(upbeat music) >> Announcer: New York City. It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and the Institute For Critical Infrastructure Technology. >> Hey, welcome back everyone. This is theCUBE, live in New York City, in Manhattan. We're here at the Grand Hyatt Ballroom for CyberConnect 2017. Inaugural event presented by Centrify. I'm John Furrier, with my co-host Dave Vellante, both Co-Founders of SiliconANGLE Media. Our next guest is Parham Eftekhari, who's the Co-Founder and Senior Fellow of ICIT. Also part of the team and the lead around putting the content agenda together. These are the guys who put it all together. Really inaugural conference, great success. Turns out, you know we (laughs), we talked about it was going to be big, it was going to be huge. By the numbers, it's just a great beachhead, the right people showed up. Welcome to theCUBE, thanks for joining us. >> Yeah, thank you for having me, excited to be here, good to chat with you again. >> So, we, before the event started, just, you know, a couple months ago when we were talking about the event, we're like, this is, love the name, first event of its kind. Always wondering, you know, will people show up? Right, you know? >> That's right, first-time events, we've talked about this before, there are so many cyber security events out there, and so many organizations competing for a limited time and resources. So, I think to have a, an event like this be such a big success in the first time speaks to the quality of the content, and, you know, Centrify's role and ICIT's role in putting it together. >> I want to give you guys congratulations, to you and your partner, for running a really amazing company and event. You guys go big by thinking small, by being small, being relevant. Your model and how you do business earns trust, it's very community-driven. Same ethos as what we believe in. So, wanted to give you props for that. >> Parham: Thank you. >> It's not usual you see great execution thinking about your audience and constituents, so congratulations. >> Thank you. >> Okay, so, with that, you've got a lot of heavy hitters in your rolodex, you guys got a great community, big names. General's up there, you have big time SiSoS. >> Parham: Yeah. >> What's the vibe? I mean, you guys are dealing with this profile persona all the time. What's on the minds? I mean, obviously the General's banging his fist on the table, virtual table, or he's holding his coffee cup, telling war stories, he's basically saying, if we don't get our act together, industry and government... >> Yeah, well, I think what's happening today, and you know the business of the Institute, we're a research-driven organization, so as an organization that provides objective research, we have the fortunate position to be able to advise to some of these commercial and public sector leaders. And so, in that advisory, we have a really good sense on the pulse of the community. And we're able to hear directly from these individuals, we don't have to look at market research studies, we don't have to look at what some of these third-party groups are talking about. We're able to communicate directly, and we can actually see and feel their feedback to what we're discussing. >> There's no lag to your model, you have your fingers on the pulse. What is it telling you? Obviously, we heard the message here, there's some work to be done, there's some technical core fundamental infrastructure things, there's application-specific things, obviously the threats aren't stopping. >> Parham: That's right. >> What are the, what's-- >> If you look at the program that was built, it really does mirror the way that the Institute believes we need to approach solving these issues. And that comes with a layered security strategy. And so, oftentimes you'll go to these events, and we understand that there's organizations that are looking to make this into more of a marketing opportunity for them. So, unfortunately, the curriculum and content only touches one or two core competencies, which obviously really underscore what the sponsors do. What we've done here at CyberConnect, which is why Centrify's such a great partner, they understand that they may be one of the world's leading identity access management organizations, but they know for us to have a cyber security renaissance and actually make that quantum leap that the General and some of the executives that you were mentioning were discussing all day, we need to have a number of different technologies discussed, and have that education talk about things like the use of machine-learning based artificial intelligence. Talk about how technology can enable automation. Talk about identity access management. Talk about, like we just heard Terry Gravenstein, talk about the importance of building a culture of trust, right? Security has a human element to it, people's one of the biggest problems we have. So, I think this is one of the reasons why this event, to your point earlier, is such a big success only the first year out. >> Parham, we heard a lot today about sort of the partnership, really the imperative, of government and commercial enterprises working together. You do a lot of work in the government. And there seems to be, anyway our impression is, there's a heightened sense of security, for obvious reasons. And, board levels in the commercial side have really tuned in to security. But still, organizations seem to be struggling with what's the right regime. You know, it used to be just an IT problem, or a security team problem, and as you really pointed out many, many times at this event, it's everybody's problem. >> Parham: Yeah. >> So, what are you seeing in terms of, things that commercial enterprises can learn from government, particularly from the top, in the top down initiative. >> Yeah, I think one of the themes you've heard discussed several times today is, and Terry again just talked about us having a seat at the table, I think there's so much media discussion about cyber security. You know, all of our families, our moms, our grandparents, are understanding that cyber security is a major issue. We're even starting to get some more general consensus that cyber security is a national security imperative. And, so I think this is helpful. I think now we have to start to, as cyber security practitioners, we have to speak in the language that resonates with, so, if you're talking to a chief operating officer, and trying to educate them on the impact of ITOT convergence, then you have to speak in the terms that a COO is interested in, versus a CFO, versus your CIO, versus your Board of Directors. So I think language matters, vocabulary matters. And I think it's one of the things that we see, we see starting to percolate up in some of the conversations that we're having. >> Given that humans are the main problem, I mean we all have this assumption, we talk about it in theCUBE all the time, but oh my gosh, internet of things is going to create this huge space of people to attack, a huge attack vector. But if the humans aren't managing the devices, is there potentially an upside there, if that makes sense? >> Yeah, so, you know, I