>> Hey, welcome back everybody, Jeff Frick here with The Cube. We're at Data Privacy Day 2018, I still can't believe it's 2018, in downtown San Francisco, at LinkedIn's headquarters, the new headquarters, it's a beautiful building just down the road from the sales force building, from the new Moscone that's being done, there's a lot of exciting things going on in San Francisco, but that's not what we're here to talk about. We're here to talk about data privacy, and we're excited to have a return visit from last year's Cube alumni, she's Eva Velasquez, president and CEO, Identity Theft Resource Center. Great to see you again. >> Thank you for having me back. >> Absolutely, so it's been a year, what's been going on in the last year in your world? >> Well, you know, identity theft hasn't gone away >> Shoot. >> And data-- >> I thought you told me it was last time. >> I know, I wish, and in fact, unfortunately we just released our data breach information, and there was a tremendous growth. It was a little over 1000, previous year, and over 1500 data breaches... in 2017. >> We're almost immune, they're like every day. And it used to be like big news. Now it's like, not only was Yahoo breached at some level, which we heard about a while ago, but then we hear they were actually breached like 100%. >> There is some fatigue, but I can tell you that it's not as pervasive as you might think. Our call center had such a tremendous spike in calls during the Equifax breach. It was the largest number of calls we'd had in a month, since we'd been measuring our call volume. So people were still very, very concerned. But a lot of us who are in this space are feeling, I think we may be feeling the fatigue more than your average consumer out there. Because for a lot of folks, this is really the first exposure to it. We're still having a lot of first exposures to a lot of these issues. >> So the Equifax one is interesting, because most people don't have a direct relationship with Equifax, I don't think. I'm not a direct paying customer, I did not choose to do business with them. But as one of the two or three main reporting agencies, right, they've got data on everybody for their customers who are the banks, financial institutions. So how does that relationship get managed? >> Oh my gosh, there's so much meat there. There's so much meat there. Okay, so, while it feels like you don't have a direct relationship with the credit reporting agencies, you actually do, you get a benefit from the services that they're providing to you. And every time you get a loan, I mean this is a great conversation for Data Privacy Day. Because when you get a loan, get a credit card, and you sign those terms and conditions, guess what? >> They're in there? >> You are giving that retailer, that lender, the authority to send that information over to the credit reporting agencies. And let's not forget that the intention of forming the credit reporting agencies was for better lending practices, so that your creditworthiness was not determined by things like your gender, your race, your religion, and those types of really, I won't say arbitrary, but just not pertinent factors. Now your creditworthiness is determined by your past history of, do you pay your bills? What is your income, do you have the ability to pay? So it started with a good, very good purpose in mind, and we definitely bought into that as a society. And I don't want to sound like I'm defending the credit reporting agencies and all of their behavior out there, because I do think there are some changes that need to be made, but we do get a benefit from the credit reporting agencies, like instant credit, much faster turnaround when we need those financial tools. I mean, that's just the reality of it. >> Right, right. So, who is the person that's then... been breached, I'm trying to think of the right word of the relationship between those who've had their data hacked from the person who was hacked. If it's this kind of indirect third party relationship through an authorization through the credit card company. >> No, the, Equifax is absolutely responsible. >> So who would be the litigant, just maybe that's the word that's coming to me in terms of feeling the pain, is it me as the holder of the Bank of America Mastercard? Is it Bank of America as the issuer of the Mastercard? Or is it Mastercard, in terms of retribution back to Equifax? >> Well you know, I can't really comment on who actually would have the strongest legal liability, but what I can say is, this is the same thing I say when I talk to banks about identity theft victims. There's some discussion about, well, no, it's the bank that's the victim in existing account identity theft, because they're the ones that are absorbing the financial losses. Not the person whose data it belongs to. Yet the person who owns that data, it's their identity credentials that have been compromised. They are dealing with issues as well, above and beyond just the financial compromise. They have to deal with cleaning up other messes and other records, and there's time spent on the phone, so it's not mutually exclusive. They're both victims of this situation. And with data breaches, often the breached entity, again, I hate to sound like an apologist, but I am keeping this real. A breached entity, when they're hacked, they are a victim, a hacker has committed that crime and gone into their systems. Yes, they have a responsibility to make those security systems as robust as possible, but the person whose identity credentials those are, they are the victim. Any entity or institution, if it's payment card data that's compromised, and a financial services institution has to replace that data, guess what, they're a victim too. That's what makes this issue and this crime so terrible, is that it has these tentacles that reach down and touch more than one person for each incident. >> Right. And then there's a whole 'nother level, which we talked about before we got started that we want to dig into, and that's children. Recently, a little roar was raised with these IOT connected toys. And just a big, giant privacy hole, into your kid's bedroom. With eyes and ears and everything else. So wonder if you've got some specific thoughts on how that landscape is evolving. >> Well, we have to think about the data that we're creating. That does comprise our identity. And when we start talking about these toys and other... internet connected, IOT devices that we're putting in our children's bedroom, it actually does make the advocacy part of me, it makes the hair on the back of my neck stand up. Because the more data that we create, the more that it's vulnerable, the more that it's used to comprise our identity, and we have a big enough problem with child identity theft just now, right now as it stands, without adding the rest of these challenges. Child and synthetic identity theft are a huge problem, and that's where a specific Social Security number is submitted and has a credit profile built around it, when it can either be completely made up, or it belongs to a child. And so you have a four year old whose Social Security number is now having a credit profile built around it. Obviously they're not, so the thieves are not submitting this belongs to a four year