>>welcome to our session on security titled Securing Your Cloud. Everywhere With Me is Brian Langston, senior solutions engineer from Miranda's, who leads security initiatives from Renta's most security conscious customers. Our topic today is security, and we're setting the bar high by talking in some depth about the requirements of the most highly regulated industries. So, Brian four Regulated industries What do you perceive as the benefits of evolution from classic infra za service to container orchestration? >>Yeah, the adoption of container orchestration has given rise to five key benefits. The first is accountability. Think about the evolution of Dev ops and the security focused version of that team. Deb. SEC ops. These two competencies have emerged to provide, among other things, accountability for the processes they oversee. The outputs that they enable. The second benefit is audit ability. Logging has always been around, but the pervasiveness of logging data within container or container environments allows for the definition of audit trails in new and interesting ways. The third area is transparency organizations that have well developed container orchestration pipelines are much more likely to have a higher degree of transparency in their processes. This helps development teams move faster. It helped operations teams operations teams identify and resolve issues easier and help simplify the observation and certification of security operations by security organizations. Next is quality. Several decades ago, Toyota revolutionized the manufacturing industry when they implemented the philosophy of continuous improvement. Included within that philosophy was this dependency and trust in the process as the process was improved so that the quality of the output Similarly, the refinement of the process of container orchestration yields ah, higher quality output. The four things have mentioned ultimately points to a natural outcome, which is speed when you don't have to spend so much time wondering who does what or who did what. When you have the clear visibility to your processes and because you can continuously improve the quality of your work, you aren't wasting time in a process that produces defects or spending time and wasteful rework phases. You can move much faster than we've seen this to be the case with our customers. >>So what is it specifically about? Container orchestration that gives these benefits, I guess. I guess I'm really asking why are these benefits emerging now around these technologies? What's enabling them, >>right? So I think it boils down to four things related to the orchestration pipelines that are also critical components. Two successful security programs for our customers and related industry. The first one is policy. One of the core concepts and container orchestration is this idea of declaring what you want to happen or declaring the way you want things done? One place where declarations air made our policies. So as long as we can define what we want to happen, it's much easier to do complementary activities like enforcement, which is our second enabler. Um, tools that allow you to define a policy typically have a way to enforce that policy. Where this isn't the case, you need to have a way of enforcing and validating the policies objectives. Miranda's tools allow custom policies to be written and also enforce those policies. The third enabler is the idea of a baseline. Having a well documented set of policies and processes allows you to establish a baseline. Um, it allows you to know what's normal. Having a baseline allows you to measure against it as a way of evaluating whether or not you're achieving your objectives with container orchestration. The fourth enabler of benefits is continuous assessment, which is about measuring constantly back to what I said a few minutes ago. With the toilet away measuring constantly helps you see whether your processes and your target and state are being delivered as your output deviates from that baseline, your adjustments can be made more quickly. So these four concepts, I think, could really make or break your compliance status. >>It's a really way interesting way of thinking about compliance. I had thought previously back compliance, mostly as a as a matter of legally declaring and then trying to do something. But at this point, we have methods beyond legal boilerplate for asserting what we wanna happen, as you say, and and this is actually opening up new ways to detect, deviation and and enforce failure to comply. That's really exciting. Um, so you've you've touched on the benefits of container orchestration here, and you've provided some thoughts on what the drivers on enablers are. So what does Miranda's fit in all this? How does how are we helping enable these benefits, >>right? Well, our goal and more antis is ultimately to make the world's most compliant distribution. We we understand what our customers need, and we have developed our product around those needs, and I could describe a few key security aspects about our product. Um, so Miranda's promotes this idea of building and enabling a secure software supply chain. The simplified version of that that pertains directly to our product follows a build ship run model. So at the build stage is doctor trusted registry. This is where images are stored following numerous security best practices. Image scanning is an optional but highly recommended feature to enable within D T R. Image tags can be regularly pruned so that you have the most current validated images available to your developers. And the second or middle stage is the ship stage, where Miranda's enforces policies that also follow industry best practices, as well as custom image promotion policies that our customers can write and align to their own internal security requirements. The third and final stages to run stage. And at this stage, we're talking about the engine itself. Docker Engine Enterprise is the Onley container, run time with 51 40 dash to cryptography and has many other security features built in communications across the cluster across the container platform are all secure by default. So this build ship stage model is one way of how our products help support this idea of a secure supply chain. There are other aspects of the security supply chain that arm or customer specific that I won't go into. But that's kind of how we could help our product. The second big area eso I just touched on the secure supply chain. The second big area is in a Stig certification. Um, a stick is basically an implementation or configuration guide, but it's published by the U. S government for products used by the US government. It's not exclusive to them, but for customers that value security highly, especially in a regulated industry, will understand the significance and value that the Stig certification brings. So in achieving the certification, we've demonstrated compliance or alignment with a very rigid set of guidelines. Our fifth validation, the cryptography and the Stig certification our third party at two stations that our product is secure, whether