think it all goes back to, tomorrow morning, we'll hear from Dr. Ron Ross and David from Centrify. And they're going to be talking about security by design. In this, Dr. Ross actually put out a paper, 800-160, which really talks about the importance of building better systems, devices, products. So, I think that we are moving towards automation, we're moving towards machine learning, we already see it impacting a lot of our society, and even down to the, to your point, the IoT devices. We just put out a paper about cyborgs and the use of embedded devices in an actual, in humans, trans-humanism. This is all a, this, this ship has, the train has left the station, I guess you could say. I think what's important now is to not make the same mistakes we did the first go around, and pause and not put profits over security and privacy, and actually understand that, if we can't build it with security, certain security requirements there, then we can't get that functionality, or it may not cost the price point that we want it to cost, which may, you know, have it be more affordable for consumers. So I think we have to re-prioritize. >> US companies generally have not taken that pause and put security over profits. It's really been the reverse. And many would say, okay, but it's actually worked out pretty well for US companies, they dominate the technology industry. What do you say to those folks that say, well, profits are actually more important? >> Well, I think, I think it depends, when you say it worked out well, I think if you look at all those individuals that have been impacted by the breaches, I think that's where people are really starting to understand how it's impacting us, and going back to my comment about the national security side, this is no longer just about being able to steal your PII, and maybe doing some fraud in terms of identity theft and what not. When we're talking about meta-data and capitalistic dragnet surveillance, and now if you're looking at who is stealing and curating this information, it could be special interest groups, could be nation states, so now this becomes a much larger issue and a much larger challenge. >> So it's a ticking timebomb, is essentially what you're saying. And so that begs the next question: does really government have to get involved, to begin to impose its will, if you will, on commercial organizations? >> Yeah, I think what's going to happen, and actually we were talking about this at lunch with General Alexander earlier today, it's going to be a balance. You know, the government will be getting involved, they are getting involved, there's a lot of legislation being passed that truly is trying to make a bi-partisan push to address some of these issues. But I think, ultimately, that's going to be, as the General kind of said earlier, it's just going to be the government beating these, these folks virtually on the head until they start to do some self-governance and self-regulation. >> Parham, talk about your relationship with the General, vis-a-vis, this event. I see he had a great keynote, inspiring us, he moved a lot of people, talked about the general common defense versus civil liberties balancing privacy, as you mentioned. What more can you share about some of the things that he sees and feels strongly about, that you guys are seeing in your research in the Institute, because this is interesting, because you got a guy who says, "I'm an Army guy," right, who's now looking through the prism of the future, with past history at the NSA Command Center, Cyber Command Center. >> Yeah. >> He's got a pretty interesting view, and he sees both sides of the coin. >> Yeah. >> You guys are seeing that, people in the tech business are like deer in the headlights. We saw Twitter, Facebook and Alphabet, you know, like (groans). And then the center's trying to grock what Twitter does. >> Parham: Yeah. >> So, I mean, you have this generational gap, you also have historical analog to digital transformation going on. This is a societal impact, this is pretty huge. What does the General truly feel, what's his vision, what's his point of view these days? >> So, I'm not going to speak for the General, I wouldn't dare do that, but I will say that, if you listen to his comments on stage, one of the things he does talk about, and where our relationship is very strong, is the importance of public-private sector collaboration. The General actually received our pinnacle, I'm sorry, was named our pioneer last year at our gala which is actually happening in a couple of days in Washington, DC. And he really, if you listen to his message, he underscores the importance of collaboration, not just within a sector, not just within government, but cross-sector and between public-private sector, and between technology providers and government and legislative community. So, I think one of the things that I am comfortable saying is that, he would encourage more collaboration, and more information sharing, and more trust among the sectors to work together to solve these problems. >> How should people measure success in this business? >> That's a loaded question. I think, I think success needs to be, at this stage, incremental. I think that we need to be realistic in terms of how much quote success can we achieve overnight. We've, as we mentioned earlier, the ship has sailed, and so I think we need to do multiple things simultaneously. We, of course, do need to continue to implement technology and strategies that detect and respond to threats. But I personally would say that the true success is going to really be accomplished when we start to deploy strategies and re-prioritize so we're actually building more secure systems, more secure devices. I think that's going to be... Needs to go hand-in-hand, and we'll hear a lot about that tomorrow with Dr. Ross. >> Would that imply that, either, you know, the rate of growth of breaches starts to moderate, or the amount of data or loss, revenue dollars lost, begins to, you know, slow down its growth rate or-- >> Yeah, at some point that's absolutely going to be the goal, I think that-- >> Is that a reality though, I mean given that everything is growing so fast in our business? >> Oh, yeah, I'm an eternal optimist. I think absolutely, we'll get there. I can't tell you the timeframe, but I do know that venues like this, and the work that ICIT is doing, is really important to getting us to that point. Until we get folks in the media and on Capitol Hill and in federal agencies talking about these issues, so then it's not just the security folks who are focused on this, but a broader group. >> Yeah, and I think that's the opportunity, and as we wrap up day one here, education and content value is what we're seeing. You guys see that all the time, I know I'm preaching to the choir. But again, looking at mainstream media and some of the techniques that the Russians and other states have used to implement means and the election conversations, it's being gamified, we know that. So, the media picks up on it because there's identity politics going on. So, I think there needs to be a wake-up call, I mean, I think the educational process is