old, it would not be issued credit. So they're saying it's a, you know, 23 year old-- >> But they're grabbing the number. >> They're grabbing the number, they're using the name, they build this credit profile, and the biggest problem is we really haven't modernized how we're authenticating this information and this data. I think it's interesting and fitting that we're talking about this on Data Privacy Day, because the solution here is actually to share data. It's to share it more. And that's an important part of this whole conversation. We need to be smart about how we share our data. So yes, please, have a thoughtful conversation with yourself and with your family about what are the types of data that you want to share and keep, and what do you want to keep private, but then culturally we need to look at smart ways to open up some data sharing, particularly for these legitimate uses, for fraud detection and prevention. >> Okay, so you said way too much there, 'cause there's like 87 followup questions in my head. (Eva laughs) So we'll step back a couple, so is that synthetic identity, then? Is that what you meant when you said a synthetic identity problem, where it's the Social Security number of a four year old that's then used to construct this, I mean, it's the four year old's Social Security number, but a person that doesn't really exist? >> Yes, all child identity theft is synthetic identity theft, but not all synthetic identity theft is child identity theft. Sometimes it can just be that the number's been made up. It doesn't actually belong to anyone. Now, eventually maybe it will. We are hearing from more and more parents, I'm not going to say this is happening all the time, but I'm starting to hear it a little bit more often, where the Social Security number is being issued to their child, they go to file their taxes, so this child is less than a year old, and they are finding out that that number has a credit history associated with it. That was associated years ago. >> So somebody just generated the number. >> Just made it up. >> So are we ready to be done with Social Security numbers? I mean, for God's sake, I've read numerous things, like the nine-digit number that's printed on a little piece of paper is not protectable, period. And I've even had a case where they say, bring your little paper card that they gave you at the hospital, and I won't tell you what year that was, a long time ago. I'm like, I mean come on, it's 2018. Should that still be the anchor-- >> You super read my mind. >> Data point that it is? >> It was like I was putting that question in your head. >> Oh, it just kills me. >> I've actually been talking quite a bit about that, and it's not that we need to get, quote unquote, get rid of Social Security numbers. Okay, Social Security numbers were developed as an identifier, because we have, you can have John Smith with the same date of birth, and how do we know which one of those 50,000 John Smiths is the one we're looking for? So that unique identifier, it has value. And we should keep that. It's not a good authenticator, it is not a secret. It's not something that I should pretend only I know-- >> Right, I write it on my check when I send my tax return in. Write your number on the check! Oh, that's brilliant. >> Right, right. So it's not, we shouldn't pretend that this is, I'm going to, you, business that doesn't know me, and wants to make sure I am me, in this first initial relationship or interaction that we're having, that's not a good authenticator. That's where we need to come up with a better system. And it probably has to do with layers, and more layers, and it means that it won't be as frictionless for consumers, but I'm really challenging, this is one of our big challenges for 2018, we want to flip that security versus convenience conundrum on its ear and say, no, I really want to challenge consumers to say... I'm happier that I had to jump through those hoops. I feel safer, I think you're respecting my data and my privacy, and my identity more because you made it a little bit harder. And right now it's, no, I don't want to do that because it's a little too, nine seconds! I can't believe it took me nine seconds to get that done. >> Well, yeah, and we have all this technology, we've got fingerprint readers that we're carrying around in our pocket, I mean there's, we've got geolocation, you know, is this person in the place that they generally, and having 'em, there's so many things-- >> It's even more granular >> Beyond a printed piece of >> Than that-- >> paper, right? >> It's the angle at which you look at your phone when you look at it. It's the tension with which you enter your passcode, not just the passcode itself. There are all kinds of very non-invasive biometrics, for lack of a better word. We tend to think of them as just, like our face and our fingerprint, but there are a lot of other biometrics that are non-invasive and not personal. They're not private, they don't feel secret, but we can use them to authenticate ourselves. And that's the big discussion we need to be having. If I want to be smart about my privacy. >> Right. And it's interesting, on the sharing, 'cause we hear that a lot at security conferences, where one of the best defenses is that teams at competing companies, security teams, share data on breach attempts, right? Because probably the same person who tried it against you is trying it against that person, is trying it against that person. And really an effort to try to open up the dialogue at that level, as more of just an us against them versus we're competing against each other in the marketplace 'cause we both sell widgets. So are you seeing that? Is that something that people buy into, where there's a mutual benefit of sharing information to a certain level, so that we can be more armed? >> Oh, for sure, especially when you talk to the folks in the risk and fraud and identity theft mitigation and remediation space. They definitely want more data sharing. And... I'm simply saying that that's an absolutely legitimate use for sharing data. We also need to have conversations with the people who own that data, and who it belongs to, but I think you can make that argument, people get it when I say, do you really feel like the angle at which you hold your phone, is that personal? Couldn't that be helpful, that combined with 10 other data points about you, to help authenticate you? Do you feel like your personal business and life is being invaded by that piece of information? Or compare that to things like your health records. And medical conditions-- >> Mom's maiden name. >> That you're being treated for, well, wow, for sure that feels super, super personal, and I think we need to do that nuance. We need to talk about what data falls into which of these buckets, and on the bucket that isn't super personal, and feeling invasive and that I feel like I need to protect, how can I leverage that to make myself safer? >> Great. Lots of opportunity. >> I think it's there. >> Alright. Eva, thanks for taking a few minutes to stop by. It's such a multi-layered and kind of complex problem that we still feel pretty much early days at trying to solve. >> It's complicated, but we'll get there. More of this kind of dialogue gets us just that much closer. >> Alright, well thanks for taking a few minutes of your day, great to see you again. >> Thanks. >> Alright, she's Eva, I'm Jeff, you're watching The Cube from Data Privacy Days, San Francisco. (techno music)