you're using our product as a government customer, whether you're a customer in a regulated industry or something else, >>I did not understand what the Stig really Waas. It's helpful because this is not something that I think people in the industry by and large talk about. I suspect because these things are hard to get and time consuming to get s so they don't tend to bubble up to the top of marketing speak the way glitzy new features do that may or may not >>be secure. >>The, uh so then moving on, how has container orchestration changed? How your customers approach compliance assessment and reporting. >>Yeah, This has been an interesting experience and observation as we've worked with some of our customers in these areas. Eso I'll call out three areas. One is the integration of assessment tooling into the overall development process. The second is assessment frequency and then the third is how results are being reported, which includes what data is needed to go into the reporting. There are very likely others that could be addressed. But those are three things that I have noticed personally and working with customers. >>What do you mean exactly? By integration of assessment tooling. >>Yeah. So our customers all generally have some form of a development pipeline and process eso with various third party and open source tools that can be inserted at various phases of the pipeline to do things like status static source would analysis or host scanning or image scanning and other activities. What's not very well established in some cases is how everything fits within the overall pipeline framework. Eso fit too many customers, ends up having a conversation with us about what commands need should be run with what permissions? Where in the environment should things run? How does code get there that does this scanning? Where does the day to go? Once the out once the scan is done and how will I consume it? Thies Real things where we can help our customers understand? Um, you know what? Integration? What? Integration of assessment. Tooling really means. >>It is fascinating to hear this on, baby. We can come back to it at the end. But what I'm picking out of this Ah, this the way you speak about this and this conversation is this kind of re emergence of these Japanese innovations in product productivity in in factory floor productivity. Um, like, just in time delivery and the, you know, the Toyota Miracle and, uh, and that kind of stuff. Fundamentally, it's someone Yesterday, Anders Wahlgren from cloud bees, of course. The C I. C D expert told me, um, that one of the things he likes to tell his, uh consult ease and customers is to put a GoPro on the head of your code and figure out where it's going and how it's spending its time, which is very reminiscent of these 19 fifties time and motion studies, isn't it that that that people, you know pioneered accelerating the factory floor in the industrial America of the mid century? The idea that we should be coming back around to this and doing it at light speed with code now is quite fascinating. >>Yeah, it's funny how many of those same principles are really transferrable from 50 60 70 years ago to today. Yeah, quite fascinating. >>So getting back to what you were just talking about integrating, assessment, tooling, it sounds like that's very challenging. And you mentioned assessment frequency and and reporting. What is it about those areas that that's required? Adaptation >>Eso eso assessment frequency? Um, you know, in legacy environments, if we think about what those look like not too long ago, uh, compliance assessment used to be relatively infrequent activity in the form of some kind of an audit, whether it be a friendly peer review or intercompany audit. Formal third party assessments, whatever. In many cases, these were big, lengthy reviews full of interview questions, Um, it's requests for information, periods of data collection and then the actual review itself. One of the big drawbacks to this lengthy engagement is an infrequent engagement is that vulnerabilities would sometimes go unnoticed or unmitigated until these reviews at it. But in this era of container orchestration, with the decomposition of everything in the software supply chain and with clearer visibility of the various inputs to the build life cycle, our customers can now focus on what tooling and processes can be assembled together in the form of a pipeline that allows constant inspection of a continuous flow of code from start to finish. And they're asking how our product can integrate into their pipeline into their Q A frameworks to help simplify this continuous assessment framework. Eso that's that kind of addresses the frequency, uh, challenge now regarding reporting, our customers have had to reevaluate how results are being reported and the data that's needed in the reporting. The root of this change is in the fact that security has multiple stakeholder groups and I'll just focus on two of them. One is development, and their primary focus, if you think about it, is really about finding and fixing defects. That's all they're focused on, really, is there is there pushing code? The other group, though, is the Security Project Management Office, or PMO. This group is interested in what security controls are at risk due to those defects. So the data that you need for these two stakeholder groups is very different. But because it's also related, it requires a different approach to how the data is expressed, formatted and ultimately integrated with sometimes different data sources to be able to appease both use cases. >>Mhm. So how does Miranda's help improve the rate of compliance assessment? Aziz? Well, as this question of the need for differential data presentation, >>right, So we've developed on exposed a P I S that helped report the compliance status of our product as it's implemented in our customers on environment. So through these AP eyes, we express the data and industry standard formats using plastic out Oscar is a relatively new project out of the mist organization. It's really all about standardizing a set of standards instead of formats that expresses control information. So in this way our customers can get machine and human readable information related to compliance, and that data can then be massaged into other tools or downstream processes that our customers might have. And what I mean by downstream processes is if you're a development team and you have the inspection tools, the process is to gather findings defects related to your code. A downstream process might be the ticketing system with the era that might log a formal defect or that finding. But it all starts with having a common, standard way of expressing thes scan output. And the findings such that both development teams and and the security PMO groups can both benefit from the data. So essentially we've been following this philosophy of transparency, insecurity. What we mean by that is security isn't or should not be a black box of information on Lee, accessible and consumable by security professionals. Assessment is happening proactively