>> Announcer: theCUBE presents "Dell Technologies World," brought to you by Dell. >> Hey, everyone. Welcome back to theCUBE's coverage of day one of "Dell Technologies World 2022" live from the Venetian in Las Vegas. They're excited. I dunno if you heard that, a group behind me very excited to be here. Lisa Martin, Dave Vellante. We're very pleased to welcome Jules Johnston, the SVP of channel from Equinix. Jules, welcome to the program. >> Thank you for having me. I appreciate it. >> And those people back there are very excited, if you heard that big applause when we went live. (Jules laughing) So the vibe here is fantastic for the first live "Dell Technologies World" since 2019. A lot of people here, this Expo Hall is packed. A lot of momentum here, but there's also a lot of momentum at Equinix. Talk to us about what's going on. >> Well, so many exciting things for Equinix and this partnership of Dell sort of gives us a chance to share that with partners here throughout the conference. So we are very excited, as you said about and we just were named to the Fortune 500 this year, 77 quarters of growth consecutively. But underpinning that is having made huge investments in what is the world's largest footprint of global data centers, 240 of them on six continents in 66 markets but then interconnecting them. So they have the connections that Dell customers need to the clouds. They have the connections that they need to all of the future SaaS providers. So that foresight to put together that interconnection network across our footprint has set us on the path we're on today, which we're very grateful to be at in. And really, the things that are happening with Equinix and Dell together couldn't be more of the moment. >> Talk to me about the last two years. The moments of the last two years have been very challenging >> They have. >> For everyone. How has the partnership evolved in that time? >> Well, we, together, Dell and Equinix, what we're doing is really helping our shared interface customers navigate the complexities of their digital transformation. And digital transformation is hard. It's not a one and done and it's not an overnight solution. And so, what we are doing is partnering with Dell to think about putting a dedicated Dell IT stack in an Equinix data center to give customers that sovereign adjacency so that they can have that security proximate to all the clouds and everything else they need to participate in the ecosystem. And then pairing that with these interconnected enterprises. So, Dell and we are helping customers then be able to have some of their solution on-prem, some of their solution in the cloud, access public clouds and use that collectively to define what we're calling the intelligent edge, together. And that intelligent edge means so many different things to customers but it is really our honor to work together with Dell to help each customer define that for themselves. >> Equinix is an amazing company. Like you said, it's... I didn't realize it was that many consecutive quarters but it's a 60 billion plus market cap. If you look at the stock chart, it'll blow your mind. Really incredibly successful. And part of the reason... It's funny, 10, 15 years ago, people thought, well... Or, 10 years ago, anyway, the cloud is going to hurt companies like Equinix. It was the exact opposite. And that's because Charles Phillips used to joke, "Friends don't let friends build data centers." >> Yes. >> And it's not a good use of capital for most companies, unless you're in the data center business. Now, of course, you have some of your own as a service offerings. >> We do. >> What's the overlap with Dell? How do they compliment each other? >> It's a good question because... And we get that. Are you and Dell in fact competitors? No, we see them as wholly complimentary. And in fact, we're working with Dell to bring to market things like something we call PowerEdge, which involves their servers. And PowerStore, which involves their storage, and then VxRail, which is really the hyper-converged infrastructure. And those are just a few first of a series of offerings we expect to bring to market with Dell. And if you think about Metal, and it's Equinix Metal that people sometimes think is a competitor, but what Metal does for customers is it really allows them to advance, have the equipment placed in our data centers so that they can access that capacity and according to spikes or needs that they have. That equipment in our data centers that's there for them to avail themselves of that capacity is most often Dell equipment. So we are really doing and executing that bare Metal as a service together. >> What are some of the things that you're hearing from your partner community, in terms of the partnership with Dell? Partners must be excited, the momentum there. What's going on in the partner community? >> So, that's what's near and dear to my heart since that's what I'm responsible for, Equinix's global partnerships. And they're just very excited about what we're doing with Dell. And to be honest with you, all of our top partners are also top partners of Dell. So it makes sense that we bring it together. So, big categories of partners like the world's largest global network service providers, some of whom are here and who we'll meet with, AT&T, Orange Business Services, those folks in addition to the world's largest global systems integrators, Kendra, Deloitte, Accenture, WiPro, DXC. All of these are partners that Dell and we will meet with together to further our, what we call Power of Three, that together we're better. Because as much as Dell and Equinix are delivering, the customers most often don't have the experience they need to execute it without a partner. So they are relying on those partners to take what we are doing and make it their own. And so, they're excited about it. You see, it's a big opportunity for them from a... Of revenue services and an opportunity for them to step into a next level trusted advisor status. So partners are excited and we're going to be spending a lot of time with them the next few days. >> Do you see Equinix... 'Cause these partnerships are not bespoke partnerships. It's an ecosystem that's organic and evolving and growing. Are you a dot connector in a way? Can it be a flywheel effect in your ecosystem? >> Well, so our ecosystems that we provide, wide range of those from high frequency trading to connected cars, to the internet of things and content providers, we do see it as our role to the 10,000 and growing customers that are in our 240 data centers on six continents that provide those ecosystems. It is our mission to continue to grow that, enrich it, because that does differentiate us greatly from another data center provider. And it's the combination of the ecosystem that you'd find and the people you can connect to at Equinix. And then also the leverage of our fabric in order to be able to access your future needs. >> And it's a lot of technology underneath these. It's that first layer one, I guess, if you will, of the data center, right? And so, a lot of your customers or your partner's customers, they just don't want to be in that business as we were saying before. I mean, it's just too expensive. The power requirements are going through the roof. So you got to be really good at managing power. >> You do. In fact... So first of all, you're right. It's extremely difficult for them to also be able to make that commitment to keep a data center they would manage themselves at the level that Equinix is able to invest. So it's very difficult for people to do it themselves. But even show... Another point you mentioned actually about the power, is near and dear to our hearts because Equinix is super committed to sustainability. And so we've made a commitment to wholly renewable energy. And it's something that we talk a lot about how we also help partners like Dell meet their initiatives. So partners like AT&T meet their connected climate goals. So we are actually using that and coming together with Dell on that story, and then helping to amplify that with our partners. >> And that's... How do you do that? That's putting data centers where you can cool with ambient air. Is it being near the Columbia River? What's your strategy in that regard? >> On sustainable... I have to be honest to you. I would be out of my depth if I didn't say... >> This is the high level, yeah. >> So we are deploying some of the latest technologies about that and then experts people who, all they do is really help us to reduce the carbon footprint and be able to offset that, be able to use solar, be able to use wind, be able to take advantage of that. And then also to navigate what's available when you're in 240 locations on six continents. It's not the same options to reduce your power consumption and your burden are different in Africa as we just discovered with our main one acquisition than they are in India or than they are in other parts of the world. So it is for us a journey, and we've been assembling a lot of the talent to do that, >> But you're so large now, even a small percentage improvement can really move the needle. >> And I think because we are the largest, it is incumbent upon us to really set the standard and be committed to it. And we do see other people following, which is a good thing for all of us. >> Well, how important is that in your partnership conversations. That partners have that same focus and commitment on ESG that Equinix has. >> Partners care a lot about it, but customers ask us both all the time. We increasingly see a portion of an RFP or scope of work asking, "Before I decide to go with Equinix and Dell, tell me how you're going to impact the environment. Tell me about your commitment." And so, we are committed to it, but customers are demanding it too. >> So it's... >> Where do you... Go ahead please. >> Oh, I was just going to say, it's coming from the voice of the customer, which Equinix is listening to, we know Dell is listening to it as well. >> I'm sorry, one more time. >> That the sustainability, the ESG demand is coming from the customers, as you were saying. >> Both. I mean, we want to do the right thing and we've made commitments to it, but our customers are holding us accountable to it. And sustainability is now a board level priority. It is for us. And it is for companies like Dell and it is for partners and customers. >> It really is... It's up there with security in terms of the board level conversation. Where do you want to see the partner ecosystem in the next let's call it three to five years. In your business you can look out that far. >> Well, I think that our partners and by that I mean Dell's and our mutual partners, We've been listening to customers with Dell to deliver a flexible set of options for how customers would consume Equinix and Dell. So our partners are going to be integrating a variety of those in order to meet the customer where they are in that journey. Whether they want to buy Apex as a service, whether they want to buy Equinix Metal, whether they want to have a partner put together bespoke, do-it-yourself combination with other services. I mean, the customers are going to demand a choice of options. I think partners are going to embrace multiple versions of that so that they can to meet the customer where they are and take them. >> Well. That's incredibly important these days to meet the customer where they are, the customers have a lot of choice. >> It is. >> But everything that we're all doing is for the customer ultimately at the end of the day. >> Yes, it is. And you know, the customers are getting savvier, but we are all still early in this journey as far as the edge. I think we are all still grappling that. Right now we like to say that as customers are looking to define that, the footprint that we offer together with Dell gives them an awfully robust set of choices for now. And then we want to continue to invest and expand to be wherever they need us. >> Well, that's the thing about your business? It's optionality. I mean, the cloud has a lot of stuff, but you can't get everything you want in the cloud. >> Jules: You can, >> And you can put anything in your data center. That's IT. >> You can, but you may not know what you need yet. And so that's one of the things we spend a lot of time having our solutions, architects and our sales to people together, but they'll talk about future proofing, their strategy. So future proofing, that combination of on-prem and in an Equinix data center, and maybe some public and future proofing, leveraging our fabric so that they might elect different SaaS space services or cloud-based services a year to five years from now than they are even thinking about today. And, they may expand their edge over time, because they may see that as at the customer end point. Today, most businesses are still using a footprint like ours as their edge, but that could change. And so we want to be there when it does. >> Yeah. That's a great point because you don't want to necessarily have to rip it out every co couple of years. If you can have an architecture that can grow. Yeah, sure. You might want to upgrade it. >> Well, and that's one of the most appealing things about services like Metal where they also do prevent that sort of rip and replace, but they also help people navigate the supply chain shortages that are going on right now. So this has been a trying two years for supply chain shortages. And being able to take advantage of Dell equipment already staged at an Equinix data center and partners can then bring their customers a quicker immediate response. >> Have you also seen this? You mentioned the supply chain shortages, some of the many challenges that we've experienced in a last few years. How much of a factor has the great resignation been? The labor shortages, the cybersecurity skills gap, on folks coming to Equinix saying, "Help, we don't have the resources here to do this ourselves." >> We have been fortunate to be... If you're asking me how the reservation has affected us as a company. >> No your customers. >> Oh customers it has. Oh, okay I get it. So it is a challenge for them, but it's an opportunity for our partners. So what I see there is it's been challenging for customers to hold onto that talent, but partners are filling that gap. And we with Equinix being forced to hold onto a lot of our best and brightest. And so we put them together with our partners and we try to help customers fill those gaps. >> Well that's the most important thing, filling those gaps. >> You ever been inside one of these ultra modern data centers? >> I have not, not yet. It's pretty cool, isn't it? >> Have you ever had a tour of one? >> I've never had a tour of an Equinix data center, but I've seen some modern data centers that will blow your mind? >> Well, they come with all the requisite biometrics and man traps and all of the sort of bells and whistles that are actually the first slay of physical security, but then once you get into the data center, then we get into the virtual and the digital security that you would expect. >> Yeah, it's good. And you know, it's not like you drive by the data center, and there's a big sign that says, here's the data center. They're trying to stay a little hidden and then like getting in, it's like getting into Fort Knox. It's probably harder. And then, but then the it's like this giant clean room. It's amazingly clean and just huge. It'll blow your mind. >> And inside the data centers, all the world's networks come together and peer, and then we have inside their, the most direct roam reps to the cloud. So you would expect there's a lot of wires and pipes running very neatly through a very secure clean... >> Cooling systems and power systems that are just... >> Pristine environment for sure. >> Amazing engineering. >> It is really. >> We need a tour. >> Do you let people tour your data center? >> I will bring both of you on a tour. >> Awesome. >> Be my guests. >> I would love to. Great. >> Sounds fantastic. Would love to. >> We'll bring a camera. (laughing) Oh, no, we're not allowed. >> Not today. >> No phones, no phones sequester. So what are some of the things that you're excited about seeing and hearing the next couple of days as this is the first time we've all gotten to be together in so long? >> We are excited about the conversations that we're going to have, power of three that I was talking about. So, we really pride ourselves on having that combination add up to more to benefit the customer. And so this will be sort of a coming out party of sorts. Equinix and Dell will meet with almost 20 different global partners that are really important to both of us. So I am most excited about those conversations and about the education I'm going to get on the ways they're thinking about integrating it differently, because that is good choice for the market. That is good choice for the customer set, for the enterprises out there. So that's what I'm most excited about. >> Awesome, sounds like tremendous opportunity, lots going on this week. But thank you for coming on Jules, >> Oh my pleasure, thank you. talking about... >> How Equinix and Dell better together, the way that your channel partner program is growing and of course the momentum of the company. Can't wait to see what happens next year. >> Thank you. Thank you. Well, we will aim to deliver and thank you again for having us. >> Thanks Jules. >> Our pleasure. For Dave Vellante, I'm Lisa Martin and you're watching theCUBE's live coverage day one, "Dell Technologies World" live from Las Vegas. Stick around, we'll be right back with our next guest. (slow upbeat music)

>> We're back at AWS reinvent 2021. You're watching theCUBE. We're here live with one of the first live events, very few live events this year. It's the biggest hybrid event really of the year, of the season. Hopefully it portends a great future. We don't know it's a lot of uncertainty, but AWS said they're going to go for it. Close to 30,000 people here, Chris Wiborg is here. He's the VP of product marketing at Cohesity. Chris, great to see you face to face man. >> It's great to see you live again Dave. You understand that. >> Over the last couple of years we've had a lot of virtual meetup, hang out, and we talk every other quarter. >> Yeah. >> So it's great to see. Wow. You know, we were talking before the show. Well, we didn't really know what it was going to be like. I don't think AWS knew. >> No. >> It's like everything these days. >> You know, we did our own virtual event back in October because that was the time. And this is the first thing we've been back to live. And I was wondering, what's going to be like when I show up, but it's great to see all the folks that are here. >> Yeah. So I could see the booth. You know, you guys have had some good traffic. >> We have, yeah. >> A lot of customers here, obviously huge ecosystem. This, you know, the "flywheel keeps going". >> Yeah. You and I had a conversation recently about data management. It's something that you guys have put a stake in the ground. >> Absolutely. >> Saying, you know, we're not just backup, we're a good data management. It's fuzzy to a lot of people, we've had that conversation, but you're really starting to, through customer feedback, hone that message and the product portfolio. So let's start from the beginning. What is data management to cohesity? >> Well, so for us it's about the data lifecycle, right? And you heard a little bit about this actually during the keynote today, right? >> Right. >> When you think about the various services, you need to apply to data along the way to do basic things like protect it, be able to make sure you can recover from disasters, obviously deal with security today given the prevalence of ransomware out there, all the way down to at the end, how do you get more value out of it? And we do that in some cases with our friends from AWS using some of their AIML services. >> So your view of data may mean, it's kind of stops at the database right underneath. There's an adjacency to security that we've talked about. >> Yeah, very much. >> Data protection is now becoming an increasingly important component of a security strategy. >> It is. >> It's not a direct security play, but it's just the same way that it's not just the SecOps team has to worry about security anymore. It's kind of other parts of the organization. Talk about that a little bit. >> Yeah, well, we actually had a customer advisory board about two months or so ago now. And we talked to many of our customers there, and one of them I won't name, a large financial institution. We asked them, you know, where did we stand in your spend these days? And he's able to tell you, a while back about a year ago, having new backup and recovery is a starting point was kind of on the wishlist. And he said today it's number two. And I said, well why? He said well, because of ransomware, right? You'd be able to come back from that and ask, well, great, what's number one? He said, well, endpoint security. So there you are, number one and number two, right? Top of mind for customers these days in dealing with really the scourge that's affecting so many organizations out there. And I think where you're going, you starting to see these teams work together in a way that perhaps they hadn't before, or you've got the SecOps team, you've got the IT operations team. And while exactly your point, we don't position ourselves as just a data security company, that's part of what we do. We are part of that strategy now where if you have to think about the various stages and dealing with that, defending your backups, 'cause that's often the first point of attack now for the bad guys. Being able to detect what's going on through AI and the anomaly detection and such, and then being able to rapidly recover, right? In the recover phase, that's not something that security guys spend time on necessarily, but it's important for the business to be able to bring themselves back when they're subject to an attack, and that's where we come in in spades. >> Yeah. So the security guys are busy trying to figure out, okay, what happened? How do we stop it from happening again? >> There's another business angle which is okay, how do we get back up and running? How much data did we lose? Ideally none. How fast can we get it back up? That's that's another vector that's now becoming part of that broader security stack. >> That's right. I mean, I think if you look at the traditional NIST cybersecurity framework, right? Stage five has always been the recover piece. And so this is where we're working with some of the players in the security space. You may see an announcement we did with Cisco around secure access recently. Where, you know, we're working together, not only to unite two tribes within large organizations. Right? The SecOps and ITOps guys. But then bringing vendors together because it's through that, that really, we think we're going to solve that problem best. >> Before we get into the portfolio, and I want to talk about how you've evolved that, let's talk a little about ransomware, it's in the news. You know, I just wrote a piece recently and just covered some of the payments that have made. I mean, I think the biggest is 40 million, but many tens of millions here and there. And it was, you know, one case, I think it was the Irish health service did not pay, thus far hasn't paid, but it's costing him $600 million to recover as the estimate. So this is serious threat. And as I've said, many times on theCUBE, exactly anybody can be a ransomware as they go on the dark web. >> Ransomware is a service. >> Right, ransomware is a service. Hey, can you set up a help desk for me to help me negotiate? And I'm going to put a stick into a server and you know, I hope that individual gets arrested but you never know. Okay. So now it's top of mind, what are you guys doing? First of all, what are you seeing from customers? How are they responding? What are you guys doing to help? >> Well, I think you're right. First of all, it's just a huge problem. I think the latest stat I saw was something like every 11 seconds there's a new attack because I can go into your point with a credit card, sign up as a service and then launch an attack. And the average payment is around 4.2 million or such, but there's some that are obviously lots bigger. And I think what's challenging is beyond the costs of recovering and invent itself is there's also the issue around brand and reputation, and customer service. And all these downstream effects that I think, you know, the IT guys don't think about necessarily. We talked to one customer or a regional hospital where the gentleman there told me that what he's starting to see after the fact is now, you've actually got class action suits from patients coming after them saying like, "Hey you, you let my data get stolen. Right? Can you imagine no IT guys thinking about that. So the cost is huge. And so it's not just an issue I think that was once upon a time just for ITOps or SecOps through the CIO, even it's even past the board level now if you can imagine. It's something the general public worries about and we actually did a survey recently where we asked people on the consumer side, are you more or less likely to do business with companies if you know they've been subject to ransomware or attacks? And they said, no, we are concerned about that, we are more reticent to do business with people as consumers if they're not doing the right things to defend their business against ransomware. Fascinating. Right? It's long past the tipping point where this is an IT only issue. >> So, high-level strategy. So we talk about things like air gaps, when I talked about your service to ensure immutability, >> Yeah, yeah. >> And at 50,000 foot level, what's the strategy then I want to get into specifics on it. >> Let's talk a little bit about, so the evolution of the attack, nature of attacks, right? So once upon a time, this is in the distant past now, the bad guys that you used to come after your production data, right? And so that was pretty easy to fix with companies like us. It's just restore from backup. They got a little smarter< let's call that ransomware 2.0, right? Where now, they say, let's go after the backup first and encrypt or destroy that. And so there, to your point, you need immutability down to the file system level. So you can't destroy the backup. You got to defend the backup data itself. And increasingly we're seeing people take in isolation in a different way than they used to. So you probably recall the sort of standard three, two, one rule, right? >> Yeah, sure. >> Where the one traditionally meant, take that data offsite on magnetic tape, send it to Iron mountain for example, and then get the data back when I need it. Well, you know, if your business is at risk, trying to recover from tape, it just takes too long. That's just no reason. >> It can be weeks. >> It can be weeks and you've got to locate the tapes, you got to ship them, then you got to do the restore. And just because of the physical media nature, it takes a while. So what we're starting to see now is people figuring out how to use the cloud as a way to do that and be able to have effectively that one copy stored offsite in a different media, and use the cloud for that. And so one of the things we announced actually back in our show in October, was a new service that allows you to do just that. We're calling it for now Project Fort Knox. We're not sure if that name is going to work globally, right? But the idea is a bunker, an isolated copy of the data in the cloud that's there, that can restore quickly. Now, is it as fast as having a local replica copy? Of course not. But, it's way better than tape. And this is a way to really give you that sort of extra layer of insurance on top of what you're already doing probably to protect your data. >> And I think that's the way to think of it. It's an extra layer. It's not like, hey, do this instead of tape, you're still going to do tape, you know. >> There's some that do that for all sorts of reasons, including compliance and governance and regulatory ones. Right? >> Yeah. >> And, you know, even disaster recovery scenarios of the worst case, I hope I never have to go through it. Yeah, you could go to the cloud. >> That's right. >> So, local copy is the best. If that's not there, you've got your air gap copy in the cloud. >> Yap. >> If that's not there for some crazy reason. >> We have a whole matrix we've been sharing with our customers recently with a different options. Right? And it's actually really interesting the conversation that occurs between the IT operations folks, and the SecOps folks back to that. So, you know, some SecOps folks, if they could, they just unplug everything from the network, it's safe. Right? But they can't really do business that way. So it's always a balance of what's the return that you need to meet. And by return I mean, coming back from an attack or disaster versus the security. And so again, think of this as an extra layer that gives you that ability to sleep better at night knowing that you've got a third, a tertiary copy, stored somewhere offsite in a different media, but you can bring it back at the same time. >> How have you evolve your portfolio to deal with both the data management trends that we've talked about and the cyber threats. >> Yeah. Well, a number of things. So amongst the other announcements we made back in October is DR. So DR is not a security thing per se, you know, who gets paged when something goes wrong? It's not the info SEC guys for DR, it's the ITOps guys. And so we've always had that capability, but one of the things we announced is be able to do that to do that to the cloud now in AWS. So, instead of site to site, being able to do it site to cloud, and for some organizations, that is all about being able to maybe eliminate a secondary site, you know, smaller organizations, others that are larger enterprises, they probably have a hybrid strategy where that's a part of their strategy now. And the value there is, it's an OpEx cost, right? It's not CapEx anymore. And so again, you lower your cost of operations. So that's one thing in the data management side. On the security side, another thing we announced was yet another service that runs in AWS, we call Cohesity Data Govern. And this is a way to take a look at your data before something ever occurs. One of the key things in dealing with ransomware is hygiene is prevention, right? And so you sort of have classically security folks that are trying to protect your data, and then another set of folks, certainly a large enterprise that are more on the compliance regulatory front, wanting to know where your PII is, your private sensitive data. And we believe those things need to come together. So this data governance product actually does that. It takes a look at first classifying your data, and then being able to detect anomalies in terms of who's coming in from where to get to it, to help you proactively understand what's at threat, and first of all, you know, where your crown jewels really are and make sure that you're protecting those appropriately and maybe modifying access policies If you have set up in your existing native applications,. So it's a little bit of awareness, a little bit prevention, and then when things start to go wrong, another layer that helps you know what's wrong. >> I love that the other side of the coin, I mean, you going to get privacy as a service along with my data protection as a service, know that's a better model. Tight on time sir, but the last question. >> Sure. >> The ecosystem. >> Yeah. >> So you mentioned endpoint security, I know identity access is cloud security, and since the remote work has really escalated, we talk about the ecosystem and some of the partnerships that you're enabling, API integration. >> Yeah, totally. So, you know, we have this, what we call our threat defense model, has got four layers to it. One is the core, is all about resiliency. You need to assume failure. We have, you know, the ability to fail over, fail back down our file system. It has to be immutable to keep the bad guys out. You have to have encryption, basic things like that. The next layer, particularly in this world of zero trust. Right? Is you have to have various layers access control, obvious things like multifactor authentication, role-based access control, as well as things like quorum features. It's the two keys in the safety deposit box to unlock it. But that's not enough. The third layer is AI powered anomaly detection, and being able to do data classification and stuff and such. But then the fourth layer, and this was beyond just us, is the ability to easily integrate in that ecosystem. Right? So I'll go back to the Cisco example I gave you before. We know that despite having our own admin console, there's no SecOps person that's going to be looking at that. They're going to look at something like a SecureAX, or maybe a Palo Alto XR, and be able to pull signals from different places including endpoints, including firewall. >> You going to feed that. >> Exactly. So we'll send signals over that, they can get a better view and then because we're all API based, they can actually invoke the remedy on their side and initiate the workflow that then triggers us to do the right thing from a data protection standpoint, and recovery standpoint. >> It's great to have you here. Thanks so much for coming on. >> It's good to see you again live today. >> See you in the evolution of cohesity. Yes, absolutely. Hopefully we do this a lot in 2022, Chris. >> Absolutely, looking forward to. >> All right. Me too. All right, thank you for watching this is theCUBE's coverage, AWS reinvent. We are the leader in high tech coverage, we'll be right back.

