[Announcer] Live from San Francisco, its theCUBE, covering Informatica World 2017. Brought to you by Informatica. (upbeat music fades) Okay, welcome back everyone. We are live in San Fransisco for Informatica World 2017. This is theCUBE's exclusive coverage, two days. We're on day two, meeting all the top executives, customers, sentures, system integrators, all the best guests here at Informatica World. Part of Informatica's three year coverage with theCUBE. I'm John Furrier with Peter Burris. Our next guest is Bala Kumaresan, who's the senior vice president and general manager of data security for Informatica, formally in charge of engineering, been in R and D, super technical, knowledgeable. Thanks for spending the time to come on theCUBE, appreciate it. >> Thank you. We get to ask you all the tough questions under the hood. What's in the engine of innovation. >> Absolutely. >> Peter: First question, the innovation engine for Informatica, what is it? Describe it quickly. So, the innovation engine of Informatica is entirely metadata driven. It's a data centric metadata driven engine. We call this concept CLAIRE. (John chuckles) It's EI driven, and in a sense, in order for you to make better decisions, you really need to look at your metadata. You really need to-- One of the most important things in security, which actually, current traditional systems lag behind, is the lack of data centricity, resulting in lack of accuracy. If you really want highest time-to-value, and the ability to respond quickly, you really need to be smart enough. Not only out-of-the-box accuracy, but also a period of time, learn, and look into the inputs that are specific to your ecosystem. Specific to that particular environment, and be able to provide actionable insights. Actionability... Actionability without accuracy is basically disaster. >> One of the big drivers in today's market is some of the penalties around governance. Okay, so, there's um, what do you call, G... >> Peter: Oh, GDRP? >> GDRP >> Bala: GDPR! GDPR. >> GDPR, and then Europe is different than North America, but bottom line is you get penalized. There's a risk management piece around the governance, but that's if you've been hacked, so lets talk about the security is fundamental to governance. They play hand in hand. What bet did you guys make on security, and what should people watching know about what Informatica's doing with respect to security, data security? >> I think, great point. General data protection regulation at Europe, that's a regulation that's actually going to go effective May 2018. It's going to be, like, 4% of your annual revenues are going to be the fines in case for every non-compliance and so on. So, we believe that part of the problem that exists today, with or without GDPR, GDPR is today, tomorrow it could be something else, is that lack of versatility, lack of versatility. The entire traditional data security is all about perimeter. You secure the perimeter, and everybody inside the perimeter is trusted. I was just telling, where trust begins, vulnerability seeps in. (Peter chuckles) So you really need to trust and verify. And, what are you protecting? You're really protecting data, so insights into the data is super critical. Our investment on secular source is centered around the Informatica Metadata Company, and insights into the data, how to you translate that into a security prospective. That is precisely what we have done. So, what kind of data you have? Classify the data. How is it being used, where are all that is present, who the users are. Everything is changing. >> So data is the fundamental centroid for security, because perimeter's gone, right? I mean, you got the cloud. I mean, not gone, but its not the fundamental-- >> It becomes the primary citizen in a security regime. >> Yes, yes. So... >> Well said. >> Absolutely. It doesn't matter where your data is. It could be in your relational databases, it could be in the cloud, it could be in your big data systems. It does not matter. It's all about data. Let me give a couple of examples as to the problems that exist today. Once you are inside the perimeter, and you are an authorized user, you pretty much are a trusted person, and then nobody is monitoring your behavior. Are you still the same person, or has somebody hacked into your account? Or did the person turn into... Did his role shift? None of that is being-- So, basically, two main things we are delivering part of our innovation. Role-based access control. It's not user, user... Identity based access control, it is actually role-based access control. If your role is in a IT, versus if your role is a development organization, You, within a company, could move but your privileges actually should be based on the role. That's number one. The second thing is that, look, you... Let's say you have access to all the sales force, because you are a sales force, you're actually part of our sales team. You typical patterns are that you're look at 10 records, 20 records a day, even though you have access to the million records, right? But, the base line and