(soft click) >> Hey, welcome back everybody Jeff Frick here with theCUBE. We're at Data Privacy Day 2018 here at downtown San Francisco, the LinkedIn headquarters, gracious enough to hose this event. Bigger than last year, last year we were here for the first time at Twitter. And really the momentum continues to grow 'cause there's some big regulations coming down the pike that are really going to be into place. And have significant financial penalties, if you don't get your act together. So, we're excited to have the new Russell Schrader, the Executive Director of the National Cyber Security Alliance Organization behind this event. Russ, great to see you. >> Thank you very much for coming today, it was a great event. >> Absolutely, so, you've been on the job, this job, you said like less than two weeks. >> It's true. >> What do you think? I mean then they throw you right into the big event. >> Well, I've known the organization, I've known the event. But the staff really has done an outstanding job. They made it so easy for me, everything that they've done has just been terrific. They lined up fantastic speakers, they picked cutting edge topics, they put together a really well paced program, and it was just a terrific day for all of us to get in, really have some good discussions. >> You're off to a great start. (chuckles) >> Thank you. (both laugh) >> So you said you're familiar with your orginazation. You know, why are you here? Why did you take advantage of this opportunity? What do you kind of see as the role of this organization? And where do you see the opportunities to really make some significant impact going forward? >> Sure, the National Cyber Security Alliance is a who's who in the organization. People who really care about cyber security. Who see it as part of their social obligation. And it was a wonderful group that I'd worked with before. When I was at Visa and I see now, coming in as Executive Director, to really take it to the next level. We really are pushing, I think, on four separate areas that I think there's a lot of opportunity for it. Doing more cooperate work. Serving more consumers, more consumer education, more consumer awareness. I think working with educating staffers on the hill and in regulatory agencies in D.C. on changes and technological changes. And the cutting edge stuff. But in also, I think working academia, sort of getting involved and getting some of the scholarly, the cutting edge, the new ideas. And just preparing for what's going to happen in the next few years. >> Right, that's interesting 'cause you guys are National Cyber Security, security is often used as a reason to have less privacy. Right? It's often the excuse that the government, big brother, would used to say, you know, "We need to know what you're up to, we've got red light cameras all over the place to make sure you're not running red lights." So, it's an interesting relationship between privacy, security, and then what we're hearing more and more, really, a better linchpin to drive all this, which is, identity. So I wonder if you can share your kind of perspective on kind of the security versus privacy. Kind of trade off and debate. Or am I completely off base and they really need to run in parallel? >> Well, they do intersect a whole lot. People have talked about them being two sides of the same coin. Another speaker today said that security is a science but privacy is an art. As part of it is, you know, security is, the keeping the data in one place, the same way in as when you put it out. Sort of an integrity piece. You know, it isn't being misused, it's not being manipulated in a way and it's just not being changed. So that's a security piece. The privacy piece is people choosing what is used with that data. You know, is it to help me with an app? Is it to give me more information? Is it to give me games to play and things like that? So and that leads into a lot of different advantages in the web and on the internet. Now, identity since you put in a trifecta of big terms. >> Everything's got to be in threes, right? >> And there's three reasons for that. I think that, you know, the identity part is part of who are you. Now on the internet you can be a lot of people, right? The old cartoon was, you know, on the internet no one knows you're a dog. Well, on the internet, you can be a dog, you can be, you know, the person who you are at school, you can be the person who you are among your friends, you can be the person who you are at work. And those different selves, those different identities, are the internet of me. And we just need to make sure that you are curating your identities and sharing the information that you feel comfortable with. And that making sure that those are reaching the right people and not the wrong people. >> Right. So, there's an interesting kind of conundrum, we cover a lot of big data shows. And, you know, and there is kind of a fiduciary moral and now legal responsibility as you're collecting this data to drive some algorithm, some application that you know what you're using it for. And it's a good use of that. And you have a implicit agreement with the people providing you the data. But one the interesting things that comes up is then there's this thing where you've got that data and there's an application down the road that was not part of the original agreement. That no one even had an idea whatever happened. How does that fit in? Because as more and more of this