>>From the cubes studios in Palo Alto, in Boston, connecting with thought leaders all around the world. This is a cute conversation. >>The external storage array business, as we know it has changed forever. You know, you can see that in the survey data that we do and the financial information from the largest public storage companies. And it's not just because of COVID, although that's clearly a factor which has accelerated the shifts that we see in the market, specifically, those CIO is, are rationalizing their infrastructure portfolios by consolidating workloads to simplify, reduce costs and minimize vendor sprawl. So they can shift resources toward digital initiatives that include cloud containers, machine intelligence, and automation all while reducing their risks. Hello everyone. This is Dave Vellante and welcome to this cube conversation where we're going to discuss strategies related to workload consolidation at petabyte scale. And with me is Dr. Rico. He's the vice president office of the CTO at INFINIDAT welcome back to the cube doc, always a pleasure to see you >>And great to be here. Always a pleasure to work with you, Dave. >>So doc, I just published a piece over the weekend and I pointed out that of the largest storage companies, only one showed revenue growth last quarter, and that was on a significantly reduced compare with last year. So my first question to you is, is INFINIDAT growing its business. >>Oh, absolutely. It's been a very interesting year all across as you can quite imagine. Um, but you know, our footprint is such that with our elastic pricing models and the, and the fact that we've got excess capacity, uh, in almost every single system that's out there, we were really given our customers a, an opportunity to take advantage of that, to increase their capacity levels while maintaining the same levels of performance and availability, but not have to have anybody on premises during this crazy, you know, COVID struck era. >>Yeah. So you're bringing that cloud model to the, to the data center, which has obviously been a challenge. I mean, you mentioned the subscription sort of like pricing, we're going to get into the cloud more, but I wonder if we could step back a little bit and look at some of the macro trends that you're seeing in the market and specifically as it relates to on-prem storage strategies that CEO's are taking. >>Yeah. You know, it's been interesting, we've seen over the course of the past five years or so, certainly a big uptick in people looking at next generation or what they believe in perceived to be next generation storage platforms, which are really just evolutions of media. They're not really taking advantage of any new innovations in storage and, you know, not withstanding our own products, which are all software driven. We've talked about that before, but what what's really happened in this past year, as you, as you said, CEOs and CTOs, they're always looking for that, that next point of leverage advantage. And they're looking for more agility in application deployment, they're looking in a way to rapidly respond to business requirements. So they're looking very much at those cloud-like requirements. They're looking at those capabilities to containerize applications. They're looking at how they can, um, you know, shift out virtual machines if they're not in a directly in a container, uh, and how the storage by the way, can, can have the same advantage and in order to do so, they really need to look at storage consolidation. You know, I think Dave, to, to sum it up from the storage perspective, you know, I love Ken Steinhardt was recently on a video and, you know, he was, he was challenged that, you know, people aren't looking at spinning rust, riff, you know, a derogatory wave of referring a disc and, and Ken, so rightly and accurately responded. Yeah. But people weren't really looking for QLC either. You know, what they're looking for is performance, scale availability and certainly cost effectiveness and price. >>Yeah. It was like, I set up front dock. I mean, if you're a C level executive today, you don't want to worry about your storage infrastructure. You've got bigger problems to worry about. You just want it to work. And so when you talk about consolidating workloads, people often talk about the so-called blast radiation. In other words, people who run data centers, they understand that things fail. And sometimes something as simple, it might be a power supply can have a catastrophic downstream effect on application availability. So my question is, how do you think about architecting systems? So as to minimize the effects of component failures on the business? >>Yeah. You know, it's a very interesting term, Dave blast radius, right? We've, we've heard this referred to storage over the last several decades. In fact, when it really should refer to the data center and the application infrastructure. Uh, but you know, if we're talking about just the storage footprint itself, one of the things that we really need to look, look at is the resilience and the reliability of the architecture. And when you look at something that is maybe dual controller single or double power supply, there are issues and concerns that take in, in, into, into play. And what we've done is we've designed something that's really triple redundant, which is typically only been applied to the very high end of the market before. And we do it in a very active, active, active manner. And naturally we have suggestions for best practices for deployment within a data center as well, you know, multiple sources of power coming into the array and things of that nature. But everything needs to be this active, active, active type of architecture in order to bring those reliability levels up to the point where as long as it's a component failure within the array, it's not going to cause an outage or data on availability event. >>Yeah. So imagine a heat map when people talk about the blast radius. So imagine the heat map is green. There's a big, you know, there's a yellow area and there's a, there's a red area. And what you're saying is, as far as the array goes, you're essentially eliminating the red area. Now, if you take it to the broader installation, you know, that red area, you have to deal with it in different ways, remote replication, then you can at the sink and in a sink. Uh, but, but essentially what I'm hearing you say, doc, is, is you're squeezing that red area out. So, so your customers could sleep at night. >>That absolutely sleep at night is so appropriate. And in fact, we've got a large portion of our customer base is, or they're running mission critical businesses. You know, we have some of the most mission critical companies in our, in our logo portfolio, in the world. We also have, by the way, some very significant service provider businesses who were we're providing, you know, mission critical capabilities to their customers in turn, and they need to sleep at night. And it it's, you know, availability is only one factor. Certainly manageability