critical. >> Yeah. >> What's next? >> And, and, and that's where, you know, we feel very fortunate to be in the position that we're in, because ICIT is a neutral, third-party, non-profit, and non-partisan research organization. So what we're doing is putting out content. We're not, we're not, the... I should say it this way, the information comes out-- >> You've no agenda in terms of how to capture? >> Yeah, exactly. >> It's all transparent. >> Our, our, our agenda is national security. Our agenda is improving the security of our nation's critical infrastructure sectors, improving resiliency. And providing trusted advisory to these various stakeholders. >> Well, getting the people here on theCUBE, and having you guys come on, and doing this great event really get, opens up the door for more voices to be heard. >> Parham: Absolutely. >> And we heard from your partner, had some great things to say. This has got to get out there, so the people, the press can report on it-- >> Parham: That's right. We'll turn on the cameras. >> Parham: Yeah. >> Dave, what's your take on the event here? Obviously, as an inaugural event, what's your analysis? >> Well, I mean, we touched on some big topics, right? I mean, the General, in particular, was talking about collaboration with the FBI, you know, Sony came in. >> John: The role of government. >> Privacy, ACLU, Jeffrey Stone. I think, you know, my big takeaway, as we were just discussing, was... And the General said that Sony, for example, he gave that example, can't do it alone. And I, we've been saying this for a while. And John, you predicted this, you said a while back that, that the government's processes, technologies, know-how, is going to seep into commercial businesses. As it has so often. I mean, you look at, you know, space launch, you know, radar, nuclear energy, the internet, et cetera. And I think security, cyber security, is such a big problem, only the government can help solve this problem. >> Well, the government's always been dealing with the moving train, and the corporations and the enterprise have traditionally been buying shrink-wrapped software loaded on a server that's evolved to buying more servers that have been pre-integrated with software. And buying silver bullet solutions, and then leave it alone until something breaks, and then fixes it. And I think, you know, when we were talking and looking at this event, my takeaway here is, the moving train is never going to stop, and the shifting of the game is going to be a cat-and-mouse, good versus bad, new technology versus reality. Open source certainly accelerated the role of the public domain. Treasure troves of information are being amassed, whether it's WikiLeaks or in the open source. This is a problem, and then there's no real, like, real creative solutions. I am not seeing anything. So, to me, this event takeaway is that, this is the first time a step has been taken to saying, whoa, holistic big picture. What is the architecture of a global society, where nation states can compete with no borders. >> Yeah. >> In a digital, virtual space, be effective, have freedom, and then respect for the individual. I mean, no one's ever had that conversation. >> Yeah, well we're excited to have it. We've gotten really great feedback from just some of the conversations that we're hearing in the hallway, as people are taking, learning actionable intelligence, where I can actually take this and instill it. I think a lot of people are actually being inspired, and that's something we need, especially in an industry where every day is about how, you know, cyber security folks don't get in the news when nothing happens. There's a commercial, I think it's an IBM commercial, right, where it's, my, my, nothing happened at work for my dad today, right? That never happens, it's always about what does go wrong, so I think we need to be inspired and motivate ourselves. >> Well, one of the things that we're excited about, as you know, we're community-model like you guys are. You look at some of the early indicators of how blockchain, and even though it's kind of crazy, you know, bubbly with the ICOs and cryptocurrency and overall blockchain, it all comes down to the common thread. We see an open source software over multiple generations, we're seeing it in blockchain, we're seeing it in security. Community matters. And I think the role of individuals and communities will be a big part of the change, as a new generation comes up. Really fundamental, so congratulations. >> Parham: Absolutely, thank you. >> Okay, Parham here's inside theCUBE for our wrap-up of day one of CyberConnect 2017. I'm John, with Dave Vellante. Thanks for watching. (synthesizer music)

(clicking noise) >> Hello, I'm John Furrier, SiliconANGLE media, co-host of theCUBE. We are here on the ground in, here in Santa Clara, California, Centrify's headquarters, with Tom Kemp, the CEO of Centrify, and Parham Eftekhari, who's the co-founder and senior fellow of ICIT, which is the Institute of Critical Infrastructure Technologies, here to talk about security conversation. Guys, welcome to theCUBE's On the Ground. >> Thank you. >> Great to be here. >> Great to see you again, Tom. >> Yeah, absolutely. >> And congratulations on all your success. And Parham, GovCloud is hot. We were just in D.C. with Amazon Web Services Public Sector Summit. It's gotten more and more to the point where cyber is in the front conversation, and the political conversation, but on the commercial side as well. There's incidents happening every day. Just this past month, HBO, Game of Thrones has been hijacked and ransomed. I guess that's ransom, or technically, and a hack. That's high-profile, but case after case of high-profile incidents. >> Yeah, yeah. >> Okay, on the commercial side. Public sector side, nobody knows what's happening. Why is security evolving slow right now? Why isn't it going faster? Can you guys talk about the state of the security market? >> Yeah, well, ya know, I think first of all, you have to look at the landscape. I mean, our public and private sector organizations are being pummeled every day by nation states, mercenaries, cyber criminals, script kiddies, cyber jihadists, and they're exploiting vulnerabilities that are inherent in our antiquated legacy systems that are put together by, ya know, with a Frankenstein network as well as devices and systems and apps that are built without security by design. And we're seeing the results, as you said, right? We're seeing an inundation of breaches on a daily basis, and many more that we don't hear about. We're seeing weaponized data that's being weaponized and used against us to make us question the integrity of our democratic process and we're seeing, now, a rise in the focus on what could be the outcome of a cyberkinetic incident, which, ultimately, in the worst case scenario, could have a loss of life. And so I think as we talk about cyber and what it is we're trying to accomplish as a community, we ultimately have a responsibility to elevate the conversation and make sure that it's not an option, but it is a priority. >> Yeah, no, look, I mean, here we are in a situation in which the industry is