>> Narrator: Live from Las Vegas, Nevada, it's theCUBE covering Accelerate 2017 brought to you by Fortinett. Now, here are your hosts, Lisa Martin and Peter Burris. >> Hi, welcome back to theCUBE. We are SiliconANGLE's flagship program where we go out to the events and extract the signal from the noise. Today, we are with Fortinet at their 2017 Accelerate event in Las Vegas. I'm your host, Lisa Martin, and I'm joined by my cohost, Peter Burris. We are fortunate right now to be joined by George Moore. George is the technology, excuse me, the CSO for Microsoft Azure who is a big technology alliance partner for Fortinet. George, welcome to theCUBE. >> Nice to have you, thank you. >> We are excited to have you on. You are, as you mentioned, the CSO at Azure, but you are the CSO for all of the Azure computer services. You are one of the founders of the Azure engineering team from back in 2006, and we were talking off-line. You hold over 40 patents in things like security deployment, interactive design, et cetera. You are a busy guy. >> I am, yes. (laughing) >> One of the things we have been talking about with our guests on the show today, and a great topic that was in the general session was about the value of data, and how do businesses transform to digital businesses. The value in that data has to be critical. I'd love to get your take on as businesses have to leverage that data to become more successful or to become successful as digital businesses, we know the security of the perimeter is not the only thing. It needs to be with the data. What is Azure doing to secure the cloud for your customers, and how do you help them mitigate or deal with the proliferation of mobile devices and IOT devices that they have that are connecting to their networks? >> Digital disruption is affecting everybody, and it is a huge thing that many companies are struggling to understand and to adopt to their business models, and to really leverage what digital can do for them, and certainly we are doing in the public cloud with Azure helps that significantly. As you mentioned, there is just a proliferation of devices, a proliferation of data, so how do you have defense in depth so you don't have perimeter-based security, but you actually have defense in depth at every level, and at its heart, it really falls down to how do you do encryption at rest, how do you secure the data encrypted? Who holds the keys for the data? What is the proliferation of the keys? How did the controls manage for that? Of course, of the data is encrypted, you really want to be able to do things upon it. You want to be able computer over it. You want to be able to queries, analytics, everything, so there's the question of how to securely exchange the keys? How do you make sure that the right virtual machines are running, the right computers running at the time to do the queries? That's the set of controls and security models and services that we provide in Azure that makes it super easy for customers to actually use that. >> Azure represent what's called the second big transformation for Microsoft where the first one might have been associated with Explorer, those amazing things that Microsoft did to transform itself in the 1990s and it seems to be going pretty well. How is security facilitating this transformation from a customer value proposition? >> Security is absolutely the number one question that every customer has whenever they start talking about the cloud, and so we take that very, very seriously. Microsoft spends over billion dollars a year on all of our security products all up. We have literally armies of people who do nothing every day but wake up and make sure that the product is secure, and that really boils down to two big pieces. One is how do we keep the platform secure from the security control that we have ourselves in the compliance ADA stations and everything to make sure that when customers bring their workloads to us, they are in fact kept secure. Second is a set of security controls that we provide the customers so they can actually secure their workloads, integrate their security models with whatever they're running on premise, and have the right security models, ADA stations, multifactor authentication, identity controls, et cetera for their own workloads. >> Security is very context specific. I'm not necessarily getting into a conversation about industry or whatnot, but in terms of the classifications of services that need to be provided, we were talking a little bit about how some of the services that you provide end being part of the architecture for other services within the Azure cloud. Talk a little bit about how you envision security over time evolving as a way of thinking about how different elements of the cloud are going to be integrated and come together in the role that security is going to play in making that possible and easy. >> You are absolutely right. Azure is composed of, right now, 80 some-odd different services and there's definitely a layering where for example, my components around the compute pieces are used by the higher order of services around HD insight and some of the analytic services and such, and so the security models we have in place internally for compute in turn are used by those higher order services, and the real value we can provide is having a common customer-facing security model for customers, so there is a common way by which they can access the control plane, do management operations upon these services, how they can access the endpoints of the services using a common identity model, a common security model, role-based access control, again, from a common perspective, logging, auditing, reporting, so all this has to be cohesive, correct, and unified so that customers aren't facing this tumultuous array of different services that speak different languages, so to speak. >> We are here at Fortinet Accelerate 2017. Tell us how long Microsoft Azure and Fortinet have been working together, and what are you most excited about with some of the announcements from Fortinet today? >> Microsoft and Fortinet partnership has been going on for quite some time. Specifically in Azure space we've been doing two different, two major thrusts