in our product, and it's happening automatically. We're bringing security out of obscurity by exposing the aspects of our product that ultimately have a bearing on your compliance status and then making that information available to you in very user friendly ways. >>It's fascinating. Uh uh. I have been excited about Oscar's since, uh, since first hearing about it, Um, it seems extraordinarily important to have what is, in effect, a ah query capability. Um, that that let's that that lets different people for different reasons formalize and ask questions of a system that is constantly in flux, very, very powerful. So regarding security, what do you see is the basic requirements for container infrastructure and tools for use in production by the industries that you are working with, >>right? So obviously, you know, the tools and infrastructure is going to vary widely across customers. But Thio generalize it. I would refer back to the concept I mentioned earlier of a secure software supply chain. There are several guiding principles behind us that are worth mentioning. The first is toe have a strategy for ensuring code quality. What this means is being able to do static source code analysis, static source code analysis tools are largely language specific, so there may be a few different tools that you'll need to have to be able to manage that, um, second point is to have a framework for doing regular testing or even slightly more formal security assessments. There are plenty of tools that can help get a company started doing this. Some of these tools are scanning engines like open ESCAP that's also a product of n'est open. ESCAP can use CS benchmarks as inputs, and these tools do a very good job of summarizing and visualizing output, um, along the same family or idea of CS benchmarks. There's many, many benchmarks that are published. And if you look at your own container environment, um, there are very likely to be many benchmarks that can form the core platform, the building blocks of your container environment. There's benchmarks for being too, for kubernetes, for Dr and and it's always growing. In fact, Mirante is, uh, editing the benchmark for container D, so that will be a formal CSCE benchmark coming up very shortly. Um, next item would be defining security policies that line with your organization's requirements. There are a lot of things that come out of box that comes standard that comes default in various products, including ours, but we also give you through our product. The ability to write your own policies that align with your own organization's requirements, uh, minimizing your tax surface. It's another key area. What that means is only deploying what's necessary. Pretty common sense. But sometimes it's overlooked. What this means is really enabling required ports and services and nothing more. Um, and it's related to this concept of least privilege, which is the next thing I would suggest focusing on these privileges related to minimizing your tax service. It's, uh, it's about only allowing permissions to those people or groups that excuse me that are absolutely necessary. Um, within the container environment, you'll likely have heard this deny all approach. This denial approach is recommended here, which means deny everything first and then explicitly allow only what you need. Eso. That's a very common, uh uh, common thing that sometimes overlooked in some of our customer environments. Andi, finally, the idea of defense and death, which is about minimizing your plast radius by implementing multiple layers of defense that also are in line with your own risk management strategy. Eso following these basic principles, adapting them to your own use cases and requirements, uh, in our experience with our customers, they could go a long way and having a secure software supply chain. >>Thank you very much, Brian. That was pretty eye opening. Um, and I had the privilege of listening to it from the perspective of someone who has been working behind the scenes on the launch pad 2020 event. So I'd like to use that privilege to recommend that our listeners, if you're interested in this stuff certainly if you work within one of these regulated industries in a development role, um, that you may want to check out, which will be easy for you to do today, since everything is available once it's been presented. Matt Bentley's live presentation on secure Supply Chain, where he demonstrates one possible example of a secure supply chain that permits image. Signing him, Scanning on content Trust. Um, you may want to check out the session that I conducted with Andres Falcon at Cloud Bees who talks about thes um, these industrial efficiency factory floor time and motion models for for assessing where software is in order to understand what policies can and should be applied to it. Um, and you will probably want to frequent the tutorial sessions in that track, uh, to see about how Dr Enterprise Container Cloud implements many of these concentric security policies. Um, in order to provide, you know, as you say, defense in depth. There's a lot going on in there, and, uh, and it's ah, fascinating Thio to see it all expressed. Brian. Thanks again. This has been really, really educational. >>My pleasure. Thank you. >>Have a good afternoon. >>Thank you too. Bye.

>>from the Cube Studios in Palo Alto in Boston, connecting with thought leaders all around the world. This is a cube conversation. >>Hey, welcome back. You're ready, Jeffrey here with the Cuban Apollo Alto studios today, and we're excited. You know, we're slowly coming out of the, uh, out of the summer season. We're getting ready to jump back into the fall. Season, of course, is still covet. Everything is still digital. But you know, what we're seeing is a digital events allow a lot of things that you couldn't do in the physical space. Mainly get a lot more people to attend that don't have to get in airplanes and file over the country. So to preview this brand new inaugural event that's coming up in about a month, we have We have a new guest. He's Dave and Everen. He is the senior vice president of marketing. Former ran tous. Dave. Great to see you. >>Happy to be here today. Thank you. >>Yeah. So tell us about this inaugural event. You know, we did an event with Miranda's years ago. I had to look it up like 2014. 