(bright music) >> Narrator: From the Cube studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a Cube Conversation. >> Hey, welcome back everybody, Jeff Frick here with the cube. We're at our Palo Alto studio today. And we're kind of taking advantage of this opportunity to reach out to the community, as we're going through this COVID crisis, to talk to leaders, get their tips and tricks and advice. As you know, everyone is going through this thing together. It's really a unique situation that everybody has a COVID story, where were you in March of 2020. So we're excited to have our next guest. He's Corey Williams. He's the VP of strategy and marketing for Idaptive. Cory, great to see you. >> Hey, great to see you. Thanks for having me, Jeff. >> Absolutely, I was just thinking the last time that we saw, was late February, it was February 25th. At the RSA conference, 40,000 people I think was the last big show, that I attended for sure, and kind of snuck in, before everything got shut down. It's just amazing, you know, kind of how quick this light switch moment happened to really force first, everybody home, and then you know, kind of all these collateral impacts of that in terms of digital transformation. >> Yeah, it is amazing. I remember that RSA show very well, shaking dozens of people's hands, eating from a buffet, sitting in a crowded room. It's amazing how quickly things have transformed, and how our mindset about, just about everything, but especially what we do for a living and how we interact with each other, had just changed overnight. >> Yeah and it's fascinating too, because when the stay at home, what started to come out, you know, nobody really had time to plan. And you know, and I would argue even if you had, I don't know, six months to plan, nine months to plan, a year to plan, for kind of this cutover, it would still have been a difficult situation. So just to be, you know, kind of thrown in and it's ready said go. Here we are, really unique challenge for people, but also for the infrastructure providers, also for the technology providers, in the space that you operate in, which is security, very different challenge and it wasn't, you know, we're going to plan and get everybody's VPN is all hooked up and configured and tested. It's like, don't come to the office tomorrow. >> Yeah and it literally happened that quickly. It wasn't a matter of being able to plan this, like a normal transition. But it was literally, today we're working in the office, tomorrow, please don't come in, we'll let you know when it's going to change. And I think it really did catch a lot of companies off guard, even those that were used to supporting a remote workforce at least in part. >> Yeah, because it's interesting people been talking about new way to work and work from home and this for a very long time. But you know, this was an incredible forcing function. So let's talk about you know, kind of what you do for the people that aren't familiar with Idaptive. Give us kind of the quick, the quick overview. >> Sure, Idaptive is what's called an identity and access management company. What we do is we make it easier for end users to get access to all their applications, and for organizations to provide that access in more secure manner. As you know, all these cloud applications and devices that we need to have access to, are typically just secured by a password and they all have different passwords, and those passwords often get reused and shared among different employees, and it creates a big problem, for not only for the security of the company, but even for the IT Helpdesk who's got to support account lockouts and password resets and so, Idaptive is one of the leaders in this space. >> As you talk about the password reset and I didn't think really kind of from the IT support side if you don't have a teenager hopefully close by in the room you know, that creates all kinds of challenges, but it's real and the password situation was bad before. Now as you said we've got all kinds of internal applications, you've got all types of access control to your inside stuff, you have all your cloud applications. A lot of times you said passwords are stored in queues or they're stored in caches, or they're stored in your Chrome browser. You guys have written extensively about passwords and getting kind of past passwords to better ways to authenticate people, whenever you can actually written quite a bit recently on blog posts. Talk about your kind of strategy and how you help customers kind of rethink access. >> Yeah, there's sort of two main strategies that I've been writing about. And then our company has been talking to our customers about. The first one we call Next-Gen Access, which is essentially a combination or layers of technology like Single sign-on, multi-factor authentication, provisioning, and analytics provide some user behavior and risk. All of that is intended to provide a more secure experience where we can put additional factors besides just a password, in front of the user, but only do it, when the risk is high, so that we can preserve the user experience. And so that we call a Next-gen access approach. But ultimately, the reason you want to do that is to arrive at a zero trust state of mind. That sort of approach allows you to say that, hey, I've verified every user, that is on my network. I know the device they're using is something that I trust and is in good shape. And I've limited their access to just what they need in order to do their job. >> Now, do you find that most people in this situation are still accessing via a VPN or some secure network or as most of it, you know, it's public internet