[Music] Andre one of the things that have come up is your relation with Russia as we talked about so I have to ask you a direct question do you to work with sanctioned Russian entities or Russian companies shown we and c5 we do not work with any company that's sanctioned from any country including Russia and the same applies to me we take sanctions very very seriously the one thing you don't mess with is US sanctions which has application worldwide and so you always have to stay absolutely on the right side of the law when it comes to sanctions so nothing nothing that's something that's connection nets are trying to make they're also the other connection is a guy named Victor Vail Selberg Viktor Vekselberg Vekselberg to go with the Russian names as people know what is your relationship with Viktor Vekselberg so victim Viktor Vekselberg is a is a very well known Russian businessman he's perhaps one of the best known Russian businessman in the West because he also lived in the US for a period of time it's a very well-known personality in in in Europe he's a donor for example to the Clinton Foundation and he has aggregated the largest collection of Faberge eggs in the world as part of national Russian treasure so he's a very well known business personality and of course during the course of my career which has focused heavily on also doing investigations on Russian related issues I have come across Viktor Vekselberg and I've had the opportunity to meet with him and so I know him as a as a business leader but c5 has no relationship with Viktor Vekselberg and we've never accepted any investment from him we've never asked him for an investment and our firm a venture capital firm has no ties to Viktor Vekselberg so you've worked had a relationship at some point in your career but no I wouldn't on a daily basis you don't have a deep relationship can you explain how deep that relationship is what were the interactions you had with him so clarify that point so so I know Viktor Vekselberg and I've met him on more than one occasion in different settings and as I shared with you I served on the board of a South African mining company which is black owned for a period of a year and which Renova had a minority investment alongside an Australian company called South 32 and that's the extent of the contact and exposure I've had to so casual business run-ins and interactions not like again that's correct deep joint ventures are very kind of okay let's get back to c5 for a minute cause I want to ask you it but just do just a circle just one last issue and Viktor Vekselberg Viktor Vekselberg is the chairman of scope over the Russian technology innovation park that we discussed and he became the chairman under the presidency of President Dmitry Medvedev during the time when Hillary Clinton was doing a reset on Russian relations and during that time so vekselberg have built up very effective relationships with all of the or many of the leading big US technology companies and today you can find the roster of those partners the list of those partners on the scope of our website and those nuclear drove that yes Victor drove that Victor drove that during during in the Clinton Secretary of this started the scope of our project started during the the Medvedev presidency and in the period 2010-2011 you'll find many photographs of mr. vekselberg signing partnership agreements with very well known technology companies for Skolkovo and most of those companies still in one way or another remain involved in the Skolkovo project this has been the feature the article so there are I think and I've read all the other places where they wanted to make this decision Valley of Russia correct there's a lot of Russian programmers who work for American companies I know a few of them that do so there's technology they get great programmers in Russia but certainly they have technology so oracles they're ibm's they're cisco say we talked about earlier there is US presence there are you do you have a presence there and does Amazon Web service have a presence on do you see five it and that's knowing I was alright it's well it's a warning in the wrong oh sorry about that what's the Skog Obama's called spoke over so Andres Kokomo's this has been well report it's the Silicon Valley of Russia and so a lot of American companies they're IBM Oracle Cisco you mentioned earlier I can imagine it makes sense they a lot of recruiting little labs going on we see people hire Russian engineers all the time you know c5 have a presence there and does AWS have a presence there and do you work together in a TBS in that area explain that relationship certainly c5 Amazon individually or you can't speak for Amazon but let's see if I've have there and do you work with Amazon in any way there c-5m there's no work in Russia and neither does any of our portfolio companies c5 has no relationship with the Skolkovo Technology Park and as I said the parties for this spoke of a Technology Park is a matter of record is only website anyone can take a look at it and our name is not amongst those partners and I think this was this is an issue which I which I fault the BBC report on because if the BBC report was fair and accurate they would have disclosed the fact that there's a long list of partners with a scope of our project very well known companies many of them competitors in the Jedi process but that was not the case the BBC programme in a very misleading and deceptive way created the impression that for some reason somehow c5 was involved in Skolkovo without disclosing the fact that many other companies are involved they and of course we are not involved and your only relationship with Declan Berg Viktor Vekselberg was through the c5 raiser bid three c5 no no Viktor Vekselberg was never involved in c5 raiser Petco we had Vladimir Kuznetsov as a man not as a minority investor day and when we diligence him one of our key findings was that he was acting in independent capacity and he was investing his own money as a you national aniseh Swiss resident so you if you've had no business dealings with Viktor Vekselberg other than casual working c-5 has had no business dealings with with Viktor Vekselberg in a in a personal capacity earlier before the onset of sanctions I served on the board of a black-owned South African mining company and which Renault bombs the Vekselberg company as a minority investment alongside an Australian company called South 32 and my motivation for doing so was to support African entrepreneurship because this was one of the first black owned mining companies in the country was established with a British investment in which I was involved in and I was very supportive of the work that this company does to develop manganese mining in the