data's getting stored. And there's actually a lot of value that can be unlocked, applying it in different ways, different applications. But, that wasn't the explicit reason that I gave it to you. >> Right, right. And that's really tricky because people have to be really vigilant. There is that education piece. That is the personal responsible piece to do business with companies and with apps that you feel comfortable with. But, you still have to trust but verify. And you do want to look into your phone, look into your PC, look into your other device. And figure out where things have changed, where things are moving. That's one of the great things about being in the Bay area today is innovation. But innovation, you just want to make sure that you are participating in it and you're in the part of innovation that's best for you. >> Okay, so, you mentioned academe, which is great, we do a lot of stuff at Stanford, we do a lot of stuff at MIT. So, as you look at kind of the academic opportunities. Kind of, where is some of the cutting edge research? Where are some of the academe focus areas that are helping advance the science of proxy? >> Well, you named two of the most forward thinking ones right there. So, I'll add to that just because we're talking about Stanford, we have to talk about Berkeley. >> Jeff: Yes. >> Right and Berkeley does have the whole group in privacy and law. On the east coast, in addition to MIT, you see George Washington is doing some things. George Mason is doing some things. And so you want to reach out to different areas. Cornell is doing things as well. So, we want to be able to figure out, where are the best ideas coming from? There are conferences already there. And maybe we can convene some papers, convene some people. And source out and give a little bit of more push and publish to people who otherwise wouldn't be getting the kind of publicity and encourage the kind of research. In privacy and in cyber security. Because there is the business and the consumer educational component. Not just, you know, the tech component to the academic work. >> So, before I let you go, last question. Where do you see is the biggest opportunity? Where's the biggest, either gap that needs to be filled, you know, kind of positive that's filling in negative, or an untapped positive that we've just barely scraped the surface of? >> Well, I think it's all about the consumer, to a large extent, to large one. You've got to figure out, how do you make your life easier. Right? Go back to the iPad introduction, nobody knew that they needed an iPad until they realized they couldn't live without it. You look at what's happened with mobile, right? Now, the idea of having a wallet, is on your phone. So, while I'm waiting in line at the grocery store, I'm checking my messages, I'm texting back and forth. And I just point my phone and I pay. Those kinds of areas are the kind of innovations that are consumer facing, that I think are really terrific. There's a lot of business work as well being done. But you have to figure out where that's going to go and I think the consumer just has a fantastic opportunity. >> Alright, well good opportunity, look forward to catching up a year from now and seeing how much progress you make. >> I think we had such a great program this year, I can't wait til next year, thank you. >> He's Russ Schrader, he's the Executive Director. I'm Jeff Frick, you're watching theCUBE, we're at Data Privacy Day 2018 in San Francisco. Thanks for watching, we'll catch you next time. (soft electronic music)

[Music] from the cube studios in Palo Alto in Boston it's the cube covering the IBM thing brought to you by IBM hello everybody this is state velocity of the cube and you're watching our wall-to-wall coverage of the IBM think digital experience at Justin Youngblood is here he's the vice president of IBM security Justin good to see you again thanks for coming on hey Dave good to be here thank you so look let's get right into it I mean we're here remote I wish we were you know for face-to-face and in Moscow II but things have changed dramatically there's a massive shift to work from home that's you know obviously kovat 19 has tightened the need for security but let's start with some of the things that you're seeing how you're responding the to secure those remote workers and let's get into some of the trends that you're seeing in the security space yeah absolutely some major trends and there is a big response around Cove at night 19 right now and and first of all you know what we tell all of our employees our clients our partners the entire ecosystem is number one priority stay safe and healthy of course even at IBM right now we have over 95% of IBM erse who are working from home we've seen that trend across our clients and partners as well and basically three themes keep popping up as it relates to security in Kovan 19 the first is clients are asking us to help them secure their remote workforce we have a number of tools technologies and services to help them do that the second is detecting and responding to accelerating threats amidst Cova 19 the threat actors are more active than ever they're driving some targeted attacks and phishing campaigns and our clients are asking us for help on that front and then the third is virtually extending security teams and operations and we've got a set of services managed services and and remote employees who can actually work with our clients and help