is another cause you know, not meeting a service level is just like data unavailability in some respects. So making manageability is automatic as it can be making sure that the, that the system is not only self-healing, but can re respond to variations in workload appropriately is very, very critically important as well. >>Yeah. So that, that you mentioned mission critical workloads, and those are the, those are the workloads that let's face it. They're not moving into the cloud, certainly not in any, any big way, you know, why would they generally are CIO CTO is they're putting a brick wall around that saying, Hey, it works. We don't want to migrate that piece, but I want to talk more about how your customers are thinking about workload consolidation and rationalizing their storage portfolios. What are those conversations like? Where do they start and what are some of the outcomes that you're seeing with your customers? >>Yeah, I think the funny thing about that point Dave, is that customers are really starting to think about a cloud in an entirely different way. You know, at one point cloud meant public cloud and men, this entity, uh, outside the walls of the data center and people were starting to use services without realizing that that was another type of cloud. And then they were starting to build their own versions of cloud. You know, we were referring to them as private clouds, but they were, you know, really spread beyond the walls of a single data center. So now it's a very hybrid world and there's lots of different ways to look at it, hybrid cloud multi-cloud, whatever moniker you want to put on it. It really comes down to a consistency in how you manage that infrastructure, how you interface with that infrastructure and then understanding what the practicality is of putting workloads in different places. >>And practicality means not only the, you know, the latency of access of the data, but the costs associated with it. And of course the other aspects that we talked about, like what the, the availability metrics, and as you increase the availability and performance metrics, those costs go up. And that's one of the reasons why some of these larger mission critical data centers are really, you know, repatriating their, their mission, critical workloads, at least the highest, highest levels of them and others are looking at other models, for example, AWS outposts, um, which, you know, talked about quite a bit recently in AWS reinvent. >>Yeah. I just wrote, again, this weekend that you guys were one of the, uh, partners that was qualified now, uh, to run on AWS outpost, it's interesting as Amazon moves, it's, you know, it's, it's it's model to the edge, which includes the data center to them. They need partners that can, that really understand how to operate in an on-premise world, how to service those customers. And so that's great to see you guys as part of that. >>Yeah. Thank you. And, you know, it was actually a very seamless integration because of the power and capability of all of the different interface models that we have is they all are fully and tightly integrated and work seamlessly. So if you want to use a, you know, a CSI type model, uh, you know, do you interface with your storage again, uh, with, with INFINIDAT and, you know, we work with all of the different flavors so that the qualification process, the certification process and the documentation process was actually quite easy. And now we're able to provide, you know, people who have particularly larger workloads that capability in the AWS on premises type environment. >>Yeah. Now I implied upfront that that cloud computing was the main factor, if not the primary factor, really driving some of the changes that we're seeing in the marketplace. Now, of course, it's all, not all pink roses with the cloud. We've seen numerous public cloud outages this year, certainly from Microsoft. We saw the AWS Kinesis outage in November. Google just had a major outage this month. Gmail was down G suite was down for an extended period of time. And that disrupted businesses, we rely on that schools, for example. So it's always caveat emptor as we know, but, but talk to INFINIDAT cloud strategy, you mentioned hybrid, uh, particularly interested in, in how you're dealing with things like orchestration and containers and Kubernetes. >>Yeah, well, of course we have a very feature rich set of interfaces for containers, Kubernetes interfaces, you know, downloadable through native, uh, native. So they're, they're very easy to integrate with, you know, but our cloud strategy is that, you know, we are a software centric model and we, you know, all of the, all of the value and feature function that we provide is through the software. The hardware of infiniboxes really a reference architecture that we, uh, we deliver to make it easier for customers to enjoy say 100% availability model. But if, if you want to run something in a traditional on premises data center, you know, straighten InfiniBox is fine, but we also give you the flexibility of cloud-like consumption through our pricing models, our, our elastic pricing models. So you don't need to consume an entire InfiniBox day one. You can grow and shrink that environment with, uh, with an OPEX model, or you can, um, buy it as you consume it in a, in a cap ex model. >>And you can switch, uh, from OPEX over to CapEx if it becomes more cost effective for you in time, which I think is, is what a lot of people are looking for. If you're looking for that public cloud, we, you know, we have our new tricks cloud offering, which is now being delivered more through partners, but you know, some businesses and especially the, the mid tier, um, you know, the SMB all the way through the mid enterprise are also now looking to cloud service providers, many of which use InfiniBox as, as their backend. And now with AWS outposts, of course, you know, we can give you that on premises, uh, uh, experience of the public cloud, >>You guys were early on. And obviously in that, that subscription-based model, and now everyone's doing it. I noticed in the latest Gartner magic quadrant on, on storage arrays, which you guys were named a leader, uh, they, I think they had a stat in there and said, I, I forget what the exact timeframe was that 50% of customers would be using that type of model. And again, I guarantee you by whatever time frame, that was a hundred percent of the vendor community is going to be delivering that type of model. So, so congratulations on being named a leader, I will say this there's there's there's consolidation happening in the market. So this, to me, this bodes well, to the extent that you can guarantee high availability and consistent performance, uh, at, at scale, that bodes well for, for you guys in a consolidating market. And I know IDC just released a paper, it was called, uh, I got, uh, I got a copy here. >>It's called a checklist for, uh, storage, workload consolidation at petabyte scale. It was written by Eric Bergner, who I've known for a number of years. He's the VP of infrastructure. Uh, he knows his stuff and the paper is very detailed. So I'm not going to go through the checklist items, but I, but I think if you don't mind, doc, I think it's worth reading an excerpt from this. If