(upbeat music) >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in downtown San Francisco, at the RSA Conference, 40,000 people, the place is packed. North, south, east, west, I've never seen so many people at Moscone since Oracle OpenWorld, but they're all here helping us, keep us safe and we're excited for and we're all rooting for the good guys. We're excited for our next guest, Kapil Raina. He's the VP Product Marketing for HyTrust. Kapil, welcome. >> Hi, thank you, thank you very much. >> So for people that aren't familiar with HyTrust, give us kind of the quick overview. >> Sure, sure. HyTrust, we're a company that provides security compliance solutions for multi workload cloud environments and what that means is, companies that have say, infrastructure in one data center or two data centers of their own, different geographies, maybe they've moved to The Cloud, AWS, Microsoft etc. And what we do, is we make it easier for them to provide security, which means protection against data breaches or insider threats and compliance, being able to prove to an auditor, or to their customers, that their infrastructure, no matter where it lives, is secure. >> Right, so the cloud world is interesting, right. AWS obviously showed that Public Cloud is good, enterprises are happy to adopt a Public Cloud. Sales foreshow that a cloud based application SAAS service also works for the enterprise, but then you still have old data centers, you have private data centers and you have hybrid data centers and then, oh by the way, a lot of times, workloads move between the two, so it's a complicated enough world, before you even add over the security layer. >> Yeah, that's a great point. It's really fascinating, when you look back, you would have never thought that the general tenants of your data center, your infrastructure would ever be up for discussion. It is now. What you're seeing is, that CIOs are struggling with, is okay, which cloud provider do I choose, right. Amazon Web Services, great for certain things, but there's also a drawback. Then you have IBM Cloud, you have Google stepping into the game. You have a number of these vendors. Overlay on top of that, the geographical concerns, so for example, your GDPR in Europe, right and even in the US, you have things HIPPA, and other things that keep changing. So one is, you have the players changing on the infrastructure side, you have the regulatory complaints changing on a potentially, per country or per region basis, and you have to keep all that secure and compliant, while your own admins don't always know necessarily what they're doing, because you went from compute, storage and now network virtualization. Everything is an object and anyone can touch anything at any time, but as a CIO or the CISO, you're still responsible for all of that. >> Right, and then you've got all these APIs, so you're tying together a bunch of applications, you've got DevOps, so you're actually pushing out new code, many, many times a day and everybody's working off their iPhone, or work it out of their home home, which was part of the topic of Keynote today. You have this whole new threat surface, called your house, which increasingly has more connected devices and you're probably working on your laptop, you know, on the kitchen table, now and then. >> Yeah, you know, HyTrust, it's interesting, you know, we have been around for eight plus years, developing expertise in the security space, compliance and infrastructure and we've seen from, we have some very big federal government customers, some of the biggest banks, retail, health organization in the world. What we learned from our customers, is that yes, there is hope, right. >> I'm glad, you're like the first optimist we've had on the show. >> There is hope, there is definitely hope. >> The bad guys are still winning, okay, good. >> So where the hope comes in is, not tying your security compliance needs to your infrastructure, otherwise once you change infrastructure, you have to relearn all those tools, all those skills, it could be different people you have to bring in. That, itself, is an issue. If you can sort, if you will separate your security and compliance needs from your infrastructure, in other words, wherever your workload goes, you pick your Public Cloud, you've picked your Private Cloud. If you can secure it, you can prove compliance, you're in good shape and that's what really HyTrust is bringing to the table, saying as a customer, you know already what your security policy is. Don't do bad stuff, do good stuff, follow the rules. But it gets complicated when you change workloads, change environments and change people. And so we simplify a lot of that, so yes there is hope. >> And you keep saying security and compliance together, yet those are two very different challenges that are related but not the same, so how do people prioritize what sometimes maybe falls off the table doesn't get the attention that it should, or does one really drive the other? >> So what's interesting is if you look at over time for enterprise organizations, the number of individuals, and the number of departments involved in a particular purchase decision has increased. Why? Because the consolidation of infrastructure, virtualization for example, has now forced security, compliance and infrastructure all to work together. They have to come together to decide how to do a certain deployment, how to do a certain set of policy changes, and so, the reason I say that, is because they actually have to work together. It's no longer the days where security goes in the corner, chooses some five products, they're happy, compliance sets up a set of rules, they're happy, they all have to work together now and so, in large part, that coming together's happening now. So there is some initial pinpoint, but the other end of that is you'll have a much more streamlined compliance process. Everyone will know what they're supposed to do. There's not this, "Oh, I've got another audit coming", they won't be spending so much money on it, and on the security side, you've actually reduced your tax service by not relying on specific point solutions. You're creating a single policy that gets implemented regardless of the infrastructure. >> Right, and then you get to see it across GEOS, across data centers, across-- >> Absolutely. >> So it's an interesting kind of, point of view, where we've got kind of this state-sponsored stuff going on, but it's the companies that operate in many countries, that in some ways have maybe better visibility into the variety of different types of threats. >> Yeah, and you know, what's interesting is, you can look it at two levels. One, there's obviously a policy level, right. A lot of large customers say, "Look, what can I", even if we have some of the largest retailers in the world, largest banks in the world, "What can I, even as a CEO of these large companies do, for a state-sponsored attack." And then you have, sort of the technology approach, which is, "Well I got to do something, right". Targeting all of these breaches have showed that regardless of how it happens, you're still responsible at the end of the day for your customers' safety and what our response to that is, Look, you can influence policy to a degree and you should, right. From a technology point of view, be independent of your provided suppliers. Be able to say, "I have a security policy, I have compliance needs, but if I need to, I will switch infrastructure to ensure that both my business runs and my customers are safe", and that ability, that agility, is only now becoming sort of, more mainstream, and people are asking for it. >> But it's interesting, one of topics in the Keynote today, was you know, you don't need to employ every single person that's got a boot on the floor. I mean, at some point in time, there's some rationalization on you know, who are the partners that you choose, to go to war with, in this fight and it's, you know, I can see from a CIO perspective, you got to walk 'round this floor and the other floor at west and north and you just go, "Oh my gosh, where do I start". >> Well you know, I'll layer on one long more complexity. If you're the CIO, this here, this shows one fraction of what you're worried about, which is security. Right, it doesn't even get you kudos, you just don't screw it up, right. But you're worried about your business. How do I expand into other markets? How do I open up another branch? How do I do it quickly? Right. So from that point of view, I think what you'll see here, is a lot of consolidation and the consolidation will happen, not just because you have the best technology, but because the company provides, the vendor provides to the CIO, both an understanding, how do these pieces fit together. Even if you're a company in the stack, can you explain to the customer where you fit in the stack and make their life easier, 'cause if they're already saying, "Hey, I'm thinking agility like DevOps", you already have to be thinking about how you fit into their environment, not the other way around, right. >> Alright, Kapil, I'll give you the last word. What are you priorities for 2017? If we meet again here a year from today, what are we going to be talking about that 2017 was all about? >> Sure, absolutely, so HyTrust's main mission really, is to simplify this idea of multi-cloud workload security compliance and so, our focus in 2017 is to expand that ability across all the public and private clouds and make it much easier, and then from a company point of view, we're heavily involved with various organizations to communicate that knowledge out, to share the learnings that we have out to all of you out there, whether you're at the C level, the director level or even if you're a practitioner, we're here for you. >> Alright, well nice summary. Thanks for stopping by. >> Thank you. >> Alright, he's Kapil, I'm Jeff. You're watching theCUBE from RSA 2017 in downtown San Francisco. Thanks for watching. (upbeat tune) (ambient music)