Kalahari Desert and your role there was advisory formal what was the role there it was an advisory role so no ownership no ownership no equity no engagement you call them to help out on a project I was asked to support the company at the crucial time when they had a dispute on royalties when they were looking at the future of the Kalahari basin and the future of the manganese reserve say and also to help the company through a transition of the black leadership the black executive leadership of the cut year is that roughly 2017 so recently okay let on the ownership of c5 can you explain who owns c5 I mean you're described as the owner if it's a venture capital firm you probably of investors so your managing director you probably have some carry of some sort and then talk about the relationship between c5 razor bidco the Russian special purpose vehicle that was created is that owning what does it fit is it a subordinate role so see my capital so Jones to start with c5 razor boot code was was never a Russian special purpose vehicle this was a British special purpose vehicle which we established for our own investment into a European enterprise software company vladimir kuznetsov later invested as an angel investor into the same company and we required him to do it through our structure because it was transparent and subject to FCA regulation there's no ties back to c5 he's been not an owner in any way of c5 no not on c5 so C fibers owned by five families who helped to establish the business and grow the business and partner in the business these are blue chip very well known European and American families it's a small transatlantic community or family investors who believe that it's important to use private capital for the greater good right history dealing with Russians can you talk about your career you mentioned your career in South Africa earlier talk about your career deal in Russia when did you start working with Russian people I was the international stage Russian Russia's that time in 90s and 2000 and now certainly has changed a lot let's talk about your history and deal with the Russians so percent of the Soviet Union I think there was a significant window for Western investment into Russia and Western investment during this time also grew very significantly during my career as an investigator I often dealt with Russian organized crime cases and in fact I established my consulting business with a former head of the Central European division of the CIA who was an expert on Russia and probably one of the world's leading experts on Russia so to get his name William Lofgren so during the course of of building this business we helped many Western investors with problems and issues related to their investments in Russia so you were working for the West I was waiting for the West so you are the good side and but when you were absolutely and when and when you do work of this kind of course you get to know a lot of people in Russia and you make Russian contacts and like in any other country as as Alexander Solzhenitsyn the great Russian dissident wrote the line that separates good and evil doesn't run between countries it runs through the hearts of people and so in this context there are there are people in Russia who crossed my path and across my professional career who were good people who were working in a constructive way for Russia's freedom and for Russia's independence and that I continue to hold in high regard and you find there's no technical security risk the United States of America with your relationship with c5 and Russia well my my investigative work that related to Russia cases are all in the past this was all done in the past as you said I was acting in the interest of Western corporations and Western governments in their relations with Russia that's documented and you'd be prepared to be transparent about that absolutely that's all those many of those cases are well documented to corporations for which my consulting firm acted are very well known very well known businesses and it's pretty much all on the on the Podesta gaiting corruption we were we were we were helping Western corporations invest into Russia in a way that that that meant that they did not get in meshed in corruption that meant they didn't get blackmailed by Russia organized crime groups which meant that their investments were sustainable and compliant with the Foreign Corrupt Practices Act and other bribery regulation at war for everyone who I know that lives in Europe that's my age said when the EU was established there's a flight of Eastern Europeans and Russians into Western Europe and they don't have the same business practices so I'd imagine you'd run into some pretty seedy scenarios in this course of business well in drug-dealing under I mean a lot of underground stuff was going on they're different they're different government they're different economy I mean it wasn't like a structure so you probably were exposed to a lot many many post-conflict countries suffer from predatory predatory organized crime groups and I think what changed and of course of my invested investigative career was that many of these groups became digital and a lot of organized crime that was purely based in the physical world went into the into the digital world which was one of the other major reasons which led me to focus on cyber security and to invest in cyber security well gets that in a minute well that's great I may only imagine some of the things you're investigated it's easy to connect people with things when yeah things are orbiting around them so appreciate the candid response there I wanna move on to the other area I see in the stories national security risk conflict of interest in some of the stories you seeing this well is there conflict of interest this is an IT playbook I've seen over the years federal deals well you're gonna create some Fahd fear uncertainty and doubt there's always kind of accusations you know there's accusations around well are they self dealing and you know these companies or I've seen this before so I gotta ask you they're involved with you bought a company called s DB advisors it was one of the transactions that they're in I see connecting to in my research with the DoD Sally Donnelly who is Sally Donnelly why did you buy her business so I didn't buy Sonny Donnelly's business again so Sally Tony let's start with Sally darling so Sally Donny was introduced to me by Apple Mike Mullen as a former chairman of the Joint Chiefs of Staff and Sally served as his special advisor when he was the chairman of the Joint Chiefs of Staff Apple Mullen was one of the first operating parties which we had in c5 and he continues to serve Admiral Mullen the four start yes sir okay and he continues to