around integration with the Azure Security Center which is a set of services that we have within Azure that provides turnkey access to many, many different vendors including Fortinet as one of our primary partners, and Fortinet also has all their products in Azure marketplace so that customers can readily in a turnkey manner use Fortinet next generation firewalls and such as virtual machines, incorporate those directly within their workloads, and have a very seamless billing model, a very seamless partnership model, a very seamless go-to-market strategy for how we jointly promote, jointly provide the services. >> One of the things that one of our guests was talking with us about today was really about it's an easy sell, if you will, at the C-level to sell the value of investing in the right infrastructure to secure environments. Looking at that in correlation to the fact that there's always historically been a challenge or concerned with security when it comes to enterprises moving workloads to the cloud, I'm curious about this easy-sell position that cyber security and the rise of attacks brings to seeing the adoption of more enterprise workloads. We are seeing numbers that are going to show, or predicting that north of 85% of enterprise workloads will be in the cloud by 2020. How much is Microsoft Azure seeing the fact that cyber security attacks are becoming more and more common, hitting some pretty big targets, affecting a lot of big names. How much are using that as an impetus to and maybe drive that adoption higher and higher from an enterprise perspective? >> Absolutely, I see that everyday. I give many, many talks to the C-level, to CSOs, CEOs, et cetera, and I can say in many industries like the banking industry, financial sector, 18 months ago banks did not have any interest in public cloud. Is just like, "Thank you, we have no interest in cloud," but recently there has been the dawning realization that Azure and the public cloud products are in fact, in many cases, more secure than what the banks and other financial industry sectors can actually provide themselves because we are providing huge amounts of investments from an ongoing basis that we can actually provide better security, better integrated security than what they can afford on premise, so as a result, we are seeing this now, literally, stampede of customers coming to us and saying, "Okay, I get it. "You can actually have a very, very "highly secure environment. "You can provide security controls "that can go well above and beyond "whatever I could do on premise, "and it's better integrated "than what I could ever pull together on premise." >> One of the reasons for that is because of the challenge of finding talent, and you guys can find a really talented person, bring them in, and that person can build security architectures for your cloud that then can be served, can be used by a lot of different customers, so what will be the role of or how will this need for talent in the future, what would be the role for how people engage your people, client's people engage your people to ensure that that people side and moves forward, and how do you keep scaling that is you scale the cloud? >> Certainly people are always the bottleneck in virtually every industry, and specifically within the computing space. The value that we are seeing from customers is that the people that they had previously on premise who were working to secure the base level common infrastructure are now freed because they don't have to do that work. They can do other interesting things at the application level and move their value added further up the stack which means I can innovate more rapidly, they can add more features more quickly, because they are not having to worry about the lower-level infrastructure pieces that are secured by Azure, so we are seeing the dawning realization that we are moving to this new golden age where there is higher degree of agility with respect to innovation happening at the application level, because remember, applications have to be, if you are having a compliant workload, if you are having PCI compliance within the credit card industry for example, you have to have the entire application and its infrastructure part of the compliance boundary, so that means when you are building that app, you have to give your auditors the complete stack for them to pass that. If you are only having to worry about this much as opposed to that much, then the amount of work that you can do, the amount of integration, the amount agility, the amount of innovation you can do at that level is many orders of magnitude higher, so you really see that the value that a lot of customers are having here is that their talented people can be put to use on more important higher order business-related problems as opposed to lower-level infrastructure level issues. >> Let's talk about that for second because one of the things that we see within our research is that the era of cloud as renting virtual machines is starting to transition as people start renting applications, or applications as services that they themselves can start putting together. Partly the reason why that's exciting is because it will liberate more developers. It brings more developers into the process of creating value in the cloud, but as they do that, they now have visibility, or they are going to be doing things that touch an enormous set of resources, so how do you make security easier to developers in Azure? >> The key is that we can do high degrees of integration at the low level between these very services. >> Peter: It goes back to that issue of a cascading of your stuff up into the other Azure services. >> Absolutely, I mean think about it, we sat on top a mountain of information. We have analytics and log files that know about virtually everything that's happening in the cloud, and we can have machine learning, we can have intelligence, we can have machine intelligence and such, that can extract signals from noise that would otherwise be impossible to discover from a single customer's perspective. If you have a low and slow attack by some sort of persistent individual, the fact that they are trying the slow and low attack means that we