we connect to the outside world? What do we do to maintain the proper cyber? That's call it cyber hygiene within an organization. And that's a topic that I talk about quite frequently. When you look at cybersecurity as a whole, we look at the cyber posture of an organization. We also have to break it down and say, what does an organization need to do to be fully cyber secure? So of course, the ongoing training and that had to shift as well. We have now training for the organization and employees, but also think about the consumers and who else is interacting with organizations. We have to switch how that is done. And that has to be ongoing in the global awareness, the cybersecurity of course is at top of mind. And then that would lead to us to zero trust. Zero trust is a massive, massive piece of cybersecurity need for organizations. We think about it as who needs the data is king. Whoever has the data, they rule the world. They own the organization, they do what they need to do. Zero trust, limited access, knowledge of who gets in, why they get in, the need to get in, and the need for that within organization. So zero trust is a very key component and Citrix is very focused on as well. We talk about updated security and patching and all that has to happen, think about remotely. So not only are we thinking about all these topics, we have to think about them going at warp speed with people that might be working remote, who also have other things they have to take care of. Maybe they're taking care of elderly parents, maybe they're having to watch their kids on zoom, making sure they're staying on zoom, and all sorts of things with school, and other maybe roommates who are working for other organizations, not having important information in the backgrounds of their zoom while they're having these important conversations with organizations. But also think about the multiple devices people are using. They may have an area that's set up properly in order to do their work, but then again, they have to be in another room at the same time. Oh, let me just grab my device. So the whole area of the multiple devices, the warp speed of working and not, let's call this pause. And this is one of the key elements that I would tell all organizations to stop and pause, to think about what you're doing before you do it. Give the headaches, but that was not interplayed when the height of the pandemic. The height of the pandemic, we were worried about what's going on? Need knowledge of information, where we're getting this information, downloading it, clicking on links. Then we're working at the same time, taking care of people. So all these things are happening simultaneously, leaving these open vectors for the tax surface to be that much more heightened for the bad actors to get in. >> So, you advise some of the largest companies in the world on this subject, and obviously you're not going to reveal any names or specifics, but as a general overall view from your perspective, how are we doing right now? Is the average large organization now sort of back on cruise control, having figured everything out for this new reality? On a scale of 1 to 10, how well are we executing against all of these changes? >> That's a great question. Let me talk about the global whole. I think organizations are actually doing really well. I think there was a quick ramp up to figure out how to get it done, but because of also the shift of sharing of information that some of these largest companies across the world, they came together to share information with bad actors, to share information about the tax, to share information about what to do if something happens, who's out there and buying together almost like a whole. So it wasn't each finger on its own. It's a hand as a whole looking at it from a stronger perspective. So I think that shift coupled with the fact of the knowledge and understanding of what companies needed to do in terms of locking down the organization, but also allowing and helping their employees, empowering them to get their work done, but get it done in a secure safe fashion. And I believe now, obviously, we all know, they obviously, but the ransomware attacks are now prevalent and they're becoming even more intense with the rise of 5G, a way that attacks could happen, the warp speed. We're now having to understand that being reactive is not enough, being proactive is something that is wonderful to see organizations are doing as well. It used to be okay, let's be reactive. If something happens, what do we do? Let's have a plan in place. But that's not good enough and we've seen that happen because these attacks are coming a warp speed. So the proactivity of these organizations that they've taken is applaudable in general. I can't talk for all the companies, but the ones that I've been consulting to and have interactions with, I'm pleasantly surprised and not surprised as well, that the way that they've taken their cyber posture so seriously, and where they focus in, not only on the organization as a whole, but their employees as individuals, what their needs are and being able to give them what they need to do their jobs well. >> Yeah, that makes sense. You can almost think of it like cybersecurity is a team sport and to the extent that all of that proactive work that an organization can do can be absolutely undermined if we don't do our parts as endpoints, as endpoint people. And when someone reads Cyber Minds, I think there's an undercurrent that I definitely sensed. And then when I looked more closely into your background, I realized that, yes, in fact, you do have a background in psychology. I want to shift to a question along that line, if you don't mind. Thinking about the psychology of people who have lived through the pandemic, this concept of our personal hygiene and our personal security has been in the forefront of our mind. As you leave the house, and there's hand sanitizer and masks and maybe gloves, we're very, very aware of this. How has that affected us from a cybersecurity team sport perspective? Has that made us better players on the field? What are your thoughts in that regard? >> I actually love that question. As we saw the pandemic heightened, everyone became hyper aware of their own personal, what's called cleanliness. And in terms of where they are, what they're doing, if they're masking, if they're putting on gloves, the sanitizers are everywhere, six