serve as one of operating partners to this day salad only and that will Mike worked very closely with the Duke of Westminster on one of his charitable projects which we supported and which is close to my heart which is established a new veteran rehabilitation center for Britain upgrading our facility which dates back to the Second World War which is called Headley court to a brand-new state-of-the-art facility which was a half a billion dollar public-private partnership which Duke led and in this context that Ron Mullen and Sally helped the Duke and it's team to meet some of the best experts in the US on veteran rehabilitation on veteran care and on providing for veterans at the end of the service and this was a this was a great service which it did to the to this new center which is called the defense and national rehabilitation center which opened up last summer in Britain and is a terrific asset not only for Britain but also for allies and and so the acquisition she went on to work with secretary Manus in the Department of Defense yes in February Feb 9 you through the transaction yes in February 2017 Sally decided to do public service and support of safety matters when he joined the current administration when she left her firm she sold it free and clear to a group of local Washington entrepreneurs and she had to do that very quickly because the appointment of secretary mattis wasn't expected he wasn't involved in any political campaigns he was called back to come and serve his country in the nation's interest very unexpectedly and Sally and a colleague of us Tony de Martino because of their loyalty to him and the law did to the mission followed him into public service and my understanding is it's an EAJA to sell a business in a matter of a day or two to be able to be free and clear of title and to have no compliance issues while she was in government her consulting business didn't do any work for the government it was really focused on advising corporations on working with the government and on defense and national security issues I didn't buy Sonny's business one of c-5 portfolio companies a year later acquired SPD advisors from the owner supported with a view to establishing and expanding one of our cyber advising businesses into the US market and this is part of a broader bind bolt project which is called Haven ITC secure and this was just one of several acquisitions that this platform made so just for the record c5 didn't buy her company she repeat relieved herself of any kind of conflict of interest going into the public service your portfolio company acquired the company in short order because they knew the synergies because it would be were close to it so I know it's arm's length but as a venture capitalist you have no real influence other than having an investment or board seat on these companies right so they act independent in your structure absolutely make sure I get that's exactly right John but but not much more importantly only had no influence over the Jedi contract she acted as secretary mitosis chief of staff for a period of a year and have functions as described by the Government Accounting Office was really of a ministerial nature so she was much more focused on the Secretary's diary than she was focused on any contracting issues as you know government contracting is very complex it's very technical sally has as many wonderful talents and attributes but she's never claimed to be a cloud computing expert and of equal importance was when sally joined the government in february 17 jeddah wasn't even on the radar it wasn't even conceived as a possibility why did yet I cannot just for just for the record the Jedi contract my understanding is that and I'm not an expert on one government contracting but my understanding is that the RFP the request for proposals for the July contract came out in quarter three of this year for the first time earlier this year there was a publication of an intention to put out an RFP I think that happened in at the end of quarter one five yep classic yeah and then the RFP came out and called a three bits had to go in in November and I understand a decision will be made sometime next year what's your relationship well where's she now what she still was so sunny left finished the public service and and I think February March of this year and she's since gone on to do a fellowship with a think-tank she's also reestablished her own business in her own right and although we remain to be good friends I'm in no way involved in a business or a business deal I have a lot of friends in DC I'm not a really policy wonk of any kind we have a lot of friends who are it's it's common when it administrations turnover people you know or either appointed or parked a work force they leave and they go could they go to consultancy until the next yeah until the next and frustration comes along yeah and that's pretty common that's pretty cool this is what goes on yeah and I think this whole issue of potential conflicts of interest that salad only or Tony the Martino might have had has been addressed by the Government Accounting Office in its ruling which is on the public record where the GAO very clearly state that neither of these two individuals were anywhere near the team that was writing the terms for the general contract and that their functions were really as described by the GAO as ministerial so XI salient Antonia was such a long way away from this contact there's just no way that they could have influenced it in in in any respect and their relation to c5 is advisory do they and do they both are they have relations with you now what's the current relationship since since Sally and Tony went to do public service we've had no contact with them we have no reason of course to have contact with them in any way they were doing public service they were serving the country and serving the nation and since they've come out of public service we've we've not reestablished any commercial relationship so we talked earlier about the relation with AWS there's only if have a field support two incubators its accelerator does c5 have any portfolio companies that are actually bidding or working on the Jedi contract none what Santa John not zero zero so outside of c5 having relation with Amazon and no portfolios working with a Jedi contract there's no link to c5 other than a portfolio company buying Sally Donnelly who's kind of connected to general mattis up here yeah Selleck has six degrees of separation yes I think this is a constant theme in this conspiracy theory Jonas is six degrees of separation it's it's taking relationships that that that developed in a small community in Washington and trying to draw nefarious and sinister conclusions from them instead of focusing