are able to pull that signal out and extract that information that would not be really physically possible, or economically possible for most companies to do on premise. >> Does this get embedded to some of the toolkits that we are going to use to build these next-generation cloud-based apps? >> It gets embedded into the toolkits, but it also gets embedded at the set of services like the Azure Security Center. A single pane of glass that's integrated with the products from Fortinet and others where the customer can go and have a single view across all their work was running within Azure and get comprehensive alerts and understanding about the analytics that we are able to pull out and provide to those customers. >> What's next? >> Security is an ever evolving field, and the bad guys are always trying new things, so the work that is really happening, a lot of the innovation that's happening is within the analytics, machine learning space around being able to pull more log files out, being able to refine the algorithms and basically being able to provide more AI to the logs themselves so that we can provide integrated alerts, like for example, if you have a kill chain of an individual coming in attacking one of your product, and then using that to the lateral mobility to other products, or other services within your product, we can pull this together in a common log. We can show to customers here's the sequence of this one individual that across three, or four, or five different services. You have top level disability, and we can give you then guidance to say if you insert separation of duties between these two individuals, then you could've broken that kill chain. We can do proactive guidance to customers to help them secure their own workloads even if they necessarily initially were not deployed in a necessarily most secure manner. >> George, we just have a couple of minutes left, but I'd like to get your perspective. You showed a tremendous amount of the accomplishments that Azure has made in public cloud and in security. What are the opportunities for partners to sell and resell Azure services? >> Absolutely. Microsoft has historically always worked incredibly well with partners. We have a very large partner ecosystem. >> Peter: It's the biggest. >> Is the biggest, exactly. Okay, I don't want to brag too much, yes. (laughing) >> That's what I'm here for, George. >> We see specifically in the security space that partners are increasingly, around 40% of their revenue increasingly is coming from cloud-based assets, cloud-based sales. We are setting up the necessary partner channels and partner models where we can make sure that the reseller channels and our partners are an integral part of our environment, and they can get the necessary revenue shares, and we can give them the leads on how the whole system evolves. Absolutely we believe that partners are first and foremost to our success, and we are making deep, deep, deep investments in the partner programs to make that possible. >> Well George, we wish you and Microsoft Azure continued success as well as your partnership with Fortinet. We thank you so much for taking the time to join us on theCUBE today. >> Thank you. >> And for my cohost, Peter Burris, I'm Lisa Martin. Stick around, we will be right back on theCUBE.

>> Announcer: Live, from Las Vegas, Nevada, it's theCUBE, covering Accelerate 2017. Brought to you by Fortinet. Now, here are your hosts, Lisa Martin and Peter Burris. >> Welcome back to theCUBE, I'm Lisa Martin joined by Peter Burris. We have been in Vegas all day at Accelerate 2017. What an exciting, buzz-filled day that we've had, Peter. I feel like we've learned, I've learned a lot myself, but also just that the passion and the opportunity for helping companies become more secure, as security is evolving, is really palpable. >> Well, yeah, I totally agree with you, Lisa. In fact, if there's one kind of overarching theme of what we heard and what we experienced, it's this is one of the first conferences, security conferences, that I've been to, where we spent more time talking about business opportunity, business outcome, the role that security is going to play in facilitating business change. And we spent a lot less time talking about security speed, security feeds, geeking out about underlying security technologies. And I think that portends a pretty significant seismic shift in how people regard security. We'll still always have to be very focused and understand those underlying technologies in the speeds and feeds, but increasingly, the business conversation is creeping into, and in fact, starting to dominate how we regard security. It's past become reviewed in a digital world, it has to become viewed as a strategic business asset, and not just as the thing you do to make sure your devices don't get stolen or appropriated. >> Right, and that context was set from the beginning with the keynotes this morning. The CEO Ken Xie, a lot of folks that we talked to today, said he normally gets quite technical in keynotes, and today kept things really at a business level. >> And we heard that many people thought it was the best keynote they've seen him give in a long time. >> That's right, that's a great point. >> And one of his key messages was that at the end of the day, digital business is not about some new observations on channels or new observations on products. It really is about how you use data to differentiate, differentially create sustained customers. My words, not his, but it's very, very much in line. The difference between any business and digital business is how you use your data. And we heard that over and over and over today, and how security, technologies, and practices, and capabilities have to evolve to focus more on what businesses want to do with data. That is where, certainly Fortinet, sees the market going, and they're trying to steer their customers so that they can take advantages of those opportunities. >> Right, and that's a great point that you made. Their CFO, who we had on the program as well, Drew Del Matto, talked about in his keynote, that it's critical for a company to be able to have digital trust. We talk about trust in lots of different contexts, but