the behavior changes. They're actually indicate something. So this is part of trust and verify. You trust a person, but you also need to verify. Keep up with the changes, and that's fundamental to the data centric security. >> I want to amplify a piece of that, and tell me if I'm so appropriately. Role based security, I would actually ask, are we going to move to something we might call context based security, where context is what do you do. The role is part of what you do. So it says, what do you do, and who are you, and how are you doing it. So that's number one, and number two is, how does this relate back to some of the metadata initiatives that you guys have, where increasingly, some of the most crucial metadata will be the metadata that's ultimately used to put bounds on how the data gets employed. >> Let me answer that question in three different dimensions. Number one, yes. Absolutely. Role is part of the context. It's not the entire the entire context, but role is part of the context. >> Peter: Correct. >> Any protection, and any access to the protected information needs to be role based. Number two, the data context that we have in our product, where we go and catalog and classify all the data, that is very much used in prioritizing. For example, an alarm that goes on in a school during the school hours versus an alarm that goes on in a junkyard. They're both alarms. Today most of the traditional security actually kind of categorizes them as similar. An alarm went off. But, are they the same? No, they are not. So that's where the second level of the context. The third level of the context is in terms of the real... Basically, third level of the context is actually, what do you need to be in compliance with. What kind of usage is allowed? It's actually nothing to do with that particular usage itself, its actually got to do with a whole bunch of other safeguards that you need to manage. That's where our central policy management comes in the picture. So with these three contexts, the business context, the user context, and the category or the classification of the data context, it is totally-- >> All that has to be part of the security regime. >> Absolutely. That's actually, the metadata that we have, which drives those accurate decisions, accurate decisions for prioritization as well as detection, and the right protection. >> So here's a question, then. Again, I'm going to test this on you. Historically people have separated data, data sec-- metadata, data security. In the future, how do we keep those separate? We have to start seeing how they come together, right? >> I think, fantastic, fantastic question. Our view is that data governments is about... The governance actually has a slice across many dimensions. One of them is the data stewardship, the provenance, and the quality of the data, and so on. The other part is actually about data security governance, in terms of what kind of safeguards the role based access control. Really, what kind of risks that you are entitled to and, how are you managing the risks. So, that's our views. So, when we look at metadata, the metadata is actually driving multiple decisions. One of them is quality. The other one is risk. The other one is protection. So, we see this as a unifier bringing things together. Informatica is uniquely positioned with our Axon, EAC, and Secure@Source products. In fact, one of the things that we are announcing in Informatica World is actually about our GDPR bundle, because GDPR is actually about, as much about data governance as about privacy, and also it is about policy driven data protection. >> Well, privacy, policy, inform. The governance regime. You can't separate. It's not just about compliance, and I'll give you-- I'm going to test one more thing on you. At some point in time, as we think about digital business and the idea that a digital business is defined more by its use of data assets. Otherwise its just a business, and we want to protect our data. We're also worried about how we share our data, and how others share data with us. We want to make sure that we are not inappropriately exploiting somebody else's data because we don't want to create a billion dollar business that fundamentally, upon inspection, was predicated on the misappropriation of somebody else's data. >> Absolutely. You are touching upon the consent, and the consent control, and what kind of validations we have in place to evaluate... This might not be popular. What I'm going to say is not necessarily popular, right? I think it goes back data ethics, as well. I think companies consider customer data, partner data as their asset. They, 20 years, 30 years of how the data's been used, I think the realization is going to sink in. The realization is already sinking in with respect to the ethics, with respect to the trust-- >> John: That it's not their data. >> It's not their asset. >> What's sinking in is it's not their data assets. >> Its not their data. They are, in fact... They are, in fact, obligated. They're, in fact, supposed to use that with care. They're, in fact, accountable