access, and you're relying really on the applications and the access and the protocols and the two factor to make sure people can only get what they're supposed to get? >> Yeah, I think you kind of bring up a good point. The vast majority of businesses are what I've referred to hybrid enterprises, they still have on-premise applications, they still have their own applications that they build. But they also are in the process of adopting cloud applications like Office 365. And you know, all of the different kind of productivity apps, that are very popular. And so most companies are stuck in this situation where they can't simply be completely virtual company overnight. They still have to provide access to on-premise systems and applications in order to do their business. And so many of them just had the option of saying, okay, here's VPN access for everyone. But as as we know, VPN access is a very blunt instrument. First of all you have it has to be able to scale to a lot of users. Second of all, it gives you access to the whole network from a remote location, both of which are situations that are difficult, especially when you have to turn it on overnight. >> You're right. So you and one of the articles that I saw in getting ready for this, has some really specific as straightforward advice to people, to help them enable their remote workers. I wonder if you could go through some of those key points with us? >> Sure, I think, you know, when you think about remote access or having a remote workforce, you think about a few different things. One is be able to provide them easy kind of friction, free discovery of their applications and providing access. So, having something like a portal of all the applications that you're supposed to have access to whether they're on-premise or in the cloud, and have one click access to those protected in a way that is common to all those applications, using something like a second factor of authentication. That provides some of the immediate convenience of getting people up and productive, even if they're outside the network at home. The second thing we think about is, how do we give access to those on-premise applications? You can use VPN, it's quick, I can tell you that our customers are telling us two things. One is they didn't prepare for that much capacity. So their VPN connections don't scale. So they're having to ration the use of it, which limits the productivity. But also, they haven't necessarily rolled out multi-factor authentication to all of these users who don't typically use VPN. And so they are forced with either having to dial down, the security level, or to scramble and try to find a way to secure that access. So in my writings, we've been talking about providing alternatives to a VPN, something like an application gateway, which would can give you access to just the apps you need, without having to have full network access, and having those apps just be published through the gateway. >> So there's really some kind of creative ways to restructure the access beyond just simply having better access more secure access and as you said VPN and multi-factor cause in fact, you might not be able to implement those things just in the timely manner which you have, as we said, this was a light switch moment. >> Yeah I think definitely the it's something to think about in these emergency light switch moments, what is the easiest way and there's three parties involved. You've got the security folks who are concerned about maintaining a level of continuity with the access to their data. But you also have the end user and they have to do their job. It has to be easy enough for them to be able to do, without having to have a lot of special training. And let's not forget the IT Helpdesk, either. They are getting overwhelmed with requests for about basic technology use and about getting access to the basic resources. The last thing you want to do is pile on a whole bunch of new lockouts. And, you know, barriers have been put in front of users, that can overwhelm them. So you kind of have to think about all three parties, when you're developing a solution for remote workforce. >> All right, and I presume the bad guys are not taking holiday, seeing this opportunity as again, we're constantly talking about this increasing attack surface. It just got a whole lot bigger for the bad guys. >> It certainly did. I mean, if you think about the attack surface, it used to be that if they could get past your network barrier, then they were in. And so he was very concentrated around securing the network. As you start adopting more mobile and cloud applications, now your attack surface becomes all the resources are out in the cloud. Now, when you take all of your workers and disperse them to home, each one of their own systems and networks becomes an extension of that attack surface. And so anything you can do to narrow and lessen the attack surface by making sure you have good user verification, device validation, and other layers of intelligence to help you monitor that access. It reduces the scope to everyone on Earth, from any device on Earth, to just the people that you you trust and if identified, and that's why we talked to our our customers about is putting these layers in that can balance that security, but also provide a more friction free user experience and that's the real trick. >> All right, so I'm just curious to get your take you've been in the business for a long time. And kind of the state of passwords, you know, is this just something we're stuck with forever? Do you see in the not too distant future? Or medium future? Passwords going away? I mean, we've got