on competing on performance competing on innovation and competing on price and perhaps that's not taking place because the companies that are trying to do this do not have the capability to do so Andre I really appreciate you coming on and answering these tough questions I want to talk about what's going on with c5 now but I got to say you know I want to ask you one more time because I think this is critical you've worked for big-time company Kroll with terminus international market very crazy time time transformation wise you've worked with the CIA in Quantico the FBI nuclei in Quantico on a collaboration you were to know you've done work for the good guys you have see if I've got multiple years operating why why are you being put as a bad guy here I mean you're gonna you know being you being put out there with if you search your name on Google it says you're a spy all these evil all these things are connecting and we're kind of digging through them they kind of don't Joan I've had the privilege of a tremendous career I've had the privilege of working with with great leaders and having had great mentors if you do anything of significance if you do anything that's helping to make a difference or to make a change you should first expect scrutiny but also expect criticism when that scrutiny and criticism are fact-based that's helpful and that's good for society and for the health of society when on the other hand it is fake news or it is the construct of elaborate conspiracy theories that's not good for the health of society it's not good for the national interest is not good for for doing good business you've been very after you're doing business for the for the credibility people questioning your credibility what do you want to tell people that are watching this about your credibility that's in question again with this stuff you've done and you're continuing to do what's the one share something to the folks that might mean something to them you can sway them or you want to say something directly what would you say the measure of a person it is his or her conduct in c-five we are continuing to build our business we continue to invest in great companies we continue to put cravat private capital to work to help drive innovation including in the US market we will continue to surround ourselves with good people and we will continue to set the highest standards for the way in which we invest and build our businesses it's common I guess I would say that I'm getting out as deep as you are in the in term over the years with looking at these patterns but the pattern that I see is very simple when bad guys get found out they leave the jurisdiction they flee they go do something else and they reinvent themselves and scam someone else you've been doing this for many many years got a great back record c5 now is still doing business continuing not skipping a beat the story comes out hopefully kind of derail this or something else will think we're gonna dig into it so than angle for sure but you still have investments you're deploying globally talk about what c5 is doing today tomorrow next few months the next year you have deals going down you're still doing business you have business out there our business has not slowed down for a moment we have the support of tremendous investors we have the support of tremendous partners in our portfolio companies we have the support of a great group of operating partners and most important of all we have a highly dedicated highly focused group of investment teams of very experienced and skilled professionals who are making profitable investments and so we are continuing to build our business we have a very full deal pipeline we will be completing more investment transactions next week and we are continue to scalar assets under management next year we will have half a billion dollars of assets under management and we continue to focus on our mission which is to use private capital to help innovate and drive a change for good after again thank you we have the story in the BBC kicked all this off the 12th no one's else picked it up I think other journals have you mentioned earlier you think this there's actually people putting this out you you call out let's got John wheeler we're going to look into him do you think there's an organized campaign right now organized to go after you go after Amazon are you just collateral damage you mentioned that earlier is there a funded effort here well Bloomberg has reported on the fact that that one of the competitors for this bit of trying to bring together a group of companies behind a concerted effort specifically to block Amazon Web Services and so we hear these reports we see this press speculation if that was the case of course that would not be good for a fair and open and competitive bidding process which is I think is the Department of Defense's intention and what is in the interests of the country at a time when national security innovation will determine not only the fate of future Wars but also the fate of a sons and daughters who are war fighters and to be fair to process having something undermine it like a paid-for dossier which I have multiple sources confirming that's happened it's kind of infiltrating the journalists and so that's kind of where I'm looking at right now is that okay the BBC story just didn't feel right to me credible outlet you work for them you did investigations for them back in the day have you talked to them yes no we are we are we are in correspondence with the BBC I think in particular we want them to address the fact that they've conflated facts in this story playing this parlor game of six degrees of separation we want them to address the important principle of the independence of the in editorial integrity at the fact that they did not disclose that they expert on this program actually has significant conflicts of interests of his own and finally we want them to disclose the fact that it's not c5 and Amazon Web Services who have had a relationship with the scope of our technology park the scope of our technology park actually has a very broad set of Western partners still highly engaged there and even in recent weeks of hosted major cloud contracts and conferences there and and all of this should have been part of the story in on the record well we're certainly going to dig into it I appreciate your answer the tough questions we're gonna certainly look into this dossier if this is true this is bad and if there's people behind it acting behind it then certainly we're gonna report on that and I know these were tough questions thanks for taking the time Andre to to answer them with us Joan thanks for doing a deep dive on us okay this is the Q exclusive conversation here in Palo Alto authority narc who's the founder of c-5 capital venture capital firm in the center of a controversy around this BBC story which we're going to dig into more this has been exclusive conversation I'm John Tory thanks for watching [Music] you

