>> live from San Francisco. It's the Cube covering Google Club Next nineteen Rodeo by Google Cloud and its ecosystem partners. >> Hey, welcome back. Everyone's the live Cube covers here in San Francisco for Google Cloud. Next nineteen. I'm Javert Day Volante here on the ground floor, day two of three days of wall to wall coverage to great guests. We got Kartik lost. Meena Ryan, product management director of Cloud Identity for Google and Kim parent chief security officer for Doctor on Demand. Guys, welcome to the Cube. Appreciated Coming on. >> Great to be here. >> Thank you so honestly Way covering Google Cloud and Google for many, many years. And one of the things that jumps out at me, besides allows the transformation for the enterprise is Google's always had great technology, and last year I did an interview, and we learned a lot about what's going on the chip level with the devices you got. Chrome browser. Always extension. All these security features built into a lot of the edge devices that Google has, so there's definitely a security DNA in there and Google the world. But now, when you start getting into cloud access and permissions yesterday and the Kino, Thomas Kurian and Jennifer Lin said, Hey, let's focus on agility. Not all his access stuff. This is kind of really were identity matters. Kartik talk about what's going on with cloud identity. Where are we? What's the big news? >> Yeah, thank you. So clouded. Entities are solution to manage identity devices and the whole axis management for the clouds. And you must have heard of beyond Corp and the whole zero trust model and access. One thing we know about the cloud if you don't make the access simple and easy and at the same time you don't provide security. You can get it right. So you need security and you need that consumer level simplicity. >> Think it meant explain beyond core. This is important. Just take a minute to refresh for the folks that might not know some of the innovations. They're just start >> awesome. Yeah. So traditional on premises world, the security model was your corporate network. Your trust smaller. Lose The corporate network invested a lot to get to keep the bad people out. You get the right people on and that made ten T applications on premises. Your data was on premises now the Internet being a new network, you work from anywhere. Work is no longer a thing. You work from anywhere. What gets done right? So what is the new access? More look like? That's what people have been struggling with. What Google came up with in two thousand eleven is this model called Beyond Core versus Security Access Model will rely on three things. Who you are is a user authentication the device identity and security question and last but not least, the context off. What are you trying to access in very trying to access from So these things together from how you security and access model And this is all about identity. And this is Bianca. >> And anyone who has a mobile device knows what two factor authentication is. That's when you get a text messages. That's just two factor M. F. A multi factor. Authentication really is where the action is, and you mentioned three of them. There's also other dimensions. This is where you guys are really taking to the next level. Yeah, where are we with FAA and some of the advances around multi factor >> s O. So I think keeping you on the highlight is wear always about customer choice. We meet customers where they are. So customers today have invested in things like one time use passwords and things like that. So we support all of that here in cloud identity. But a technology that we are super excited about the security, Keith. And it's built on the fighter standard. And it's inserted this into your USB slot of that make sense. And we just announced here at next you can now use your android phone as a security key. So this basically means you don't have to enter any codes because all those codes you enter can be fished on way. Have this thing at Google and we talked about it last time. Since we roll our security keys. No Google account, it's >> harder for the hackers. Really Good job, Kim. Let's get the reality. You run a business. You've been involved in a lot of start ups. You've been cloud nated with your company. Now talk about your environment does at the end of the year, the chief security officer, the buck stops with you. You've got to figure this out. How are you dealing with all this? These threats at the same time trying to be innovative with your company. >> So for clarity. So I've been there six years since the very beginning of the company. And we started the company with zero hardware, all cloud and before there was beaten beyond Corp. Where there was it was called de-perimeterization. And that's effectively the posture we took from the very beginning so our users could go anywhere. And our I always say, our corporate network is like your local coffee shop. You know, WiFi like that's the way we view it. We wanted to be just a secure there at the coffee shop, you know, we don't care. Like we always have people assessing us and they're looking at a corporate network saying, You know, where your switches that you're, you know, like where your hardware like, we want to come in and look at all like we don't have anything like, >> there's no force. The scan >> is like way. Just all go to the Starbucks will be the same thing. So that's part of it. And now you know, when we started like way wanted to wrap a lot of our services in the Google, but we had the problem with hip a compliance. So in the early days, Google didn't have six years ago. In our early days, Google didn't have a lot of hip, a