for that data. So, while regulations are starting to put those things in place, with GDPR being one and then every other... Geography is going to come up with its own set of modifications similar to that. I think this is a fantastic opportunity for companies to go to that higher order, and really start to think this as, why they are ethical. What is the ethics that they want to put in place, above and beyond what the regulations talk about. I think Informatica is uniquely positioned with our metadata driven strategy, with our metadata cloud engine which is driving solutions across quality, governance, and security as well as constant control over-- Yeah. >> Well let me make one more point on that. It comes back to this fundamental notion of your brand is the promise you're making to the marketplace. What you just described will have more impact on company brands in 10 years, and probably even five years, than the characteristics of the products they sell very often. >> Absolutely. If I'm an investor, I'm thinking about reputation. What is the company's reputation? What kind of pull effect the reputation has towards expanding the business. That is where the ethics, actually, is in higher order of existence. Where, people want to partner with you. People what to do business with you, and I think that's actually where we can be very helpful. I mean, there're already intelligent solutions, use them intelligently. >> Its interesting you bring up data ethics, because I wanted to jump in on that, because if digital transformation, if we believe that its happening, and of course everyone's talking about business transformation, which is the outcome of digital transformation, ethics transforms too, digitally. >> Bala: Digitally, yes. >> So, where is, in your mind, the ethics with data? Is there, I mean there's articles that's thought leadership around it, but, is it actually in use. Do actually people have data ethics in your opinion? Is this something that's talked about but not walked? Your thoughts on that, reactions that-- >> I think it's an evolving concept. So far, companies have been taking advantage of the data. The evolving concept is going to catch on. It is actually catching on. Analysts are actually talking about it. I think we are thinking about it. We are thinking about what we are building is actually kind of going to help customers go there. But I want to also separate it. There is actually something that is at a higher level of existence versus what is really, absolutely necessary and need it today? Policy driven data protection while we are able to standardize the policies across the enterprise, across all your data silos. That is super critical, to get the immediate problem resolved while we can start to build on that's access towards the ethics. >> This economy's a scale. You can't just jump the data ethics and be ethical. You got to, you got to build your way up. Have a trajectory and tract record of foundational-- >> Here's what I say John, and Bala, you know, tell me if you think I'm wrong, but... >> Make sure you say if you think he's wrong. >> Yeah, please do, cause I have been wrong in the past. You said something very interesting. You said, "Yeah, everybody's talking about data, >> Data ethics. or additional business. And that's just it. They're doing it, but they're not doing plan-fully, because we often don't understand exactly what it is, and the process of thinking though the ethics is crutial to informing that planful approach to thinking about digital business. At least, that's my perspective. What do you think about that, Bala? >> I think the versability. The versability at the board level, the versability at the senior exec's level, as to where you stand. What is your risk? What is your compliance scorecard? Do you have a plan in place where there's an informed remediation plan? Did we actually allocate sufficient budget? Its not about budget justification, its actually about did you allocate budget for this risk. Also, do we have systems in place that are continuously assessing and reassessing to basically drive towards risk correction and towards maintaining the compliance. Those are key, and I think that addresses what you are saying, and I think I agree with you. >> So, lets take this very practically. If you look at the industry, you see companies like Apple and Microsoft being very clear about how they're going to use their customer's data. >> John: Facebook? (John laughs) >> You see Facebook and Google being less clear about how they're use your data. You see Amazon right in the middle, and people wondering which way they're going to go. This is a huge issue. Not to talk about it's security level, but just overall business model. This is going to have an enormous impact on a global basis of how we think about digital business and the role data's going to play in creating new shareholder customer value-- >> If data's the new gold, so here's my take on this. Love to get the reaction. If data's the new oil, if data's the new gold, the new heartbeat, whatever metaphor you use. If its the new gold, let's