(upbeat music) >> Welcome everybody to VeeamON 2021 you're watching theCUBE. My name is Dave Villante. You know in 2020 cyber adversaries they seize the opportunity to really up their game and target workers from home and digital supply chains. It's become increasingly clear to observers that we're entering a new era of cyber threats where infiltrating companies via so-called Island Hopping and stealthily living off the land meaning they're using your own tools and infrastructure to steal your data. So they're not signaling with new tools that they're in there. It's becoming the norm for sophisticated hacks. Moreover, these well-funded and really sophisticated criminals and nation States are aggressively retaliating against incident responses. In other words, when you go to fix the problem they're not leaving the premises they're rather they're tightening the vice on victims by holding your data ransom and threatening to release previously ex filtrated and brand damaging information to the public. What a climate in which we live today. And with me to talk about these concerning trends and what you can do about it as Gil Vega, the CISO of Veeam Gil great to see you. Thanks for coming on. >> Great to see you, Dave. Thanks for having me. >> Yeah. So, you know, you're hearing my intro. It's probably understating the threat. You are a Veeam's first CISO. So how do you see the landscape right now? >> That's right. Yeah. And I've been with the company for just over a year now, but my background is in financial services and spent a lot of time managing cybersecurity programs at the classified level in Washington DC. So I've gleaned a lot of scar tissue from lots of sophisticated attacks and responses. But today I think what we're seeing is really a one-upmanship by a sophisticated potentially nation state sponsored adversaries, this idea of imprisoning your data and charging you to release it is it's quite frightening. And as we've seen in the news recently it can have devastating impacts not only for the economy, but for businesses. Look at the gas lines in the Northeast right now because of the quality of a pipeline, a ransomware attack. I just, the government just released an executive order this morning, that hopes to address some of the some of the nation's unpreparedness for these sophisticated attacks. And I think it's time. And I think everyone's excited about the opportunity to really apply a whole of government approach, to helping critical infrastructure to helping and partnering with private sector and imposing some risks, frankly, on some of the folks that are engaged in attacking our country. >> A number of years ago, I often tell this story. I had the pleasure of interviewing Robert Gates the former Defense Secretary. And it was a while ago we were talking about cyber and he sits on a number of boards. And we were talking about how it's a board level issue. And, and we're talking about cyber crime and the like and nation States. And I said, well, wait, cyber warfare, even. And I said, "But don't we have the best cyber tech. I mean, can't we go on the offense?" And he goes, "Yeah, we do. And we can, but we have more to lose." And to your point about critical infrastructure, it's not just like, okay, we have the most powerful weapons. It's really we have the most valuable infrastructure and a lot to lose. So it's really a tricky game. And this notion of having to be stealthy in your incident response is relatively new. Isn't it? >> It is. It is. And you know, there are, you mentioned that and I was surprised you mentioned because a lot of people really don't talk about it as you're going into your response your adversaries are watching or watching your every move. You have to assume in these days of perpetual state of compromise in your environments, which means that your adversaries have access to your environment to the point that they're watching your incident responders communicate with one another and they're countering your moves. So it's sort of a perverse spin on the old mutually assured destruction paradigm that you mentioned the United States has the world's largest economy. And quite frankly the world's most vulnerable, critical infrastructure. And I would concur with Director Gates or Secretary Gates rather it is assessment that we've got to be awfully careful and measured in our approach to imposing risks. I think the government has worked for many years on defining red lines. And I think this latest attack on the colonial pipeline affecting the economy and people's lives and potentially putting people's lives at risk is towing also the close to that red line. And I'm interested to see where this goes. I'm interested to see if this triggers even a, you know a new phase of cyber warfare, retaliation, you know proactive defense by the National Security Community of the United States government. Be interesting to see how this plays out. >> Yeah, you're absolutely right though. You've got this sort of asymmetric dynamic now which is unique for the United States as soon as strongest defense in the world. And I wanted to get it to ransomware a bit. And specifically this notion of ransomware as a service it's really concerning where criminals can actually outsource the hack as a service and the bad guys will set up, you know, on the dark web they'll have, you know, help desks and phone lines. They'll do the negotiations. I mean, this is a really concerning trend. And obviously Veeam plays a role here. I'm wondering as a, as a SecOps pro what should we be doing about this? >> Yeah, you mentioned ransomware as a service, whereas RWS it's an incredibly pernicious problem perpetrated by sophisticated folks who may or may not have nation state support or alliances. I think at a minimum certain governments are looking the other way as it relates to these criminal activities. But with ransomware as a service, you're essentially having very sophisticated folks create very complex ransomware code and distributed to people who are willing to pay for it. And oftentimes take a part of the ransom as their payment. The, issue with obviously ransomware is you know the age old question, are you going to pay a ransom or are you not going to pay a ransom? The FBI says, don't do it. It only encourages additional attacks. The Treasury Department put out some guidance earlier earlier in the year, advising companies that they could be subject to civil or criminal penalties. If they pay a ransom and the ransom goes to a sanction density. So there's danger on all sides. >> Wow okay. But so, and then the other thing is this infiltrating via digital supply chains I call it Island Hopping and the like, we saw that with the solar winds hack and the scary part is, you know different malware is coming in and self forming and creating different signatures. Not only is it very difficult to detect, but remediating, you know, one, you know combined self formed malware it doesn't necessarily take care of the others. And so, you know, you've got this sort of organic virus, like thing, you know, create mutating and that's something that's certainly relatively new to me in terms of its prevalence your thoughts on that and how to do it. >> Yeah, exactly right. You know, the advent of the polymorphic code that changes the implementation of advanced artificial intelligence and some of this malware is making our job increasingly difficult which is why I believe firmly. You've got to focus on the fundamentals and I think the best answers for protecting against sophisticated polymorphic code is,are found in the NIST cybersecurity framework. And I encourage everyone to really take a close look at implementing that cybersecurity framework across their environments, much like we've done here, here at Veeam implementing technologies around Zero Trust again assuming a perpetual state of compromise and not trusting any transaction in your environment is the key to combating this kind of attack. >> Well, and you know, as you mentioned, Zero Trust Zero Trust used to be a buzzword. Now it's like become a mandate. And you know, it's funny. I mean, in a way I feel like the crypto guys I know there's a lot of fraud in crypto, but but anybody who's ever traded crypto it's like getting into Fort Knox. I mean, you got to know your customer and you've got to do a little transaction. I mean, it's really quite sophisticated in terms of the how they are applying cybersecurity and you know, most even your bank isn't that intense. And so those kinds of practices, even though they're a bit of a pain in the neck, I mean it's worth the extra effort. I wonder if you could talk about some of the best practices that you're seeing how you're advising your clients in your ecosystem and the role that Veeam can play in helping here. >> Yeah, absolutely. As I mentioned so many recommendations and I think the thing to remember here so we don't overwhelm our small and medium sized businesses that have limited resources in this area is to remind them that it's a journey, right? It's not a destination that they can continually improve and focus on the fundamentals. As I mentioned, things like multi-factor authentication you know, a higher level topic might be micro-segmentation breaking up your environment into manageable components that you can monitor a real time. Real time monitoring is one of the key components to implementing Zero Trust architecture and knowing exactly what good looks like in your environment in a situation where you've got real-time monitoring you can detect the anomalies, the things that shouldn't be happening in your environment and to spin up your response teams, to focus and better understand what that is. I've always been a proponent of identity and access management controls and a key focus. We've heard it in this industry for 25 years is enforcing the concept of least privilege, making sure that your privileged users have access to the things they need and only the things that they need. And then of course, data immutability making sure that your data is stored in backups that verifiably has not been changed. And I think this is where Veeam comes into the equation where our products provide a lot of these very easily configured ransomware protections around data and your ability to the ability to instantly back up things like Office 365 emails, you know support for AWS and Azure. Your data can be quickly restored in the event that an attacker is able to in prison that with encryption and ransom demands. >> Well, and so you've certainly seen in the CISOs that I've talked to that they've had to obviously shift their priorities, thanks to the force march to digital, thanks to COVID, but Identity access management, end point security cloud security kind of overnight, you know, Zero Trust. We talked about that and you could see that in some of these, you know, high flying security stocks, Okta Zscaler, CrowdStrike, they exploded. And so what's in these many of these changes seem to be permanent sort of you're I guess, deeper down in the stack if you will, but you, you compliment these toolings with obviously the data protection approach the ransomware, the cloud data protection, air gaps, immutability. Maybe you could talk about how you fit in with the broader, you know, spate of tools. I mean, your, my eyes bleed when you look at all the security companies that are out there. >> Yeah for sure. You know, I'm just going to take it right back to the NIST cybersecurity framework and the five domains that you really need to focus on. Identify, protect, detect, respond, and recover, you know and until recently security practitioners and companies have really focused on on the protect, identify and protect, right and defend rather where they're focused on building, you know, moats and castles and making sure that they've got this, you know hard exterior to defend against attacks. I think there's been a shift over the past couple of years where companies have recognized that the focus needs to be on and respond and recover activities, right? Assuming that people are going to breach or near breach, your entities is a safe way to think about this and building up capabilities to detect those breaches and respond effectively to those breaches are what's key in implementing a successful cybersecurity program where Veeam fits into this since with our suite of products that that can help you through the recovery process, right? That last domain of the NIST cybersecurity framework it'll allow you to instantaneously. As I mentioned before, restore data in the event of a catastrophic breach. And I think it provides companies with the assurances that while they're protecting and building those Zero Trust components into their environments to protect against these pernicious and well-resourced adversaries there's the opportunity for them to recover very quickly using the VM suite of tools? >> Well, I see, I think there's an interesting dynamic here. You're pointing out Gil. There's not no longer is it that, you know, build a moat the Queen's leaving her castle. I always say, you know there is no hardened perimeter anymore. And so you've seen, you know, the shift obviously from hardware based firewalls and you I mentioned those other companies that are doing great but to me, it's all about these layers and response is a big in recovery is a huge part of that. So I'm seeing increasingly companies like Veeam is a critical part of that, that security cyber data protection, you know, ecosystem. I mean, to me it's just as important as the frontline pieces of even identity. And so you see those markets exploding. I think it's, there's a latent value that's building in companies like Veeam that are a key part of those that data protection layer you think about you know, defense strategies. It's not just you, the frontline it's maybe it's airstrikes, maybe it's, you know, C etcetera. And I see that this market is actually a huge opportunity for for organizations like yours. >> I think you're right. And I think the proof is in, you know in the pudding, in terms of how this company has grown and what we've delivered in version 11 of our suite, including, you know features like continuous data protection, we talked about that reliable ransomware protection support for AWS S3 Glacier and Azure archive the expanded incident recovery, and then support for disaster recovery and backup as a service. You know, what I found most interesting in my year here at Veeam is just how much our administrators the administrators in our company and our customers companies that are managing backups absolutely love our products that ease of use the instant backup capabilities and the support they receive from Veeam. It's almost cultish in terms of how our customers are using these products to defend themselves in today's pretty intense cyber threat environment. >> Well, and you talked about the NIST framework, and again big part of that is recovery, because we talked about earlier about, do you pay the ransom or not? Well, to the extent that I can actually recover from having all my data encrypted then I've got obviously a lot more leverage and in many ways, I mean, let's face it. We all know that it's not a matter of if it's, when you get infiltrated. And so to the extent that I can actually have systems that allow me to recover, I'm now in a much much stronger position in many respects, you know and CISOs again, will tell you this that's where we're shifting our investments >> Right. And you've got to do all of them. It's not just there's no silver bullet, but but that seems to me to be just a a misunderstood and undervalued part of the equation. And I think there's tremendous upside there for companies like yours. >> I think you're right. I think what I'll just add to that is the power of immutability, right? Just verifiably ensuring that your data has not changed because oftentimes you'll have attackers in these low and slow live off the land types of attacks change your data and affect its integrity with the Veeam suite of tools. You're able to provide for immutable or unchanged verifiable data and your backup strategy which is really the first step to recovery after a significant event. >> And that's key because a lot of times the hackers would go right after the backup Corpus you know, they'll sometimes start there is that all the data, you know, but if you can make that immutable and again, it, you know there's best practices there too, because, you know if you're not paying the cloud service for that immutability, if you stop paying then you lose that. So you have to be very careful about, you know how you know, who has access to that and you know what the policies are there, but again, you know you can put in, you know so a lot of this, as you know, is people in process. It's not just tech, so I'll give you the last word. I know you got to jump, but really appreciate.. >> Yeah, sure. >> You know, the only, the only thing that we didn't mention is user awareness and education. I think that is sort of the umbrella key focus principle for any successful cybersecurity program making sure your people understand, you know how to deal with phishing emails. You know, ransomware is a huge threat of our time at 90% of ransomware malware is delivered by phishing. So prepare your workforce to deal with phishing emails. And I think you'll save yourself quite a few headaches. >> It's great advice. I'm glad you mentioned that because because bad user behavior or maybe uninformed user behaviors is the more fair way to say it. It will trump good security every time. Gil, thanks so much for coming to the CUBE and and keep fighting the fight. Best of luck going forward. >> Great. Thank you, Dave. >> All right. And thank you for watching everybody. This is Dave Villante for the CUBEs continuous coverage VeeamON 2021, the virtual edition. We will be right back. (upbeat music)

>>From Las Vegas. It's the cube covering Qualis security conference 2019 you buy quality. >>Hey, welcome back. You're ready. Jeff Frick here with the cube. We're in Las Vegas at the Bellagio, at the quality security conference. It's the 19th year they've been doing this. It's our first year here and we're excited to be here and it's great to have a veteran who's been in this space for so long, to give a little bit more of a historical perspective as to what happened in the past and where we are now and what can we look forward to in the future. So coming right off his keynote is Felipe korto, the chairman and CEO of Qualys. Phillip, great to see you. Thank you. Same, same, same for me. Absolutely. So you touched on so many great, um, topics in your conversation about kind of the shifts of, of, of modern computing from the mainframe to the mini. We've heard it over and over and over, but the key message was really about architecture. If you don't have the right architecture, you can't have the right solution. So how has the evolution of architects of architectures impacted your ability to deliver security solutions for your clients? >>So now that's a very good question. And in fact, you know, what happened is that we started in 1999 with a vision that we could use exactly like a salesforce.com this nascent internet technologies and apply that to security. And uh, so, and mod when you have applied that to essentially changing the way CRM was essentially used and deployed in enterprises and with a fantastic success as we know. So for us, the, I can say today that 19 years later the vision was right. It took a significant longer because the security people are not really, uh, warm at the idea of silently, uh, having the data in their view, which was in place that they could not control. And the it people, they didn't really like at all the fact that suddenly they were not in control anymore of the infrastructure. So we had a lot of resistance. >>I, wherever we always, I always believe, absolutely believe that the, the cloud will be the cloud architecture to go back. A lot of people make the confusion. That was part of the confusion that for people it was a cloud, that kind of magical things someplace would you don't know where. And when I were trying to explain, and I've been saying that so many times that well you need to look at the cloud like compute that can architecture which distribute the competing power far more efficiently than the previous one, which was client server, which was distributing the convening power far better than of course the mainframes and the mini computers. And so if you look at their architectures, so the mainframe were essentially big data centers in uh, in Fort Knox, like settings, uh, private lines of communication to a dump terminal. And of course security was not really issue then because it's security was built in by the IBM's and company. >>Same thing with the mini computer, which then was instead of just providing the computing power to the large, very large company, you could afford it. Nelson and the minicomputer through the advanced in semiconductor technology could reduce a foot Frank. And then they'll bring that computing power to the labs and to the departments. And was then the new era of the digital equipment, the prime, the data general, et cetera. Uh, and then kind of server came in. So what client server did, again, if you look at the architecture, different architecture now silently servers, the land or the internal network and the PC, and that was now allowing to distribute the computing power to the people in the company. And so, but then you needed to, so everybody, nobody paid attention to security because then you were inside of the enterprise. So it started inside the walls of the castle if you prefer. >>So nobody paid attention to that. It was more complex because now you have multiple actors. Instead of having one IBM or one digital equipment, et cetera, suddenly you have the people in manufacturing and the servers, the software, the database, the PCs, and on announcer, suddenly there was the complexity, increasing efficiency, but nobody paid attention to security because it wasn't a needed until suddenly we realized that viruses could come in through the front door being installed innocently. You were absolutely, absolutely compromised. And of course that's the era of the antivirus which came in. And then because of the need to communicate more and more now, Senator, you could not stay only in your castle. You needed to go and communicate to your customers, to your suppliers, et cetera, et cetera. And now he was starting to open up your, your castle to the world and hello so now so that the, the bad guy could come in and start to steal your information. >>And that was the new era of the forward. Now you make sure that those who come in, but of course that was a little bit naive because there were so many other doors and windows, uh, that people could come in, you know, create tunnels and create these and all of that trying to ensure your customers because the data was becoming more and more rich and more, more important or more value. So whenever there is a value, of course the bad guys are coming in to try to sell it. And that was that new era of a willing to pay attention to security. The problem has been is because you have so many different actors, there was nothing really central there that was just selling more and more solutions and no, absolutely like 800 vendors bolting on security, right? And boating on anything is short-lived at the end of the day because you put more and more weight and then you also increase the complexity and all these different solutions you need. >>They need to talk together so you have a better context. Uh, but they want the design to talk together. So now