compliant services. Now they do. Now we're moving. We're trying to move everything we do almost in the Google. That's not because we just love everything about Google. It's for me. I have assessed Google security are team has assessed their security. We have contracts with them and in health care. It's very hard to take on new vendors and say Hey, is there security? Okay, are their contracts okay? It's like a months long process and then even at the end of the day, you still have another vendor out there that sharing your day, that you're sharing your data with them and it's precarious for me. It just it doubles my threat landscape. When I go from Google toe one more, it's like if I put my data there, >> so you're saying multi vendor the old way. This is actually a problematic situation for you. Both technically and what operate timewise or both are super >> problematic for me in terms of like where we spread our data to like It just means that company every hack against that company is brutal for us, like And you know, the other side of the equation is Google has really good pricing. Comparatively, yes, Today we're talking about Big Query, for example, and they wanted to compare Big Query to some other systems and be crazy. G, c p. And And we looked at the other systems and we couldn't find the pricing online. And, like Google's pricing was right there was completely transparent. Easy to understand. The >> security's been vetted. The security's >> exactly Kim. Can you explain when you said the multi vendor of creates problems for you? Why is this? Is it not so much that one vendor is better? The other assistant? It's different. It's different processes or their discernible differences in the quality of the security. >> There are definitely discernible differences in quality, for sure. Yeah, >> and then add to that different processes. Skill sets. Is that writer? Yes, Double click on that E >> everybody away. There's always some I mean almost every vendor. You know, there's always something that you're not perfectly okay with. On the part of the security is something you don't totally like about it. And the more vendors you add, you have. Okay. This person, they're not too good on their physical security at their data center or they're not too good on their policies. They're not too good on their disaster recovery. Like there's you always give a little bit somewhere. I hate to say it, but it's true. It's like nobody's super >> perfect like it's It's so it's a multiplication effects on the trade offs that you have to make. Yeah, it's necessarily bad, but it's just not the way you want to do it. All right? Okay. >> All the time. So you got to get in an S L A u have meetings. You gotta do something vetting. It's learning curves like on the airport taking your shoes off. Yeah. Yeah. And then there's the >> other part. Beyond the security is also downtime. Like if they suffer downtime. How much is that going to impact our company? >> Karthik, you talked about this This new access mall, this three layer who authentication that is the device trusted in the context. I don't understand how you balance the ratio between sort of false positives versus blocking. I think for authentication and devices pretty clear I can authenticate. You are. I don't trust this device. You're not getting in, but the context is interesting. Is that like a tap on the shoulder with with looking at mail? Hey, be careful. Or how are you balancing that? The context realm? >> Yeah, I think it's all about customer choice. Again, customers have, but they look at their application footprint there, making clear decisions on Hey, this is a parole application is a super sensitive as an example, maybe about based meeting application. Brotherly, not a sensitive. So when they're making decisions about hey, you have a manage device. I will need a manage device in order for you to access the payroll application. But if you have you bring your own device. I'm off perfectly fine if you launch a meeting from that. So those are the levels that people are making decisions on today, and it's super easy to segment and classify your application. >> Talk about the the people that are out there watching might say, You know what? I've been really struggling with identity. I've had, you know, l'd app servers at all this stuff out there, you name it. They've all kinds of access medals over the years, the perimeters now gone. So I got a deal to coffee shop, kind of working experience and multiple devices. All these things are reality. I gotta put a plan together. So the folks that are trying to figure this out, what's that? You guys have both weigh in on on approach to take or certain framework. What's what's? How does someone get the first few steps off to go out towards good cloud identity? >> Sure, I only go first, so I think many ways. That's what we try to simplify it. One solution that we call cloud identity because what people want is I want that model. Seems like a huge mountain in front of me, like how do I figure these things out? I'm getting a lot of these terminologies, so I think the key is to just get started on. We've given them lots of ways. You can take the whole of cloud identity solution back to Kim's point. It can be one license from us, that's it and you're done. It's one unified. You I thinks like that. You can also, if you just want to run state three applications on DCP we have something called identity ofher Proxy. It's very fast. Just load yaps random on disability and experience this beyond >> work Classic enterprise Khun >> Yeah, you run all the applications and dcpd and you can And now they're announcing some things that help you