feet apart. Everybody's thinking about that. It's a forefront. It became a way of life. And if you then do you shift that and you're saying, okay, let's look at the technology or the cybersecurity part of it, your own personal safety, your own personal cybersecurity. I think we failed a lot in that area. I think because of the fact, if you think about the human psychology and the pieces that people needed to know information, everybody was hungry for the latest and greatest information. What's going on? What are the stats? How many people? Just terrible, terrible pandemic with so many people getting sick. So many people dying and wanting to know, what is going on? what are the latest rule sets? What can I do? What else can I do to protect myself? What is my business doing? So we also had bad actors sending out the phishing attacks, heightened tremendously. There is information being sent out, click here for the latest here. This is Dr. Fauchi, his latest report. Everything going out there was not necessarily to help us, but to hurt us. And because of people's human psychology of thinking, I need to protect myself, so I need the information. The stop and pause is, is this the right information? Is this a safe place to go? But then there's also the other flip side of, if I'm not interacting, I'm not there. Think about the different generational people we have going on. Gen Z, millennials, all sorts of it. Everybody's all over social media. And everybody needs to and wants to have a presence there, certainly in this world. So putting out lots of information and being present was very critical 'cause people weren't in-person anymore. So people were interacting online, whether it being on social, whether it being telling people where they're going, what they're doing, what they're eating, what their favorite animal is, all sorts of things that they were doing. But they were giving over personal information that made have be utilized as passwords or ways to get to know somebody, to either do a spear phishing attack or any types of attacks to gather information to hurt, not just a personal to steal money or to steal someone's identity or to come in and hurt the company, but information was everywhere. So we were taking care of our personal cleanliness, but our cyber hygiene with our psychologies aspect of cybersecurity itself, I think took a big dive. And I think that people started becoming aware as these attack surfaces grew. There were also different types of attacks that were happening where phone calls were coming in and saying, somebody is breaking into your bank account. Just verify yourself, give me the last four digits. I need to know who you are. So playing on the human psyche of fear, somebody is trying to get you nervous. So what are you going to do? You're going to act quickly without thinking. Or all sorts of, I think we were talking earlier about extended warranties for different things. That also grew extensively, but how did they do that? They were gathering information, personal information to give you something you want. So if you're playing again on the human psychology of people, when people get what they want, they're more likely to give over something they may not give to somebody else anyway. And one of my biggest example or a strong example is back in the day with Candy Crush. If you think about that game, before you sign up for that game, you literally have to give over your kidney. You're giving over access to your camera, to your contacts. If you look back at the permissions you are giving, it's really unbelievable that everybody was clicking yes, because they wanted to play a game. So take that example and transfer that into real life. We were doing the same thing. So the importance of brushing up on that personal cyber hygiene and really understanding what people needed to do to heighten their own security themselves, less sharing on social, not giving over information that they shouldn't, not allowing a trusted source who isn't really a trusted source into it. Having strong zero trust, not just organizations, but for yourself was very important. >> Yeah now, did we, Chuck. Chuck's my producer. Did we get Shira's social security number and her date of birth? Shira, can you give us that? >> Sure, it's 555-55-5555. >> Excellent Aha, phishing attack. >> There you go, go for it. (laughs) >> So you think there could be a little bit of security fatigue that might come into play when we're thinking of living up to our responsibilities as those end points? >> I think there was just fatigue in general and people were tired of being locked in the house. People were tired of having everybody under the same roof all the time, 24/7. Trying to get work done, trying to get school done, taking care of people, what they needed to do, having groceries delivered, going into groceries, all the thoughts that they had to do that was just a way of life before that we all took for granted during the pandemic. It was just a whole shift. People were just antsy, jumpy. We needed to connect and we need to connect in any way we could. So all these open vectors became a problem that ended up hurting us rather than helping us. So this has been something that was a big mind shift as a pandemic continued. People started realizing what was going on and organizations took a good stand on educating the population and telling them, look, these are the things that are happening. This is what we need to do. Certainly a lot of the companies I'm working with did such a great job with that. Giving their employees the wherewithal of wanting to connect, but doing in a secure manner. Giving them the tools of what they needed to do personal, only also in their personal lives, not just for their work lives. So that was helpful too. And as we're coming out of it, hopefully continue to come completely out of it, we'll see the shift back into, let's take that stop and pause. Let's think what we're doing. >> Yeah, well, we are all looking back to whatever resemblance of normal we can get to. Shira, I can spend hours picking your brain on a variety of subjects. Unfortunately, we are coming to the end of our time together. Do you promise to come back? >> Certainly, a big fan of theCUBE. >> Well, fantastic. Shira Rubinoff, thank you so much for your time. This is Dave Nicholson with a very special CUBE conversation, signing out. Thanks for watching. >> Shira: Thank you too. (gentle music)