I can, as part of his conclusions, when workload consolidation, it organizations should carefully consider their performance availability, functionality, and affordability requirements. Of course, few storage systems in the market will be able to cost effectively consolidate different types of workloads with different IO profiles onto a single system. But that is in INFINIDAT forte. They're very good at it. So that's a, that's quite a testimonial, you know, why is that your thoughts on what Eric wrote? >>Well, you know, first of all, thank you for the kudos on the Gartner MQ, you know, being a leader on the second year in a row for primary storage, only because that documents only existed for two years, but, uh, you know, we were also a leader in hybrid storage arrays before that. And, you know, we, we love Gardner. We think they're, they're, you know, um, uh, real critical, you know, reliable source for, for a lot of large companies and, and IDC, you know, Eric of course is, uh, he's a name in the industry. So we, you know, we very much appreciate when he writes something, you know, that positive about us. But to answer your question, Dave, you know, there's, there's a lot that goes on inside InfiniBox and is the neural cash capabilities, the deep learning engine that is able to understand the different types of workloads, how they operate, uh, how to provide, you know, predictable performance. >>And that I think is ultimately key to an application. It's not just high performance. It's, it's predictable performance is making sure the application knows what to expect. And of course it has to be performant. It can't just be slow, but predictable. It has to be fast and predictable providing a multi-tenant infrastructure that is, that is native to the architecture, uh, so that these workloads can coexist whether they're truly just workloads from multiple applications or workloads from different business units, or potentially, as we mentioned with cloud service providers, workloads from different customers, you know, they, they need to be segmented in such a way so that they can be managed, operating and provide that performance and availability, you know, at scale because that's where data centers go. That's where data centers are. >>Great. Well, so we'll bring that graphic back up just to show you, obviously, this is available on your website. Uh, you can go download this paper from Erik, uh, from IDC, www infinidat.com/ian/resource. I would definitely recommend you check it out. Uh, as I say, Ericsson, you know, I've been in the business a long, long time, so, so that's great, doc, we'll give you the last word. Anything we didn't cover any big takeaways you want to, you want to share with the audience? >>Yeah. You know, I think I'll go back to that point. You know, consolidation is absolutely key for, uh, not just simplicity of management, but capability for you respond quickly to changing business requirements and or new business requirements, and also do it in a way that is cost-effective, you know, just buying the new shiny object is it's expensive and it's very limited in, in shelf life. You're just going to be looking for the next one the next year. You want to provide something that is going to provide you that predictable capability over time, because frankly, I have never met a C X O of anything that wasn't trying to increase their profit. >>You know, that's a great point. And I just, I would add, I mean, the shiny new object thing. Look, if you're in an experimental mode and playing around with, you know, artificial intelligence or automation thinking, you know, areas that you really don't know a lot about, you know, what, check out the shiny new objects, but I would argue you're on-prem storage. You don't want to be messing around with that. That's, it's not a shiny new objects business. It's really about, you know, making sure that that base is stable. And as you say, predictable and reliable. So doc Terico thanks so much for coming back into cube. Great to see you. >>Great to see you, David, and look forward to next time. >>And thank you for watching everybody. This is Dave Volante and we'll see you next time on the queue.

(dramatic orchestral music) >> Hey, welcome back everybody. Jeff Frick, here, at theCUBE. We're at the Palo Alto studios taking a very short break in the middle of the crazy fall conference season. We'll be back on the road again next week. But we're excited to take an opportunity to take a breath. Again, meet new companies, have CUBE conversations here in the studio, and we're really excited to have our next guest. He's Apurva Dave, the CMO of Sysdig. Apurva, great to see you. >> Thanks, Jeff, thanks for having me here. >> Yea, welcome, happy Friday. >> Appreciate it, happy Friday, always worth it. >> So give us kind of the 101 on Sysdig. >> Yep, Sysdig is a really cool story. It is founded by a gentleman named Loris Degioanni. And, I think the geeks in your audience will probably know Loris in a heartbeat because he was one of the co-creators of a really famous open source project called Wireshark. It's at 20 million users worldwide, for network forensics, network visibility, troubleshooting, all that great stuff. And, way back when, in 2012, Loris realized what cloud and containers were doing to the market and how people build applications. And he stepped back and said, "We're going to need "a totally new way to monitor "and secure these applications." So he left all that Wireshark success behind, and he started another open source project, which eventually became Sysdig. >> Okay. >> Fast-forward to today. Millions of people are using the open source Sysdig and the sister project Sysdig Falco to monitor and secure these containerized applications. >> So what did Sysdig the company delineate itself from Sysdig the open source project? >> Well, you know, that's part of the challenge with open source, it's like part of your identity, right. Open source is who you are. And, what we've done is, we've taken Loris's vision and made it a reality, which is, using this open source technology and instrumentation, we can then build these enterprise class products on top for security monitoring and forensics at scales that the biggest banks in the world can use, governments can use, pharma, healthcare, insurance, all these large companies that need enterprise class products. All based on that same, original open source technology that Loris conceived so many years ago. >> So would you say, so the one that we see all the time and kind of use a base for the open source model, you kind of, Hortonworks, it's really pure, open source Hadoop. Then you have, kind of, Mapbar, you know, it's kind of proprietary on top of Hadoop. And then you have Cloudera. It's kind of open core with a wrapper. I mean, how does the open piece fit within the other pieces that you guys provide? >> That's really a really insightful question because Loris has always had a different model to open source, which is, you create these powerful open source projects that, on their own, will solve a particular problem or use case. For example, the initial Sysdig open source project is really good at forensics and troubleshooting. Sysdig Falco is really good at runtime container security. Those are useful