>> Narrator: Live from Las Vegas, it's theCUBE. Covering AWS reInvent 2017, presented by AWS, Intel, and our ecosystem of partners. >> Okay, welcome back everyone, this is theCUBE's exclusive coverage, live, in Las Vegas, 45,000 people here on the ground, for Amazon Web Services reInvent 2017. Their annual conference. Our fifth year doing it, I got two sets, two cubes, a lot of action. Day two of three days of wall to wall coverage. My next guest, Tom Kemp, CEO, of Centrify, security company out of California in Silicon Valley, leader in identity based security in the cloud, on-prem, big business growing, fast growing startup in the area. Good to see you. >> Yeah it's great to be here again. >> Security has been Amazon's kryptonite for many years. They've done their work, their paying their dues, they're checking the boxes. Certainly we see that on the federal side, public sector. Great success, Teresa Carlson, has done an amazing job. It's been fun watch her go from an outcast to, in the marketplace, "Ah, we don't trust the cloud", to winning. They've done the work. Security, you've gotta do the work. >> Yeah, I mean, they've done a great job of evangelizing the shared responsibiloty model where they clearly identify, "Hey, this is what we do", and then, "This is what the customer needs to do." So it's actually a very nice model that they offer that vendors such as us can slot into. >> And they move so fast but again, security is one of those things, you can't fake it til you make it. Right? (Tom laughs) You can't make it til you make it. Which means, it's hard. What are you guys doing with Amazon now? What's your story here for Centrify? >> Yeah, we're doing a couple of things. So the first thing is that we do privilege management. I mean the reality is is that the keys to the kingdom are in the AWS console in terms of the billing systems, firing up servers, shutting down servers et cetera. A lot of the more recent hacks have been because people have gotten the access to those keys of those systems as well. So we help lockdown the AWS environment and then we also help lockdown the actual servers being deployed on EC2. We provide multifactor authentication et cetera. The other thing that we do is and what we announced just the other day is we've actually moved our platform over to AWS. So before we ran on at Azure, can I say that at this, ah? >> John: That's fine. >> It's okay, yeah, just joking. >> All fair in love and sharing the cloud. >> So now we have a production cloud on AWS and we've also integrated in the marketplace. So there's SaaS billing that people can get as well, which actually is a very unique thing that AWS offers that the other cloud providers don't do. >> Alright, so I gotta ask you, obviously, to me, super exciting show because some of the announcements are really kind of cool and sexy, and some are under the hood geeky, like Lambda. And then you got the cool AI stuff happening, whether it's VR, AR, or recognition, all these cool machine learning, democratized toolkits. So does this help you? I mean Lambda server lists is a dream for a developer. Just, "Oh my God, I don't have to worry about anything. "What's a local host? "I don't need to know what a load balancer is." Does that help you guys or not? >> Yeah it does, I mean the reality is is that the amount of servers and applications, be it server or server-less, the amount of applications, the users that are connecting to it, it just adds more to the potential complexity. And we can, through the power of identity, provide a control plane to give people identity driven security and really allow people to move-- >> But it doesn't replace us. My point is, I guess, if you're locking down servers, this is a value right? >> Yeah. >> EC2 instances. But if the developers aren't using EC2 instances 'cause it's server-less. Are you guys transparent, are you abstracted away? >> So we also then, then integrate into the application and then help facilitate security for the actual users themselves. But look the reality of the situation is is that people are always gonna have a hybrid environment. They still have on-premises, which users have to access that environment. They're gonna have the cloud environment. And it's gonna be heterogenous. So AWS is a clear leader in the cloud but you're also gonna have Azure, Google, and then the SaaS applications as well, which are gonna be used in conjunction with the custom applications people are building. So the one constant-- >> I've been saying, I've been saying this for years, the specialty cloud is a big market. Oracle's a specialty cloud, Microsoft's a specialty cloud, 'cause they have apps for them. They can be different clouds. Multi-cloud is what's coming, would you agree? >> Yeah, and the reality is as companies go through digital transformation they're gonna open up more and more of their applications to more and more users. They're gonna be more and more devices, and that's just gonna lead to identity sprawl, more and more passwords that people have to deal with as well. And that's why in a world in which-- >> How bad is that problem? 'Cause that's a huge problem, at least in my mind. Identity sprawl, explain what that is and how bad is it? And what are the consequences if it's not fixed? >> Well look the reality is 80% of breaches nowadays involve compromised credentials. I mean we had the whole election, Podesta, the DNC, the recent hack of HBO, you had Sony. It always tied into people stealing credentials and people having too many credentials, sharing credentials, et cetera. So the problem that we face as consumers in terms of having too many user names and passwords has now entered into the actual enterprise and we're now in a situation that, yeah, there's an app for that but that means that there's a password for that. So IT is having a hard time controlling who can access what while end users are just dealing with too many user names and passwords as well. So you have identity sprawl, it's difficult to provision access. And then now you have IoT coming onboard and those devices need an identity unto themselves. And probably the thing that excites me most about some of today's announcements is what AWS is doing with IoT. Some pretty cool stuff. >> I mean I think IoT is the trend, AI and IoT, because, to me the data center, and this might be a little bit over the top, but I'll say it anyway. I think private cloud is real, the way Wikibon talks about it but it's still cloud and the cloud looks at these endpoints as edge