them with their security operation centers and anything they need from a security program yeah I mean when you talk to CISOs they'll tell you look we you know our biggest problem is a lack of talent and we have all these fragmented tools and then now you throw kovat 19 at them and it's okay now overnight blank and secure the remote workforce so talk a little bit about this notion of platforms I've said often the security marketplace is very fragmented that accentuates the skills issue is you got to learn all these different tools and this is integration issues talk about platforms and how that might help solve this problem absolutely security platforms are on the rise do you see a lot of security platforms being announced by vendors today the problem statements are very clear oh as enterprises have moved along on their journey to cloud and digital transformation they now have workloads applications data users spread across multiple cloud environments every enterprise is using multiple clouds today so the problem statements become very clear for security security leaders have too many security tools they have too much data and they don't have enough people right so too many security tools that lack interoperability the average Enterprise has anywhere from 50 to 80 different security point products that don't talk to each other but trying to solve a security problem to pinpoint an issue actually takes looking at multiple screens too much data that comes without insights trying to stitch together all of this disparate data across a fragmented security landscape is very complex and it allows threats to be missed and then not enough people the shortage in cybersecurity is well documented over 2 million unfilled jobs today and that number continues to grow so enter security platforms that are that are on the value proposition of cleaning up this mess in November last year we announced the cloud pack for security that's IBM security platform and it has some some attributes that are powerful compelling we're seeing a lot of traction with client well you mentioned two things that really caught my attention the detection and the response because you know you're gonna get infiltrated everybody gets infiltrated and you know you've seen the stats it takes you know whatever 250 300 days before you can even detect it and then and then responses is critical so so talk about the cloud pack for security you know there are other platforms out there what makes yours different yeah are basically traditional security is broken we have a vision of modern security at centers on the cloud pack for security we set out two years ago with the concept of a next-generation platform it's a security control plane that works across hybrid multi cloud environments it connects all your security data and tools with a common platform that includes IBM and security tools and cloud platforms so whether you're using a sim like Q radar or Splunk endpoint detection systems like carbon black or CrowdStrike and any of the IBM any of the cloud platforms including IBM AWS or Azure it connects all of those and brings the insights together we work with over 50 enterprises and service providers help us co-create this solution and the attributes are its multi cloud capable but for security is multi cloud capable it can bring all the insights together from across these hybrid multi cloud environment it's open it's built and based on open standards and open technologies it's simple and it's composable in the sense that it has the ability to integrate with IBM and third-party technologies and add more capabilities over time what we see from other security platforms in the industry is they they basically approached the problem saying mr. customer bring all your data to our cloud will run the analytics on it and then provide you the insights what's different with cloud pack for security is we take the analytics to the data customers don't need to move their data from all the disparate sources where it exists we take the analytics to the data and bring those insights back to a common console or the or the security leaders and security analysts to take action on why you preaching to the choir now because well first of all you've got the the integration matrix and you've got the resources obviously I mean you mentioned a couple of really prominent and you know some hot products right now and this is the challenge right best to breathe versus fully integrated suite and what you're saying if I understand it correctly is we're not asking you to make that trade-off if you want to use you know of some tool go for it we're gonna integrate with that and give you the control and then the second piece is bringing that analytics capability to the data cuz that's the other thing you really don't want to move your data you the Einstein written move as much data as you have to but no more right absolutely this is a this is a team sport security is a team sport and that's where open technologies are so important the ability with an open API to integrate with any IBM or third-party technology this is not a rip and replace strategy clients can't afford to do that they want to work within their existing security tools but they need a common platform for bring it all together so we talked about the ability to gain complete insights across your hybrid multi cloud environment the ability to act faster with a set of playbooks and automation that basically runs security run