you need to put other system where they could communicate that information. So you complicated and complicated and complicated the solution. And that's the problem of today. So now cloud computing comes in and again, if you look at the architecture of cloud computing, it's again data centers, which is not today I've become thanks to the technology having infinite, almost competing power and storage capabilities. And like the previous that I sent her, the are much more fractured because you just one scale and they become essentially a little bit easier to secure. And by the way, it's your fewer vendors now doing that. And then of course the access can be controlled better. Uh, and then of course the second component is not the land and the one, it's now the internet. >>And the internet of course is the web communications extremely cheap and it brings you an every place on the planet and soon in Morris, why not? So and so. Now the issue today is that still the internet needs to be secure. And today, how are we going to secure the internet? Which is very important thing today because you see today that you can spoof your email, you can spoof your website, uh, you can attack the DNS who, yes, there's a lot of things that the bad guys still do. And in fact, they've said that leverage the internet of course, to access everywhere so they take advantage of it. So now this is obviously, you know, I created the, the trustworthy movement many years ago to try to really address that. Unfortunately, the quality's was too small and it was not really our place today. There's all the Google, the Facebook, the big guys, which in fact their business depend on the internet. >>Now need to do that. And I upload or be diabetic, criticized very much so. Google was the first one to essentially have a big initiative, was trying to push SSL, which everybody understand is secret encryption if you prefer. And to everybody. So they did a fantastic job. They really push it. So now today's society is becoming like, okay, as I said, you want to have, as I said it all in your communication, but that's not enough. And now they are pushing and some people criticize them and I absolutely applaud them to say we need to change the internet protocols which were created at a time when security, you were transferring information from universities and so forth. This was the hay days, you know, of everything was fine. There was no bad guys, you know, the, he'd be days, if you like, of the internet. Everybody was free, everybody was up and fantastic. >>Okay. And now of course, today this protocol needs to be upgraded, which is a lot of work. But today I really believe that if you put Google, Amazon, Facebook altogether, and they can fix these internet protocols. So we could forget about the spoofing and who forgot about all these phishing and all these things. But this is their responsibility. So, and then you have now on the other side, you have now very intelligent devices from in a very simple sensors and you know, to sophisticated devices, the phone, that cetera and not more and more and more devices interconnected and for people to understand what is going. So this is the new environment and whether we always believe is that if you adopt an architecture, which is exactly which fits, which is similar, then we could instead of bolting security in, we can now say that the build security in a voting security on, we could build security in. >>And we have been very proud of the work that we've done with Microsoft, which we announced in fact relatively recently, very recently, that in fact our agent technologies now is bundled in Microsoft. So we have built security with Microsoft in. So from a security perspective today, if you go to the Microsoft as your secretly center, you click on the link and now you have the view of your entire Azure environment. Crazier for quality Sagent. You click on a second link and now you have the view of your significant loss posture, crazy of that same quality. Say Sagent and then you click on the third name with us. Nothing to do with quality. It's all Microsoft. You create your playbook and you remediate. So security in this environment has become click, click, click, nothing to install, nothing to update. And the only thing you bring are your policies saying, I don't want to have this kind of measured machine expose on the internet. >>I want, this is what I want. And you can continuously audit in essentially in real time, right? So as you can see, totally different than putting boxes and boxes and so many things and then having to for you. So very big game changer. So the analogy that I want you that I give to people, it's so people don't understand that paradigm shift is already happening in the way we secure our homes. You put sensors everywhere, you have cameras, you have detection for proximity detection. Essentially when somebody tried to enter your home, all that data is continuously pumped up into an incidence restaurant system. And then from your phone, again across the internet, you can change the temperature of your rooms. You can do what you can see the person who knocks on the door. You can see its face, you can open the door, close the door, the garage door, you can do all of that remotely, another medically. >>And then if there's a burglar then in your house to try to raking immediately the incidents or some system called the cops or the far Marsha difficult fire. And that's the new paradigm. So security has to follow that paradigm. And then you have interesting of the problem today that we see with all the current secretly uh, systems, uh, incidents, response system. They have a lot of false positive, false positive and false negative are the enemy really of security. Because if you are forced visited, you cannot automate the response because then you are going to try to respond to something that is not true. So you are, you could create a lot of damage. And the example I give you that today in the, if you leave your dog in your house and if you don't have the ability, the dog will bark, would move. And then the sensors would say intruder alert. >>So that's becomes a false positive. So how do you eliminate that? By having more context, you can eliminate automatically again, this false positives. Like now you take a fingerprint of your dog and of these voice and now the camera and this and the sensors and the voice can pick up and say, Oh, this is my dog. So then of course you eliminate that for solar, right? Right. Now even if another dog managed to enter your home through a window which was open or whatever for soul, you will know her window was up and but you know you cannot necessarily fix it and the dog opens. Then you will know it's a, it's a, it's not sure about, right? So that's what security is evolving such a huge sea of change, which is happening because of all that internet and today companies today, after leveraging new cloud technology, which are coming, there's so much new technology. >>What people understand is where's that technology coming from? How come silently we have, you know, Dockers netics all these solutions today, which are available at almost no cost because it's all open source. So what happened is that, which is unlike the enterprise software, which were more the Oracle et cetera, the manufacturer of that software today is in fact the cloud public cloud vendors, the Amazon, the Google, the Facebook, the Microsoft. We suddenly needed to have to develop new technology so they could scale at the size of the planet. And then very shrewdly realized that effective that technology for me, I'm essentially going to imprison that technology is not going to evolve. And then I need other technologies that are not developing. So they realized that they totally changed that open source movement, which in the early days of opensource was more controlled by people who had more purity. >>If you prefer no commercial interests, it was all for the good of the civilization and humankind. And they say their licensing model was very complex. So they simplified all of that. And then nothing until you had all this technology coming at you extremely fast. And we have leverage that technology, which was not existing in the early days when when socials.com started with the Linux lamp pour called what's called Linux Apache. My SQL and PHP, a little bit limiting, but now suddenly all this technology, that classic search was coming, we today in our backend, 3 trillion data points on elastic search clusters and we return inflammation in a hundred milliseconds. And then onto the calf cabin, which is again something at open source. We, we, we, and now today 5 million messages a day and on and on and on. So the world is changing and of course, if that's what it's called now, the digital transformation. >>So now enterprises to be essentially agile, to reach out to the customers better and more, they need to embrace the cloud as the way they do, retool their entire it infrastructure. And essentially it's a huge sea of change. And that's what we see even the market of security just to finish, uh, now evolving in a totally different ways than the way it has been, which in the past, the market of security was essentially the market for the enterprise. And I'm bringing you my, my board, my board town solutions that you have to go and install and make work, right? And then you had the, the antivirus essentially, uh, for all the consumers and so forth. So today when we see the marketplace, which is fragmenting in four different segments, which is one is the large enterprise which are going to essentially consolidate those stock, move into the digital transformation, leveraging absolutely dev ops, which isn't becoming the new buyer and of course a soak or they could improve, uh, their it for, to reach out to more customers and more effectively than the cloud providers as I mentioned earlier, which are building security in the, no few use them. >>You don't have to worry about infrastructure, about our mini servers. You need, I mean it is, it's all done for you. And same thing about security, right? The third market is going to be an emergence of a new generation of managed security service providers, which are going to take to all these companies. We don't have enough resources. Okay, don't worry, I'm going to help you, you know, do all that digital transformation. And that if you build a security and then there's a totally new market of all these devices, including the phone, et cetera, which connects and that you essentially want to all these like OT and IOT devices that are all now connected, which of course presents security risk. So you need to also secure them, but you also need to be able to also not only check their edits to make sure that, okay, because you cannot send people anymore. >>So you need to automate the same thing on security. If you find that that phone is compromised, you need to make, to be able to make immediate decisions about should I kill that phone, right? Destroyed everything in it. Should I know don't let that phone connect anymore to my networks. What should I do? Should I, by the way detected that they've downloaded the application, which are not allowed? Because what we see is more and more companies now are giving tablets, do the users. And in doing so now today's the company property. So they could say, okay, you use these tablets and uh, you're not allowed to do this app. So you could check all of that and then automatically remote. But that again requires a full visibility on what you are. And that's why just to finish, we make a big decision about a few, three months ago that we have, we build the ability for any company on the planet to automatically build their entire global HSE inventory, which nobody knows what they have in that old networking environment. >>You don't know what connects to have the view of the known and the unknown, totally free of charge, uh, across on premise and pawn cloud containers, uh, uh, uh, whether vacations, uh, OT and IOT devices to come. So now there's the cornerstone of security. So with that totally free. So, and then of course we have all these additional solutions and we're build a very scalable, uh, up in platform where we can take data in, pass out data as well. So we really need to be and want to be good citizen here because security at the end of the day, it's almost like we used to say like the doctors, you have to have that kind of apricot oath that you cannot do no arm. So if you keep, if you try to take the data that you have, keep it with you, that's absolutely not right because it's the data of your customers, right? >>So, and you have to make sure that it's there. So you have to be a good warning of the data, but you have to make sure that the customer can absolutely take that data to whatever he wants with it, whatever he needs to do. So that's the kind of totally new field as a fee. And finally today there is a new Ash culture change, which is, which is happening now in the companies, is that security has become fronted centers, is becoming now because of GDPR, which has a huge of financial could over you challenge an impact on a company. A data breach can have a huge financial impact. Security has become a board level. More and more social security is changing and now it's almost like companies, if they want to be successful in the future, they need to embrace a culture of security. And now what I used to say, and that was the, the conclusion of my talk is that now, today it DevOps, uh, security compliance, people need to unite. Not anymore. The silos. I do that. This is my, my turf, my servers. You do that, you do this. Everybody in the company can work. I have to work together towards that goal. And the vendors need to also start to inter operate as well and working with our customers. So it's a tall, new mindset, which is happening, but the safes are big. That's what I'm very confident that we're now into that. Finally, we thought, I thought it would have happened 10 years ago, quite frankly. And uh, but now today's already happening. >>She touched on a lot, a lot there. And I'll speak for another two hours if we could. We could go for Tara, but I want to, I want to unpack a couple of things. We've had James Hamilton on you to at AWS. Um, CTO, super smart guy and it was, it was at one of his talks where it really was kind of a splash, a wet water in the face when he talked about the amount of resources Amazon could deploy to just networking or the amount of PhD power he could put on, you know, any little tiny sub segment of their infrastructure platform where you just realize that you just can't, you can't compete, you cannot put those kinds of resources as an individual company in any bucket. So the inevitability of the cloud model is just, it's, it's the only way to leverage those resources. But because of that, how has, how has that helped you guys change your market? How nice is it for you to be able to leverage infrastructure partners? Like is your bill for go to market as well as feature sets? And also, you know, because the other piece they didn't talk about is the integration of all these things. Now they all work together. Most apps are collection of API APIs. That's also changed. So when you look at the cloud provider GCP as well, how does that help you deliver value to your customers? >>Yeah, but the, the, the, the club, they, they don't do everything. You know, today what is interesting is that the clubs would start to specialize themselves more and more. So for example, if you look at Amazon, the, the core value of Amazon since the beginning has been elastic computing. Uh, now today we should look at Microsoft. They leverage their position and they really have come up with a more enterprise friendly solution. And now Google is trying to find also their way today. And so then you have Addy Baba, et cetera. So these are the public cloud, but life is not uniform like is by nature. Divers life wants to leave lunch to find better ways. We see that that's what we have so many different species and it just ended up. So I've also the other phenomena of companies also building their own cloud as well. >>So the word is entering into a more hybrid cloud. And the technology is evolving very fast as well. And again, I was selling you all these open source software. There's a bigger phenomenon at play, which I used to say that people don't really understand that much wood, but it's so obvious is if you look at the printing price, that's another example that gives the printing price essentially allowed, as we all know, to distribute the gospel, which has some advantage of, you know, creating more morality, et cetera. But then what people don't know for the most part, it distributed the treaties of the Arabs on technology, the scientif treaties, because the archives, which were very thriving civilization at the time, I'd collected all the, all the, all the information from India, from many other places and from China and from etc. And essentially at the time all of Europe was pretty in the age they really came up and it now certainty that scientific knowledge was distributed and that was in fact the seeds of the industrial revolution, which then you're up cat coats and use that and creating all these different technologies. >>So that confidence of this dimension of electricity and all of that created the industrial revolution seeded by now, today what is happening is that the internet is the new printing press, which now is distributing the knowledge that not to a few millions of people to billions of people. So the rate today of advancing technology is accelerating and it's very difficult. I was mentioning today, we know today that work and working against some quantum computing which are going to totally change things. Of course we don't know exactly how and you have also it's clear that today we could use genetic, uh, the, the, the, if you look at DNA, which stores so much information, so little place that we could have significant more, you know, uh, memory capabilities that lower costs. So we have embarked into absolutely a new world where things are changing. I've got a little girl, which is 12 years old and fundamentally that new generation, especially of girls, not boys, because the boys are still on, you know, at that age. >>Uh, they are very studious. They absorb so much information via YouTube. They are things like a security stream. They are so knowledgeable. And when you look back at history 2000 years plus ago in Greece, you at 95 plus percent of the population slaves. So a few percent could start to think now, today it's totally changed. And the amount of information they can, they learn. And this absolutely amazing. And you know, she, she's, I would tell you the story which has nothing to do with computing, but as a button, the knowledge of, she came to me the few, few weeks ago and she said, Oh daddy, I would like to make my mother more productive. Okay. So I said, Oh, that's her name is Avia, which is the, which is the, the, the either Greece or Zeus weathered here. And so I say, Evie, I, so that's a good idea. >>So how are you going to do it? I mean, our answer, I was flawed, but that is very simple. Just like with, for me, I'm going to ask her to go to YouTube to learn what she needs to learn. Exactly. And she learns, she draws very well. She learns how to draw in YouTube and it's not a gifted, she's a nice, very nice little girl and very small, but all her friends are like that. Right? So we're entering in a word, which thing are changing very, very fast. So the key is adaptation, education and democracy and democratization. Getting more people access to more. Absolutely. It's very, very important. And then kind of this whole dev ops continuous improve that. Not big. That's a very good point that you make because that's exactly today the new buyer today in security and in it is becoming the DevOps shipper. >>Because what? What are these people? There are engineers which suddenly create good code and then they want to of course ship their code and then all these old silos or you need to do these, Oh no, we need to put the new server, we don't have the capacity, et cetera. How is that going to take three months or a month? And then finally they find a way through, again, you know, all the need for scale, which was coming from the Google, from the Facebook and so forth. And by the way, we can shortcut all of that and we can create and we can run out to auto-ship, our code. Guess what are they doing today? They are learning how to secure all of that, right? So again, it's that ability to really learn and move. And today, uh, one of the problem that you alluded to is that, which the Amazon was saying is that their pick there, they have taken a lot of the talent resources in the U S today because of course they pay them extra to me, what? >>Of course they'll attract that talent. And of course there's now people send security. There's not enough people that even in, but guess what? We realized that few years ago in 2007, we'll make a big decision who say, well, never going to be able to attract the right people in the Silicon Valley. And we've started to go to India and we have now 750 people. And Jack Welch used to say, we went to India for the cost and discover the talent. We went to India for the talent and we discover the cost. And there is a huge pool of tenants. So it's like a life wants to continue to leave and now to, there are all these tools to learn, are there, look at the can Academy, which today if you want to go in nuclear physics, you can do that through your phone. So that ability to learn is there. So I think we need just more and more people are coming. So I'm a very optimistic in a way because I think the more we improve our technologies that we look at the progress we're making genetics and so everywhere and that confidence of technology is really creating a new way. >>You know, there's a lot of conversations about a dystopian future and a utopian future with all these technologies and the machines. And you know what? Hollywood has shown us with AI, you're very utopian side, very optimistic on that equation. What gives you, what gives you, you know, kind of that positive feeling insecurity, which traditionally a lot of people would say is just whack a mole. And we're always trying to chase the bad guys. Generally >>speaking, if I'm a topian in in a way. But on the other end, you'd need to realize that unfortunately when you have to technological changes and so forth, it's also create factors. And when you look at this story in Manatee, the same technological advancement that some countries to take to try to take advantage of fathers is not that the word is everything fine and everything peaceful. In fact, Richard Clark was really their kid always saying that, Hey, you know that there is a sinister side to all the internet and so forth. But that's the human evolution. So I believe that we are getting longterm. It's going to. So in the meantime there's a lot of changes and humans don't adapt well to change. And so that's in a way, uh, the big challenge we have. But I think over time we can create a culture of change and that will really help. And I also believe that probably at some point in time we will re-engineer the human race. >>All right, cool. We'll leave it there. That's going to launch a whole nother couple hours. They leave. Congratulations on the event and a great job on your keynote. Thanks for taking a few minutes with us. Alrighty. It's relief. I'm Jeff. You're watching the cube where the Qualice security conference at the Bellagio in Las Vegas. Thanks for watching. We'll see you next time.