devices. So a data center is just an IoT device, a big one. >> Yeah. >> Or, a series of devices connected to the network which connect to the cloud. I mean if it's operating as a cloud what's the difference? Private and public. >> Yeah, no, I, I, I-- >> IoT has gotta be connected. That's where identity could be helpful. >> Identity, I mean, 'cause look, every device has an identity beyond just an IP address. I mean some of the attacks have even taken over IoT devices and then pointed them against websites and brought those websites down as well. So users have multiple identities. Devices have identities unto themselves so you've got this kinda n-by-m, you know, situation where you multiply the number of users times the number of devices, and we're told digital transformation, more and more users are coming online connecting to applications. So I think that's a, it's just a great market to be in. >> Tom, great to have you on theCUBE, congratulations on your business growth. What's your secret sauce? We'll end this segment by you just taking a minute to describe to the folks watching why are you doing so good, what's your secret sauce, what are the tailwinds for you, why the success? >> Well the tailwinds are, first of all, identity has become the top attack vector. It's now involved, compromised credentials stolen at NEs is now involved in over 80% of all breaches. And the other tailwind is the whole move to the cloud that just says, introduces password sprawl. And we're very unique in the market in that we can secure both end users and their identities but we can also secure the privileged accounts that are built into the infrastructures of service. The AWS, EC2, IAM-- >> John: The critical resources. >> Yeah, and we do this in a hybrid environment. So, yes, people are aggressively moving to the cloud but you know and I know that still, what, 70, 80% of IT is still on-prem, and it's gonna be a mixed hybrid environment. And we offer both software and cloud services to secure both end users as well as privileged accounts in that environment. >> Alright, the bottom line, the AWS cloud phenomenon. Describe it in a sentence. >> In a sentence? Oh, it's just, the complete consolidation of all IT in a single platform. I mean, it's amazing that every year they announce another couple a hundred new brand new services as well. So it's just like a phenomena that I've never seen before in terms of a vendor aggressively able to come out with new capabilities and deliver more and more features. >> Cloud as an operating system that's what I always say. And I can see it coming together, and they're staying on their track. I gotta give Andy Jassy credit, even though I busted his chops by putting the Gartner slide on there, because that's old guard technically, doesn't match his presentation, so he's gotta fix that. They stay on their line, they're not wavering. They are mission focused. Changing the game, adding value for customers. >> And they're thinking about new app scenarios and I think it was brilliant that, take IoT, there's so many different flavors of operating systems for IoT. They're saying, "Hey, we're gonna come out "with a standard operating system "that you can leverage. "And we're gonna provide device management, "and we're gonna tie it back into the platform." So they're gonna capture the, they're trying to capture the edge. And the good news is stuff like that does provide opportunities for vendors such as Centrify. >> And they surround themselves with a great ecosystem. You guys are doing great in there. I know you're growing but you're soon to be bigger. But Intel, they're doing great with Intel. Intel gets a lift off this, more compute, everywhere. >> Absolutely. >> So even if they, they kind of have to split some of the business, whatever they do, who knows what happens there but Intel wins with this scenario. Amazon's not trying to eat the whole pie, they're sharing. They're sharing the wealth. And they do it, in the case of security again I go back to their shared responsibility model. It provides a great framework where it makes it very easy for vendors such as ourselves to say, "We play here, here, and here." So it makes it great to partner with and the ability for them to actually have SaaS based applications in their marketplace as well. And that's powerful, and no other of the cloud guys have a similar concept. Yeah, you could put AMIs on infrastructure as a service but to actually have a cloud based service tied into the billing system of AWS is incredibly powerful. We're very excited about being a part of that. >> And we will keep an eye on them on the open source side, certainly that's an area we're watching very carefully. Hey the developers love Amazon and that's a good thing. Now the enterprise love Amazon, public sector loves Amazon. Who doesn't love Amazon Web Services? We'll be following that very closely over the course of the next few months and next year, 2018. Of course live here in here in Las Vegas is AWS reInvent 2017. Back with more coverage after this short break. (upbeat electronic music)

>> Announcer: Live from New York City, it's theCube covering Cyber Connect 2017. Brought to you by Centrify and The Institute for Critical Infrastructure Technology. >> Okay, welcome back everyone, this is a live Cube coverage here in New York City at the Grand Hyatt Ballroom. I'm John Furrier with my co-host Dave Vellante. This is Cyber Connect 2017, the inaugural conference of a new kind of conference bringing industry and government and practitioners together to solve the crisis of this generation, according to Keith Alexander, who was on stage earlier. Our next guest is the CEO of the company that's under running this event, Tom Kemp, co-founder and CEO of Centrify. Congratulations, Tom, we met, we saw you last week, came in the studio in Palo Alto. Day one was coming to a close. Great day. >> Yeah, it's been amazing, we've had over 500 people here. We've been webcasting this, we have 1,000 people. And, of course, we've got your audience as well. So, clearly, over 2,000 people participating in this event, so we're really pleased with the first day turn-out. >> So, I would say this is, like, a new kind of event, a little bit different than most events in the business. Response has been very well received, sold out, packed house, I couldn't get a chair, strolled in, not late, but, I mean, you know, towards the end of your Keynote. This is the dynamic, there's demand for this. Why is this so popular? You guys had a good hunch here, what's been the feedback? >> Well, the feedback's been great, first of all. But, the reality is, is that, organizations are spending 10% more per year on security but the reality is the breaches are growing 40 to 70% per year. So, no