books once a once an incident is detected to automatically go about about the fix and then third is the ability to run anywhere cloud pack for security like all of the IBM cloud packs is built on kubernetes and Red Hat openshift so it can be deployed on-premise or on the public cloud of the customers choosing complete choice and flexibility in that deployment I mean another key point you just made is automation and you talked earlier about that skills gap and the unfilled jobs automation is really the way certainly a way and probably a the most important way to close that gap I want to ask you about open could you think about you know security and networks and you know opens almost antithetical to secure I want close but you mean open in a different context and what if we could talk about that and maybe break down the key aspects of open as you defined it we've seen open technologies open standards open source be adopted across technology domains think of operating systems and Linux think of application development think of the management domain and kubernetes which now has a community of over 4,000 developers behind it it's more than any single vendor could put behind it so it's so open technologies really provide a force multiplier for any any industry security has been a laggard in adopting open standards and open source code so last year 2019 October time frame IBM partnered with McAfee and dozens of other vendors and launching the open Cyber Security Alliance focused on open standards that promote interoperability across security tools focused on open source code which we've adopted into an underpin the cloud pack I beams cloth pack for security focused on threat intelligence and analytics and ultimately sharing best practices and let me talk about run books this really comes down to the automated play books that customers need to run in response to a security threat or incident that's become really important automating actions to help security operations teams be more productive so all of those capabilities in total sum up what we're talking about with open technology for security and it underpins our IBM cloud pack for security solution well I've always felt that Open was part of the answer and like you said the industry was slowly to adopt adversary is highly capable he-she they're very well-funded do you think our industry is ready for this open approach we're absolutely ready for the open approach we see customers responding extremely positively to the cloud pack for security and the fact that it is built on open technologies many enterprises come to us and say they want that future proofing of their investments they want to know that what they purchased will interoperate with their existing environments without a rip rip and replace and the only way to get there is through open standards and open technology so it's it's already being well received and we're gonna see it grow just like it has any other technology domains operating systems application development management etc now is the time for security while Justin you're operating in one of the most important aspects of the IT value chain thank you for keeping us safe stay safe down there in Austin and thanks for coming on the queue thank you Dave good to be here take care and thank you for watching everybody watching the cubes coverage of IBM sync 2020 ibm's digital production keep it right there we're right back right after this short break [Music] you

>> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in downtown San Francisco at the Twitter headquarters for Data Privacy Day. An interesting collection of people coming together here at Twitter to talk about privacy, the implications of privacy... And I can't help but think back to the classic Scott McNeely quote right, "Privacy is dead, get over it", and that was in 1999. Oh how the world has changed, most significantly obviously mobile phones with the release of the iPhone in 2007. So we're excited to really kind of have the spearhead of this event, Michael Kaiser. He's the executive director of the National Cyber Security Alliance in from Washington D.C.. Michael, great to see you. >> Thanks for having us in. >> For the folks that aren't here, what is kind of the agenda today? What's kind of the purpose, the mission? Why are we having this day? >> Well Data Privacy Day actually comes to us from Europe, from the EU which created privacy as a human right back in 1981. We've been doing it here in the United States since around 2008. NCSA took over the effort in 2011. The goal here really is just help educate people, people and businesses as well, about the importance of respecting privacy, the importance of safeguarding information, people's personal data. And then really hopefully with an end goal of building a lot more trust in the ecosystem around the handling of personal data which is so vital to the way the internet works right now. >> Right, and it seems like obviously companies figured out the value of this data long before individuals did and there's a trade for service. You use Google Maps, you use a lot of these services but does the value exchange necessarily, is it equal? Is it at the right level? And that seems to be kind of the theme of some of these privacy conversations. You're giving up a lot more value than you're getting back in exchange for some of these services. >> Yeah, and we actually have a very simple way that we talk about that. We like to say that