biometric stuff now, you can touch your phone, you can read your iris, but those things can be spoofed as well. Where do you see, you know, kind of the passwords evolving and what's going to take its place? >> You know, it's a little bit like the clothes in the back of my closet, you can never quite get rid of everything. And I think passwords are will always be with us in some form, because they're baked into technology that's been around forever. As a side note, you've probably heard about these IRS checks going out. And there being problems in some states because these stimulus checks are dependent on systems that were built 50 years ago. And so technology kind of lives forever in some form. So we can't necessarily get rid of passwords, but there are two things we can do, one is we can never depend on passwords alone to secure access, we can layer on, multi-factor authentication and artificial intelligence to determine risk level and put an additional set of factors in front of the user. But we can also develop new applications and technologies, with more of what is being known as a password list experience, which is sort of an ideal thing. And we have some experience with modern technology like facial recognition on our iPhone or a fingerprint on our PC. Those types of experiences can be built in and before COVID happened, I'd say that one of the big trends of 2020 was this idea of password list access. And we have actually recently announced some of our own password capabilities, but it was a hot trending topic. And I think will continue to be because not only is it a more secure experience, but it's also much easier for end users and they would prefer to have a one click access rather than having to remember a complex string that they have changed in 90 days. >> I was going to say, do you think it's an accelerant? Or in terms of having this alternative access method? Or is it a pullback because people are hunkering down, but it sounds on those two attributes, that it's a better thing. >> I think definitely in >> The more secure that seems pretty straightforward. >> Yes, I think definitely, in the medium and long term, this will accelerate the trend. In the short term, yes. Everything is being focused on just enabling those remote users. There was a actually a recent survey done by Mayfield, with their collection of CSOs and CTOs, asking them what the top priorities were in the short term. And of course, the number one priority for IT leaders is enabling that remote workforce. But number two in the short term is actually security enabling that says not only enabling users to work from home productively, but making sure that security is keeping track. So I don't think they've lost sight even in the short term, although I think they're focused on very tactical goals related to scaling out the solutions and supporting their end users. In the medium term and in the long term, this is going to have lasting effects. We know that the remote workforce trend was accelerated and there's no turning back. Companies are going to be more remote, they're going to be more comfortable with remote models. And so having better stronger, better experiences and stronger authentication experiences will be part of how we do things going forward. >> Well, Cory, in everywhere we go, security has to get baked into everything. So it's no longer a bolt in is, as you well know, and so it's not surprising that that's right in there with supporting those remote people cause they got access to the keys to the kingdom. You just can't let that get out there. So give you the final word once we come out of COVID and in terms of, you know, looking directly at what that's driving in terms of priorities. What are some of the other priorities that you hope to get back to, once we kind of get through this period? >> Well, I mean, I think clearly, we're seeing the effect on certain industries like travel and hospitality and others, we certainly and we tell,, we certainly hope that those businesses are able to come back strong. So those are some of the things we're looking forward to. But we know a lot of our customers are really wanting to not just respond to the current activities that are happening, but they want to build their businesses. They want to build better user experiences, they want to put out new digital experiences. We know from the survey as well, from Mayfield that increasing acceleration towards adopting cloud, and towards the digital transformation of user and business processes is going to be key. And so that's what we see the future is not just in providing security to prevent the bad guy, but to enable these new digital experiences and to accelerate these trends like move to cloud, identity and access management is fundamental to all of those efforts. And we see that as being a very positive thing. And hopefully this will end up serving as a catalyst to spurred and acceleration of those adoptions. >> Well, I think there's no doubt about it. I mean, we're not going to go back and the longer this thing goes on, the more new habits are formed, and people aren't just going to want to go back to the old ways. So I think there's no doubt about it. And I really appreciate you sharing your insights. Again, Cory has written a ton of stuff. There's blogs all over the place, do a quick search on Cory Williams with an E, and you'll find some of his blog posts and thanks for taking a few minutes with us here today, Cory. >> You bet, thank you, Jeff. >> All right, he's Corey, I'm Jeff. You're watching the cube. We're in our Palo Alto studios. Stay safe out there, and we'll see you next time. Thanks for watching. (bright music)