15. Open stack was hot and you guys sponsored a community event in the Bay Area because the open stack events used to move all over the country each and every year. But you guys said, and the top one here in the Bay Area. But now you're launching something brand new based on some new activity that you guys have been up to over the last several months. So let us give us give us the word. >>Yeah, absolutely. So we definitely have been organizing community events in a variety of open source communities over the years. And, you know, we saw really, really good success with with the Cube And are those events in opens tax Silicon Valley days? And, you know, with the way things have gone this year, we've really seen that virtual events could be very successful and provide a new, maybe slightly different form of engagement but still very high level of engagement for our guests and eso. We're excited to put this together and invite the entire cloud native industry to join us and learn about some of the things that Mantis has been working on in recent months. A zwelling as some of the interesting things that are going on in the Cloud native and kubernetes community >>Great. So it's the inaugural event is called Moran Sous launchpad 2020. The Wares and the Winds in September 16th. So we're about a month away and it's all online is their registration. Costars is free for the community. >>It's absolutely free. Eso everyone is welcome to attend You. Just visit Miranda's dot com and you'll see the info for registering for the event and we'd love it. We love to see you there. It's gonna be a fantastic event. We have multiple tracks catering to developers, operators, general industry. Um, you know, participants in the community and eso we'd be happy to see you on join us on and learn about some of the some of the things we're working on. >>That's awesome. So let's back up a step for people that have been paying as close attention as they might have. Right? So you guys purchase, um, assets from Docker at the end of last year, really taken over there, they're they're kind of enterprise solutions, and you've been doing some work with that. Now, what's interesting is we we cover docker con, um, A couple of months ago, a couple three months ago. Time time moves fast. They had a tremendously successful digital event. 70,000 registrants, people coming from all over the world. I think they're physical. Event used to be like four or 5000 people at the peak, maybe 6000 Really tremendous success. But a lot of that success was driven, really by the by the strength of the community. The docker community is so passionate. And what struck me about that event is this is not the first time these people get together. You know, this is not ah, once a year, kind of sharing of information and sharing ideas, but kind of the passion and and the friendships and the sharing of information is so, so good. You know, it's a super or, um, rich development community. You guys have really now taken advantage of that. But you're doing your Miranda's thing. You're bringing your own technology to it and really taking it to more of an enterprise solution. So I wonder if you can kind of walk people through the process of, you know, you have the acquisition late last year. You guys been hard at work. What are we gonna see on September 16. >>Sure, absolutely. And, you know, just thio Give credit Thio Docker for putting on an amazing event with Dr Khan this year. Uh, you know, you mentioned 70,000 registrants. That's an astounding number. And you know, it really is a testament thio. You know, the community that they've built over the years and continue to serve eso We're really, really happy for Docker as they kind of move into, you know, the next the next path in their journey and, you know, focus more on the developer oriented, um, solution and go to market. So, uh, they did a fantastic job with the event. And, you know, I think that they continue toe connect with their community throughout the year on That's part of what drives What drove so many attendees to the event assed faras our our history and progress with with Dr Enterprise eso. As you mentioned mid November last year, we did acquire Doctor Enterprise assets from Docker Inc and, um, right away we noticed tremendous synergy in our product road maps and even in the in the team's eso that came together really, really quickly and we started executing on a Siris of releases. Um that are starting Thio, you know, be introduced into the market. Um, you know, one was introduced in late May and that was the first major release of Dr Enterprise produced exclusively by more antis. And we're going to announce at the launch pad 2020 event. Our next major release of the Doctor Enterprise Technology, which will for the first time include kubernetes related in life cycle management related technology from Mirant is eso. It's a huge milestone for our company. Huge benefit Thio our customers on and the broader user community around Dr Enterprise. We're super excited. Thio provide a lot of a lot of compelling and detailed content around the new technology that will be announcing at the event. >>So I'm looking at the at the website with with the agenda and there's a little teaser here right in the middle of the spaceship Docker Enterprise Container Cloud. So, um, and I glanced into you got a great little layout, five tracks, keynote track D container track operations and I t developer track and keep track. But I did. I went ahead and clicked on the keynote track and I see the big reveal so I love the opening keynote at at 8 a.m. On the 76 on the September 16th is right. Um, I, Enel CEO who have had on many, many times, has the big reveal Docker Enterprise Container Cloud. So without stealing any thunder, uh, can you give us any any little inside inside baseball on on what people should expect or what they can get excited about for that big announcement? >>Sure, absolutely so I definitely don't want to steal any thunder from Adrian, our CEO. But you know, we did include a few Easter eggs, so to speak, in the website on Dr Enterprise. Container Cloud is absolutely the biggest story out of the bunch eso that's visible on the on the rocket ship as you noticed, and in the agenda it will be revealed during Adrian's keynote, and every every word in the product name is important, right? So Dr Enterprise, based on Dr Enterprise Platform Container Cloud and there's the new word in there really is Cloud eso. I think, um, people are going to be surprised at the groundbreaking territory that were forging with with this release along the lines of a cloud experience and what we are going to provide to not only I t operations and the Op Graders and Dev ops for cloud environment, but also for the developers and the experience that we could bring to developers As they become more dependent on kubernetes and get more hands on with kubernetes. We think that we're going thio provide ah lot of ways for them to be more empowered with kubernetes while at the same time lowering the bar, the bar or the barrier of entry for kubernetes. As many enterprises have have told us that you know kubernetes can be difficult for the broader developer community inside the organization Thio interact with right? So this is, uh, you know, a strategic underpinning of our our product strategy. And this is really the first step in a non going launch of technologies that we're going to make bigger netease easier for developing. >>I was gonna say the other Easter egg that's all over the agenda, as I'm just kind of looking through the agenda. It's kubernetes on 80 infrastructure multi cloud kubernetes Miranda's open stack on kubernetes. So Goober Netease plays a huge part and you know, we talk a lot about kubernetes at all the events that we cover. But as you said, kind of the new theme that we're hearing a little bit more Morris is the difficulty and actually