in and of themselves. But then for enterprise class companies, you operate that at massive scale and simplicity. So we add powerful user interfaces, enterprise class management, auditing, security. We bundle that all on top. And that becomes this Cloud-Native intelligence platform that we sell to enterprise. >> And how do they buy that? >> You can, as subscription model. You can use it either as software as a service, where we operate it for you, or you can use it as on-premise software, where we deliver the bits to you and you deploy it behind your firewall. Both of those products are exactly the same functionally, and that's kind of the benefit we had as a younger company coming to market. We knew when we started, we'd need to deliver our software in both forms. >> Okay and then how does that map to, you know, Docker, probably the most broadly known container application, which rose and really disturbed everything a couple years ago. And then that's been disturbed by the next great thing, which is Kubernetes. So how do you guys fit in within those two really well-known pieces of the puzzle? >> Yeah, well you know, like we were talking about earlier, there's so much magic and stardust around Kubernetes and Docker and you just say it to an IT person anywhere and either they're working on Kubernetes, they're thinking about working on Kubernetes, or they're wondering when they can get to working on Kubernetes. The challenge becomes that, once the stardust wears off, and you realize that yeah, this thing is valuable, but there's a lot of work to actually implementing it and operationalizing it, that's when your customers realize that their entire life is going to be upended when they implement these new technologies and implement this new platform. So that's where Sysdig and other products come in. We want to help those customers actually operationalize that software. For us, that's solving the huge gaps around monitoring, security, network visibility, forensics, and so on. And, part of my goal in marketing, is to help the customers realize that they're going to need all these capabilities as they start moving to Kubernetes. >> Right, certainly, it's the hot topic. I mean, we were just at VMworld, we've been covering VMworld forever, and both Pat and Sanjay had Kubernetes as parts of their keynotes on day one and day two. So they're all in, as well, all time for Amazon, and it goes without saying with Google. >> Yeah, so it's funny is, we released initial support for Kubernetes, get this, back in 2015. And, this was the point where, basically the world hadn't yet really, they didn't really know what Kubernetes was. >> Unless they watched theCUBE. >> Unless they watched-- >> They had Craig Mcklecky-- >> Okay, alright. >> On Google cloud platform next 2014. I looked it up. >> Awesome. Very nice-- >> Told us, even the story of the ship wheel and everything. But you're right, I don't think that many people were there. It was at Mission Bay Conference Center, which is not where you would think a Google conference would be. It's a 400 person conference facility. >> Exactly, and I think this year, CubeCon is probably going to be 7,000 people. Shows you a little bit of the growth of this industry. But, even back in 2015, we kind of recognized that it wasn't just about containers, but it was about the microservices that you build on top on containers and how you control those containers. That's really going to change the way enterprises build software. And that's been a guiding principle for us, as we've built out the company and the products. >> Well, way to get ahead of the curve, I love it. So, I see it of more of a philosophical question on an open source company. It's such an important piece of the modern software world, and you guys are foundationally built on that, but I always think about when you're managing your own resources. You know, how much time do you enable the engineers to spend on the open source piece of the open source project, and how much, which is great, and they get a lot of kudos in the ecosystem, and they're great contributors, and they get to speak at conferences, and it's good, it's important. Versus how much time they need to spend on the company stuff, and managing those two resource allocations, 'cause they're very different, they're both very important, and in a company, like Sysdig, they're so intimately tied together. >> Yeah, that last point to me is the biggest driver. I think some companies deal with open source as a side project that gives engineers an outlet to do some fun, interesting things they wouldn't otherwise do. For a company like Sysdig, open source is core to what we do. We think of these two communities that we serve, the open source community and the enterprise community. But it's all based on the same technology. And our job in this mix is to facilitate the activity going on in both of these communities in a way that's appropriate for how those communities want to operate. I think most people understand how an enterprise, you know, a commercial enterprise community wants to operate. They want Sysdig to have a roadmap and deliver on that roadmap, and that's all well and good. That open source element is really kind of new and challenging. Our model has always been that the core open source technology fuels our enterprise business, and what we need to do is put as much energy as we can into the open source, such that the community is inspired to interact with us, experiment, and give back. And if we do it right, two things happen. We see massive contribution from the community, the community might even take over our open source projects. We see that happening with Sysdig Falco right now. For us, our job then is to sit back, understand how that community is innovating, and how we can add value on top of it. So coming back all the way to your question around engineers and what they should be doing, step one, always contribute to the open source. Make our open source better, so that the community is inspired to interact with us. And then from there, we'll leverage all that goodness in a way that's right for our enterprise community. >> So really getting in almost like a flywheel effect. Just investing in that core flywheel and then spin off all kinds of great stuff. >> You got it, you know, my motto's always been like, if the open source is this thing off to the side, that you're wondering, oh, should our engineers be working on it, or shouldn't they, it's going to be a tough model to sustain long-term. There has to be an integrated value to your overall organization and you have to recognize that. And then, resource it appropriately. >> Right, so let's kind of come up to the present. You guys just had a big round of funding, congratulations. >> Yep, thank you. >> So you got some new cash in the bank. So what's next for Sysdig? Now you got this new powder, if you will, so what's on the horizon, where are you guys going next? Where are you taking the company forward? >> Great question, so, we just raised a $68.5 million Series D round, led by Inside Ventures and follow-on investors from our previous investors, Accel and Bane. 68.5 doesn't happen overnight. It's certainly been a set of wins since Loris first introduced those open source projects to