what does trust mean to a business? >> As you said, he's the CFO. It's interesting, CFO is typically focused on things like is the ownership getting a return on the capital that they've invested in this company? It was very, to me anyway, refreshing to hear a CFO expressly state data is becoming an increasing feature of the capital stock of the company. And we have to take explicit steps to start to protect it and secure it, because in fact, it's through security that data is turned into an asset. If you don't secure your data, it's everywhere. It's easily copied, it flies around. Data and security-- at least data asset, the concept of data asset, and security, are inextricably bound because it is through security that you create the asset notion of data. The thing that generates value. Because if you don't, it's everywhere. It's easy to copy. I thought he did a wonderful job of starting to tie together the idea of data in business in a very straightforward, tactical, CFO approach. It was a good conversation about where business people are starting to think about how this is going to evolve. >> He also talked about the role of the CSO, and there was a panel during the general session of three CSOs from different industries. That's an interesting evolution as security has evolved from perimeter only to web, to cloud, to-- Now, where we need to be as Ken Xie talked about, we're at this third generation. It's about fabric. He talked about that, and the importance of that, and the capabilities. But it's also interesting to hear security's now a conversation in the boardroom. This is not something that is simply owned by a CIO or CSO, that that role has to facilitate a company becoming a digital army in order to create value from that data. A lot of folks said today, too, that mindset of "If I can't see it, I can't protect it." >> Yeah, we heard that this morning from the CFO, we also heard it from George, the CSO of Azure, Microsoft Azure. We heard the relationship, the evolving role of the CSO, or the Chief Security Officer multiple times today. Security's hard. This is not easy stuff. We can bring a lot of automation, and we can bring a lot of technology to bear on making it easier and simplifying it. And we heard a lot about how that's happening. But this is a hard, hard thing to do, for a lot of reasons. But it's one that must be done, especially in a digital world. And the role, or the impact on the CSO role, is profound. You're not going to have everybody in the organization-- They all have a stake in it, but they're all not going to perform security routines, necessarily. Yet, it's too big, as we heard from George, for one person. We have to start increasingly thinking about security as a strategic business capability that may be championed by the CSO, but is going to be undertaking in a lot of different places. One of the things that the Microsoft gentleman, George-- >> Lisa: George Moore. >> George Moore bought up, was the idea that increasingly, if you do security right, you can secure things at a relatively technical level and present them as services so that other parts of the business can start to consume them, and they become part of their security architecture. And it goes into their products, or it goes into their services, or it goes into how they engage customers. >> Facilitating scale. >> Or whatever else it might be, logistics. I think that that is a very powerful way of thinking about how security's going to work through a fabric, being able to present a hierarchy of security capabilities that go all the way out to your customers and actually allow you to engage your customers at a security conversation level. Which is, we also heard that talked about a little bit today. The role, the brand value of trust, but we still don't have an answer for how that's going to play out. >> If we look at some of the other things that were talked about in Ken's keynote, hyperconnectivity. From the proliferation of mobile and IoT, which IoT devices, there's 20 billion that are predicted to be connected by 2020, which is just a few years away. As that sounds, well it doesn't sound, it is increasing the threat surface, and we are also hearing from some of the folks that were on the program today, Derek Manky being one of them, who wrote a great blog just published recently on Fortinet talking about the major trends that are being seen and the challenges there. I think we're also seeing that companies like Fortinet and their suite of technology alliance partners like Microsoft, like Nazomi, going all the way out to the endpoints and back, that these companies are coming together to collaborate, to start mitigating the risks that are increasingly there with the threat surface being larger. I think there was a lot more positivity than I honestly anticipated. When you hear of all these attacks that it's daily, and that's such a common thing. The collaboration of the technology and the integration is exciting to hear where these companies are going to be able to limit damage. >> And to put one more number on it, the 20 billion devices, but it's what those devices are doing. Again, George Moore from Microsoft Azure talked about I think he said, it was 800 billion events that they're dealing with a day. And in 2017, Microsoft Azure is going to cross a threshold of dealing with one trillion events a day that they have to worry about from a security standpoint. If you think about that industry wide, Microsoft Azure's big, but there are others. We're talking today, probably somewhere, I just estimated, he said, "Yeah, that sounds about right," about five trillion, five trillion events a day that businesses have to worry about in aggregate from a security standpoint. And that number is just going to keep growing exponentially. In a year's time, he talked about three, four, five x. So we're talking about hundreds of trillions of events. >> Staggering numbers. >> Within the next decade or so. There is virtually no way that human beings are set up to deal with those kinds of numbers. It's going to require great technology-- >> Automation. >> That provides great automation. That nonetheless, works with humans so that the discretion that human beings bring, the