managing it so looking, kind of beyond the actual technology to the operations and the execution in production. And it sounds like you guys might have a few things up your sleeve to help people be more successful in in and actually kubernetes in production. >>Yeah, absolutely. So, uh, kubernetes is the focus of most of the companies in our space. Obviously, we think that we have some ideas for how we can, you know, really begin thio enable enable it to fulfill its promise as the operating system for the cloud eso. If we think about the ecosystem that's formed around kubernetes, uh, you know, it's it's now really being held back on Lee by adoption user adoption. And so that's where our focus in our product strategy really lives is around. How can we accelerate the move to kubernetes and accelerate the move to cloud native applications on? But in order to provide that acceleration catalyst, you need to be able to address the needs of not only the operators and make their lives easier while still giving them the tools they need for things like policy enforcement and operational insights. At the same time, Foster, you know, a grassroots, um, upswell of developer adoption within their company on bond Really help the I t. Operations team serve their customers the developers more effectively. >>Well, Dave, it sounds like a great event. We we had a great time covering those open stack events with you guys. We've covered the doctor events for years and years and years. Eso super engaged community and and thanks for, you know, inviting us back Thio to cover this inaugural event as well. So it should be terrific. Everyone just go to Miranda's dot com. The big pop up Will will jump up. You just click on the button and you can see the full agenda on get ready for about a month from now. When when the big reveal, September 16th will happen. Well, Dave, thanks for sharing this quick update with us. And I'm sure we're talking a lot more between now in, uh, in the 16 because I know there's a cube track in there, so we look forward to interview in our are our guests is part of the part of the program. >>Absolutely. Eso welcome everyone. Join us at the event and, uh, you know, stay tuned for the big reveal. >>Everybody loves a big reveal. All right, well, thanks a lot, Dave. So he's Dave. I'm Jeff. You're watching the Cube. Thanks for watching. We'll see you next time.

>> live from San Francisco, celebrating 10 years of high tech coverage. It's the Cube covering Veum World 2019. Brought to you by IBM Wear and its ecosystem partners. >> Welcome back to the cubes Live coverage Of'em World 2019 in San Francisco, California We're here at Mosconi North Lobby. Two sets. Jumper of my Coast. David wanted Dave 10 years. Our 10th season of the cue coming up on our 10 year anniversary May of 2020. But this corner are 10 years of the Cube. Our next guest is Sanjay Putting Chief Operating Officer Of'em where who took the time out of his busy schedule to help us do a commemorative look back. Thanks for coming to our studio. Hello, John. That was great. Fans of yours was really regulations on the 10 year mark with the, um well, we really appreciate your partnership. We really appreciate one. Things we love doing is covering as we call that thing. David, I coined the term tech athletes, you know, kind of the whole joke of ESPN effect that we've been called and they're really tech athlete is just someone who's a strong in tech always fighting for that extra inch. Always putting in the hard work discipline, smart, competitive. You get all that above. Plus, you interviewed athletes today on state real athletes. Real athletes, Tech show. So I guess they would qualify as Tech athlete Steve Young. That's pretty funny. It was a >> great time. We've been trying to, you know, Veum World is now the first time was 2004. So it's 1/16 season here, and traditionally many of these tech conference is a really boring because it's just PowerPoint dead by power point lots of Tec Tec Tec Tec breakout sessions. And we're like, You know, last year we thought, Why don't we mix it up and have something that's inspirational education We had Malala was a huge hit. People are crying at the end of the session. Well, let's try something different this year, and we thought the combination of Steve Young and Lyndsey one would be great. Uh, you know, Listen, just like you guys prepped for these interviews, I did a lot of prep. I mean, I'm not I'm a skier, but I'm nowhere close to an avid skier that watch in the Olympics huge fan of Steve Young so that part was easy, but preparing for Lindsay was tough. There were many dynamics of that interview that I had to really think through. You want to get both of them to converse, you know, he's She's 34 he's 55. You want to get them to really feel like it's a good and I think it kind of played out well. >> You were watching videos. A great prep. Congratulations >> trying t o show. It's the culture of bringing the humanization aspect of your team about tech for good. Also, you believe in culture, too, and I don't get your thoughts on that. You recently promoted one of your person that she has a chief communications Johnstone Johnstone about stars you promote from within. This >> is the >> culture you believe it. Talk about the ethos. Jones is a rock star. We love her. She's just >> hardworking, credible, well respected. Inside VM where and when we had a opening in that area a few months ago, I remember going to the her team meeting and announcing, and the team erupted in cheers. I mean that to me tells me that somebody was well liked from within, respected within and pure level and you know the organization's support for a promotion of that kind of battlefield promotion. It's great big fan of hers, and this is obviously her first show at Vienna. Well, along with Robin, Matt, look. So we kind of both of them as the chief marketing officer, Robin and Jones >> and Robinson story. Low Crawl made her interim first, but they then she became Steve Made it Permanent way. >> Want them to both do well. They have different disciplines. Susan, uh, national does our alliances, you know, if you include my chief of staff for the six of my direct reports are women, and I'm a big believer in more women. And take why? Because I want my Sophia, who's 13 year old do not feel like the tech industry is something that is not welcome to women in tech. So, you know, we really want to see more of them. And I hope that the folks who are reporting to me in senior positions senior vice president is an example can be a role model to other women who are aspiring, say, one day I wanna be like a Jones Stone or Robin. Madam Local Susan Nash, >> John and I both have daughters, so we're passionate about this. Tech is everywhere, so virtually whatever industry they go into. But I've asked this question Sanjay of women before on the Cube. I've never asked him in. And because you have a track record of hiring women, how do you succeed in hiring women? Sometimes way have challenges because way go into our little network. Convenient. What? What's your approach? Gotta >> blow off that