>>from Las >>Vegas. It's the cues covering quality security Conference 2019 by quality. Hey, welcome back already, Jefe Rick here with the Cube were in Las Vegas at the Bellagio at the Kuala Security Conference. It's the 19th year they've been doing this. It's our first year here, and we're excited to be here. And it's great to have a veteran who's been in this space for so long to give a little bit more of historical perspective as to what happened in the past. Where we are now, what can we look forward to in the future? So coming right off its keynote is Felipe Quarto, the chairman and CEO of Qualities felt great. See, >>Thank you. Same. Same same for me. >>Absolutely. So you touched on so many great topics in your conversation about kind of the shifts of of modern computing, from the mainframe to the mini. We've heard it over and over and over. But the key message was really about architecture. If you don't have the right architecture, you can't have the right solution. How is the evolution of architects of architectures impacted your ability to deliver security solutions for your clients >>So no That's a very good question. And in fact, you know what happened is that we started in 1999 with the vision that we could use exactly like Salesforce. They'll come this nascent Internet technologies and apply that to security. And s and Marc Benioff applied that essentially changing the way serum was essentially used and deployed in enterprises and with a fantastic success as we know. So for us, the I can't say today that 19 years later the vision was right. It took a significant longer because the security people are not really, uh, warm at the idea of Senate Lee, uh, having the data interview which was in place that they could not control. And the i t people, they didn't really like a toll. The fact that certainly they were not in control anymore of the infrastructure. So whether a lot of resistance, I wever, we always I always believe, absolutely believe that the cloud will be the architecture to go back. A lot of people make the confusion That was part of the confusion that for people it was a cloud, that kind of magical things someplace would you don't know where and when I was trying to explain, and I've been saying that so many times that well, you need to look at the club like a computer that can architecture which distribute the computing power for more efficiently than the previous one, which was Clyde Server, which was distributing the computing power for better then, of course, the mainframes and minicomputers. And so if you look at their architecture's so the mainframe were essentially big data centers in in Fort Knox, like setting private lines of communication to damn terminal. And of course, security was not really an issue then, because it's a gritty was building by the IBM said company simply with the minicomputer, which then was, instead of just providing the computing power to the large, very large company could afford it. Now 70 the minicomputer through the advance and say, My conductor technology could reduce the food frank. And then I'll bring the company power to the labs and to the departments. And that was then the new era of the dish, your equipment, the primes, that General et cetera, Uh, and then conservative. So what client service did again? If you look at the architecture, different architectures now, incidently servers LAN or the Internet network and the PC, and that was now allowing to distribute the computing power to the people in the company. And so, but then you needed to so everybody. Nobody paid attention to security because then you were inside of the enterprise. So it starts inside the wars of the castle if you prefer. So nobody paid attention to that. It was more complex because now you have multiple actors instead of having one IBM or one desert equipped. But its center said, You have the people manufacturing the servers. The software that that obeys the PC is an unannounced excellently there was the complexity increased significantly, but nobody paid attention to security because it was not needed. Until suddenly we realized that viruses could come in through the front door being installed innocent. You were absolutely, absolutely compromised. And of course, that's the era of the anti VARS, which came in and then because of the need to communicate more more. Now, Senator, you could not stay only in your castle. You need to go and communicate your customers to your suppliers, et cetera, et cetera. And now you were starting to up and up your your castle to the word and a low now so that the bad guy could come in and start to steal your information. And that's what the new era of the far wall. Now you make sure that those who come in But of course, that was a bit naive because there were so many other doors and windows that people could come in, you know, create tunnels and these and over that transfer, insure your custard. Because the day I was becoming more, more rich and more more important, more value. So whatever this value, of course, the bad guys are coming in to try to sell it. And that was that new era off a win. Each of attention to security. The problem is being is because you have so many different actors. There was nothing really central there. Now. I just suddenly had Maura and more solutions, and now absolutely like 800 vendors. Boarding on security and boating on anything is shortly at the end of the day because you put more more weight, and then you also increasing complexity in all these different solutions. Didn't they need to talk together? So you have a better context, but they weren't designed to talk together. So now you need to put other system where they could communicate that information. So you complicated, complicated, complicated the solution. And that's the problem of today. So now cloud computing comes in and again. If you look at the architecture of cloud computing, it's again Data centers, which not today, have become, thanks to the technology, having infinite, almost company power and storage capabilities. And like the previous data center, there are much more fracture because you just once gave and they become essentially a bit easier to secure. And by the way, it's your fewer vendors now doing that. And then, of course, the access can be controlled better on then. Of course, the second component is that the land and the one it's now the Internet and the Internet, of course, eyes the Web communications extremely cheap, and it brings you in every place on the planet and soon in Morse. Why no so and so now. The issue today is that still the Internet needs to be secure, and today how are you going to secure the Internet? Which is very important thing today because you see today that you can spoof your image, you can spoof your website. You could attack the Deanna's who? Yes, there's a lot of things that the bad guy still do in fact, themselves that ever is the Internet, of course, to access everywhere, so they take advantage of it. So now this is obviously, you know, I created the trustworthy movement many years ago to try to really address that. Unfortunately, qualities was too small, and it was not really our place. Today there's all the Google, the Facebook, the big guys which contract their business, depend on the Internet. Now need to do that and I upload will be been criticised very much so. Google was the 1st 1 to essentially have a big initiative. I was trying to Bush SSL, which everybody understands secret encryption, if you prefer and to everybody. So they did a fantastic job, really push it. So now today's society is becoming like okay, it's a said. You want to have this a settle on your communication, but that's not enough. And now they're pushing and some people criticize them, and I absolutely applaud them to say we need to change the Internet protocols which were created at the time when security you were transferring information from universities. And so for these was a hay days, you know, if everything was fine, there's no bad guys. No, The heebie day is if you like arranging that everybody was free, Everybody was up in fantastic. Okay. And now, of course, today, these poor cold this to be a graded, which is a lot of work. But today I really believe that if you put Google Amazon Facebook altogether and they can fix these internet for records so we could forget about the spoofing and we forget about all these fishing and all this thing this is there responsibility. So and then you have now on the other side, you have now a very intelligent devices from in a very simple sensors and, you know, too sophisticated devices the phone, et cetera, and Maura and more Maur devices interconnected and for people to understand what is being so This is the new environment. And whether we always believe is that if you adopt an architecture which is exactly which fits which is similar, then we could instead of bolting security in, we can also have the build security in voting signal on. We could be in security in. And we have been very proud of the work that went down with my car itself, which we announce, in fact, reluctantly recently, very recently, that, in fact, our agent technologies now it's banned erred in Microsoft. So we have been security with Microsoft in So from a security perspective today, if you go to the Microsoft as your security center, you click on a link, and now you have the view. If you're in tar, is your environment courtesy of record? It's agent. You click on a second link, and now you have the view of your secret cameras. First year, crazy of the same qualities agent. And then you click on the third inning with us. Nothing to do with quite it's It's old Mike ourself you create your playbook and Yuri mediates The security in this environment has become quickly, quick, nothing to in store, nothing to update, and the only thing you bring. All your policies saying I don't want to have this kind of machine exposed on the Internet on what this is what I want and you can continuously owed it essentially in real time, right? So, as you can see, totally different than putting boxes and boxes and so many things. And then I think for you, so very big game changer. So the analogy that I want you that I give to people it's so people understand that paradigm shift. It's already happening in the way we secure our homes. You put sensors everywhere, your cameras of detection, approximately detection. Essentially, when somebody tried to enter your home all that day, that's continuously pumped up into an incident response system. And then from your phone again across the Internet, you can change the temperature of your rooms. You can do it. You can see the person who knocks on the door. You can see its face. You can open the door, close the door, the garage door. You can do all of that remotely and automatically. And then, if there's a burglar, then in your house, who's raking immediately that the incidence response system called the cops or the farmer shirt? If good far. And that's the new paradigm. So security has to follow that product, and then you have interesting of the problem today that we see with all the current security systems incidents Original system developed for a positive force. Positive and negative are the enemy reedy off security? Because if you have forced positive, you cannot automate the response because then you're going to try to respond to something that is that true? So you are. You could create a lot of damage. And the example. I give you that today in the if you leave your dog in your house and if you don't have the ability the dog would bark would move, and then the senses will say intruder alert. So that's become the force. Pretty. So how do you eliminate that? By having more context, you can eliminate automatically again this false positives, like now you, I think a fingerprint of fuel dog and of his voice. And now the camera and this and the sensors on the voice can pick up and say, Oh, this is my dog. So then, of course, you eliminate that forces right now, if if another dog managed to return your home through a window which was open or whatever for so what do we know? A window was open, but you know you can't necessarily fix it on the dog weapons, then you will know it. Sze, not yours. So that's what securities avoiding such a huge sea of change which is happening because of all that injured that end today Companies today after leverages nuclear technology which are coming, there's so much new to college. What people understand is where's that technology coming from? How come silently we have doctors cybernetics a ll these solutions today which are available at almost no cost because it's all open source So what happened is that which is unlike the enterprise software which were Maur the oracle, et cetera, the manufacturer of that software today is in fact the cloud bubbly club Sanders, the Amazon, the Google, the Facebook, the macro self which shouldn't be needed to have to develop new technology so they could scale at the size of the planet. And that very shrewdly realized that if I keep the technology for me, I'm essentially going to imprison. The technology is not going to evolve. And then I need other technologies that I'm not developing. So they realize that they totally changed that open source movement, which in the early days of happens offers more controlled by people who had more purity. If you prefer no commercial interests, it was all for the good, off the civilization and humankind. And they say they're licensing Modern was very complex or the simplified all of that. And then Nelson and you had all this technology coming at you extremely fast. And we have leverage that technology, which was not existing in the early days when when such was not come started with the eunuchs, the lamb, pork or what's called leaks. Apache mice Fewer than Petri limiting Announcer Tiel This technology, like elasticsearch, was coming. We index today now back and three trillion points or less excerpts, clusters, and we return information in 100 minutes seconds and then on the calf campus, which is again something that open source way Baker Now today, five million messages a day and on and on and on. So the word is changing. And of course, if that's what it's called now, the dish transformation now enterprises to be essentially a joy to reach out to the customers better and Maur, they need to embrace the cloud as well, >>right? I >>do retool their entire right infrastructure, and it's such A. It's a huge sea of change, and that's what we see even the market of security just to finish now, evolving in a totally different ways than the way it has Bean, which in the positive market of security was essentially the market for the enterprise. And I'm bringing you might my board, my board, towns, traditions that you have to go in installed and make work. And then you had the the anti virus, essentially for all the consumers and so forth. So today, when we see the marketplace, which is fragmenting in four different segments, which is one is the large enterprise which are going to essentially constantly data start moving to the transformation. Leveraging absolutely develops, which isn't becoming the new buyer. And, of course, so they could improve their I t. For to reach out to more customers and more effectively than the current providers. As I mentioned earlier, which are building security in the knife, you use them. You don't have to worry about infrastructure about how many servers you need, amenities. It's all done for you and something about security. The third market is going to be in an emergence of a new generation of managed Grannie service providers which are going to take all these companies. We don't have enough resources. Okay, Don't worry. I'm going to help you, you know, duel that digital transformation and help you build the security. And then there's a totally new market of all these devices, including the phone, et cetera, which connects and that you essentially I want to all these i, o t and I ot devices that are or now connected, which, of course, present security risk. So I need to also secure them. But you also need to be able to also not only check their health to make sure that okay, because you cannot send people read anymore. So you tournament simply on security. If you find that that phone is compromised, you need to make to be able to make immediate decisions about Should I kill that phone? Destroyed everything in it. Should I Now don't let that phone connect any more to my networks. What should I do? Should I, by the way, detected that they've done with the application which another loud Because what we see is more and more companies are giving tablets to their users and in doing so now, today's the company property so they could say, OK, you use these tablets and you're not allowed to do that so you could check all of that and then automatically. But that again requires full visibility in what you are. And that's why just to finish, we make a big decision about the few three months ago that were We build the ability for any company on the planet to automatically build their targetable itis it eventually, which nobody knows what they have. That old networking environment. You don't know what connects to have the view of the known and the unknown totally free of charge across on premise and pawned crowd continues Web obligations or to united devices to come. So now that's the cornerstone of securities with that totally free. So and then, of course, you have all these additional solutions, and we're being very scalable up in platform where we can take data, a passel data as well. So we really need to be and want to be good citizen here because security at the end of it, it's almost like we used to say, like the doctors, you have to have that kind of feeble court oath that you can do no arms. So if you keep if you try to take the data that you have, keep it with you, that's all.

>> From the Silicon Angle Media office, in Boston Massachusetts, it's the Cube. Now, here's your host, Dave Vellante. >> Hi everybody, welcome to this Cube Conversation here in our studios, outside of Boston. My name is Dave Vellante. I'm here with Matt Carroll, who's the CEO of Immuta. Matt, good to see ya. >> Good, nice to have me on. >> So we're going to talk about governance, how to automate governance, data privacy, but let me start with Immuta. What is Immuta, why did you guys start this company? >> Yeah, Immuta is an automated data governance platform. We started this company back in 2014 because we saw a gap in the market to be able to control data. What's happened in the market as changes is that every enterprise wants to leverage their data. Data's the new app. But, governments want to regulate it and consumers want to protect it. These were at odds with one another, so we saw a need of creating a platform that could meet the needs of everyone. To democratize access to data and in the enterprise, but at the same time, provide the necessary controls on the data to enforce any regulation, and ensure that there was transparency as to who is using it and why. >> So let's unpack that a little bit. Just try to dig into the problem here. So we all know about the data explosion, of course, and I often say data used to be a liability, now it's turned into an asset. People used to say get rid of the data, now everybody wants to mine it, and they want to take advantage of it, but that causes privacy concerns for individuals. We've seen this with Facebook and many others. Regulations now come into play, GDPR, different states applying different regulations, so you have all these competing forces. The business guys just want to go and get out to the market, but then the lawyers and the compliance officers and others. So are you attacking that problem? Maybe you could describe that problem a little further and talk about how you guys... >> Yeah, absolutely. As you described, there's over 150 privacy regulations being proposed over 25 states, just in 2019 alone. GDPR has created or opened the flood gates if you will, for people to start thinking about how do we want to insert our values into data? How should people use it? And so, the challenge now is, you're right, your most sensitive data in an enterprise is most likely going to give you the most insight into driving your business forward, creating new revenue channels, and be able to optimize your operational expenses. But the challenge is that consumers have awoken to, we're not exactly sure we're okay with that, right? We signed a YULU with you to just use our data for marketing, but now you're using it for other revenue channels? Why? And so, where Immuta is trying to play in there is how do we give the line of business the ability to access that instantaneously? But also give the CISO, the Chief Information Security Officer, and the governance seems the ability to take control back. So it's a delicate balance between speed and safety. And I think what's really happening in the market is we used to think about security from building firewalls, we invested in physical security controls around managing external adversaries from stealing our data. But now it's not necessarily someone trying to steal it, it's just potentially misusing it by accident in the enterprise. And the CISO is having to step in and provide that level of control. And it's also the collision of the cloud and these privacy regulations. Cause now, we have data everywhere, it's not just in our firewalls. And that's the big challenge. That's the opportunity at hand, democratization of data in the enterprise. The problem is data's not all in the enterprise. Data's in the cloud, data's in SaaS, data's in the infrastructure. >> It's distributed by it's very nature. All right, so there's a lot of things I want to follow up on. So first, there's GDPR. When GDPR came out of course, it was May of 2018 I think. It went into effect. It actually came out in 2017, but the penalties didn't take effect till '18. And I thought, okay, maybe this can be a framework for governments around the world and states. It sounds like yeah sort of, but not really. Maybe there's elements of GDPR that people are adopting, but then it sounds like they're putting in their own twists, which is going to be a nightmare for companies. So, are you not seeing a sort of, GDPR becoming this global standard? It sounds like, no. >> I don't think it's going to be necessarily global standard, but I do think the spirit of the GDPR, and at the core of it is, why are you using my data? What was the purpose? So traditionally, when we think about using data, we think about all right, who's the user, and what authorizations do they have, right? But now, there's a third question. Sure, you're authorized to see this data, depending on your role or organization right? But why are you using it? Are you using it for certain business use? Are you using it for personal use? Why are you using this? That's the spirit of GDPR that everyone is adopting across the board. And then of course, each state, or each federal organization is thinking about their unique lens on it, right? And so you're right. This is going to be incredibly complex. And the amount of policies being enforced at query time. I'm in my favorite, let's just say I'm in Tableau or Looker right? I'm just some simple analyst, I'm a young kid, I'm 22, my first job right? And I'm running these queries, I don't know where the data is, right? I don't know what I'm combining. And what we found is on average in these large enterprises, any query at any moment in time, might have over 500 thousand policies that need to be enforced in real time. >> Wow. >> And it's only getting worse. We have to automate it. No human can handle all those edge cases. We have to automate. >> So, I want to get into how you guys actually do that. Before I do, there seems to be... There's a lot of confusion in the marketplace. Take the word data management, data protection. All the backup guys are using that term, the database guys use that term, GOC folks use that term, so there's a lot of confusion there. You have all these adjacent markets coming together. You've got the whole governance risk and compliance space, you've got cyber security, there's privacy concerns, which is kind of two sides of the same coin. How do you see these adjacencies coming together? It seems like you sit in the middle of all that. >> Yeah, welcome to why my marketing budget is getting bigger and bigger. The challenge we're facing now is I think, who owns the problem right? The Chief Data Officer is taking on a much larger role in these organizations, the CISO is taking a much more larger role in reporting up to the board. You have the line of business who now is almost self-sustaining, they don't have to depend on IT as much any longer because of the cloud and because of the new compute layers to make it easier. So who owns it? At the end of the day, where we see it is we think there's a next generation of cyber tools that are coming out. We think that the CISO has to own this. And the reason is that the CISO's job is to protect the enterprise from cyber risk. And at the core of cyber risk is data. And they must own the data problem. The CDO must find the data, and explain what that data is, and make sure it's quality, but it is the CISO that must protect the enterprise from these threats. And so, I see us as part of this next wave of cyber tools that are coming out. There's other companies that are equally in our stratosphere, like BigID, we're seeing AWS with Macy doing sensitive data discovery, Google has their data loss prevention service. So the cloud players are starting to see, hey, we've got to identify sensitive data. There's other startups that are saying hey, we got to identify and catalog sensitive data. And for us, we're saying hey, we need to be able to consume all that cataloging, understand what's sensitive, and automatically apply policies to ensure that any regulation in that environment is met. >> I want to ask you about the cloud too. So much to talk to you about here, Matt. So, I also wanted to get your perspective on variances within industries. So you mentioned Chief Data Officers. The ascendancy of the Chief Data Officers started in financial services, healthcare, and government where we had highly regulation industries. And now it's sort of seeped into more commercial. But it terms of those regulated industries, take healthcare for example. There are specific nuances. Can you talk about what you're seeing in terms of industry variance. >> Yeah, it's a great point. Starting with like, healthcare. What does it mean to be HIPPA compliant anymore? There are different types of devices now where I can point it at your heartbeat from a distance away and I can have 99 percent accuracy of identifying you, right? It takes three data points in any data set to identify 87 percent of US citizens. If I have your age, sex, location, I can identify you. So, what does it mean anymore to be HIPPA compliant? So the challenge is how do we build guarantees of trust that we've de-identified these DESA's, cause we have to use it, right? No one's going to go into a hospital and say, "You know what, I don't want you to say my life. "Cause I want my data protected," right? No one's ever going to say that. So the challenges we face now across these regulated industries is the most sensitive data sets are critical for those businesses to operate. So there has to be a compromise. So, what we're trying to do in these organizations is help them leverage their data and build levels of proportionality, to access that right? So, the key isn't to stop people from using data. The key is to build the controls necessary to leverage a small bit of the data. Let's just say, we've made it indistinguishable. You