spending close to 80 billion dollars a year, and it's growing 10 percent, but the number of attacks are increasing much more than 10 percent, and as Parham said, you know, we literally had an election impacted by cyber security. It's on the front page with HBO, et cetera. And I really think that we're now in a situation where we really need to rethink how we do security in, as enterprises and as even individuals. >> And it's seems, talking about HBO, talking about the government, you mentioned, just the chaos that's going on here in America, you almost don't know what you don't know. And with the whole news cycle going on around this, but this gets back to this notion of critical infrastructure. I love that name, and you have in your title 'ICIT,' Institute of Critical Infrastructure, because, ya know, and certainly the government has had critical infrastructure. There's been bridges, and roads, and whatnot, they've had the DNS servers, there's been some critical infrastructure at the airports and whatnot, but for corporations, the critical infrastructure used to be the front door. And then their data center. Now with cloud, no perimeter, we've talked about this on theCUBE before, you start to change the notion of what critical infrastructure is. So, I guess, Parham, what does critical infrastructure mean, from a public and commercial perspective? Tell me, you can talk about it. And what's the priorities for the businesses and governments to figure out what's the order of operations to get to the bottom of making sure everything's secure? >> Yeah, it's interesting, that's a great question, you know, when most people think about critical infrastructure as legacy technology, or legacy's, you know, its roads, its bridges, its dams. But if you look at the Department of Homeland Security, they have 16 sectors that they're tasked with protecting. Includes healthcare, finance, energy, communications, right? So as we see technology start to become more and more ingrained in all these different sectors, and we're not just talking about data, we're talking about ICS data systems. A digital attack against any one of these critical infrastructure sectors is going to have different types of outcomes, whether you're talking about a commercial sector organization, or the government. You know, one of the things that we always talk about is really the importance of elevating the conversation, as I mentioned earlier, and putting security before profits. I think, ultimately, we've gotten to this situation because a lot of companies do a cost-benefit analysis, say, "You know what? I may be in the healthcare sector, "and ultimately it'll be cheaper for me to be breached, "pay my fines, and deal with potentially even the "loss to brand, to my brand, in terms of brand value, "and that'll cheaper than investing what "I need to to protect my patients and their information." And that's the wrong way to look at it. I think now, as we were talking about this week, the cost of all this is going higher, which is going to help, but I think we need to start seeing this fundamental mind-shift in how we are prioritizing security, as I mentioned earlier. It's not an option, it must be a requisite. >> Yeah, I think what we're seeing now, is in the years past, the hackers would get at some bits of information, but now we're seeing with HBO, with Sony, they can strip mine an entire company. >> They put them out of business. >> Exactly. >> The money that they're doing with ransomeware, which is a little bit higher profile, ransomware, I mean, there's a specific business outcome, here, and it's not looking good, they go out of business. >> Oh, absolutely, and so Centrify, we just recently sponsored a survey, and nowadays, if you announce that you got breached, and you have to, now. It's 'cause you have to tell your shareholders, you have to tell your customers. Your stock drops, on average, five percent in a day. And so we're talking about billions of dollars of market capitalization that can disappear with a breach as well. So we're beyond, it's like, "Oh, they stole some data, "we'll send out a letter to our customers, "and we'll give 'em free Experian for a year." Or something like that." Now, it's like, all your IP, all the content, and John, I think you raised a very good point, as well. In the case of the federal government, it's still about the infrastructure being physical items, and of course, with internet a thing since now it's connected to the internet, so it's really scary that a bridge can flip open by some guy in the Ukraine or Russia fiddling with it. But now with enterprises, it's less and less physical, the store, and we're now going through this massive shift to the cloud, and more and more of your IP is controlled and run. It's the complete deperimeterization that makes things every more complicated. >> Well it's interesting you mentioned the industrial aspect of it, with the bridge, because this is actually a real issue with self-driving cars, this was on everyone's mind, we were just covering some content, covering Ford's event yesterday in San Francisco. They got this huge problem. Ya know, hacking of the cars. So, industrial IOT opens up, again, the surface area, but this kind of brings the question down to customers, that you guys have or companies or governments. How do they become resilient? How do they put steps in place? Because, you know, I was just talking to someone who runs a major port in the U.S., and the issues there are maritime, right? So you talk about infrastructure, container ships, obviously worry about terrorists and other things happening. But just the general IT infrastructure is neanderthal, it's like, 30 years old. >> Yeah. >> So you have legacy infrastructure, as you mentioned, but businesses also have legacy, so how do you balance where you are? How do you know the progress bar of your protection? How do you know the things you need to put in place? How do you get to resilience? >> Yeah, but see, I think there also needs to be a rethink of security. Because the traditional ways that people did it, was protecting the perimeter, having antivirus, firewalls, et cetera. But things have really changed and so now what we're seeing is that an entity has become the top attack vector going in. And so if you look at all these hacks and breaches, it's the stealing of usernames and passwords, so people are doing a good job of, the hackers are social engineering the actual users, and so, kind of a focus needs to shift of securing the old perimeter, to focusing on securing the user. Is it really John Furrier trying to access e-mail? Can we leverage biometrics in this? And trying to move to the concept of a zero-trust model, and where you have to, can't trust the network, can't trust the IP address, but you need to factor in a lot of different aspects. >> It's interesting, I was just following this blog chain because we've been covering a lot of the blog chains, immutable and encrypted, the wallets were targets. (laughing) Hey, this Greta the Wall, where they store the money. Now we own that encrypted data. So, again, this is the, hackers are fast, so, again, back to companies because they