network and basically say First off, if that network is only male or sometimes unfortunately white male or just Indian male, which is sometimes the nature of tech I mean, if you're looking for a new position, tell the recruiters to find you something that's different. Find me, Ah woman. Find me on underrepresented minority like an African American Latino and those people exist. You just have a goal. Either build a network yourself. So you've got those people on your radar. We'll go look, and that's more work on us, says leaders. But we should be doing that work. We should be cultivating those people because the more you promote capable. First off, you have to be capable. This is not, you know, some kind of affirmative action away. We want capable people. Someone shouldn't get the job just because they're a woman just because the minority, that's not the way we work. We want capable people to do it. But if we have to go a little further to find them, we'll go do it. That's okay. They exist. So part of my desires to cultivate relationships with women and underrepresented minorities in the world that can actually in the world of tech and maintain those relationships because you never know you're not gonna hire them immediately. But at some point in time, you might need to have them on your radar. >> Sanjay, I wanna ask you a big picture question. I didn't get a chance to ask path this morning. I was at the bar last night just having a little dinner, and I was checking out Twitter. And he said that the time has never been. It's never been a greater time arm or important time to be a technologist. Now I saw that I went interesting. What does that mean? Economic impact, social impact? And I know we often say that, and I don't say this to disparage the comment. It's just to provide historical context and get a get it open discussion about what is actually achievable with tech in this era and what we actually believe. So I started to do some research and I started right down. First of all, I presume you believe that right on your >> trusty napkin at the >> bar. So there has never been a more important time to be a technologist. You know, it's your company at your league. You know, Pat, I presume you agree with it. Yeah, absolutely. I slipped it back to the 1900. Electricity, autos, airplanes, telephones. So you we, as an industry are up against some pretty major innovations. With that historical context, Do you feel as though we can have a similar greater economic and social impact? >> Let's start with economic first and social. Next time. Maybe we should do the opposite, but economic? Absolutely. All those inventions that you >> have are all being reinvented. The technology the airplanes all been joined by software telephones are all driving through, you know, five g, which is all software in the future. So tech is really reinventing every industry, including the mundane non tech industries like agriculture. If you look at what's happening. Agriculture, I ot devices are monitoring the amount of water that should go to particular plant in Brazil, or the way in which you're able to use big data to kind of figure out what's the right way to think about health care, which is becoming very much tech oriented financial service. Every industry is becoming a tech industry. People are putting tech executives on their boards because they need an advice on what is the digital transformations impact on them cybersecurity. Everyone started by this. Part of the reason we made these big moves and security, including the acquisition of carbon black, is because that's a fundamental topic. Now social, we have to really use this as a platform for good. So just the same way that you know a matchstick could help. You know, Warm house and could also tear down the house. Is fire good or bad? That's been the perennial debate since people first discovered fire technology. Is this the same way it can be used? Reboot. It could be bad in our job is leaders is to channel the good and use examples aware tech is making a bit force for good. And then listen. Some parts of it may not be tech, but just our influence in society. One thing that pains me about San Francisco's homelessness and all of the executives that a partner to help rid this wonderful city of homeless men. They have nothing to attack. It might be a lot of our philanthropy that helps solve that and those of us who have much. I mean, I grew up in a poor, uh, bringing from Bangla, India, but now I have much more than I have. Then I grew up my obligations to give back, and that may have nothing to do with Tech would have to do all with my philanthropy. Those are just principles by which I think when you live with your a happier man, happier woman, you build a happier >> society and I want to get your thoughts on common. And I asked a random set of college students, thanks to my son that the network is you said your daughter to look at the key to Pat's King Pat's commentary in The Cube here this morning that was talking about tech for good. And here's some of the comments, but I liked the part about tech for good and humanity. Tech with no purpose is meaningless tech back by purposes. More impactful is what path said then the final comments and Pat's point quality engineering backing quality purpose was great. So again, this is like this is Gen Z, not Millennials. But again, this is the purpose where it's not just window dressing on on industry. It's, you know, neutral fire. I like that argument. Fire. That's a good way Facebook weaponizing Facebook could be good or bad, right? Same thing. But the younger generation. You're new demographics that are coming into cloud. Native. Yeah, what do you think? >> No. And I think that's absolutely right. We have to build a purpose driven company that's purposes much more than just being the world's best softer infrastructure company or being the most profit. We have to obviously deliver results to our shareholders. But I think if you look at the Milton Friedman quote, you know, paper that was written that said, the sole purpose of a company is just making profits, and every business school student is made to read that I >> think even he >> would probably agree that listen today While that's important, the modern company has to also have a appropriate good that they are focused on, you know, with social good or not. And I don't think it's a trade off being able to have a purpose driven culture that makes an impact on society and being profitable. >> And a pointed out yesterday on our intro analysis, the old term was You guys go Oh, yeah, Michael Dell and PAD shareholder value. They point out that stakeholder value, because now the stakeholder Employees and society. So congratulations could keep keep keep it going on the millennial generation. >> Just like your son and our kids want a purpose driven company. They want to know that the company that working for is having an impact. Um, not just making an impression. You do that. It shows like, but having an impact. >> And fire is the most popular icon on instagram. Is that right? Yeah, I know that fire is good. Like your