personal information is like money and that you should value it and protect it. And so, trying to encourage people and educate people to understand that their personal information does have value and there is an exchange that's going on. They should make sure that those transactions are ones that they're comfortable in terms of giving their information and what they get back. >> Right, which sounds great Michael but then you know you get the EULA, you know you sign up for these things and they don't really give you the option. You can kind of read it but who reads it? Who goes through? You check the box and you move on. And or you get this announcement, we changed our policy, we changed our policy, we changed our policy. So, I don't know if realistic is the right word but how do people kind of navigate that? Because, let's face it my friends told me about Uber, I want to get an UBER. I download UBER. I'm stuck in a rainy corner in D.C. and I hit go and here comes the car. I don't really dig into the meat. Is there an option? I mean there's not really, I opt for privacy one, two, three and I'm opting out of five, six, seven. >> Yeah, I think we're seeing a little bit more granular controls for people on some of these things now but I think that's what we'd advocate for more. When we talk to consumers they tell us mostly that they want to have better clarity about what's being collected about them, better clarity about how that information's being used, or if it's, how it's being shared. Equally importantly, if there are controls where are they, how easy are they to use, and making them more prominent so people can engage in sort of making the services tailored to their own sort of privacy profile. I think we'd like to see more of that for sure, more companies being a little more forthcoming. Yeah you have the big privacy policy that's a long complicated legal document but there may be other way to create interfaces with your customers that make some of the key pieces more apparent. >> And do you see a trend where, because you mentioned in some of the notes that we prepared that privacy is good for business and potentially is a competitive differentiator. Are you starting to see where people are surfacing privacy more brightly so that they can potentially gain the customer, gain respect of the customer, the business of the customer over potentially a rival that's got that buried down? Is that really a competitive lever that you see? >> Well I think you see some extremes. So you see some companies that say we don't collect any information about you at all so that's part of, out there, and I think they're marketing to people who have extreme concerns about this. But I also think we're seeing again some places where there are more higher profile ability to control some of this data right. Even in you know places like the mobile setting where sometimes you'll just get a little warning saying oh this is about to use your location, is that okay, or your location is turned off you need to turn it back on in order to use this particular app. And I think those kinds of interfaces with the user of the technology are really important going forward. We don't want people overwhelmed like every time you turn on your phone you're going to have to answer 17 things in order to get to do x, y, and z but making people more aware of how the apps are using the information they collect about you I think is actually good for business. I think actually sometimes consumers get confused because they'll see a whole list of permissions that need to be provided and they don't understand how those permissions apply to what the app or service is really going to do. >> Right, right. >> Yeah, that's an interesting one. I was at a, we were at Grace Hopper in October and one of the keynote speakers was talking about how mobile data has really changed this thing right because once you're on your mobile phone it uses all the capabilities that are native in the phone in terms of geolocation, accelerometer, etc. All these things that a lot of people probably didn't know were different on the mobile Facebook app than were on the desktop Facebook app. Let's face it, most this stuff is mobile these days, certainly with the younger kids. As you said, and that's an interesting tack, why do you need access to my context? Why do you need access to my pictures? Why do you need access to my location? And then the piece that I'm curious to get your opinion, will some of the value come back to the consumer in terms of I'm not just selling your stuff, I'm not monetizing it via ads, I'm going to give some of that back to you? >> Yeah, I think there's a couple things there. One quick point on the other issue there, without naming names I was looking at an app and it said it had to have access to my phone, and I'm like why would this app need access to my phone? And then I realized later well it needs access to my phone because if the phone rings it needs to turn itself off so I can answer the phone. But that wasn't apparent right? And so I think it can be confusing to people like maybe it's innocuous in some ways. Some ways it might not be but in that case it was like okay yeah because if the phone rings I'd rather answer my phone than be looking at the app. >> Right, can I read it or can I just see it. You know the degree of the access too is very confusing. >> Yeah and I think in terms of the other issues that you're raising here about how the value