have to put if they have shareholder issues, or they have some corporate governance issues. But at the end of the day, it's a moving train. How does the government offer support? How do companies put it in place? What do they need to do? >> Yeah, well, there's a couple of things you can look at. First of all, you know, as a think tank, we're active on Capital Hill, working with members of both minority and majority sides, we're actively proposing bipartisan legislation, which provides a meaningful movement forward to secure and address some of the issues you're talking about. Senator Markey recently put out the Cyber Shield Act, which creates a type of score, right? For a device, kind of like the ENERGY STAR in the energy sector. So just this week, ICIT put out a paper in support of an amendment by Senator Lindsey Graham, which actually addresses the inherent vulnerabilities in our election systems, right? So there's a lot of good work being done. And that really goes to the core of what we do, and the reasons that we're partnering together. ICIT is in the business of educating and advising. We put out research, we make it freely available, we don't believe in com`moditizing information, we believe in liberating it. So we get it in the hands of as many people as possible, and then we get this objective research, and use it as a stepping stone to educate and to advise. And it could be through meetings, it could be through events, it could be through conversation with the media. But I think this educational process is really critical to start to change the minds of-- >> You know, if I can add to that, I think what really needs to be done with security, is better information sharing. And it's with other governments and enterprises that are under attack. Sharing that information as opposed to only having it for themselves and their advantage, and then also what's required is better knowledge of what are the best practices that need to be done to better protect both government and enterprises. >> Well, guys, I want to shift gears and talk about the CyberConnect event, which is coming up in November, an industry event. You guys are sponsoring, Centrify, but you guys are also on the ball, there's a brand new content program. It's an independent event, it's targeted to the industry, not a Centrify user group. Parham, I want to put you on the spot before we get to the CyberConnect event. You mentioned the elections. What's the general, and I'm Silicon Valley and so I had to ask the question 'cause you're in the trenches down in D.C. What is the general sentiment in D.C. right now on the hacking? Because, I was explaining it to my son the other day, like, "Yeah, the Russians probably hacked everybody, "so technically the election "fell into that market basket of hats." So maybe they did hack you. So I'm just handwaving that, but it probably makes sense. The question is, how real is the hacking threat in the minds of the folks in D.C. around Russia and potentially China and these areas? >> Yeah, I think the threat is absolutely real, but I think there has to be a difference between media, on both sides, politicizing the conversation. There's a difference between somebody going in and actually, you know, changing your vote from one side to the other. There's also the conversation about the weaponization of data and what we do know that Russia is doing with regards to having armies of trolls out there or with fake profiles, and are creating faux conversations and steering public sentiment of perception in directions that maybe wasn't already there. And so I think part of the hysteria that we see, I think we're fearful and we have a right to be fearful, but I think taking the emotion and the politics out of it, and actually doing forensic assessments from an objective perspective to understanding what truly is going on. We are having our information stolen, there is a risk that a nation state could execute a very high-impact, digital attack that has a loss of life. We do know that foreign states are trying to impact the outcomes of our democratic processes. I think it's important to understand, though, how are they doing it and is what we're reading about truly what's happening kind of on the streets. >> And that's where the industrial thing you were kind of tying together, that's the loss of life potential, using digital as an attack vector into something that could have a physical, and ultimately deadly outcome. Yeah, we covered, also that story that was put out, about the fake news infrastructure. It's not just the content that they're making up, it's actually the infrastructure fake news. Bionets, and whatnot. And I think Mike Rowe wrote a story on this, where they actually detailed, you can smear a journalist for 40K. >> Yeah. >> These are actually out there, that are billed for specifically these counter... Programs. >> As a service. You know, go on a forum on the Deep Web and you can contract these types of things out. And it's absolutely out there. >> And then what do you say to your average American friends, that you're saying, hey, having a cocktail with, you're at a dinner. What's going on with security? What do you say to them? You should be worried, calm down, no we're on it. What's the message that you share with your friends that aren't in the industry? >> Personally, I think the message is that, you know, you need to vigilant, you need to, it may be annoying, but you do have to practice good cyber hygiene, think about your passwords, think about what you're sharing on social media. We'd also talk, and I personally believe that, some of these things will not change unless we as consumers change what is acceptable to us. If we stop buying devices or systems or apps based on the convenience that it brings to our lives, and we say, "I'm not going to spend money on that car, "because I don't know if it's secure enough for me." You will see industry change very quickly. So I think-- >> John: Consumer behavior is critical. >> Absolutely. That's definitely a piece of it. >> Alright, guys, so exciting event coming up, theCUBE will be covering the CyberConnect event in November. The dates, I think, November-- >> Sixth and seventh. >> Sixth and seventh in New York City at the Grand Hyatt. Talk about the curriculum, because this is a unique event, where you guys are bringing your sponsorship to the table, but providing an open industry event. What's the curriculum, what's the agenda, what's the purpose of the event? >> Yeah, Tom. >> Okay, I'll take it, yeah. I mean, historically, like other security vendors, we've had our users' conference, right? And what we've found is that, as you alluded to, that there just needs to be better education of what's going on. And so, instead of just limiting it to us talking to our customers about us, we really need to broaden the conversation. And so that's why we brought in ICIT, to really help us broaden the conversation, raise more awareness and visibility for what needs to be done. So this is a pretty unique conference in that we're having a lot of CSOs from some incredible enterprise, as well as government. General Alexander, the former of the Cyber Security