can only ask Agriculture and Statistics the question. Well, you know what, we actually found some really interesting things there, we need to be a little bit more useful, it's this trade-off between privacy and utility. It's a pendulum that swings back and forth. As someone proves I need more of this, you can swing it, or just mask it. I need more of it? All right, we'll just redact some of the certain things. Nope, this is really important, it's going to save someone's life. Okay, completely unmasked, you have the raw data. But it's that control that's necessary in these environments, that's what's missing. You know, we came out of the US Intelligence community. We understood this better than anyone. Because highly regulated, very sensitive data, but we knew we needed the ability to rapidly control. Well is this just a hunch, or is this a 9-11 event? And you need the ability to switch like that. That's the difference and so, healthcare is going through a change of, we have all these new algorithms. Like Facebook the other day said, hey, we have machine learning algorithms that can look at MRI scans, and we're going to be better than anyone in the world at identifying these. Do you feel good about giving your data to Facebook? I don't know, but we can maybe provide guaranteed anonymization to them, to prove to the world they're going to do right. That's where we have to get to. >> Well, this is huge, especially for the consumer, cause you just gave several examples. Facebook's going to know a lot about me, a mobile device, a Fit Bit, and yet, if I want to get access to my own medical records, it's like Fort Knox to try to get, please, give this to my insurance company. You know, you got to go through all these forms. So, you've got those diverging objectives and so, as a consumer, I want to be able to trust that when I say yes you can use it, go, and I can get access to it, and other can get access to it. I want to understand exactly what it is that you guys do, what you sell. Is it software, is it SAS, and then let's get into how it works. So what is it? >> Yeah, so we're a software platform. We deploy into any infrastructure, but it is not multi-tenant so, we can deploy on any cloud, or on premises for any customer, and we do that with customers across the world. But if you think about at the core of what is Immuta, think of Immuta as a system of record for the CISO or the line of business where I can connect to any data, on any infrastructure, on any compute layer, and we connect into over 61 different storage platforms. We then have built a UI where lawyers... We actually have three lawyers as employees that act as product managers to help any lawyer of any stature take what's on paper, these regulations, these rules and policies, and they digitize it essentially, in active code. So they can build any policy they want on any data in the ecosystem, in the enterprise, and enforce it globally without having to write any code. And then because we're this plane where you can connect any tool to this data, and enforce any regulation because we're the man in the middle, we can audit who is using what data and why. In every action, in any change in policy. So, if you think about it, it's connect any tool to any data, control it, any regulation, and prove compliance in a court of law. >> So you can set the policy at the data set level? >> Correct. >> And so, how does one do that? Can you automate that on the creation of that data set? I mean you've got you know, dependencies. How does that all work? >> Yeah, what's a really interesting part of our secret sauce is that one, we could do that at the column level, we can do it at the row level, we can do it at the cell level. >> So very granular. >> Very, very granular. This is something again, we learned from the US Intelligence community, that we have to have very fine grained access to every little bit of the data. The reason is that, especially in the age of data, is people are going to combine many data sets together. The challenge isn't enforcing the policy on a static data set, the challenge is enforcing the policy across three data sets where you merge three pieces of data together, who have conflicting policies. What do you do then? That's the beauty of our system. We deal with that policy inheritance, we manage that lineage of the policy, and can tell you here's what the policy will be. >> In other words, you can manage to the highest common denominator as an example. >> Or we can automate it to the lowest common denominator, where you can work in projects together recognizing hey, we're going to bring someone into the project that's not going to have the level of access. Everyone else will automatically change it to the lowest common denominator. But then you share that work with another team and it'll automatically be brought to the highest common denominator. And we've built all these work flows in. That was what was missing and that's why I call it a system of record. It's really a symbiotic relationship between IT, the data owner, governance, the CISO, who are trying to protect the data, and the consumer, and all they want to do is access the data as fast as possible to make better, more informed decisions. >> So the other mega-trend you have is obviously, the super power of machine intelligence, or artificial intelligence, and then you've got edge devices and machine to machine communication, where it's just an explosion of IP addresses and data, and so, it sounds like you guys can attack that problem as well. >> Any of this data coming in on any system, the idea is that eventually it's going to land somewhere, right? And you got to protect it. We call that like rogue data, right? This is why I said earlier, when we talk about data, we have to start thinking about it as it's not in some building anymore. Data's everywhere. It's going to be on a cloud infrastructure, it's going to be on premises, and it's likely, in the future, going to be on many distributed data centers around the world cause business is global. And so, what's interesting to us is no matter where the data's sitting, we can protect it, we can connect to it, and we allow people to access it. And that's the key thing is not worrying about how to lock down your physical infrastructure, it's about logically separating it. And that's why what differentiates us from other people is one, we don't copy the data, right? That's the always the barrier for these types of platforms. We leave the data where it is. The second is we take all those regulations and we can actually, at query time, push it down to where that data is. So rather than bring it to us, we push the policy to the data. And what that does is that's what allows us, what differentiates us from everyone else is, it allows us to guarantee that protection, no matter where the data's living. >> So you're essentially virtualizing the data? >> Yeah, yeah. It's virtual views of data, but it's not all the data. What people have to realize is in the day of apps, we cared about storage. We put all the data into a database, we built some services on top of it and a UI, and it was controlled that way, right? You had all the nice business logic to control it. In the age of data, right? Data is the new app, right? We have all these automation tools, Data Robot, and H20, and Domino, and Tableau's building all these automation work flows. >> The robotic process automation. >> Yeah, RPA, UI Path, the Work Fusion, right? They're making it easier and easier for any user to connect to any data and then automate the process around it. They don't need an app to build a unique work flows, these new tools do that for them. The key is getting to the data. And the challenge with the supply chain of data is time to data is the most critical aspect of that. Cause, the time to insight is perishable. And so, what I always tell people, a little story, I came from the government, I worked in Baghdad, we had 42 minutes to know whether or not a bad guy in the environment, we could go after him. After that, that data was perishable, right? We didn't know where he was. It's the same thing in the real world. It's like imagine if Google told you, well, in 42 minutes it might be a good time to go 495. (laughter) It's not very useful, I need to know the information now. That's the key. What we see is policy enforcement and regulations are the key barrier of entry. So our ability to rapidly, with no latency, be able to connect anyone to that data and enforce those policies where the data lives, that's the critical nature. >> Okay, so you can apply the policies and you do it quickly, and so now you can help solve the problem. You mentioned a cloud before, or on prem. What is the strategy there with regard to various clouds and how do you approach multi-clouds? >> I think cloud is what used to be an infrastructure as a service game, is now becoming a compute game. I think large, regulated enterprises, government, healthcare, financial services, insurance, are all moving to cloud now in a different way. >> What do you mean by that? Cause people think infrastructure as service, they'll say oh that's compute storage and some networking. What do you mean by that? >> I think there's a whole new age of software that's being laid on top of the availability of compute and the availability of storage. That's companies like Databricks, companies like Snowflake, and what they're doing is dramatically changing how people interact with data. The availability zones, the different types of features, the ability to rip and replace legacy warehouses and main frames. It's changing the ability to not just access, but also the types of users that could even come on to leverage this data. And so these enterprises are now thinking through, "How do I move my entire infrastructure of data to them? "And what are these new capabilities "that I could get out of that?" Which, that is just happening now. A lot of people have been thinking, "Oh, this has been happening over the past five years," no, the compute game is now the new war. I used to think of like, Big Data, right? Big Data created, everyone started to understand, "Ah, if we've got our data assets together, "we can get value." Now they're thinking, "All right, let's move beyond that." The new cloud at our currents works is Snowflake and Databricks. What they're thinking about is, "How do I take all your meta-data "and allow anyone to connect any BI tool, "any data science tool, and provide highly performance, "and highly dependable compute services "to process petabytes of data?" It's pretty fantastic. >> And very cost efficient and being able to scale, compute independent of storage, from an architectural perspective. A lot of people claim they can do that, but it doesn't scale the same way. >> Yeah, when you're talking about... Cause that's the thing is you got to remember, these financial systems especially, they depend on these transactions. They cannot go down and they're processing petabytes of data. That's what the new war is over, is that data in the compute layer. >> And the opportunity for you is that data that can come from anywhere, it's not sitting in a God box, where you can enforce policies on that corpus. You don't know where it's coming from. >> We want to be invisible to that right? You're using Snowflake, it's just automatically enforced. You're using Databricks, it's automatically enforced. All these policies are enforced in flight. No one should even truly care about us. We just want to allow you to use the data the way you're used to using it. >> And you do this, this secret sauce you talked about is math, it's artificial intelligence? >> It's math. I wish I could say it was like super fancy, unsupervised neural nets or what not, it's 15 years of working in the most regulated, sticky environments. We learned about very simple novel ways of pushing it down. Great engineering's always simple. But what we've done is... At query time, what's really neat is we figured a way to take user attributes from identity management system and combine that with a purpose, and then what we do is we've built all these libraries to connect into all these dispert storage and compute systems, to push it in there. The nice thing about that is prior to this what people were doing, was making copies. They'd go to the data engineering team and they'd say hey, "I need to ETL this "and get a copy and it'll be anatomized." Think about that for a second. One, the load on your production systems, of all these copies, all the time, right? The second is CISO, the surface area. Now you've got all this data that in a snapshot in time, is legal and ethical, might change tomorrow. And so, now you've got an increase surface area of risk. Like that no-copy aspect. So the pushing it down and then the no-copy aspect really changed the game for enterprises. >> And you've got providence issues, like you say. You've got governance and compliance. >> And imagine trying, if someone said to you, imagine Congress said hey, "Any data source that you've processed "over the past five years, I want to know if "there was these three people in any of these data sources "and if there were, who touched that data "and why did they touch it?" >> Yeah and storage is cheap, but there's unintended consequences. People are, management isn't. >> We just don't have a unified way to look at all of the logs cross listed. >> So we started to talk about cloud and then I took you down a different path. But you offer your software on any cloud, is that right? >> Yeah, so right now, we are in production on Immuta's Marketplace. And that is a managed service, so you can go deploy in there, it'll go into your VPC, and we can manage the updates for you, we have no insight into your infrastructure, but we can push those updates, it'll automatically update, so you're getting our quarterly releases, we release every season. But yeah, we started with AWBS, and then we will grow out. We see cloud is just too ubiquitous. Currently, we still support though, Bigquery, Data Praq, we support Azure, Data Light Storage version two, as well as Azure Databricks. But you can get us through Immuta's Marketplace. We're also investing in ReInvent, we'll be out there in Vegas in a couple weeks. It's a big event for us just because obviously, the government has a very big stake in AWBS, but also commercial customers. It's been a massive endeavor to move. We've seen lots of infrastructure. Most of our deals now are on cloud infrastructure. >> Great, so tell us about the company. You've raised, I think in a Series B, about 28 million to date. Maybe you could give us the head count, and whatever you can share about momentum, maybe customer examples. >> Yeah, so we've raised 32 million to date. >> 32 million. >> From some great investors. The company's about 70 people now. So not too big, but not small anymore. Just this year, at this point, I haven't closed my fiscal year, so I don't want to give too much, but we've doubled our ARR and we've tripled our LOGO count this year alone and we've still got one more quarter here. We just started our fourth quarter. And some customer cases, the way I think about our business is I love healthcare, I love government, I love finance. To give you some examples is like, COGNO is a really great example. COGNO and what they're trying to solve is can they predict where a child is on the autism spectrum? And they're trying to use machine learning to be able to narrow these children down so that they can see patterns as to how a provider, a therapist is helping these families give these kids the skills to operate in the real world. And so it's like this symbiotic relationship utilizing software, surveys and video and what not, to help connect these kids that are in similar areas of the spectrum, to help say hey, this is a successful treatment, right? The problem with that is we need lots of training data. And this is children, one, two, this is healthcare, and so, how do you guarantee HIPPA compliance? How do you get through FDA trials, through third party, blind testing? And still continue to validate and retrain your models, while protecting the identity of these children? So we provide a platform where we can anonymize all the data for them, we can guarantee that there's blind studies, where the company doesn't have access to certain subsets of the data. We can also then connect providers to gain access to the HIPPA data as needed. We can automate the whole thing for them. And they're a startup too, there are 100 people. But imagine if you were a startup in this health-tech industry and you had to invest in the backend infrastructure to handle all of that. It's too expensive. What we're unlocking for them, I mean yes, it's great that they're HIPPA compliant and all that, that's what we want right? But the more important thing is like, we're providing a value add to innovate in areas utilizing machine learning, that regulations would've stymied, right? We're allowing startups in that ecosystem to really push us forward and help those families. >> Cause HIPPA compliance is table stay compulsory. But now you're talking about enabling new business models. >> Yeah, yeah exactly. >> How did you get into all this? You're CEO, you're business savvy, but it sounds like you're pretty technical as well. What's your background? >> Yeah I mean, so I worked in the intelligence community before this. And most of my focus was on how do we take data and be able to leverage it, either for counter-terrorism missions, to different non-kinetic operations. And so, where I kind of grew up in is in this age of, think about billions of dollars in Baghdad. Where I learned is that through the computing infrastructure there, everything changed. 2006 Baghdad created this boom of technology. We had drones, right? We had all these devices on our trucks that were collecting information in real time and telling us things. And then we started building computing infrastructure and it burst Hadoop. So, I kind of grew up in this era of Big Data. We were collecting it all, we had no idea what to do with it. We had nowhere to process it. And so, I kind of saw like, there's a problem here. If we can find the unique little, you know, nuggets of information out of that, we can make some really smart decisions and save lives. So once I left that community, I kind of dedicated myself to that. The birth of this company again, was spun out of the US Intelligence community and it was really a simple problem. It was, they had a bunch of data scientists that couldn't access data fast enough. So they couldn't solve problems at the speed they needed to. It took four to six months to get to data, the mission said they needed it in less than 72 hours. So it was orthogonal to one another, and so it was very clear we had to solve that problem fast. So that weird world of very secure, really sensitive, but also the success that we saw of using data. It was so obvious that we need to democratize access to data, but we need to do it securely and we need to be able to prove it. We work with more lawyers in the intelligence community than you could ever imagine, so the goal was always, how do we make a lawyer happy? If you figure that problem out, you have some success and I think we've done it. >> Well that's awesome in applying that example to the commercial business world. Scott McNeely's famous for saying there is no privacy in the internet, get over it. Well guess what, people aren't going to get over it. It's the individuals that are much more concerned with it after the whole Facebook and fake news debacle. And as well, organizations putting data in the cloud. They need to govern their data, they need that privacy. So Matt, thanks very much for sharing with us your perspectives on the market, and the best of luck with Immuta. >> Thanks so much, I appreciate it. Thanks for having me out. >> All right, you're welcome. All right and thank you everybody for watching this Cube Conversation. This is Dave Vellante, we'll see ya next time. (digital music)

>> Announcer: From Sand Hill Road in the heart of Silicon Valley, it's "theCUBE," presenting the People First Network, insights from entrepreneurs and tech leaders. (upbeat electronic music) >> Hi, everyone, welcome to this special "CUBE" conversation. I'm John Furrier, co-host of "theCUBE" and co-founder of SiliconANGLE Media. We are on Sand Hill Road at Mayfield Fund, the venture capitalist funding startups. We're here with Tara Vaishnav, who is the vice president of technology, innovation, and advanced analytics at The Clorox Company, as part of the People First Network co-creation of content with SiliconANGLE and Mayfield. Tara, welcome. >> Well, thank you very much for having me! And congratulations to Mayfield on 50 amazing years, wow! >> 50 years they have been in Sand Hill Road, they've been investing in some great startups. They really have a great philosophy about people first. >> Yep. >> And you've had a very distinguished career in technology, IT, in big companies. Long tenures, too, like, you know, decades. >> Yes, oh, yes. >> And now at Clorox, a consumer company. So talk about your journey, where your experience is, where you started, tell us about your background. >> Yeah, well, I grew up in India, if it's not obvious already. I came to the United States after I finished my undergrad in India, I had an undergrad in electrical engineering. Came over here, got my electrical engineering master's at the University of Southern California, go Trojans. And after that, I worked for several companies, but mostly in health care and life sciences. So the past four years, I have been the vice president of IT at The Clorox Company, which is a CPG company, so quite a bit of a learning curve there. >> Health care, serving patients, now you're serving consumers. >> That's right, that's right. >> Clorox is well-known for their analytics, well-known for technology, innovation. >> Tara: Yes, yeah. >> I've interviewed a bunch of folks at Clorox, they've always been at the head of the curve. >> Tara: Yeah. >> Like Procter & Gamble, you guys, consumer companies have to be. >> Tara: Definitely. >> Now, more than ever, digital disruption is an opportunity for companies to have a better relationship with their customers. >> Tara: Absolutely. >> And changes the makeup of their brand as well, since it touches the customer. How do you see that evolving? What's the current state of the art of some of the things you're working on? >> Yeah, it's pretty fascinating, actually. And I hate to use cliches, but things like consumer experience is really at the heart of it. We're a brand company, at the end of the day, and how people feel about us is really, really important. It's not so much, it is about the products, and we make amazing products, but how do they feel about us as a company, and how do they engage with us differently than they did before? We do not buy the same way as we did even five years ago. And so, learning that, learning the new, evolving consumer, and getting really close to what's important to them, that's really on the forefront of how we think about our digital transformation. >> One of the cool things that's great about the People First Network that we've been doing-- >> Tara: Yeah. >> This content, is that we have a lot of luminaries who have had a storied career, like yourself, have looked at the changes and the waves of innovation that have come before, and now, more than ever, omnichannel, how you advertise and reach customers, how they interact, how they buy and consume. When you look at health care and some of the things you've been involved in, in the '90s, remember, client-server was big, they had computers. >> Tara: (laughs) Oh, yes. Oh, yeah. >> IT has changed a lot. >> It has. >> What is the most striking thing that you see from those changes in this new wave that we're living now? >> You know, so, (sharply exhales) I was fortunate in that I decided that data was where it was at, right from the beginning of my career. That's how I kind of made my way up my career ladder, is really that focus on data. I had a software engineering background, but really felt the power of data to change things. What has happened, if I think about some of the big changes, or the key milestones, if you will, in my career, one of the first real big changes came about when data, which was up until that point really sort of coming along for the ride, you had applications, applications had data, when data actually became the mainstay and the applications kind of came and went. I remember one of my mentors in the past, a past CIO, actually, telling me that applications come and go, but data is forever. And when that really started to become a thing was when big data and big data technologies became, came of enterprise age, if you will, along with cloud technologies. That marriage really, that was, I think, the tipping point where the things that you could do with data and the way that you could get insights from data really took on a life of its own, if you will. >> You know, one of the things, that's a great point. I'd love to get your insights as a leader and as you grew with data, because it wasn't really obvious at that time. Certainly, people had databases and that, the big data, the applications had data. >> Tara: Sure, sure, yeah. >> But it was always kind of old-school data. "Hey, get some data, let's look at the demographics, "let's look at the Consumer Price Index," blah, blah, blah, all kinds of data. But access to data became driven by the database. >> Tara: Correct. >> So there might've been data available-- >> Tara: Yeah. >> But getting it in the hands of the practitioners even now is hard, but even back then, you might not have had the data. So as a leader who's sought data-- >> Tara: Yeah. >> As a strategic advantage. By the way, that's rare early, isn't it? So, (laughs) awesome for you. >> You know, I got lucky. >> How did you get through that? How did you lead the organization to make data at the center of things? >> It is a very good question. There were a few things that started to take shape once big data and the marriage of the cloud started to happen. It started to open up doors, break down organizational silos. When you brought that data together, the business value, or the potential business value that could be unlocked, became obvious. The way that we approached it, though, under my leadership, I always believe in small steps. I believe in leapfrog, but I believe that you have to feed innovation or innovative thinking out in small doses. People are not always ready to consume it in one big (laughs) fell swoop, if you will. So doing things incrementally, but with an idea towards transformation, was, I think, the secret sauce that I used to approach these things. So as a couple of examples, in Kaiser Permanente, when I worked there for almost seven years, I was instrumental in bringing their big data platform to life. But it was not just a matter of, "Here's the technology "for technology's sake." It was a matter of, "Here are some real problems "that we are having a lot of difficulty in solving today. "Let's show you how we can solve those differently "in an amazing way." And we proved that. It was an experiment, that we proved that, and that really started to get us those adopters, if you will. >> John: So take baby steps. >> Yep. >> Don't try to do wholesale changes hardcore. >> Correct, correct. >> Let people get used to it. >> Yeah. >> This must've had an impact on culture. >> Yes, yes. >> And this comes up a lot in the DevOps culture we've seen in the past decade, even now. >> Yeah. >> Getting people to change has become very difficult. >> Yes! >> John: We all know that person-- >> Yes. >> Has their project