exchange on data, I think the internet of things is really going to play a big role in this because it's really... You know in the current world it's about you know data, delivering ads, those kinds of things, making the experience more customized. But in IoT where you're talking about wearables or fitness or those kinds of things, or thermostats in your home, your data really drives that. So in order for those devices to really work well they have to have data about you. And that's where I think customers will really have to give great thought to. You know is that a good value proposition, right? I mean, do I want to share my data about when I come and leave every day just so my thermostat you know can turn on and off. And I think those are you know can be conscience decisions about when you're implementing that kind of technology. >> Right, so there's another interesting tack I'd love to get your opinion on. You know we see Flo from the Progressive commercials advertising to stick the USB in your cigarette lighter and we'll give you cheaper rates because now we know if you stop at stop signs or not. What's funny to me is that phone already knows whether you stop at stop signs or not and it already knows that you take 18 trips to 7-Eleven on a Saturday afternoon and you're sitting on your couch the balance of the time. As that information that's there somehow gets exposed and potentially runs into say healthcare mandated requirement from the company that you must wear Fitbits so now we know you're spending too much time at the 7-Eleven and on your couch and how that impacts your health insurance and stuff. And that's going to crash right into HIPAA. It just seems like there's this huge kind of collision coming from you know I can provide better service to people at the good end of the scale, and say aggregated risk models, but then what happens to the poor people at the other end? >> Well, I think that's why you have to have opt in, right? I think you can't make these things mandatory necessarily. And I think people have to be extremely aware of when their data is being collected and how it's being used. And so, you know the example of like the car insurance, I mean they can only, really should only be able to access that data about where you're going if you sign up to do that right? And if they want to say to you, hey Michael we might give you a better rate if we can track your, you know driving habits for a couple of weeks then that should be my choice right to give that data. Maybe my rates might be impacted if I don't but I can make that choice myself and should be allowed to make that choice myself. >> So it's funny, the opt in and opt out, so right now from your point of view what do you see in terms of the percentage of kind of opt in opt out on these privacy issues? Where is it and where should it be? >> Well I would like to see some more granular controls for the consumer in general right. I would like to see... And I said a little bit earlier a lot more transparency and ease of access to what's being collected about you and what's being used. You know outside of the formal legal process, obviously you know companies have to follow the law. They have to comply. They have to be, you know write these long EULAs or privacy policies in order to really reflect what they're doing. But they should be talking to their customers and understanding what's the most important thing that you want to know about my service before you sign up for it. And help people understand that and navigate their way through it. And I think in a lot of cases consumers will click yeah let's do it but they should do that really knowingly. If opting in is you're opting in it should be done with true consent right. >> Okay, so before I let you go just share some best practices, tips and tricks, you know kind of at least the top level what people should be thinking about, what they should be doing. >> Yeah, so we really, you know in this kind of space we look at a couple things. One, personal informations like money value and protect it. That really means being thoughtful about what information you share, when you share it, who you share it with. Own your online presence, this is really important. Consumers have an active role in how they interact with the internet. Use the settings that are there right. Use the safety and security or privacy and security settings that are in the services that you have. And then, actually a lot of this is behavioral. What you share is really important yourself so share with care right. I mean be thoughtful about the kinds of information that you put out there about yourself. Be thoughtful about the kind of information that you put about your friends and family. Realize that every single one of us in this digital world is entrusted with personal information about people much more than we used to be in the past. We have that responsibility to safeguard what other people give to us and that should be the common goal around the internet. >> I think we have to have you at the bullying and harassment convention down the road. Great insight Michael and really appreciate it. Have a great day today. I'm sure there's going to be a lot of terrific content that comes out. And for people to get more information go to the National Cyber Security Alliance. Thanks for stopping by. >> Thank you for having us. >> Absolutely. He's Michael Kaiser. I'm Jeff Frick. You're watching theCUBE, thanks for watching.