smarts, and the collaboration that human beings bring to bear. The value that they create stays there. We're going to see more productivity coming out of these incredibly smart people that are doing security, because the tooling's going to improve and make it possible. And if it doesn't happen, then that's going to put a significant break on how fast a lot of this digital business evolution takes place. >> Another point that was quite prevalent among our conversations today, was that there isn't, with the exception maybe of healthcare, it's quite an agnostic problem that enterprises are facing in terms of security threats. When we talked to Derek, he mentioned healthcare being one because that information is so pervasive. It's very personal and private. But something that kind of surprised me, I almost thought we might see or hear about a hierarchy, maybe healthcare, financial services. But really, what everyone talked about today, was that the security threats are really pervasive across all industries. All the way, even to industrial control systems and HVAC systems. Which shows you the breadth of the challenge ahead. But to your point, and some of the points that some of our guests made, it's going to be a combination of the humans and the machines coming together to combat these challenges. >> Well I think what we're seeing is that there's a high degree of data specialization within a lot of industries based on different terms, different tactics, different risk profiles, et cetera. But that many of the algorithms necessary to understand exceptions or deal with anomalies, or one of those other things, are applicable across a lot of different industries. What we are likely to see over the next few years is we're still likely to see some of that specialization by industry, by data. Nonetheless, become featured in the output, but the algorithms are going to be commonly applied. They'll get better and better and better. There's still likely to be some degree of specialization if only because the data itself is somewhat specialized, but the other thing that we heard is that it's pretty clear that the bad guys want to get access. Well, let's put it this way, not all data is of equal value. And the bad guys want to get access to the data that is especially valuable to them. A lot of that data is in healthcare systems. To bring these common algorithms that specialize data to secure the especially challenging problems associated with healthcare is a real, real big issue for a lot of businesses today. Not just healthcare businesses, but people who are buying insurance for their employees, et cetera. >> Exactly, it becomes a pervasive problem. You were mentioning today that this was very much a business conversation versus speeds and fees. We did hear about a couple of technologies moving forward that are going to be key to driving security forward. Analytics, data science, in fact-- We also talked about kind of the difference between security fabric which Fortinet rolled out last year, and a platform and how businesses are kind of mobilized around that, and the differences there. Control versus spreading that out. One of the things that Forinet did about, I think it was in June of last year, was they acquired AccelOps. Bringing in monitoring, bringing in realtime analytics. A lot of our guests talked about the essentialness of that realtime capability to discover, detect, remediate, and clear things up. From a 2017 perspective, besides analytics and data science, what are some of the other things you see here as essential technologies to facilitate where the security evolution trajectory is going? >> I think in many respects, it comes back to some of the things we just talked about. That as digital business increasingly-- Let's step back. The way we define, at Wikibon SiliconANGLE, what digital business is, what differentiates your digital business from any other kind of business is data. It's how you use your data to create and sustain customers. That's a pretty big world. There's a lot of-- You know, most of us operate in the analog world. There's some very interesting ways of turning that analog information into digital information. There's voice, there's photographs, there's a lot of other-- We talked a little bit about industrial internetive things. There's an enormous set of investments being made today to turn the analog world that all of us operate in, and the processes that we normally think about, into digital representations that then can be turned into models for action, models for insight, new software systems that can then have an impact on how the business actually operates. And I think that, if we think the notion of analytics and data science, and by the way, security's one of those places where that set of disciplines have really, really matured through fraud detection and other types of things. But I think what we're going to look at, is as new types of data are created by different classes of business or different classes of industry, or different roles and responsibilities, that that data, too, will have to be made secure. What we're going to see, is as the world figures out new ways of using data to create new types of value, that the security industry is going to have to be moving in lockstep so that security doesn't once again become the function that says no to everything, but rather the function that says, "Yeah, we can do that." We can go from idea to execution really fast, because we know how to make that data secure. >> Well, Peter, it's been such a pleasure, an honor, co-hosting with you today. Thank you so much for sharing the desk with me. >> Absolutely, Lisa. >> Look forward to doing it some other time. And we want to thank you so much for joining us on theCUBE today as well. I want to also point you to some of the upcoming events. Go to SiliconANGLE.tv. Next week, we've got the VTUG Winter Warmer going on. You'll also be able to see that on the website. Women and Data Science with yours truly in early February. And then the Spark Summit in February, Feb 7-9 in Boston. Again, that's SiliconANGLE.tv. For my co-host Peter Burris, I'm Lisa Martin. Thanks so much for watching, and we'll see ya next time. (techno music)