fire. Your hot I don't know. I guess. Whatever. Um fire. Come comment. There was good Sanjay now on business front. Okay, again, A lot of inflection points happen over 10 years. We look back at some of this era, the Abel's relationship would you know about. But they've also brought up a nuance which we talked about on the intro air Watch. You were part of that acquisition again. Pig part of it. So what Nasiriyah did for the networking STD see movement that shaped VM. Whereas it is today your acquisition that you were involved and also shaping the end user computing was also kind of come together with the cloud Natives. >> How is >> this coming to market? I mean, you could get with >> my comparison with carbon black there watch was out of the building. Carbon black is not considered. >> Let's talk about it openly. And we talked about it some of the earnings because we got that question. Listen, I was very fortunate. Bless to work on the revitalization of end user computing that was Turbo charged to the acquisition of a watch. At that time was the biggest acquisition we did on both Nice era and air watch put us into court new markets, networking and enterprise mobility of what we call not additional work space. And they've been so successful thanks to know not just me. It was a team of village that made those successful. There's a lot of parallels what we're doing. Carbon, black and security. As we looked at the security industry, we feel it's broken. I alluded to this, but if I could replay just 30 seconds of what I said on some very important for your viewers to know this if I went to my doctor, my mom's a doctor and I asked her how Doe I get well, and she proposed 5000 tablets to me. Okay, it would take me at 30 seconds of pop to eat a tablet a couple of weeks to eat 5000 tablets. That's not how you stay healthy. And the analogy is 5000 metres and security all saying that they're important fact. They use similar words to the health care industry viruses. I mean, you know, you and what do you do instead, to stay healthy, you have a good diet. You eat your vegetables or fruit. Your proteins drink water. So part of a diet is making security intrinsic to the platform. So the more that we could make security intrinsic to the platform, we avoid the bloatware of agents, the number of different consuls, all of this pleasure of tools that led to this morass. And what happens at the end of that is you about these point vendors, Okay, Who get gobbled up by hardware companies that's happening spattered my hardware companies and sold to private equity companies. What happens? The talent they all leave, we look at the landscape is that's ripe for disruption, much the same way we saw things with their watch. And, you know, we had only companies focusing VD I and we revitalize and innovative that space. So what we're gonna do in securities make it intrinsic and take a modern cloud security company carbon black, and make that part of our endpoint Security and Security Analytics strategy? Yes, they're one of two companies that focus in the space. And when we did air watch, they were number three. Good was number one. Mobile line was number two and that which was number three and the embers hands. We got number one. The perception in this space is common. Lacks number two and crowdstrike number one. That's okay, you know, that might be placed with multiple vendors, but that's the state of it today, and we're not going point against Crowdstrike. Our competition's not just an endpoint security point to a were reshaping the entire security industry, and we believe with the integration that we have planned, like that product is really good. I would say just a cz good upper hand in some areas ahead of common black, not even counting the things we're gonna integrate with it. It's just that they didn't have the gold market muscle. I mean, the sales and marketing of that company was not as further ahead that >> we >> change Of'em where we've got an incredible distribution will bundle that also with the Dell distribution, and that can change. And it doesn't take long for that to take a lot of customers here. One copy black. So that's the way in which we were old. >> A lot of growth there. >> Yeah, plenty of >> opportunity to follow up on that because you've obviously looked at a lot of companies and crowdstrike. I mean, huge valuation compared to what you guys paid for carbon black. I mean, >> I'm a buyer. I mean, if I'm a buyer, I liked what we paid. >> Well, I had some color to it. Just when you line up the Was it really go to market. I mean some functions. Maybe not that there >> was a >> few product gaps, but it's not very nominal. But when you add what we announced in a road map app, defensive alderman management, the integration of works based one this category is gonna be reshaped very quickly. Nobody, I mean, the place. We're probably gonna compete more semantic and McAfee because most of those companies that kind of decaying assets, you know, they've gotten acquired by the companies and they're not innovating. So I'd say the bulk of the market will be eating up the leftover fossils of those sort of companies as as companies decided they want to invest in legacy. Technology is a more modern, but I think the differentiation from Crowdstrike very clear is we integrate these, these technology and the V's fear. Let me give an example. With that defense, we can make that that workload security agent list. Nobody can do that. Nobody, And that's apt defense with carbon black huge innovation. I described on stage workspace one plus carbon black is like peanut butter and jelly management. Security should go together. Nobody could do that as good as us. Okay, what we do inside NSX. So those four areas that I outlined in our plans with carbon black pending the close of the transaction into V sphere Agent Lis with workspace one unified with NSX integrated and into secure state, You know, in the cloud security area we take that and then send it through the V m. Where the devil and other ecosystem channels like you No idea. Security operative CDW You know, I think Dimension data, all the security savvy partners here. I think the distribution and the innovation of any of'em were takes over long term across strike may have a very legitimate place, but our strategy is very different. We're not going point tool against 0.0.2 wish reshaping the security industry. Yeah, What platform? >> You're not done building that platform. My obvious question is the other other assets inside of Arcee and secureworks that you'd like to get your hands on. >> I mean, listen, at this point in time, we are good. I mean, it's the same thing like asking me when we acquired air watching. Nice Here. Are you gonna do more networking and mobility? Yeah, but we're right now. We got enough to Digest in due course you. For five years later, we did acquire Arkin for network Analytics. We acquired fellow Cloud for SD when we're cloud recently, Avi. So the approach we take a hammer to innovations first. You know, if you're gonna have an anchor acquisition, make sure it's got critical mass. I