Command is a keynote, but we have the CSO of Aetna, Blue Cross involved, as well. So we want to raise the awareness in terms of, what are the best practices? What are the leading minds thinking about security? And then parallel, also, for our customers, we're going to have a parallel track where, if they want to get more product-focused technology. So this is not a Centrify event. This is an industry event, ya know. Black Hat is great, RSA is great, but it's really more at the, kind of the bits and bytes-- >> They're very narrow, but you are only an identity player. There's a bigger issue. What about these other issues? Will you discuss-- >> Oh, absolutely. >> Yeah, well-- >> Is it an identity or is it more? >> It actually is more, and this is one of the reasons, at a macro level, the work that we've done at Centrify, for a number of years now. You know, we have shared the same philosophy that we have a responsibility, as experts in the cyberspace, to move the industry forward and to really usher in, almost a cyber security renaissance, if you will. And so, this is really the vision behind CyberConnect. So if you look at the curriculum, we're talking about, you know, corporate espionage, and how it's impacting commercial organizations. We're talking about the role of machine-learning based artificial intelligence. We'll be talking about the importance of encrypting your data. About security by design. About what's going on with the bot net epidemic that's out there. So there absolutely will be a very balanced program, and it is, again, driven and grounded in that research that ICIT is putting out in the relationships that we have with some of these key players. >> So you institute a critical infrastructure technology, the think tank that you're the co-founder of. You're bringing that broader agenda to CyberConnect. >> That's correct, absolutely. >> So this is awesome, congratulations, I got to ask, on the thought leadership side, you guys have been working together. Can you just talk about your relationship between Centrify and ICIT? So you're independent, you guys are a vendor. Talk about this relationship and why it's so important to this event. >> Well, absolutely. I mean, look, as a security vendor, you know, a lot of, a big percentage of security vendors sell into the U.S. federal government, and through those conversations that a lot of the CSOs at these governments were pointing at us to these ICIT guys, right? And we got awareness and visibility thought that. And it was like, they were just doing great stuff in terms of talking about, yes, Centrify is a leading identity provider, but people are looking for a complete solution, looking for a balanced way to look at it. And so we felt that it would be a great opportunity to partner with these guys. And so we sponsored an event that they did, Winter Summit. And then they did such a great job and the content was amazing, the people they had, that we said, "You know what? "Let's make this more of a general thing and "let's be in the background helping facilitate this, "but let the people hear about this good information." >> So you figured out the community model? (laughs) No, 'cause this is really what works. You got to enable, you're enabling this conversation, and more than ever in the security system, would love to get your perspective on this, is that there's an ethos developing, has been developed. And it's expanding aggressively. Kind of opens doors on one side, but security's all about data sharing. You mentioned that-- >> Yeah, absolutely. >> From a hacking standpoint, that's more of a statutory filing, but here, the security space is highly communicative. They talk to each other, and it's a trust relationship, so you're essentially bringing an independent event, you're funding it. >> Yeah, absolutely. >> It's not your event, this is an independent event. >> Absolutely. >> Yeah, and so Tom said it very well, as an institute, we rely on the financial capital that comes in from our partners, like Centrify. And so we would be unable to deliver at a large scale the value that we do to the legislative community, to federal agencies, and the commercial sector, and the institute's research is being shared on NATO libraries and embassies around the world. So this is really a global operation that we have. And so when we talk about layered security, right, we're not into a silver bullet solution. A lot of faux experts out there say, "I have the answer." We know that there's a layered approach that needs to be done. Centrify, they have the technology that plays a part in that, but, even more important than that for us is that they share that same philosophy and we do see ourselves as being able to usher in the changes required to move everything forward. And so it's been a great, you know, we have a lot of plans for the next few years. >> Yeah, that's great work, you're bringing in some great content to the table, and that's what people want, and they can see who's enabling it, that's a great business model for everyone. I got to ask one question, though, about your business. I love the critical infrastructure focus and I like your value you guys are bringing. But you guys have this fellow program. Can you just talk about this, 'cause your a part of the fellowship-- >> Yeah, absolutely. >> You're on a level, and I don't want to say credit 'cause you're not really going to get credit. But it's a badge, it's a bar. >> Yeah, yeah, no-- >> Explain the fellow program. >> That's a great question. At the institute, we have a core group of experts who represent different technology niches. They make up our fellow program, and so as I discussed earlier, when we're putting out research, when we're educating the media, when we're advising congress, when we're doing the work of the institute, we're constantly turning back to our fellow program members to provide some of that research and expertise. And sharing, you know, not just providing financial capital, but really bringing that thought leadership to the table. Centrify is a part of our fellows program, and so we've been working with them for a number of years. It's very exclusive and there's a process. You have to be referred in by an existing fellow program member. We have a lot of requests, but it really comes down to, do you understand what we're trying to accomplish? Do you share our same mission, our same values? And can you be part of this elite community that we've built? And so, you know, Centrify is a big part of that. >> And the cloud, obviously, is accelerating everything. You've got the cloud action, certainly, in your space, and we know what's going on in our world. >> Yeah, absolutely. >> The world is moving at a zillion miles an hour. It's like literally moving a train. So, congratulations, CyberConnect event in November. Great event, check it out, theCUBE will be there, we'll have live coverage, we broadcast, be documenting all the action and bringing it to you on theCUBE, obviously, (mumbles) John Furrier, here at Centrify's headquarters in California, in Silicon Valley, thanks for watching. (upbeat electronic music)