just say its the gold. That's valuable. So, the value will shift to whoever has the data. Someone's going to wake up and say, hey wait a minute. That's my data. And I think you're starting to see that a little bit with Facebook certainly. Less Google because the utility is pretty well intergraded, but at some point the utility value has to be greater than than the value of the data gold, if you will, cause otherwise, I will demand the data back. So I think there's end user, or the primary use of the data, the primary user of data-- >> This is a very coarse view, but I wonder if Uber right now is wondering how they could've used data security different, relative to the 200 million, what ever it is, lawsuit that Waymo's bought against them. So this issue of ethics and the role the data's going to play is going to have enormous implications-- >> John: Love that conversation on the eithics side. >> Yeah, I think actually if you look at the way companies use data, and then the way you lay out in terms of where different companies are, that is actually a spectrum of how you could question them. One is actually how they can help the consumer. That's something that we all love. And then there's an absolute exploitation. >> John And Peter: Yes. And then there is something in the middle, and ethics is actually not about exploitation. Ethics is actually about keeping people informed. Letting them know exactly-- >> John: Transparency. >> Transparency, and-- >> John] There's always an underbelly everywhere. >> Peter: Well, you can a bad ethics. (Bala laughs) >> All those bad actors out there. Okay, we got to wrap it up. I want to get one quick comment from Bala. Obviously, I can't help but jump to blockchain when I start thinking about security. Thoughts on blockchain. How's that going to be relevant, if any. Obviously, supply chain. You're seeing some indications there. Blockchain has a potential mechinism-- >> The blockchain technology is very compelling. It has the integrity. Its basically... One of the things that I've always talked about with my team and in general for prag development is that security has always been in the past, as an afterthought. As something that sits outside, and if you were to go back and design some of the systems that we built in the last 20, 25 years, with so much emphasis on privacy and compliance and security and protecting breach, wouldn't security be built in, part of the design? Part of the code. >> John: The primary (John laughs) >> part of the design. Right? So, very appealing from that point of view. The applicability of blockchains today is mostly around transactional ledgers and... basically transfer of value, and so on. I think one of the, you know-- It also has, it also comes with certain baggage. The blockchain remembers everything. You know, (John laughs) So, let me zero in on... I think everybody's trying to figure out how to actually apply blockchain beyond the traditional, beyond the ledger and so on. I think it's going to have a place. Its going to have a place in... We're already starting to see that some applications where shot-dam contracts like, for example, you're doing a building contract that is a supplier, that is actually a valuer, and it is a project. It exists for a temporary period and it goes away. All of the coordinating parties are coordinating with confidence. They're sharing and colliaberating with confidence. Blockchain actually gives them confidence, because it has-- >> So it's relevant, but it's emmerging. Still at, not, it's early innings-- >> It's relevant. It's emerging. We are very closly looking at it. I think we already have a play there, where one of the main and most important things that blockchains mean is that... Identity. As a unique identity. If you look at some of the old prducts... Customer 360, its all abnout quality of customer data. Data quality for customer data, right? There, perhaps, is a way for us to integrate the blockchain. The other place where we are already looking at is can we consume the information in the blockchain to enhance our metadata? Of course we can. >> Peter: Yeah. (Peter laughs) >> So, those are two low hanging fruits, and of course we'll keep it... We'll stay-- >> We'll have to get you down to our studio in Palo Alto. We'll do a whole segiment on unpacking blockchain. I love blockchain. I think, my personal belief is yeah, there's some low hanging fruit that'll use-cases, but if theirs money to be had in reconfiguring parties working together to create wealth-- I have some crazy thoughts on this, actually. (laughter) So we can not stipulate, because-- >> John: You're definitely coming to Palo-- We're going to go to where you are! >> Did we run out of time, or-- >> John: We're running out of time. Let's follow up Bala. Great conversation. Great fireside. Show's like a fireside chat. That was phenomoneal. Thanks for sharing the data and the insight. We're live here in San Fransisco for Informatica World 2017. More exclusive coverage from theCUBE. I'm John Furrier with Peter Burris, after this short break. Stay with us. (upbeat music)