connect back with John Thomas application. That's a great way to get started. >> Karthik painted this picture of Okay, it's no perimeter. You can't just dig a moat. The queen wants to leave the castle. All the security, you know, metaphors that we use. I'm interested in how you're approaching response to these days because you have to make trade us because there are discernible differences with different vendors. Make the assumption that people are going to get in so response becomes increasingly important. What have you changed to respond more quickly? What is Google doing to help? >> Well, yeah, So in a model where we are using, a lot of different vendors were having to like they're not necessarily giving us response and detection. Google. Every service we'd wrap into them automatically gets effectively gets wrapped into our security dashboard. There's a couple of different passwords we can use and weaken. Do reporting. We do it. A tremendous amount of compliance content, compliance controls on our DLP, out of e mail out of Dr and there's detection. There's like it's like we don't have to buy an extra tool for detection for every different type of service we have, it's just built into the Google platform, which is it's It's phenomenal from >> detection baked in, It's just >> baked in. We're not to pay extra for it. In fact, I mean way by the enterprise license because it's completely worth it for us. Um, you know, assumes that came out, the enterprise part of it and all the extra tools. We were just immediately on that because the vault is a big thing for us as well. It's like not only response, but how you dig through your assets toe. Look for evidence of things like, if you have some sort of legal case, you need vault, Tio, you know, make the proper ah, data store for that stuff >> is prioritization to Is it not like, figure it out? Okay, which, which threats to actually go after and step out? And I guess other automation. I mean, I don't know if you're automating your run book and things of that nature. But automation is our friends. Ah, big friend of starting >> on the product measures I What's the roadmap looks like and you share any insight into what your priorities are to go the next level. Aussie Enterprise Focus. For Google Cloud is clear Customs on stage. You guys have got a lot of integration points from Chromebooks G Sweep all the way down through Big Query with Auto ML All the stuff's happening. What's on your plate for road map? What things are you innovating around? >> I mean, it's beyond car vision that we're continuing to roll out. We've just ruled out this bit of a sweet access, for example, but all these conditions come in. Do you want to take that to G et? You're gonna look. We're looking at extending that context framework with all the third party applications that we have even answers Thing called beyond our devices FBI and beyond Corp Alliance, because we know it's not just Google security posture. Customers are made investments and other security companies and you want to make sure all of that interoperate really nicely. So you see a lot more of that coming out >> immigration with other security platform. Certainly, enterprises require that I buy everything on the planet these days to protect themselves >> Like there's another company. Let's say that you're using for securing your devices. That sends a signal thing. I trust this device. It security, passing my checks. You want to make sure that that comes through and >> now we're gonna go. But what's your boss's title? Kim Theo, you report to the CEO. Yeah, Awesome guys. >> Creation. Thank you >> way. We've seen a lot of shifts in where security is usually now pretty much right. Strategic is core for the operations with their own practices. So, guys, thanks for coming on. Thanks for the thing you think of the show so far. What's the What's The takeaway came I'll go to you first. What's your What's the vibe of the >> show? It's a little tough for me because I have one of my senior security engineers here, and he's been going to a lot of the events and he comes to me and just >> look at all >> this stuff that they have like, way were just going over before this. I was like, Oh my God, we want to go back to our r R R office and take it all in right today. You know, if we could So yeah, it's a little tough because >> in the candy store way >> love it because again, it's like it's already paying for it. It's like they're just adding on services that we wanted, that we're gonna pay for it now. It's >> and carted quickly. Just get the last word I know was commenting on our opening this morning around how Google's got all five been falling Google since really the beginning of the company and I know for a fact is a tana big day that secures all spread for the company matter. Just kind of getting it. Yeah, share some inside quickly about what's inside Google. From a security asset standpoint, I p software. >> Absolutely. I mean, security's built from the ground up. We've been seeing that and going back to the candy store analogy. It feels like you've always had this amazing candy, but now there's like a stampede to get it, and it's just built in from the ground up. I love the solution. Focus that you found the keynotes and all the sessions that's happening. >> That's handsome connective tissue like Antos. Maybe the kind of people together. >> Yeah. I don't like >> guys. Thanks for coming on. We appreciate Kartik, Kim. Thanks for coming on. It's accused. Live coverage here on the ground floor were on the floor here. Day two of Google Cloud next here in San Francisco on Jeffrey David Lantz Stevens for more coverage after this short break.