>>live from Orlando, Florida It's the cue covering Microsoft Ignite Brought to you by Cohee City. Welcome >>back, everyone to the cubes Live coverage of Microsoft IC night here at the Orange County Convention Center in Orlando, Florida I'm your host, Rebecca Night, along with my co host Stew Minutemen were joined by Parham Cologne. He is the chief product officer at you. I path. Thank you so much for coming on the Cube. >>Thank you so much for >>coming back on the cute. >>Thank you. >>So I I was just a u IE path with you in Vegas a couple of weeks ago and the U AI Path tagline is a robot for every employee Microsoft tagline is employing empowering every employee to be a technologist, empowering citizen developers. Does it strike you that do the two missions are are similar in their way? >>That's that's absolutely right. I think we have so much in common their companies together on I think we're working very closely together and not just our technology, but also in what we're trying to achieve, which is to make people achieve more in amplifying human achievement is a core mission of our company and very excited that Microsoft so shares the same emission. >>Yeah, it really does connect with Mace onto this morning. Talked about that 61% of job openings for developers air outside the tech sector. And of course, you AI path is really trying to help. But this is productivity overall, with everything you're doing, >>absolutely, and productivity's where we focus our technology primarily on. In fact, a lot of focus is around. How do we actually get people to do more with less time so they can have more time to do the things that they could do with the creative parts of their time, as opposed to doing a Monday in part? So, yeah, productivity's is really important to us. The company. That's what we think about every day. >>Could you bring us inside the relationship with Microsoft and you? I passed? >>Yeah, so we're deeply partner that Microsoft's and today one we've most of our technology is built on Microsoft's stack on dot net miran. Our databases all run on sequel server or cloud service runs on Microsoft Azure. So we are very deeply partner to be health Microsoft Bill. A lot of a I service is around document extraction. The forms recognize her with one of the first customers that we work together with Microsoft and Chevron on so very deep partnership with Microsoft. Okay, >>so let me ask you a question. Actually, as a customer of Microsoft, you know what? Why, why everything built on Microsoft from, you know, the dot net through the infrastructure of the service. What, what? Why did you bypass choose Microsoft? >>I think it made a lot of sense. Microsoft's focus on productivity Microsoft's focus on enabling developers do stuff quickly on it also helped a lot of the founders, myself included, came through with Microsoft to be a lot of experience with Microsoft's. I think part of that helped as well. >>Does it help or hurt when you are then pitching your service? Is that that it is that it is a much more Microsoft focused company, >>So I think we've grown over the years to actually have a much broader ecosystem, so we have more than 500 partners now we work with Google. Google is a customer, it's an investor. It's also very deep partner. A lot of very I service is we're welding on it with Google were be partnered with AWS as well. So I think we're working with all the way our customers are today. But I think we're still have a very close relationship with Microsoft, given our agitated given where we started. >>Yeah, I actually I I went to the passport event last year and had not realized how deep that connection was with Microsoft. I see you. I path across all the clouds. So there's a little mention of our p A. That this morning in the keynote theme, the power automate solution coming out from Microsoft. Of course, everyone seems tohave an R p A. Out there, you know all the big software houses out there. Tell us what this means in the marketplace. >>Yes, Listen, our P a is a very fast growing market. Is the fastest growing enterprise category today, And when you grow so fast, it's good for the business but also attracts attention, I think getting somebody like Microsoft to sort of say that we're in it as well. Only help sort of solidify the foundation, solidify the category and brings a lot more, you know, credibility to this category. So I think we're excited to have Microsoft here as well. >>And in terms of a CZ, you were saying to companies that are very much focused on workplace productivity, employee collaboration, and being able to be more creative with the time that you have. How much is that cultural alignment? How much does that help your partnership? >>I think it helps a partnership a lot. So you know, when we, for example, of when you meet with the office team, they think deeply about helping people do more with last time. You know, we think about the same things as well. So if you notice some of the newer products that we've launched our very deeply integrated into office, in fact to do a lot of inspiration from products like Excel to be able to say business people that are able to, you know, do some very sophisticated, complex business models and excel should be able to do similar stuff with their products as well. So we continue to work with Microsoft and across collaboration across the steams, anything in general, our message. We have a close relationship with Microsoft, So when Microsoft bring this into opportunities and it closes, it actually retired Dakota for Microsoft Sellers as well. So I think all of that alignment really helps. >>I would love to hear you know what? What? Joint customers. You know what brings customers to you? I path at a show here. What? What are some of the key drivers for their discussions that you're having this week? >>Yeah. I mean, we've got you know, through through the years, we've got over 5000 customers that work with us large enterprises in a very large banks to companies like Chevron. Chevron in particular, is one of those customers. You know, that's a very, very deep customer of Microsoft, but also a very strong customer of ours and a specific use case at my at Chevron. Chevron wanted to extract data from their oil field service reports. They were getting more than 1000 oil. Regular reports coming in every day with about 300 pages for average. For report on. Somebody had to manly go in and physically read those reports. Put him into that s a P system so that you could predict if there was a pretty prevent amendments appear that was acquired, you know, working together with Microsoft, we were able to take service that Microsoft was building an A. I called forums recognize ER and take it to pre bid on Alfa with customers so that Chevron is now able to have all of those reports read by you. I path robots and automatically punch it into, you know, the SNP preventive maintenance applications so that you can actually ship the engineer on side before you know that something happened to the old Greg. So I think that's a pretty cool a scenario. >>Another's another similarity between AI Path and you, AI Path and Microsoft is this customer obsession. And this is something that you talked a lot about at your