matter how much money they're throwing at it, the problem's getting worse, and so people are, for the most part, kind of throwing up their hands and saying, how can we re-think security as well? So, I think there's just a complete hunger to hear best practices from some of the top CSO's. You know we had US bank CSO, we had Etna, Blue Cross Blue Shield, etcetera. What are these guys doing to keep their data secure and make sure that they don't make headlines? >> So, I want to ask you a question on the business front, obviously we saw last week, Alphabet, AKA Google, Twitter and Facebook in front of the Setna committee, around this influence thing going on with the media, still an exploit, but a little bit different than pay load based stuff we're normally seeing with security hacks, still relevant, causes some problems, you guys have been very successful in Washington. I'm not saying you're lobbying, but as a start up, you ingratiated yourself into the community there, took a different approach. A lot of people are saying that the tech companies could do a better job in D.C., and a lot of the times Google and these treasure troves of data, they're trying to figure it out. You took a different approach and the feedback we heard on theCube is working. You guys are well received in there, obviously the product, good timing to have an identity solution, and zero trust philosophy you have. Well, you did something different. What was the strategy? Why so much success in D.C. for Centrify? >> Well, we actually partnered with the IT folks and the security people. I mean, we actually spent a lot of time on site, talking with them, and actually, we built a lot of capabilities for what the government was looking to address from an identity access security perspective. That's just the reality of the situation. And so, we took a long haul view, we've done very great in the, two of our largest customers are intelligence agencies, but we actually have over 20% of our sales that goes to the federal government, state and local as well. So, you really can't just go in there, spend a lot of money, do a lot of hype. You actually have to roll up your sleeves and help them solve the mission. They call it the mission, right, they have mission, and you got to be focused on how you can address them and work with the technologist out there to make sure, so it was just, really just blocking and tackling the ground game, >> So common sense sounds like, just do the work. >> Yeah, do the work, really listen. And think about it as a multi-year investment, right? I mean, in a lot of start ups, they just, like, oh, can't get the sale, move on, right. But you actually have to realize, especially in security, that most tech companies that have a big security presence, they should get 15-20% of their business from the US government. >> That's a big bet for you guys, were you nervous at first? I mean, obviously, you have confidence now looking back, I mean, it must've been pretty nerve wracking because it's a big bet. >> It's a big bet because you also have to meet certain government standards and requirements. You got to get FIP certification, you got to get common criteria, in the cloud, you got to get FedRAMP, and that means you also have to have customers in the federal government approve you and bring you in and then you have to go through the lengthy audit process. And we're actually about to get our FedRAMP certification, just passed the audit and that's going to be coming up pretty soon as well. So, yeah, to go get common criteria, to get FedRAMP, you have to spend a million dollars for those types of certifications. At the same time, working with the large federal agencies. >> So Tom, you gave us the numbers, 10% more spending every year on security but breaches are up 40 to 70%, you said in your talk that's two trillion dollars in lost dollars, productivity, IP, etcetera, so obviously it's not working, you've mentioned a number of folks in here talking today. What's their mindset? Is their mindset this is a do-over? Or, is it, just we got to do a better job? >> I think we're getting to the point where its' going to be a do-over. And I think, first of all, people realize that the legacy technology that they have have historically focused on premises. But, the world's rapidly moving to the cloud, right? And so, you need to have cloud-based scale, a cloud-based architecture, to deliver security nowadays because the perimeter is completely going away. That's the first thing. And, I think there's also realization that there needs to be Big Data machine learning applied to this. And you guys talk about this all the time, the whole rise of Big Data. But, security is probably the best vertical. >> Data application. >> Exactly, it's probably the best vertical, because you need real-time instantaneous should I let this person come into the system or not, right? Or, over time, is this, does this represent malicious activity as well? So, I think people are realizing that what they've been doing's not working, they realize they're moving to the cloud, they need to adopt cloud, to, not only secure cloud, but have their technology be based in the cloud and they need to apply machine learning to the problem as well. >> So, in your talk, you talked about a paradigm shift, which I inferred as a mindset shift in how security practices in technologies should be applied, you got to lot of content in there. But could you summarize for our audience sort of the fundamentals? >> Well, the first fundamental is, is that the attack vector is completely changed, right? Before, it was all about vulnerabilities that someone hadn't patched this latest version of Windows, etcetera. Those problems are really solved, for the most part. I mean, occasionally it kind of pops in now and then, but for the most part, enterprises and governments are good about patching systems etcetera. You don't hear about sequel injections anymore. So, a lot of those problems have been resolved. But, where the attackers are going, they're going after the actual users, and so, I know you had the Verizon folks here on theCube, and if you look at the latest Verizon data breacher port, eight out of 10 breaches involve stolen and compromised credentials, right? And that has grown over the last few years from 50% to 60% now to over 80%. Look at the election, right? You talk about all this Twitter stuff and Facebook and all that stuff, it's John Podesta's emails getting stolen, it's the democrat's emails getting stolen, and you know, now that people have the Equifax data, they've got even more information to help figure out-- >> Social engineering is a big theme here. >> Absolutely. >> They have this data out on the dark web, this methodologies and there's also, you