mean, buying a small start up with only 35 people 10 people doesn't really work for us. So we got 1100 people would come back, we're gonna build on it. But let's build, build, build, build, partner and then acquire. So we will partner a lot with a lot of players. That compliment competition will build a lot around this. >> And years from now, we need >> add another tuck in acquisition. But we feel we get a lot in this acquisition from both endpoint security and Security Analytics. Okay, it's too early to say how much more we will need and when we will need that. But, you know, our goal would be Let's go plot away. I have a billion dollar business and then take it from there. >> One more security question, if I may say so. I'm not trying to pit you against your friends and AWS. But there are some cleared areas where your counter poise >> Stevens just runs on eight of us comin back. >> That part about a cloud that helps your class ass business. I like the acquisition. But Steven Schmidt, it reinforced the cloud security conference, said, You know, this narrative in the industry that security is broken is not the right one. Now, by the way, agree with this. Security's a do over pat kill singer. And we talked about that for five years ago. Um, but then in eight of you says the shared security model, when you talk to the practitioners like, yeah, they they cover, that's three and compute. But we have the the real work to d'oh! So help me square that circle. >> Yeah, I think if aws bills Security Service is that our intrinsic to their platform and they open up a prize, we should leverage it. But I don't think aws is gonna build workload security for azure compute or for Gogol compute. That's against the embers or into the sphere. Like after finishing third accordion. And they're like, That's not a goal. You go do it via more So from my perspective. Come back to hydrogen. 80. If there's a workload security problem that's going to require security at the kernel of the hyper visor E C to azure compute containers. Google Compute. >> Who's gonna do >> that? Jammer? Hopefully, hopefully better than because we understand the so workloads. Okay, now go to the client site. There's Windows endpoints. There's Mac. There's Lennox. Who should do it? We've been doing that for a while on the client side and added with workspace one. So I think if you believe there is a Switzerland case for security, just like there was a Switzerland case for management endpoint management I described in Point management in Point Security going together like peanut butter and jelly, Whatever your favorite analogy is, if we do that well, we will prove to the market just like we did with their watch An endpoint management. There is a new way of doing endpoint security. Dan has been done ever before. Okay, none >> of these >> guys let me give an example. I've worked at Semantic 15 years ago. I know a lot about the space. None of these guys built a really strategic partnership with the laptop vendors. Okay, Del was not partnering strategically on their laptops with semantic micro. Why? Because if this wasn't a priority, then they were, you know, and a key part of what we're doing here is gonna be able to do end point management. And in point security and partner Adult, they announced unified workspace integrated into the silicon of Dell laptops. Okay, we can add endpoint security that capability next. Why not? I mean, if you could do management security. So, you know, we think that workspace one, we'll get standing toe work space security with the combination of workspace one and security moving and carbon black. >> Sanjay, we talked about this on our little preview and delivery. Done us. We don't need to go into it. The Amazon relationship cleared the way for the strategy in stock price since October 2016 up. But >> one of the >> things I remember from that announcement that I heard from the field sales folks that that were salespeople for VM wear as well as customers, was finally clarity around. What the hell? We're doing the cloud. So I bring up the go to market In the business side, the business results are still strong. Doing great. You guys doing a great job? >> How do you >> keep your field troops motivated? I know Michael Dell says these are all in a strategy line. So when we do these acquisitions, you >> had a lot >> of new stuff coming in. I mean, what's how do you keep him trained? Motivated constantly simplifying whenever >> you get complex because you add into your portfolio, you go back and simplify, simplify, simplify, make it Sesame Street simple. So we go back to that any cloud, any app, any device diagram, if you would, which had security on the side. And we say Now, let's tell you looking this diagram how the new moves that we've made, whether it's pivotal and what we're announcing with tanz ou in the container layer that's in that any Apple air carbon black on the security there. But the core strategy of the emer stays the same. So the any cloud strategy now with the relevance now what, what eight of us, Who's our first and preferred partner? But if you watched on stage, Freddie Mac was incredible. Story. Off moving 600 absent of the N word cloud made of us Fred and Tim Snyder talked about that very eloquently. The deputy CTO. They're ratty Murthy. CTO off Gap basically goes out and says, Listen, I got 800 APS. I'm gonna invest a lot on premise, and when I go to the cloud, I'm actually going to Azure. >> Thanks for joining you. Keep winning. Keep motivated through winning >> and you articulate a strategy that constantly tells people Listen. It's their choice of how they run in the data center in the cloud. It's their choice, and we basically on top of all of those in the any cloud AP world. That's how we play on the same with the device and the >> security. A lot of great things having Sanjay. Thanks >> for you know what a cricket fan I am. Congratulations. India won by 318 goals. Is that >> what they call girls run against the West Indies? I think you >> should stay on and be a 40 niner fan for when you get Tom baseball get Tom Brady's a keynote will know will be in good Wasn't Steve Young and today love so inspirational and we just love them? Thank you for coming on the Cube. 10 years. Congratulations. Any cute moments you can point out >> all of them. I mean, I think when I first came to, I was Who's the d? I said ASAP, like these guys, John and Dave, and I was like, Man, they're authentic people. What I like about you is your authentic real good questions. When I came first year, you groomed me a lot of their watch like, Hey, this could be a big hat. No cattle. What you gonna do? And you made me accountable. You grilled me on eight of us. You're grilling me right now on cloud native and modern, absent security, which is good. You keep us accountable. Hopefully, every you're that we come to you, we want to show as a team that we're making progress and then were credible back with you. That's the way we roll. >> Sanjay. Thanks for coming. Appreciate. Okay, we're live here. Stay with us for more of this short break from San Francisco v emerald 2019