path forward. This spending time with customers, learning how they would use our p A and then also thinking, thinking ahead of them and in terms of how they could use our p A. How do you work with customers and Microsoft together in partnership in terms of how do you find out exactly what their needs are and the joint solutions you could provide? >>Yeah, and then that's a really good question. Microsoft has been very obsessed with, you know, driving customer obsession and all parts of the organization we culturally have a really deep obsession about working closely with customers. And I think so that Microsoft has empty sea, meet the customer sessions around around the world on We were close living Microsoft to make sure that our technology can be showcased by Microsoft people in those empty see sessions so that when customers come in, they able to not only see Microsoft technology, but also our technology. And if they're interested, then our sales teams work elaborately together to make sure we can, you know, have a joint session than planning and working with customers. >>So I had a chat earlier this year with your CMO Bobbi Patrick talking about how a I and r p a go together. You on the product? So will I. I be able to allow our p A to get into more complex configuration, give us where we are and you know what? What's what's new in that space? >>Yeah, No, absolutely. So like the first wave of our p A was all about taking sort of structured processes, you know, deluding data from excel sheets, reading data for maybe eyes and be able to process it in different systems now in the humans don't always work with that. 10% of what >>we do >>on a daily basis, a structure, data right, spreadsheets and stuff, 90% of what we d'oh reading spread shades, extracting information from papers responding Thio. You know Chad conversations. All of that unstructured information can now be processed by AI algorithms to be able to extract the intent off the chat conversation to be to extract the data. That's in that unstructured document that we just received to be able to use computer vision to detect what is on the computer screen so that you're able to detect that control, whether rendered the browser or renders in a window start to application of that. So I brings the possibility to automate a lot more complex processes within the organization, you know, mimicking sort of MME. Or human like behavior. So the robots are not just doing the numbers and structured data but be able to process unstructured information. It's >>well, well, the way I help it all, trying to understand, what can I automate? >>Absolutely. And that's the other piece off being able to use process, understanding capability. So what we've done is we've built capability that's able to follow human activity logs and how people are using systems, but also how the databases air getting updated by different applications and be able to mind that information to understand how work is getting done and the enterprise and be able to understand what are the scenarios and possibilities for automating mawr business processes that's hold onto the key benefits of how a I and process mining can be can be applied to the context of the R P. A. >>There's so many product announcements today. On the main stage is an 87 page book that we that we were sent from the Microsoft calms team. What is it? What's the most exciting things you've seen here today? >>I think I'm really excited about some of the innovation that Microsoft is doing in the analytic stock to be able to report on the, you know, the data warehouse, but also big data together and one stack. I think that's really powerful. That is something that our customers have have be very interested in, because robots process structure log, but also in structure logs. I'm also excited about some of the eye investments that Microsoft is making, I think some of the eye capabilities and are really coming to practical use. A lot of companies tuck Brody I For a long time. We've applied a I practically in our technology, but I think a lot more technology is now available for us to be used in our products. >>Okay, parm. There's a recent acquisition process. Gold was. The company could tell us a little bit about that. What what? What are the plans for that >>absolutely process Goal is a company that's basically all in Germany and nine home and in bed. Ireland. On this is the company that was focused on process, understanding of process. Mining's essentially, what they had was that connectors a different line of business applications and be able to sit and study logs of how work was getting done over long periods of time. So what happened is if you went to a line of business owner and he asked them, What is your process for procure to pay look like, in order to cash look like chances out, they'll draw you a straight line. That's a haze with the processes, However, when you look at how work is getting done, it's typically not a straight line. And depending on how many variations you're looking at, you can get up to, like, you know, 15 or 20 different variations, the same process being done. So what process gold does is identifies. What are the different ways in which processes air getting done? Identify where the bottlenecks exist in the process, right? How long is the step one? How long is the time? But we step two and step three, right? Is that taking 25% of what the total time is? And is there a way to optimize that process by eliminating that bottleneck? And once you've optimized the process, it also gives you the ability to go automate that optimized process right? You don't want to automate a process that is sub optimal. You want to go understand the process, see how work is getting done, optimized the bottlenecks and eliminate the bottlenecks, optimize the process and then go out of made that and process go. It really helps us sort of cater to that need, which is go automate. You know, the best possible way to optimize the process >>in terms of Microsoft's use of things like a I and ML And now we have not really talked a lot about ML here. I mean, it was mentioned on the main stage, but not a lot. How? What? What do you think the future holds in terms of Microsoft in the next 5 to 10 years? >>Yeah. I mean, I think I see Microsoft investing a lot in data and really being able Thio get all kinds of data because ML is useful only after it's able to reason over tons of data. And Microsoft is in a rightfully investing and the data repositories in stores so that it has the ability to store that data to process that data. And once that's got the data on the data assets over it, then it's able to go Korea the algorithms that can reason over data on and create that stuff. And I think that's really exciting because Microsoft has a lot of the horsepower to be able to not only store that data process that data efficiently said can be used in machine learning. And I >>hope our um thank you so much for coming on the Cube. It was a pleasure talking to you. >>Thank you. Pleasure to have you here. Thank you very much. >>I'm Rebecca Knight. First to minimum. Stay tuned for more of the cubes. Live coverage of Microsoft ignite.