releasing our monitoring product, adding our security product. In fact, earlier this year, we brought on a very experienced CEO, Suresh Vasudevan, who was the previous CEO of Nimble Storage, as a partner to Loris, so that they could grow the business together. Come this summer, we're having massive success. It feels like we've hit a hockey stick late last year, where we signed up some of the largest investment banks in the world, large government organizations, Fortune 500s, all the magic is happening that you hope for, and all of a sudden, we found these investors knocking at our door, we weren't actually even out looking for funds, and we ended up with an over-subscribed round. >> Right. >> So our next goal, like what are you going to do with all that money, is first of all, we're moving to a phase where, it's not just about the product, but it's about the overall experience with Sysdig the company. We're really building that out, so that every enterprise has an incredible experience with our product and the company itself, so that they're just, you know, amazed with what Sysdig did to help make Cloud-Native a reality. >> That's great and you got to bring in an extra investor, like in a crunch phase, you guys haven't had that many investors in the company, relatively a small number of participants. >> It's been very tightly held, and we like it that way. We want to keep out community small and tight. >> Well, Apurva, exciting times, and I'm sure you're excited to have some of that money to spend on marketing going forward. >> Well, we'll do our part. >> Well, thanks for sharing your story, and have a great weekend. I'm happy it's Friday, I'm sure you are, too. >> Thanks so much, have a great weekend. Thanks for having me. >> He's Apurva, I'm Jeff, you're watching theCUBE. It's theCUBE conversation in Palo Alto, we'll be back on the road next week, so keep on watching. See you next time. (dramatic orchestral music)

(soft click) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at downtown San Francisco, at Twitter's World Headquarters. It's a beautiful building. Find a reason to get up here and check it out. But they have Data Privacy Day here today. It's an all day seminar session, series of conversations about data privacy. And even though Scott McNealy said, "Data privacy is dead, get over it." Everyone here would beg to differ. So we're excited to have our next guest Eva Velasquez. Shes' the President and CEO of ITRC, welcome. >> Thank you, thank you for having me and for covering this important topic. >> Absolutely, so what is ITRC? >> We are the Identity Theft Resource Center. And the name, exactly what it is. We're a resource for the public when they have identity theft or fraud, privacy data breach issues, and need help. >> So this begs an interesting question. How do people usually find out that their identity has been compromised? And what is usually the first step they do take? And maybe what's the first step they should take? >> Well, it's interesting because there isn't one universal pathway that people discover it. It's usually a roadblock. So, they're trying to move forward in their lives in some manner. Maybe trying to rent an apartment, get a new job, buy a car or a house. And during that process they find out that there's something amiss. Either in a background check or a credit report. And at that point it creates a sense of urgency because they must resolve this issue. And prove to whoever they're trying to deal with that actually wasn't me, somebody used my identity. And that's how they find out, generally speaking. >> So, you didn't ask their credit scores. Something in a way that they had no idea, this is how they. What usually triggers it? >> Right, right, or a background check. You know, appearing in a database. It's just, when we think about how pervasive our identity is out there in the world now. And how it's being used by a wide swath of different companies. To do these kind of background checks and see who we are. That's where that damage comes in. >> Talking about security and security breaches at a lot of shows, you know. It's many hundred of days usually before companies know that they've been breached. Or a particular breach, I think now we just assume they're breached all the time. And hopefully they'd minimize damage. But an identity theft, what do you find is kind of the average duration between the time something was compromised before somebody actually figures it out? Is there kind of an industry mean? >> It's really wildly inconsistent from what we see. Because sometimes if there is an issue. Let's say that a wallet is stolen and they're on high alert, they can often discover it within a week or 10 days. Because they are looking for those things. But sometimes if it's a data breach that they were unaware of or have no idea how their information was compromised. And especially in the case of child identity theft, it can go on for years and years before they find out that something's amiss. >> Child identity theft? >> Mhmm. >> And what's going with? I've never heard of child identity theft. They usually don't have credit cards. What's kind of the story on child identity cut theft? Which is their PayPal account or their Snapchat account (laughs). >> Well, you're right, children don't have a credit file or a credit history. But they do have a social security number. And that is being issued within the first year of their life because their parents need to use it on their tax returns and other government documents. Well, because the Social Security Administration and the credit reporting agencies, they don't interface. So, if a thief gets ahold of that social security number. That first record that's created is what the credit bureaus will use. So they don't even need a legitimate name or date of birth. Obviously, the legitimate date of birth isn't going to go through those filters because it is for someone who's under 18. So, kid goes all through life, maybe all through school. And as they get out and start doing things like applying for student loans. Which is one of the really common ways we see it in our call center. Then they come to find out, I have this whole credit history. And guess what? It's a terrible credit history. And they have to clean that up before they can even begin to launch into adulthood. >> (chuckles) Okay, so, when people find out. What should they do? What's the right thing to do? I just get rejected on a credit application. Some weird thing gets flagged. What should people do first? >> There's a couple things and the first one is don't panic. Because we do have resources out there to help folks. One of them is the Identity Theft Resource Center. All of our services are completely free to the public. We're a charity, non-profit, funded by grants, donations, and sponsorships. They should also look into what they might have in their back pocket already. There are a lot of insurance policy writers for things like your home owners insurance, sometimes even your renters insurance. So, you might already have a benefit that you pay for in another way. There are a lot of plans within employee benefit packages. So, if you work for a company that has a reasonable robust package, you might have that help there as well. And then the other