that's their baby, adding features, "No, don't take my "baby away from me." >> Tara: Yes, yes, yes. >> "I don't want to change." >> (laughs) Oh, yeah. >> How do you make that happen? How do you lead people through that very difficult transformation at an emotional level, on a business level? What's the strategy there? What's your technique? >> Yeah, so, again, back to, you have to show results. And you have to show results incrementally in a way that people can appreciate them and consume them. You have to look at technology from a business value perspective. Business value comes first, technology is just along for the ride. That's how people see it, and that's how they should see it. >> John: Mm-hm. >> It's what you can do with the technology that makes a difference. So, some of the techniques that I have used in the past have been, number one, you do have to find like-minded people in the organization. You can't go at it alone. You have to start to build your clan, if you will, of innovators, so you've got a target audience that you're chippin' away at, slowly, but you've got to build credibility. Because results build credibility. Credibility builds trust. Trust removes barriers. So that's kind of the way that I approach things. I bring like-minded people together, I find people in the organization, of the people that are resistant, that I can bring onto "my side," if you will, and I use their knowledge, their insights, their knowledge of how this person who is obviously a stakeholder, and an important stakeholder, how they think and what's important to them, and I use that language and that person to be able to approach individuals in different ways. It's about culture. >> And it's always good to make them, you know, success has many fathers, if you will-- >> Yep. >> Is always an expression. Making them feel part of the solution. >> Absolutely. >> So I got to ask you a question. Is having a software background, coming into the tech world and the business world, this, now, you're starting to see applications really dictate to the infrastructure. Elastic clouds are out there. >> Tara: Yes. >> You have data as a resource now. If you were entering the market as a young software engineer today, and you were asked to come in and make an impact, knowing what you know, how do you see the world today? Because, you know, a lot of software engineers creating value from men, and, now, a lot more women are coming on board. >> Yeah, yeah. >> It's still lower numbers, but still, software's not just that software engineer. >> Yeah. >> It's software architecture, it's software engineering, software development, UX, UI-- >> Tara: Yeah. >> Analytics, a lot of range-- >> Tara: Yeah, yeah. >> Of software opportunities. How would you attack the marketplace today if you were coming in and entering the workforce or in the middle of your career? >> Yes, you know, when I look at my career, which is a little longer than I'd like to admit, I see myself as a young undergraduate student in India. I was one of six girls in a class of about 50. I was striving to get a degree in what was called, actually, electronics and telecommunication. I was in a minority. I came over here to the United States, and I continued to be in the minority. I look at my career, which is more than 25 years old. I have also continued to stay in the minority throughout that career. The biggest difference between where I am now in my career versus where I was then is I don't care as much anymore that I'm in the minority. (both laugh) Right? What is fascinating to me, though, John, is when I look at some of the very young students, actually, we had a high school intern program for the first time this year at Clorox, which is actually interesting. We typically have college interns, but this year, Clorox, a 105-year-old company in the middle of the Silicon Valley, having the ability to see that the very, very young generation can think very differently, and bringing in the high school intern, or a set of high school interns, to help with that journey, I think, was forward-thinking for the company. And those kids, the confidence that they have? They are not shackled by knowing too much, you know? >> John: Yes. >> But they know what's relevant, they know how to make things happen, and boy, do they know how to use technology to make problems that we consider problems that would take months, happen so quickly. They were with us for four weeks. In four weeks, they developed an app, a website. They developed our logo. They developed a PR video for us. They had an innovation showcase. In four weeks, four little students. >> It's interesting, for the first time (Tara laughs) in my career, I can admit that, from a self-awareness standpoint, "Well, I really don't know what I'm talking about." These young kids have a different view, because now their experiences are different. >> Tara: Yes. >> And so, the insight coming out of this new generation really is pretty compelling. >> Tara: It is. >> They are adding a lot more because there's been a shift in expectations, there's been a shift in experiences-- >> Tara: Yes. >> For this new generation, and they're at the forefront, so it's a big wave coming. What's your thoughts on that? Because analytics is a big part of your career now, and it always-- >> Tara: Yes, yes. >> Has been, but now, more than ever-- >> Yeah. >> The younger generation, they want instant gratification, they want value. >> They do. >> They don't want to wait and be told-- >> They do. >> They want to see the immediacy. >> They do. >> Talk about this new shift, this new younger generation. >> Yeah, yeah. You know, there used to be the good old days, where we could, say, put a product out there and, you know, eventually it kind of works its way into the consumer ecosystem, and then we'd get to hear back, over the course of time. Customers would call in with a recommendation or a complaint. It's very different now. Things are out there instantaneously. We put something out there, you're getting comments and reviews, some of them good, some of them not so good. It's out there, and it's out there instantly. And that also, the modern consumer is not shy. They kind of hide behind the keyboard, and they're putting their comments out there, right? (both laugh) They're the keyboard warriors! >> John: (laughs) Yeah. >> So being able to respond to that and having not just the data, but the ability to extract insights from data and to extract insights in real time, that is crucial. And so, gone are the days where you had months to do your analytics. You have to be able to do your analytics in the flow, you have to be able to take in new information, incorporate it into your models, be able to do predictive analytics on it. So technology and the way that it is evolving is super critical for survival these days. >> So, survival, and also competitive advantage, we've heard-- >> Oh, for sure. >> From other CIOs, and also CSOs, from a security standpoint-- >> Yes, yes. >> There's business risks involved. How real-time do you see the advantage being? Obviously, near real time is pretty much what people talk about. >> Yeah. >> Real time is to the second, and self-driving cars will certainly need that. >> Yeah, yeah, yeah. >> But as a leader chasing the real-time holy grail-- >> Yeah. >> Seems to be a theme we hear. How do you react to that, and how do you view real-time data? >> There is definitely something that builds up to the richness of data that you can take advantage of in "real time." And I am saying "real time" in quotes because there is a contextuality associated with it. The wonder of modern advanced analytics and machine learning is that you have an existing model that you're tweaking and evolving with new information, and that model is serving as your guide as you receive new information. So, does it have to be reactive, or can it be proactive? You're building the insights, and then you're adding on new information as you see it. And you're using technology to help you make more holistic decisions. And at the end of the day, there is something to be said about the human aspect of it. The machine can give you guidance-- >> John: Yes. >> But the human being needs to make the decision. >> I'd love to ask you a quick question on that, because I think this is something that we talk about all the time. >> Yeah. >> Humans are critical in the equation, machines augment the humans. >> Yes. >> In the data world, if you're "data-driven," which has been (laughs) a cliche, "We're data-driven!" >> Tara: Yes, yes. >> It takes on multiple forms. >> Tara: Yes. >> I've seen multiple actors saying, "We're data-driven," but they're really just correlating data. >> Tara: Yeah. >> The causation side of it is, what's causing things, that's more of a management thing. >> Tara: Yeah. >> So causation and correlation are two different variables-- >> Tara: Yes. >> In the analytics field right now-- >> Tara: Yeah. >> That are being amplified as, you got to know the distinction between correlation, because you can correlate anything, causation is something that might be more designed towards figuring out something, and you really can't rest on one more than the other. >> Yeah. (laughs) >> Your thoughts on the balance between the two. >> You're talking to someone who worked in health care for-- (laughs) >> John: (laughs) I probably won't get you to continue. >> For almost seven years. Causation and correlation are-- >> John: More important than ever. >> Are more important than ever. And I think more and more, the boundary between what machines can do and how they can augment human beings, versus actually having the machines help you make decisions, it's getting fuzzier, and machines are able to do more and more. I mean, all of the knowledge that you could read about 24 hours a day cannot sit in your head. You have to be able to leverage machines to help you make those decisions. So as far as causation and correlation, I think the correlation is something that the machine can be the master of. It can see patterns where you may not even think to look for patterns. So I think that, let's give it up to the machines. Correlation is where-- >> John: They got that. >> The machines have got that, and you got to set them up so that they can do that for you. Causation is where the tricky area starts to happen. Because there is a lot to say, especially when you talk about doctors, about experience and working with individuals. Each individual is different. You can't say that the causation for this person is the same as that because the correlations are similar. No, you have to look, there are so many factors that go into what is causing-- >> John: Yeah. >> A disease or a condition in a person. So I think that is where the human element and experience really, really still make a difference. >> In the media business, we call it behavioral and contextual. >> Yes. >> Context is really important for really aligning-- >> It is. >> With whatever the problem statement may be. >> Yes, yes. >> Correlation, behavior, machines can do that. >> Correct. >> That's awesome, great, great, great insight there. A final question for you is, for other folks out there, CIOs or IT executives, as they look at the digital transformation journey, which, again, very cliche, but very real, there's a lot of opportunities, but also potential pitfalls if not executed properly. >> Tara: Yeah. >> Your thoughts on general roadmaps or best practices around how to tackle transformation, if they're doing it, coming in for the first time or at the beginning, or if they're in the middle of a digital transformation, and they're stuck in the mud-- >> Yeah, yeah. >> Or "Oh my God, "my head person quit. "I got to get more people." >> Yeah. >> "I need developers," or people on the back end of the transformation, different parts of the journey. What's your advice? >> Yeah, I've got a couple of, again, from the scars of my past, a couple of things that I think are important. Number one, when I joined Clorox, I had the stretch goal of actually building out their cybersecurity program. I had not done that in the previous part of my career. I was an enterprise architect, that's where I would spend most of my many years. But cybersecurity, and I hired the CSO and built out that program for Clorox, it puts a whole different lens on how you look at your transformation, and it is an important lens. And I think I would not have been rounded, as either an enterprise architect who's developing technology strategy or a digital technology innovator, if I did not have that lens of, there is risk that you need to consider. Now, the point to remember is that you can't over-rotate one way or the other. You have to consider risk and opportunity, and there's a fine line. And I think the smartest CIOs and senior executives know where that fine line exists, and are able to tell when you need to go this way or that way. So that's one thing that I would say, is don't lose that lens. Technology can do wonderful things for you, but so can the hackers from a different-- >> You got to be aware-- >> You've got to be aware. >> And then, you've got to shape it, too, as it evolves. Is that something that you see as important? >> You have to have that lens of, you're doing this wonderful, amazing thing, however, what if the unintended audience is able to access whatever you're doing? And what can they do with it? So that's one thing that I would say, is keep that balance in mind. Again, don't over-rotate one way or the other, but keep that balance in mind. The other thing that I would say is, innovation is a state of mind that needs to be nurtured and developed, and it needs to be sought from every part of the organization. The only way to scale innovation is to have everybody be an innovator in the organization. So that would be my advice, is innovation can come from the youngest high school intern, or, we actually just had someone at Clorox celebrate their 50th year at Clorox. So, you know-- >> John: Yeah. >> Innovation can come from anywhere in the organization. You have to always be ready, open-minded, and prepared to grab that opportunity when it happens. >> My final takeaway for this is in context to where we are now, we're on Sand Hill Road-- >> Yes. >> At Mayfield Fund, they're a venture capitalist. >> Yes. >> They fund early-stage and growth. >> Yep. >> The younger generation, we just talked about the insights that they can have, new shifts that are happening in experiences, expectations. The startups, more than ever, have an opportunity to have customers like Clorox. >> Tara: Yes, yes. >> What used to be, "Well, a startup, "risk, don't go through the, go through TSA, "and when you get approved, "then we'll talk to you," kind of thing. (Tara guffaws) It's a big, painful process. >> Used to be? >> Now, more than ever, startups want to land the big Clorox deals. >> Yes, yes. >> They want to show the value proposition, time to value, shortening, with cloud and other things. What's your advice to startups who want to sell to you or hope to, aspire to, be successful in the marketplace? >> You know, I love startups, and I spent a lot of time with them. What I have seen as differentiating in the startups that I have seen is, some of them, they're out there, they want your business. So they are looking at you from that, "Can I get your business?" And then there are other startups that, I'm sure they've got that lens, but they don't make it obvious to you. To them, the value is in working with you. You're a company that is well-reputed. You've got a ton of amazing data that can be used to develop your models. You've got a ton of insights and understanding of the business that you can get by just working with this "reputed" company, like Clorox. Those in itself, you can't put a tangible, material value on that, but that is what helps startups build relevant and amazing products. And that, in itself, is "payment." The money will come, but look to the experiences, look to the ability to leverage data, and, above all, look to how you can position your product in a way that it is solving a business problem. Don't do technology for technology's sake. >> So, your advice would be, don't focus on on the PO. If they're venture-backed, they probably have some runway. >> Yes. >> Focus on the value proposition. >> Absolutely, and learning how companies operate and what's important to them, take the time to do that. >> How about scale? Do you hear that a lot with startups, they want to try to use the value proposition? One, they have to get in the door and show value, so that's one. >> Tara: Of course. >> Kind of table stakes, get through the door. >> Okay, yep. >> Then it's more about how they can be operationalized. That becomes something I've seen with startups. What's your thoughts on that? Because one of the benefits of getting in the door is getting (laughs) in the door, but staying in-- >> Yeah. >> Is about operationalizing that new value proposition. How do you look at that as a leader? >> (sharply exhales) Yeah, the word operationalization is an interesting one. So, companies like Clorox, I mean, while I love to work with startups, I will tell you that I do experiments, four, six, eight weeks, we've got a metric. If we go beyond that, it's probably a project that needs to go through a different route. But we do these experiments, and we do them quickly. The thing that we do worry about is, "Okay, great startup, great product. "Is it enterprise-ready?" You know? And I think that is where a lot of startups struggle a little bit, is, can they prove to you that their product is Fort Knox, that it won't be a way through which your systems get hacked? Can they prove to you that they've got a good handle on where they are going, what their roadmap is, what capabilities they are developing in their roadmap? Can they showcase that to you in a way that makes sense to you? We're looking for companies that are not just here today and gone tomorrow, companies that are here for the long run. And then, even if they can't do all of that, show that you integrate really well with our other products. Because, guess what, if you don't work out so well for us, little startup, we want to be able to replace you. We want to have that option. And if you don't integrate seamlessly and can be plucked out and put back in again, then we're stuck with something that we can't extract from our environment. So they've got to think how we think, is what I would advise them. (laughs) >> Tara, thanks so much for this great insight. For startups out there, for folks entering their career, for other women who are looking to break into tech, we have a great inspirational leader here. >> Thank you. >> John: Thank you for spending the time, we really appreciate it. >> Thank you very much, really appreciate it. >> Thank you very much. I'm John Furrier. You're watching the People First program with SiliconANGLE and Mayfield. Thanks for watching. (upbeat electronic music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Over and welcome back to our live coverage here in Las Vegas for HoshoCon. I'm John Furrier host of theCUBE. The first inaugural conference on security in the blockchain security is obviously not new to the blockchain It's number one concern. Crypto is crypto, decentralized networks is what people want. Security is the only thing that matters, if you haven't been hacked, then you should know we're being hacked. This is theCUBE coverage here in Las Vegas for HoshoCon. I'm John Furrier with Steven Sprague CEO of Rivetz, who's a security and an entrepreneur I've known for almost 20 years now he has been at this all through multiple ways of innovation, multiple security paradigm stacks, not new the problem, great time for you, Welcome to theCUBE. >> Thank you for having me. >> So I've known you and knowing your father as well for almost 25 plus years, you have been at this in one form or another with security and the waves are different, I mean there's different the web wave there's different architectures I mean people call it internet 3.0 whatever they're just different evolutionary steps, now is the killer time because we're seeing the most action. You got web, internet, mobile, global, new economics, new money the stakes are higher it's not not just like some isolated box, you got cloud. This is the time to harvest the work you've been doing, give us an overview. >> Absolutely you know I've been at this my whole career, I started down this path in 1990. Doing digital rights management micro transactions and video games and was part of the formation that Trusted Computing group in the 2000s and helped shipped 1.4 billion PCs with hardware security on the motherboard of the PC that still out there today. Started with started Rivets in 2013 to really go after, how do we enable the hardware security and mobile devices? And just about instantaneously ran into the blockchain and at my first Bitcoin conference, which was the Miami Bitcoin conference about a half an hour into it, it dawned on me two things. One, we were talking a lot about crypto but nobody was talking about cybersecurity and there's a gap between those just because we talk crypto all the time doesn't mean that we know what we're doing in cyber and the other one that was true as, oh my God, I've been looking for this for the last 10 years, which is how do we enable the user to own their own keys? And I don't mean like single keys on each device. I mean, the root key that controls all the other keys on all their devices. This is a super interesting space, we're just the very beginning of it in some ways the Bitcoin side the sort of value or or money side is the demo, the real opportunity is, this is the infrastructure that's going to replace how we do normal enterprise computing. >> Yeah. >> And the end of PC computing, we're about to have a new paradigm, blockchain-- >> I agree with you as an infrastructure shift over because the efficiencies that are gained and the disruption around what's not efficient, whether it's venture capital or infrastructure, IoT, whatever the supply chain or the decentralized way is the way to make it efficient, so it's an opportunity. Every entrepreneur that I know that is licking their chops going, wow, I can come in here and and create value. The mainstream adoptions around this complexity around use to your point, and then the fear of being hacked the cybersecurity piece whether it's for money, or a a hostile actor. >> But think of it in a different way. Security, nobody cares about security, nobody buys security, nobody wants security, security is UI. So if I asked you what your favorite multi factor authentication experience, you think like fingerprints and all this kind of stuff, it's not true, the send button is your favorite one, dial the number and push then and it just works. It works everywhere in the world works every time you've taught mom how to use it and the kids how to use it. It's simple, so why, so we would never use like, dial the number and we're going to use AI and big data to determine whether your phone is in the right condition to complete the call. And then a message is going to come up and say, would you please breathe deeply and calm down, because you're clearly agitated, I can't complete your call for you at this time. (laughing) Like, you've never used that phone, so why are we going to use that for the rest of our enterprise? >> I just sent you a pin number on your phone that you can't use before you can make the call. Again, I agree, it should be under the wire. It should be transparent security should be native, always on. >> That's right. >> And that's what you're getting at, okay. In your opinion, where are we in the progress because again, I think this connects the dots for your career, what you've worked on the itch you've been scratching in security because you have the perfect storm, you have full mobility penetration, you have commerce on top of it, and you have full global connectedness those three things alone make a-- >> And we have decentralization, so the thing that's important in blockchain is it's important remember, while the data on a chain is immutable, we know we can seal inside a little envelope a message and sign it and we write it to a chain it never changes. What we don't know is whether the data written to the chain was intended so all the information on all the blockchains is fake news. It's important to understand that we, if we take a blockchain to court try and prove something, all we can prove with the data hasn't changed. I have absolutely no idea whether your private key was written on the bathroom wall or stored in Fort Knox. And so if you try and record something on chain, your defense is always ah somebody stole my private key. Or if I'm trying to defend that you didn't do it on chain, somebody stole his private key, so actually the date on the chain is fake. It's real it was signed by a private key, but we have no knowledge to the quality of the private key and if you told the blockchain community that we got to go get your Windows log files to see whether or not your key was compromised at the time and the windows log files are the way we secure all blockchains. We're not going to get there, so the problem is-- >> That's a roadblock for sure, no doubt. >> Yeah, so the problem is that blockchains, are decentralized therefore, they're censorship proof. All of network security is censorship, therefore, blockchain is network security proof. Oops. So everything we spent in the last trillion dollars in cyber security doesn't work on blockchain Unless I run private chains, all a private chain is running inside the enterprise security while using all Juniper firewalls to secure your chain. That's not what we're talking about, We're talking about a decentralized solution. >> So match the security for pro posture for the architecture that you're working on. >> So we are going to have to do for the first time something that's crazy, we're going to have to do security commerce, which is when we form an instruction 'cause blockchains aren't authentication either, this isn't about logging into a node, getting a web page and filling out a form, no this is about sending an instruction. So, a blockchain instruction, a nuclear launch code, an e-commerce transaction, an IoT instruction like turn the lights on to 50% are all the same thing, it's an instruction based paradigm so it's not only about protecting the key but also the protection of the instruction that tells the system what to do and so in order to do that, the device that creates the instruction has to be a known device. Today we run our whole world, all our critical infrastructure, everything on unknown compute. When you turn this machine on, you didn't check to see it wasn't run by the North Koreans and you can't tell. >> Yeah, they could be in there, they probably are. >> Absolutely, more so than you would want to know. >> So what whereas the answer on this so get to the, cut to the chase here in your opinion, as the people figure out okay, we have all this great hardware that was built for a certain generation, now I'm using it as mission critical in my life, it's integrated to my lifestyle with my watch, my computer, my phone, now my in house Siri, portal, Facebook thing. >> So we need to get away from Apple's embracing of the CompuServe model, where you have a mobile phone that is a terminal, when you log into apps and your identity is based on your login to your phone. We don't actually check to see if the phone is really your phone. And we need to move to the concept of mobile, where it's a device identity network where services are delivered, not based on the username and password, but based on the identity of the device and really, ultimately, we