thing is if you really feel like you're overwhelmed and you don't have the time. You can always look into hiring a service provider and that's legitimate thing to do as long as you know who you're doing business with. And realize you're going to be paying for that convenience. But there are plenty of free resources out there. And then the last one is the Federal Trade Commission. They have some wonderful remediation plans online. That you can just plug in right there. >> And which is a great segway, 'cause you're doing a panel later today, you mentioned, with the FTC. Around data privacy and identity theft. You know, what role does the federal government have? And what is cleaning up my identity theft? What actually happens? >> Well, the federal government is one of the many stakeholders in this process. And we really believe that everybody has to be involved. So, that includes our government, that includes industry, and the individual consumers or victims themselves. So, on the government end, things like frameworks for how we need to treat data, have resources available to folks, build an understanding in a culture in our country that really understands the convenience versus security conundrum. Of course industry needs to protect and safeguard that data. And be good stewards of it, when people give it to them. And then individual consumers really need to pay attention and understand what choice they're making. It's their choice to make but it should be an educated one. >> Right, right. And it just, the whole social security card thing, is just, I find fascinating. It's always referenced as kind of the anchor data point of your identity. At the same time, you know, it's a paper card that comes after your born. And people ask for the paper card. I mean, I got a chip on my ATM card. It just seems so archaic, the amount of times it's asked in kind of common everyday, kind of customer service engagements with your bank or whatever. Just seems almost humorous in the fact that this is supposed to be such an anchor point of security. Why? You know, when is the Social Security Administration or that record, either going to come up to speed or do you see is there a different identity thing? With biometrics or a credit card? Or your fingerprint or your retina scan? I mean, I have clear, your Portican, look at my... Is that ever going to change or is it just always? It's such a legacy that's so embedded in who we are that it's just not going to change? It just seems so bizarre to me. >> Well, it's a classic case of we invented a tool for one purpose. And then industry decided to repurpose it. So the social security number was simply to entitle you to social security benefits. That was the only thing it was created for. Then, as we started building the credit and credit file industry, we needed an initial authenticator. And hey, look at this great thing. This is a number, it's issued to one individual. We know that there's some litmus test that they have to pass in order to get one. There's a great tool, let's use it. But nobody started talking about that. And now that we're looking at things like other type, government benefits being offered. And now, you know, credit is issued based on this number. It really kind of got away from everybody. And think about it, it used to be your military ID. And you would have your social security number painted on your rucksack, there for the world to see. It's still on our Medicare cards. It used to be on our checks. Lot of that has changed. >> That's right it was on our checks. >> It was, it was. So, we have started shifting into this. At least the thought process of, "If we're going to use something as an initial authenticator, we probably should not be displaying it, ready for anyone to see." And the big conversation, you know, you were talking about biometrics and other ways to authenticate people. That's one of the big conversations we're having right now is, "What is the solution?" Is it a repurposing of the social security number? Is it more sharing within government agencies and industry of that data, so we can authenticate people through that? Is it a combination of things? And that's what we're trying to wrestle with and work out. But it is moving forward, I'll be it, very very slowly. >> Yeah, they two factor authentication seems to have really taken off recently. >> Thankfully. >> You get the text and here's your secret code and you know, at least it's another step that's relatively simple to execute. >> Something you are, something you have, something you know. >> There you go. >> That's kind of the standard we're really trying to push. >> So, on the identity theft bad guys, how is their behavior changed since you've been in this business? Has it changed dramatically? Is the patterns of theft pretty similar? You know, how's that world evolving? 'Cause generally these things are little bit of an arm race, you know. And often times the bad guys are one step ahead of the good guys. 'Cause the good guys are reacting to the last thing that the bad guys do. How do you see that world kind of changing? >> Well, I've been in the fraud space for over 20 years. Which I hate to admit but it's the truth. >> Jeff: Ooh, well, tell me about it. >> And we do look at it sort of like a treadmill and I think that's just the nature of the beast. When you think about the fact that the thieves are they're, you know, they're doing penetration testing. And we, as the good guys, trying to prevent it. Have to be right a hundred percent of the time. The thieves only have to be right once, they know it. They also spend an extraordinary amount of time being creative about how they're going to monetize our information. The last big wave on new types of identity theft, was tax identity theft. And the federal government never really thought that that would be a thing. So when we went to online filing, there really weren't any fraud analytics. There wasn't any verification of it. So, that first filing was the one that was processed. Well, fast forward to now, we've started to address that it's still a huge problem and the number one type of identity theft. But if you had asked me ten years ago, if that would be something, I don't think I would have said yes. It seems, you know, so, you know. How do you create money out of something like that? And so, to me, what is moving forward is that I think we just have to be really vigilant for when we leave that door unlocked, the thieves are going to push it open and burst through. And we just have to make sure we notice when it's cracked. So that we can push it closed. Because that's really I think the only way we're going to be able to address this. Is just to be able to detect and react much more quickly than we do now. >> Right, right, 'cause going to come through, right? >> Exactly they are. >> There's no wall thick enough, right? Right and like you said they only have to be right once. >> Nothings impenetrable. >> Right, crazy. Alright Eva, we're going to leave it there and let you go off to your session. Have fun at your session and thanks for spending a few minutes with us. >> Thank you. >> Alright, she's Eva Velasquez, President and CEO of the ITRC. I'm Jeff Frick, you're watching theCUBE. Catch you next time. (upbeat electronic music)