need to get to what looks like an IoT network, which is a device identity network with messaging as the primary protocol. So secure messages sent. Fundamentally, we need to demote the importance of user authentication and promote the importance of device identity, so that I have a known device and a known condition with known controls that is producing the instructions that are sent to the chain. Ideally, you'd like in every chain, a second hash. And that second hash represents a manifest of controls that were in place, so I checked to see I was in the building, I checked to see who's still an employee, I checked to see my devices working properly, I check to see the trust infrastructure in the hardware of my devices working properly, and that gives me a hash I can write that to chain with the same immutable transaction, now I can prove that John's device in this condition with these controls wrote this transaction. >> Authentication powered the last architecture blockchain to your point about being you know, you don't know what's on the data needs to have an identity model for the signatures. >> For the robot. >> For the robot. >> For the robot. So some people like oh my god, but what if I lose my phone and the most important thing is you notice. If I steal your private keys you don't notice I still your phone like I just touch your phone. It makes you feel nervous, >> Yeah. (laughing) It's a very, but that's 100,000 years. >> I know when I leave my phone home I turn around soon as am three feet the driveway I'm like, okay, go back, get the phone. >> And so that's cyber security training it starts when you're 18 months old, when somebody gives you an important object you're not supposed to forget places like heaven forbid you remove the fuzzy rabbit from the three year old, you can lose an arm, right. So that model buying device, the good news is the trusted computing standards of the world have given us embedded hardware security in the chip sets as a standard capability in every ARM processor. Now in every Intel processor, we can turn these capabilities that have been deployed in these devices. We turn them on, provide an effective hardware based wallet for all of crypto. >> How does the hardware wallet work in your vision? Because I think most people generally and me included would say, look I love crypto but I'm busy got my four kids, two are in college, two or in high school and running around you're running around, bottom line is I got my key, my cold storage, I get keys everywhere, I forgot where I put my damn keys where's my key anyway I ended up writing and I post it. Who knows? >> I want to believe your keys are your collection of devices. So we've actually just done a recent relationship with Telefonica we showed two weeks ago, a dual Root of Trust handset, so half of your key is protected by the SIM architecture in your phone, half of your key is protected by the manufactured ARM processor in your, in your handset. So I have two separate routes of trust. I'm not trusting the carrier, I'm not trusting the manufacturer, they have to work in cooperation, the owner owns the keys, then I want to backup those keys. So why not, now that I have multiple routes of trust in my device, they can talk to my other devices, So we think of your household of devices as your key, not your single super phone. So every time I make a new wallet, you're right. You're running around, you didn't think about it, You don't want to write down 12 words, you're out at Starbucks, you shouldn't be writing the 12 words down on the surveillance camera at Starbucks. That would be a bad plan, Instead, you want your device to just communicate out to your other devices. So imagine in the future I lose my phone I can shut it off by calling my carrier and then I want to Make a new phone, maybe I've got to go like push a button in my Tesla push a button on my smart refrigerator. And my wife has to push a button or my girlfriend, or whatever the complications we all have. (laughing) And that's what allows me to recreate, not just my blockchain keys, but my Marriott keys, my car keys, my refrigerator keys, my these keys and we're going to have lots of keys for all this stuff. >> And the hardware is key in your opinion, got to have the hardware. >> Right, the reason why you have hardware is because, we can measure that the hardware hasn't changed so we can have a hardware Root of Trust, something that we know is anchored in silicon, in iron and then, or really in copper, and then from that we can build a stack that says we know this hasn't changed because if it's cast in the ground now we can build up from there each step and know that this measured environment is running properly. >> So people want be concerned, obviously Bloomberg had a story this week about China putting a mod chip on super micro boxes that's hardware. How do you talk to that, because I'm now saying, hey, I love the Root of Trust concept you guys are awesome, great job, but what about being hacked by someone else-- >> Well let's assume hacks continue on in time, I think the ultimate disinfectant in this is identity of the device, so give me a list of where 100% of those computers are. And are they in any critical systems that you have? So you're running DHS, and you've got 1.2 million servers across your network? Can you tell me 100% of the machines, that have that capability on them? Now that you know that model 45 had that. So we have an example for this VIN numbers in cars have been a great example of how we've improved the quality of cars, not that we aren't stupid humans and we build stuff that breaks or doesn't work and people die, we just want to know, that if he dies in his car that I don't want to drive the same car he drove without fixing whatever it is they're broken your car. >> So unique ID for the car, an asset. >> Yeah. And so tracking that, yep, we have it for lots of things. We don't have it for PCs, if you ask the average organization, please give me a list of the software that runs your corporation, they have no idea. >> Yeah, and the same thing with data to the GDPR thing, all these regulations, >> Right, because all, so GDPR is a great example of where now I need to prove I had controls in place in order to show that my data is properly-- >> They didn't know they had a server out there. >> I don't want to audit once a year, I want to check every time I do a transaction, was the person and employee did they have data rest in their machine, did they. So we can use the concepts of GDPR regulation to press this idea that I've provable controls at a transactional level for every instruction that's done. I want to know that I have known compute, if you had to write policy for the federal government, it's only known computers connected to sensitive networks and data. That doesn't require rocket science to understand. It's like, don't hook anonymous unknown computers you picked up out in the parking lot and tie them to the nuclear launch codes, that would be a bad plan. Like, let's start with at least machines we know and that are running software we know and that we've tested them so that we know they're running what we expect and they're working correctly, then let's use them for critical systems. So let's talk about the, and want to just finish up this segment on looking at what you're saying, which is a whole new operating model is coming really fast. The old model that's being operate is run by huge companies, Apple, Amazon, IT departments all around the world, governments, so there's going to be some resistance is going to have to be some change, that change is going to be disruptive. How do you see it playing out, you see people waking up going it's inevitable or you see a train wreck or collision. >> Now I think we have to create a transition. I spent a decade trying to create the train wreck and that didn't work very well, we shipped the technology and every PC. What we've done here is we're making it possible for you measure the integrity of a device in a mobile phone, and then you can hold keys in it. But I can apply policies or rules to those keys and those policies can talk to all of my old external systems. So I can ask all my network security stack, Where is this device, is this person an employee? Is my organization feeling good today, before I let you use the key. >> You bring program ability and state into-- >> Right, it's like you drag along the whole network security stack, and all their API controls and their SIEMs and let's hook Watson up and watch the whole network and apply that as a rule to a case. So now I can sit in Starbucks, and my device checks to see my organization's good, and then logs me into Gmail. I didn't have to tell Gmail to ask whether I was an employee, so I can have a mobile phone that says only log on if you're on the nuclear submarine and it'll work and I don't have to tell GitHub that check to see whether he's on a nuclear submarine. They just have to know that this two factor authentication is external, what's making that possible is that two factor authentication and all the services is fundamentally device registration, and as we mature that as the industry matures, those standards it provides the vehicle for all the services to incorporate a device component to the authentication strategy and then we can engage the robot to make that device smarter. >> Robot being the machine. >> Our device. >> Great to have you on, give the quick plug, what's going on Rivets real give us a quick. >> So Rivets is a fun company going after building these tools, we have a great partnership with Telefonica, we're extending it to other carriers as well. And our mission here is to bring the next billion people the blockchain by giving them a hardware based wallet for crypto, for IoT, for cloud in 100% of the mobile devices that are shipped and use the carriers as a mechanism to deliver that to us. >> You bring value that carries you also help the users make that usability peace secure. If you can pull that off, man I'd have a parade on Main Street for you. We need that. >> We desperately need this. We are so ready for our digital life to become simpler and safer for the user, And really for the services, it allows them to have more valuable data. So it's the combination of those two things, it's a win both for the consumer and for the services. >> Well, let's hope it can be a seamless transition rather than a train wreck collision. I'm John Furrier we here at talking security at Hoshocon, the inaugural blockchain secure, the first blockchain security conference am here with Steven Sprague CEO Rivets, hot, hot company in the space with many, many years experience. Time is ripe, right now the time is perfect for you. Congratulations. >> Thank you. >> Thanks for coming on, we're back with more after this short break. (electronic music)

(upbeat techno music) >> Narrator: Live from Las Vegas, it's The Cube, covering Fortinet Accelerate '18, brought to you by Fortinet. >> Welcome back to The Cube's continuing coverage live from Fortinet Accelerate 2018. I'm Lisa Martin with The Cube, along with my co-host Peter Burris, and we're very excited to welcome a Cube alumni back to The Cube, Derek Manky, the global security strategist from Fortinet - welcome back! >> Derek: Thank you, it's always good to be here. We have great conversations. >> Lisa: We do. We're happy that you think that. So, lots of news coming out today. But, I want to kind of start with, maybe a top-down approach, the theme of the event: strength in numbers. >> Derek: Yes. >> Lisa: As a marketer I'm like, "What are they going to share?" And of course, Ken and a lot of your peers shared a lot of interesting statistics. From your standpoint - what you're doing with FortiGuard Labs, strength in numbers, help us understand that from the technology standpoint. What does that mean to you? >> Derek: Sure, sure. So, there's a couple aspects to that. First of all, I've always been a firm advocate that we can never win the war on cybercrime alone. We have to be able to collaborate; collaboration is a key aspect. The attack surface today now, just from if you look at the complexity of attacks, the attack surface is massive today. And it's going to continue to expand. I mean, 15 years ago, we're just dealing with you know, threats that would operate on IRC channels or something, you know, some websites, and just some spam attacks. Now, we have to deal with that in addition to this growing attack surface, right? Specifically, with IOMT - the Internet of Medical Things, OT, as well. You have within that OT umbrella, obviously, things like the connected vehicles and all of these different things, which I know you've seen here, also, at Accelerate. So, when we look at that attack surface, you need security in all aspects - end-to-end, right? And so, from a security architecture perspective, strength in numbers is important to have that whole coverage of the attack surface, right? That's not complex and easy to manage. At the same time, being able to inter-operate: that's another strength. You know, the more a structure is bonded or glued together, the more resilient it's going to become. That's the exact concept of the fabric, right? The more that we can inter-weave the fabric and connect the different nodes together and share intelligence, that becomes a much, much stronger structure. So, to me, the strength in numbers means collaboration, information flow, and also end-to-end coverage between the security solutions. >> Peter: But it also means, you know, the growing ecosystem; the need for additional expertise, greater specialization in people. Talk a little bit about how, from a strategy standpoint, Fortinet is helping prepare people for different types of inclusion, different types of participation; what it means to be great, in a security way. >> Derek: Yeah, absolutely. I think there's very (mumbles) We're taking a multi-pronged approach to that. If you look at things like our NSC training program - it's the largest in the industry - so, training other experts through our partners. Growing, doing that knowledge transfer in expertise onto new features, like we're doing here at Accelerate, is critically important. So, that's one aspect when you look at the ecosystem. When you look at something for FortiGuard, as an example, what we're doing. We have, traditionally, you know, we've trained up a very large team; we have 215 security experts at FortiGuard, which is, for a network security organization one of the largest in the world, if not the largest. >> Peter: And FortiGuard is a practical and active think tank, right? >> Derek: Absolutely, yeah. It's many things, it's reactive protection, it's proactive protection, it's - now we've just launched the FortiGuard AI, as well; artificial intelligence, machine learning, that's all the threat intelligence aspect. So, it's threat detection and response. Again, if you look at technology, when we started just with antivirus and intrusion prevention and things like this, it was very signature-based and reactive. We went from signature-based detections to anomaly-based detections. Now, the third generation of this is machine learning and deep learning And going back to your question: we don't ever want to replace humans - because humans are very important in this ecosystem - rather, repurpose them, right? So, what we're doing, as an example, is when we, you know, train our analysts. Instead of having them do day to day tasks like some signature creation or something like this, we can actually have AI systems replace that to identify a threat, respond to it, and then repurpose those humans for something more strategic, you know, looking at the context, "How bad is this threat?" "Why is it a threat?" "How do we respond to it?" "How do we work with partners and customers?" We've launched our threat intelligence service, as well. This is a good example of something we've used internally within FortiGuard to protect customers. Now, we're offering this as a service to customers for security operation centers. We also have our Forti analyzer product and incident response framework. These are all key components that we're empowering organizations to be able to respond those threats. But, again, strength in numbers, it's this ecosystem working together. So, fabric-ready partners is another good example of that strength in numbers, I think, too. >> Peter: Well, I remember the first time I walked into a knock and found the security person and their eyes were literally bleeding. (Derek chuckles) And it's nice to have AI be able to take that kind of a load off, to be looking at some of these challenges, some of these anomalies, things previously we expected people to be able to uncover. >> Derek: Yeah, and (mumbles) when we talk about AI, to me, it's a trust exercise, as well. When you talk about machine learning, it's an accuracy problem, right? "How accurate can the machines really be?" When we pass the torch, as I say, to the machines to be able to take on those day to day jobs, we have to be able to trust it, saying, "You're doing a good job and you're accurate." So, we're using supervised learning, right, where we have our human experts actually training the machines - that's a good use for them, instead of just doing the same cycles day to day, you know, as an example. That's another way that we're scaling out that way. I think it's absolutely required in today's day and age. If you look at the numbers, it's an exponential curve right now. Last year, one year ago today, on average we're seeing about a million hacking attempts in just a minute across the entire globe, right? Now, we're seeing that number up over four million. So, it's increased four-fold in just a year, and that's just going to continue to rise. So, having that automated defense and AI machine learning; machine learning's just a learning aspect; the AI is the actionable part - how we can take that intelligence and put that into the fabric so that the customer doesn't have to do that themselves. I mean, the customer doesn't always have to be involved in the security aspect of that, and that's how we start reducing on the complexity, too. >> Lisa: You mentioned a couple terms that I wanted to pivot on: proactive/reactive. One of the biggest challenges that we hear from the C-suite in this perspective is visibility, complexity, but also high TCO reactivity. Where is Fortinet enabling, when you talk to customers, that shift, that successful shift from reactive to proactive? >> Derek: Right, yeah. Good question, very good question. I think - just parallels - I mean, they're both always going to have to exist, that's just their nature. I mean, if you keep walking across, you know, it's like Frogger - if you keep walking across a busy highway, you're going to get hit eventually, 'cause there's that much traffic, that much attacks coming, right? So, again, the incident response angle - using detection systems and, you know, threat reporting, and this intelligence service to be able to, you know, alert on what sort of attacks are happening and how to prioritize that is one way on the reactive end. On the proactive end: consulting. We have a team of consulting engineers and specifically, ones on FortiGuard, so threat experts that are able to actually analyze. So, we have programs, like CTAP, as a cyberthreat assessment program that is able to able to go into these new networks as a free service and do assessments. So, audits and assessments on the state of security on that network - end-to-end, right? So, we're talking even up to the distributed enterprise level. It's very, very important because we're in a day and age of information overload, especially if you talk to, you know, most CSOs (chief security officer) I talk to, they say "Derek, I got so much traffic being thrown at me; I have all these security logs that are letting up - how do I prioritize and respond to that?" So, if you can understand who your enemy is - what they're up to, then you can start building an appropriate security strategy around that, as opposed to just building checkboxes and, you know, building a fort and thinking you're protected against everything. That's a very important part. And, of course, there's proactive security technologies: anomaly-based, you know, things like sandbox detection that we've already integrated into the fabric ecosystem. But, visibility is key first; know your enemy, understand it, then build up a stack around that. >> Peter: So you're a strategist? >> Derek: Yes. >> Peter: What's the difference between a security strategist and a strategist - a business strategist? And, specifically, how is security strategy starting to find its way into business strategy? >> Derek: Really good question. So, it's becoming blended, right, because security is a vital part of business today. So, if you look at some attacks that even happened last year, there's targeted attacks that are starting to go after big businesses; critical revenue streams and services, because these are high payouts, right? And so, you know, if you look at building a business, you have to identify what are your digital assets: that can include services, intellectual property, and what would happen if that service was, you know, if there was a denial-of-service attack on that? How much lead or revenue loss are you going to have versus the cost of implementing, you know, an adequate security structure around that? So, you know, security's a board-level discussion right now, right? And so, when I think you look at building up these businesses, security should be, by design, from the top down - let's start it there. >> Peter: But, is it finding its way, and we've asked this question a couple times - at least I have - is it finding its way into "Hey, my balance sheet is a source of competitive advantage; my sales force is a source of competitive advantage." Is your security capabilities a source of competitive advantage in a digital business? >> Derek: I would say absolutely, yeah. It's starting to find its way in there. If you look at regions like Australia, you know, they just implemented a mandatory breach disclosure, right, so then, any business that is earning, I think it's like over two million dollars in revenue, needs to, you know, have a certain security posture in place and be able to respond to that. And that's trust and brand recognition. So, because, having, you know, cases like this, building trust with your provider, especially if we talk about, you know, cloud services; I'm putting my data into your hands and trust. How well do you trust that? Of course, if there's good reputation and a powerful security solution, you know customers are going to feel safer doing that. It's like, are you going to, you know, put your gold in Fort Knox or are you going to put it, you know, bury it in your backyard? There's a definite relationship happening there. >> Lisa: I read (hesitates) I didn't read this report, but I saw it the other day that in 2017, a kind of cybercrime report that said by 2021, which isn't that far away, that the global impact will be six trillion dollars in cybercrime. >> Derek: Yeah. >> How do you see the public sector, the private sector working together to help mitigate that, where that cybercrime is concerned and the costs that are so varied and large. >> Derek: Yeah, it's not just cybercrime, either. It's cyberterrorism, these other aspects, especially if you're talking about public sector, if you're talking about critical infrastructure and also with, you know, energy sector and operational technology and all of these things, too. So, you know, it becomes very important for doing a collaboration in alliances - that's something that's actually close to my heart. You know, at FortiNet and FortiGuard, we've formed several strategic partnerships in alliance with public sector, mostly, you know, national computer emergency response, because we feel that we have a lot of intelligence. We're very good at what we do, you know, we can protect customers; detecting threats. But, if there's an attack happening on a national level, you know, we should be able to empower - to be able to work together to combat the threat. It's the same thing even with cybercrime, right? So, as an example, we work with law enforcement, as well with cybercrime, trying to find threat actors in the adversary; cybercriminals are running their own business, and the more expensive you can make it for them to operate, it slows down their operations. >> Peter: A COGS approach to competition. >> Derek: Yeah. (chuckles) Yeah, yeah. And, you know, they're always going to find the path of least resistance, right? That's the whole idea of security, strategy too, is, we call it the "attack chain," right, this layered security - that's the strength in numbers theme again, right; end-to-end security that makes the whole security chain stronger 'cause of that bond and that makes it more expensive for the cybercriminals to operate, too. So, as an example, like I said, national CERT, law enforcement; we're even teaming up in the private sector - a cyberthreat alliance, as well, that's been a very successful project; Fortinet's a founding member, I'm on the steering committee of the cyberthreat alliance. >> Peter: It was Ken's brainchild, wasn't it? >> Derek: Yeah, yep, yeah. And so, you know, we're competitors in the industry but we're actually - it's a friendly environment when we meet and it's actionable intelligence that's being shared. Again, it comes down to how well you can implement that technology, or that (hesitates) information in your technology - that's an important part. >> Lisa: So, here we are at Accelerate 2018 the - I think Ken was saying the 16th year of this event. What are you looking forward to in 2018 for Fortinet, looking at the strength of the partners - those behind us. What's exciting you about the opportunities that Fortinet has in 2018? >> Derek: It's never a boring day. (laughs) There's a lot of interesting opportunities to work with. I think it's - what's exciting to me is the vibe. People are very keen on this, right? If you look at our fabric-ready program, it's growing quite significantly and I think it's fantastic, there's a lot of people, you know, that are energized and willing to work in these programs. There's a lot of programs we can build at, specifically, FortiGuard, as well. Like I said, these threat intelligence services that we're offering to our partners now, which include, you know, proactive alerts, early warning systems. That empowerment and, you know, working together definitely excites me - there's a lot of opportunities there. And there's going to be a lot of, you know, challenges to overcome. If we look at the threat landscape right now, you know, one thing I'm talking about is swarm bots. It's this swarm intelligence - there's parallels here again; we talk about strength in numbers and what we're doing on our side. The bad guys are also teaming up and doing strength in numbers on their side, too. So, we're looking at on the horizon threats like this that are using, leveraging, their own learning mechanisms, being able to self-adapt to be much quicker to attack systems, right, because that's on the horizon - we're already seeing indications of that; we have to get this right. I think for the first time in the industry, you know, we're doing this right. You know, if you look at years past, cybercriminals, they can do a million things wrong and they don't care, right? So, we need to be able to overcome more hurdles. If we work together, which we're doing right now; I think for the first time, we have the opportunity to have an advantage over the cybercriminals, too. So, that's also exciting. >> Lisa: Definitely. We've heard a lot of, I think, conversation today along the spirit of collaboration, compatibility. So, that sentiment, I think, was well represented from your peers that we've spoken with today. >> Derek: Yeah. Everybody has a part to play, I think, right? And that's the thing - you mentioned the word "ecosystem" and that's exactly what it is, right? And that's another brilliant thing we're finding is that everybody brings some strength to the table, so that's another aspect, and I think people, you know, are realizing that organizations are realizing that they can actually play in these collaborations. >> Peter: It's not a zero sum game. >> Derek: No. >> Peter: It's not. I mean, there's so much diversity and so much opportunity and this digital transformation going to have touched so many different corners in so many different ways. >> Derek: Yeah. >> At this point in time, it's "How fast can we all work together to take advantage of the opportunities?" and not "Eh, I want that piece and I want that piece." because then the whole thing won't grow as fast. >> Derek: Yeah, and, you know, the other challenges - the technology challenge, and that's something we are addressing as well. Like, we're actually creating a solution to this - a framework, as we did with the cyberthreat alliance, but also with the fabric program, as well, so having those tools is very important, I think, as well, to help grow that ecosystem, right? >> Lisa: Exciting stuff, Derek. Thanks so much for joining us on The Cube and sharing some of the things that you're working on, and, it sounds, like you said earlier, never a dull moment; every day is a busy day. >> Derek: Absolutely not. Yeah, there's a long road ahead and I think there always will be. But, like I said, it's a lot of exciting times and it's good to see progress in the industry. >> Lisa: Absolutely. Well, thanks for your time. We look forward to our chat next year and to see what happens then. >> Derek: Okay, thank you so much! >> Lisa: Absolutely. We want to thank you for watching The Cube's continuing coverage of Fortinet Accelerate 2018. For Peter Burris, I'm Lisa Martin, and we'll be right back after a short break. (subtle electronic song)

>> Narrator: Live from Las Vegas, it's theCUBE. Covering AWS re:Invent 2017 presented by AWS, Intel and our ecosystem of partners. >> Hello and welcome back. Live here is theCUBE's exclusive coverage here in Las Vegas. 45,000 people attending Amazon Web Services' AWS re:Invent 2017. I'm John Furrier with Lisa Martin. Our next guest is Miles Kingston, he is the General Manager of the Smart Home Group at Intel Corporation. Miles, it's great to have you. >> Thank you so much for having me here, I'm really happy to be here. >> Welcome to theCUBE Alumni Club. First time on. All the benefits you get as being an Alumni is to come back again. >> Can't wait, I'll be here next year, for sure. >> Certainly, you are running a new business for Intel, I'd like to get some details on that, because smart homes. We were at the Samsung Developer Conference, we saw smart fridge, smart living room. So we're starting to see this become a reality, for the CES, every 10 years, that's smart living room. So finally, with cloud and all of the computing power, it's arrived or has it? >> I believe we're almost there. I think the technology has finally advanced enough and there is so much data available now that you have this combination of this technology that can analyze all of this data and truly start doing some of the artificial intelligence that will help you make your home smarter. >> And we've certainly seen the growth of Siri with Apple, Alexa for the home with Amazon, just really go crazy. In fact, during the Industry Day, yesterday, you saw the repeat session most attended by developers, was Alexa. So Alexa's got the minds and has captured the imagination of the developers. Where does it go from here and what is the difference between a smart home and a connected home? Can you just take a minute to explain and set the table on that? >> Yeah and I agree, the voice capability in the home, it's absolutely foundational. I think I saw a recent statistic that by 2022, 55% of US households are expected to have a smart speaker type device in their home. So that's a massive percentage. So I think, if you look in the industry, connected home and smart home, they're often use synonymously. We personally look at it as an evolution. And so what I mean by that is, today, we think the home is extremely connected. If I talk about my house, and I'm a total geek about this stuff, I've got 60 devices connected to an access point, I've got another 60 devices connected to an IOT hub. My home does not feel very smart. It's crazy connected, I can turn on lights on and off, sprinklers on and off, it's not yet smart. What we're really focused on at Intel, is accelerating that transition for your home to truly become a smart home and not just a connected home. >> And software is a key part of it, and I've seen developers attack this area very nicely. At the same time, the surface area with these Smart Homes for security issues, hackers. Cause WiFi is, you can run a process on, these are computers. So how does security fit into all of this? >> Yeah, security is huge and so at Intel we're focused on four technology pillars, which we'll get through during this discussion. One of the first ones is connectivity, and we actually have technology that goes into a WiFi access point, the actual silicon. It's optimized for many clients to be in the home, and also, we've partnered with companies, like McAfee, on security software that will sit on top of that. That will actually manage all of the connected devices in your home, as that extra layer of security. So we fundamentally agree that the security is paramount. >> One of the things that I saw on the website that says, Intel is taking a radically different approach based on proactive research into ways to increase smart home adoption. What makes Intel's approach radically different? >> Yeah, so I'm glad that you asked that. We've spent years going into thousands of consumers' homes in North America, Western Europe, China, etc. To truly understand some of the pain points they were experiencing. From that, we basically, gave all this information to our architects and we really synthesized it into what areas we need to advance technology to enable some of these richer use cases. So we're really working on those foundational building blocks and so those four ones I mentioned earlier, connectivity, that one is paramount. You know, if you want to add 35 to 100 devices in your home, you better make sure they're all connected, all the time and that you've got good bandwidth between them. The second technology was voice, and it's not just voice in one place in your home, it's voice throughout your home. You don't want to have to run to the kitchen to turn your bedroom lights on. And then, vision. You know, making sure your home has the ability to see more. It could be cameras, could be motion sensors, it could be vision sensors. And then this last one is this local intelligence. This artificial intelligence. So the unique approach that Intel is taking is across all of our assets. In the data center, in our artificial intelligence organization, in our new technology organization, our IOT organization, in our client computing group. We're taking all of these assets and investing them in those four pillars and kind of really delivering unique solutions, and there's actually a couple of them that have been on display this week so far. >> How about DeepLens? That certainly was an awesome keynote point, and the device that Andy introduced is essentially a wireless device, that is basically that machine learning an AI in it. And that is awesome, because it's also an IOT device, it's got so much versatility to it. What's behind that? Can you give some color to DeepLens? What does it mean for people? >> So, we're really excited about that one. We partnered with Amazon at AWS on that for quite some time. So, just a reminder to everybody, that is the first Deep Learning enabled wireless camera. And what we're helped do in that, is it's got an Intel Atom processor inside that actually runs the vision processing workload. We also contributed a Deep Learning toolkit, kind of a software middleware layer, and we've also got the Intel Compute Library for deep neural networks. So basically, a lot of preconfigured algorithms that developers can use. The bigger thing, though, is when I talked about those four technology pillars; the vision pillar, as well as the artificial intelligence pillar, this is a proof point of exactly that. Running an instance of the AWS service on a local device in the home to do this computer vision. >> When will that device be available? And what's the price point? Can we get our hands on one? And how are people going to be getting this? >> Yeah, so what was announced during the keynote today is that there are actually some Deep Learning workshops today, here at re:Invent where they're actually being given away, and then actually as soon as the announcement was made during the keynote today, they're actually available for pre-order on Amazon.com right now. I'm not actually sure on the shipping date on Amazon, but anybody can go and check. >> Jeff Frick, go get one of those quickly. Order it, put my credit card down. >> Miles: Yes, please do. >> Well, that's super exciting and now, where's the impact in that? Because it seems like it could be a great IOT device. It seems like it would be a fun consumer device. Where do you guys see the use cases for these developing? >> So the reason I'm excited about this one, is I fundamentally believe that vision is going to enable some richer use cases. The only way we're going to get those though, is if you get these brilliant developers getting their hands on the hardware, with someone like Amazon, who's made all of the machine learning, and the cloud and all of the pieces easier. It's now going to make it very easy for thousands, ideally, hundreds of thousands of developers to start working on this, so they can enable these new use cases. >> The pace of innovation that AWS has set, it's palpable here, we hear it, we feel it. This is a relatively new business unit for Intel. You announced this, about a year ago at re:Invent 2016? Are you trying to match the accelerated pace of innovation that AWS has? And what do you see going on in the next 12 months? Where do you think we'll be 12 months from now? >> Yeah, so I think we're definitely trying to be a fantastic technology partner for Amazon. One of the things we have since last re:Invent is we announced we were going to do some reference designs and developer kits to help get Alexa everywhere. So during this trade show, actually, we are holding, I can't remember the exact number, but many workshops, where we are providing the participants with a Speech Enabling Developer toolkit. And basically, what this is, is it's got an Intel platform, with Intel's dual DSP on it, a microarray, and it's paired with Raspberry Pi. So basically, this will allow anybody who already makes a product, it will allow them to easily integrate Alexa into that product with Intel inside. Which is perfect for us. >> So obviously, we're super excited, we love the cloud. I'm kind of a fanboy of the cloud, being a developer in my old days, but the resources that you get out of the cloud are amazing. But now when you start looking at these devices like DeepLens, the possibilities are limitless. So it's really interesting. The question I have for you is, you know, we had Tom Siebel on earlier, pioneer, invented the CRM category. He's now the CEO of C3 IOT, and I asked him, why are you doing a startup, you're a billionaire. You're rich, you don't need to do it. He goes, "I'm a computer guy, I love doing this." He's an entrepreneur at heart. But he said something interesting, he said that the two waves that he surfs, they call him a big time surfer, he's hanging 10 on the waves, is IOT and AI. This is an opportunity for you guys to reimagine the smart home. How important is the IOT trend and the AI trend for really doing it right with smart home, and whatever we're calling it. There's an opportunity there. How are you guys viewing that vision? What progress points have you identified at Intel, to kind of, check? >> Completely agree. For me, AI really is the key turning point here. 'Cause even just talking about connected versus smart, the thing that makes it smart is the ability to learn and think for itself. And the reason we have focused on those technology pillars, is we believe that by adding voice everywhere in the home, and the listening capability, as well as adding the vision capability, you're going to enable all of this rich new data, which you have to have some of these AI tools to make any sense of, and when you get to video, you absolutely have to have some amount of it locally. So, that either for bandwidth reasons, for latency reasons, for privacy reasons, like some of the examples that were given in the keynote today, you just want to keep that stuff locally. >> And having policy and running on it, you know, access points are interesting, it gives you connectivity, but these are computers, so if someone gets malware on the home, they can run a full threaded process on these machines. Sometimes you might not want that. You want to be able to control that. >> Yes, absolutely. We would really believe that the wireless access point in the home is one of the greatest areas where you can add additional security in the home and protect all of the devices. >> So you mentioned, I think 120 different devices in your home that are connected. How far away do you think your home is from being, from going from connected to smart? What's that timeline like? >> You know what I think, honestly, I think a lot of the hardware is already there. And the examples I will give is, and I'm not just saying this because I'm here, but I actually do have 15 Echos in my house because I do want to be able to control all of the infrastructure everywhere in the home. I do believe in the future, those devices will be listening for anomalies, like glass breaking, a dog barking, a baby crying, and I believe the hardware we have today is very capable of doing that. Similarly, I think that a lot of the cameras today are trained to, whenever they see motion, to do certain things and to start recording. I think that use case is going to evolve over time as well, so I truly believe that we are probably two years away from really seeing, with some of the existing infrastructure, truly being able to enable some smarter home use cases. >> The renaissance going on, the creativity is going to be amazing. I'm looking at a tweet that Bert Latimar, from our team made, on our last interview with the Washington County Sheriff, customer of Amazon, pays $6 a month for getting all the mugshots. He goes, "I'm gonna use DeepLens for things like "recognizing scars and tattoos." Because now they have to take pictures when someone comes in as a criminal, but now with DeepLens, they can program it to look for tattoos. >> Yeah, absolutely. And if you see things like the Ring Doorbell today, they have that neighborhood application of it so you can actually share within your local neighborhood if somebody had a package stolen, they can post a picture of that person. And even just security cameras, my house, it feels like Fort Knox sometimes, I've got so many security cameras. It used to be, every time there was a windstorm, I got 25 alerts on my phone, because a branch was blowing. Now I have security cameras that actually can do facial recognition and say, your son is home, your daughter is home, your wife is home. >> So are all the houses going to have a little sign that says,"Protected by Alexa and Intel and DeepLens" >> Don't you dare, exactly. (laughs) >> Lisa: And no sneaking out for the kids. >> Yes, exactly. >> Alright, so real quick to end the segment, quickly summarize and share, what is the Intel relationship with Amazon Web Services? Talk about the partnership. >> It's a great relationship. We've been partnering with Amazon for over a decade, starting with AWS. Over the last couple of years, we've started working closely with them on their first party products. So, many of you have seen the Echo Show and the Echo Look, that has Intel inside. It also has a RealSense Camera in the Look. We've now enabled the Speech Enabling Developer Kit, which is meant to help get Alexa everywhere, running on Intel. We've now done DeepLens, which is a great example of local artificial intelligence. Partnered with all the work we've done with them in the cloud, so it really is, I would say the partnership expands all the way from the very edge device in the home, all the way to the cloud. >> Miles, thanks for coming, Miles Kingston with Intel, General Manager of the Smart Home Group, new business unit at Intel, really reimagining the future for people's lives. I think in this great case where technology can actually help people, rather than making it any more complicated. Which we all know if we have access points and kids gaming, it can be a problem. It's theCUBE, live here in Las Vegas. 45,000 people here at Amazon re:Invent. Five years ago, our first show, only 7,000. Now what amazing growth. Thanks so much for coming out, Lisa Martin and John Furrier here, reporting from theCUBE. More coverage after this short break. (light music)

>> Announcer: Live from Las Vegas, It's The Cube, covering NAB 2017. Brought to you by HGST. >> Welcome back to NAB day three. I'm Lisa Martin. We are here live in Las Vegas very excited to introduce you to our next guest, Alan Hoff, VP of Market Solutions for Avid. Welcome to The Cube. >> Thank you, Lisa. It's great to be here. >> You are an NAB veteran. This is your 21st year. >> Indeed, yes. >> You must have seen incredible transformation. >> Alan: It's true, yes. >> Tell us about just, you were saying before we went live that you've really been here at the start of digital transformation. Walk us through that kind of the evolution that you've witnessed? >> Yes, certainly. So when I first came here in 1996, the show was a little bit smaller and I came with a company that did non-linear digital video editing systems, not Avid but a competitor. And that was really the first link in the overall production chain that became digitized, and so that was really the forefront of the digital transformation that we're now seeing play out and ultimately culminating with all these cloud-based workflows that everybody's talking about. So I've been watching it as that digital production value chain has evolved all across knocking down one category after another, and as I say, it's really culminating now with the journey to the Cloud. >> Speaking of journey, this journey that you've been on in your seat, what are some of the things that surprise you still in yearr 21 for you at NAB? And what are some of the trends that you've seen go from maybe something buzzy to a real key value solution? >> Yeah, so I think Cloud was being hyped quite a bit a few years ago, and Avid was there. We announced some cloud-based workflows a couple years ago, et cetera, along with others. But it's really just now at this show that we're really seeing it come into a more pragmatic, broader workflow solution. The challenges that the industry is facing at all levels is that they need to create more content at higher quality that is more standout in nature and that is engaging and attention-grabbing than ever before, because there's so much more of it being created, and there are so many more outlets in which it can be consumed, and it's no longer on anybody's schedule but the consumer's schedule. So that has really thrown a wrench in the works in the traditional business models that people have gone through. And so Avid saw this a few years ago, and we developed something that we call the Media Central Platform. The goal of that platform was to standardize all the disparate different technologies and bits and standards that were out there into one unified whole to make it easier for individual artists or creative teams, like at post houses, or even the largest media enterprises out there, to get more efficient in the way they create their content and distribute their content. So what that's meant is Avid, which historically had been a very vertically oriented and closed company, had to learn how to play well with others. This is not unlike what we're seeing from other large players in the industry, Microsoft for example. These guys have realized that, in order to deliver what it is that the customers are looking for, again, regardless of their level of the segment, they have to be open and play well with the perhaps traditional competitors or folks that you never would have thought would have a solid workflow. So in the case of Avid, we, a year ago, announced that we were working with Adobe, which has always been a tool of choice for Avid customers. It's very common for them to have Avid products, Adobe products. But in some areas, we were directly competitive, and so what we ended up doing was we made it so that the Adobe Premiere products could work seamlessly within the Avid Media Central Platform. This year, we did something similar with-- >> You've got a big announcement at this show? >> Well, with EVS, we did integration. So EVS makes these, arguably, the world's best sports replay service, those great sports slomo replay, et cetera, that you see on sporting events. They have basically become the standard in that area. So we wanted to integrate the workflow. So we worked with EVS. They used our connectivity toolkit to create a flow-blown, certified membership in the platform so that an Avid user can have access to the EVS assets as if they were the Avid assets. So seamless workflow, all because that's what the customers need to be able to create this content faster and get it out to more devices. >> Speaking of the customer, you mentioned some alliance partners. In your role at Avid, you're responsible for product marketing alliances. Talk to us about what you're seeing, from the customer journey perspective, as they're transitioning media production to the Cloud. You mentioned some of the pain points. Walk us through kind of a typical journey, Whether it's a customer in sports or a customer in media and entertainment. >> Sure. Great, great. So our big announcement at the show here was the partnership with Microsoft and the fact that we were going to be moving the Avid Media Central Platform to Microsoft Azure Cloud. This is a really big watershed moment for the industry, if I may be so bold, because now, Avid with her big alliance ecosystem is going to be migrating to the Cloud. And the more gravity that the Cloud has, the more easy it will be for folks to have a peace of mind that that's a place they can trust and move to. We feel that we had a great advantage in moving to the Cloud, because we already had taken a platform approach. So when we say we're moving into the Cloud, it's obviously not to the exclusion of the typical terrestrial ways that people are accustomed to working. It's all meant to be complementary so that folks can take a hybrid approach. What I mean by this is, whether you're in sports production or in news production or in post-production, you're probably not just going to wake up one morning and say, okay, that's it. Everything I'm doing has got to be in the Cloud, because that's where everybody's going. I need to look in a very planful manner at the way I go about doing things and look at the benefits of what the Cloud brings and be selective in terms of what parts you want to migrate when. And with the partnership with Microsoft, what Avid is saying is you could continue to stay in your traditional on-premises approach here, if you want. You could being to migrate things into a private data center, either still in your own facility or maybe down the street in a data center. Or you could go fully into the public Cloud. And that last one, it's interesting how many people have reacted: oh, I don't know if I'm ready to put my assets, my gold bar equivalence-- >> Mission critical, right. >> into the Cloud, I don't know if I'm comfortable doing that. But the reality is this Microsoft Azure Cloud is trusted by every large banking institution on the planet. It's trusted by the United States Department of Defense. The biggest secrets and the largest assets in the globe are protected by Microsoft Azure. They've gone to extraordinary lengths to make sure that data is going to be secure, and the same holds true for media and entertainment assets. And to really put a fine point on it, they went and got the Motion Picture Association, the MPAA, certification for security, so they have all that. So it's as good as being in Fort Knox when it's in the Cloud. So I really want to put that to rest. I mean, these guys, all they do is think about the security and denial of access to any sort of outside threat, whereas most media and entertainment companies, that's only one of the things they're thinking about. They've got a lot going on, you know. >> Lisa: Exactly, exactly. >> And they are actually more vulnerable, even in terra firma on promoli solutions than they would be going to the Cloud. So just a little editorial aside, because security is a big concern to people at all levels of the industry. >> It is. Certainly, those in the technology space understand is, it's a reducing of the concern, but it is a concern nonetheless. It sounds like what you just articulated customers have the choice of hybrid as a journey or hybrid as a destination. >> Correct, correct, right. They might never move beyond a hybrid state, although I would predict that in five years from now, most everything is going to be cloud-based, and once people start to see the scale and reach and productivity they can get, as well as the benefits of things like machine learning and artificial intelligence (mumbles), just going to help them speed the way that they go about doing what they do. It will be clear that that's the way they should probably be doing what they do, >> Exactly. >> And that's at levels. >> And finding more value from the digital assets that they already have. That's right, exactly. And so, that's the other thing is, once it's in the Cloud, it's easier for you to repurpose and distribute, say, to over the top services, et cetera. So we were talking before about Netflix and Hulu and Amazon and Avid's role there. This may be-- >> Yeah, tremendous amount of content, 80% to 90% original content is produced with Avid. So in the last minute or so, tell us about that. >> Yeah, so Avid has grown up through the industry, we're almost 30 years old, and we understand the pains and challenges that the traditional broadcasters are facing by these insurgent and incumbent newcomers like the streaming services. But what I think is interesting is that those guys are using our tools, too, as you say, to a very large degree. So we're very privileged to have the streaming services as well as eleven of the largest international news organizations using us. Six of the largest Hollywood film studios are using us. We're very fortunate to have all that great diversity of customers that have embraced us across various parts of their workflow. >> Fantastic. Well, it sounds like not a dull moment for Avid or you. >> Right. >> I want to thank you so much, Alan, for stopping by The Cube. >> Thank you, Lisa. >> You are now a Cube alumni. I am, yes. It's great to have been here. Thanks for the invitation. >> Thank you. >> Okay. >> We want to thank you for watching again. We are live at NAB from Las Vegas. I am Lisa Martin. Stick around. We'll be right back.