know, we talked with the critical interset guys that you're partnering with about all the terrorism activity, so, there's influence campaigns going on that are influencing through social engineering, but that data's being cross connected for, you know, radicalizing people to kill people in the United States. >> Well, there's that. And then there's nation states, there's insiders. So, the reality is, is that, it turns out from a security perspective, that we, the humans, we're the weakest link in this. And so, yes, there needs to be process, there needs to be technology, there needs to be education here as well. But the reality is that the vast majority of spin on security is for the old stuff, it's like we're trying to fight a land war in Asia, and that's how we're investing, we're still investing in M1 tanks in security, but the reality is that 80% of the breaches are occurring because they're attacking the individuals. They're either fooling them, or stealing it by some means or mechanisms, and so the attack vector is now the user. And that's this, and people are probably spending less than 10% securing the users, but it represents 80% of the actual attack vector. >> Talk about the general, you've had some one-on-one times with him, he's giving a keynote here, gave a keynote this morning, very inspiring. I mean, I basically heard him pounding on the table, "we don't fix this mess, You know, we're going to be in trouble, it's going to be worse than it is!" Think differently, almost re-imagining, his vibe was almost about let's re-imagine, let's partner, let's be a community. What else can you share with you interaction with him? I know he's a very rare to get to speak, but you know, running the cyber command for the NSA, great on offense, we need work on defense. What have you learned from him that industry could take away? >> Yeah, I think you hit it, which is, and I didn't realize that there's a bigger opportunity here, which is, is that in real time, there needs to be more sharing among like constituents. For example, in the energy industry, these organizations, they need to come together and they need to share, not only in terms of round tables, but they actually need to share data. And it probably needs to happen in the cloud, where there's the threats, the attacks that are happening in real time, need to be shared with their peers in the industry as well. And so, and I think government needs to also play a part in that as well. Because each of us, we're trying to fight the Russians, right? And the Chinese and the North Koreans, etcetera and a enterprise just can't deal with that alone and so they need to band together, share information, not only from an educational, like we have today, but actually real time information. And then again, leverage that machine learning. That artificial intelligence to say, "wait a minute, we've detected this of our peers and so we should apply some preventative controls to stop it." >> And tech is at the center of the government transformation more than ever. And again, Twitter, Facebook, and Alphabet in front of the senate, watching them, watching the senators kind of fumbling with the marbles. You know, hey, what's Facebook again? I mean, the magnitude of the data and the impact of these new technologies and with Centrify, the collision between government and industry is happening very rapidly. So, the question is that, you know, how will you guys, seeing this going forward, is it going to be, you know, the partnership as they come together fast or will more mandates come and regulations, which could stifle innovations, so, there's this dimension going on now where I see the formation of either faster partnership with industry and government, or, hey industry, if you don't move fast enough poof, more regulations. >> And that's also what the general brought up as well, is that if you guys don't do something on your own, if you don't fix your own problems, right, then the government's going to step in. Actually, that's what's already starting to happen right now, that if Facebook, Twitter, all these other social networks are not going to do something about foreign governments advertising on their platform, they're going to get regulated. So, if they don't start doing something. So, it's better to be in front of these things right here, the reality is that, yes, from a cyber security in terms of protecting users, protecting data, enterprise needs to do more. But, you know what, regulations are starting to already occur, so, there's a major regulation that came out of New York with the financial services that a lot of these financial firms are talking about. And then in Europe, you got GDPR, right? And that goes into effect I think in May of next year. And there's some serious finds. It could be up to four percent of your revenue as well, while, in the past, the kind of, the hand slaps that have happened here, so if you do business in Europe, if you're a financial services firm doing business in New York. >> People are going to run from there, Europe. I mean, regulation, I'm not a big fan of more regulation, I like regulation at the right balance, cause innovation's key. What have you heard here from talks? Share, cause we haven't had a chance 'cause we've been broadcasting all day, share some highlights from today's sessions after, you know, Jim from Etna was on there, which, I'm sure you got a kick out of his history comment, you're a history buff. Weren't you a history major and computer science? >> I was a history major and computer science, you got that right. >> You'd be a great dean of the sciences by today's standards. But I mean, he had a good point. Civilization crumbles when there's no trust. That comment, he made that interesting comment. >> So, it's interesting what Etna's done, from his presentation, was they've invested heavily in models, they've modeled this. And I think that kind of goes back to the whole Big Data, so I think Etna is ahead of the game, and it's very impressive what he's put forth as well. And just think about the information that Etna has about their customers etcetera. That is not something that you want. >> He was also saying that he modeled, you don't model for model's sake because stuff's going on in real time, you know what I'm saying? So, the data lake wasn't the answer. >> Well, he said his mistake was, so they were operationalizing the real time, you know, security Big Data activity, and he didn't realize it, he said that was the real answer, not just, sort of, analyzing the data swamp, so. >> Yeah, absolutely. >> So, that was the epiphany that he realized. You know, that is where the opportunity was. >> John: It was unconventional tactics, too. >> What can businesses expect, Tom? What's the business outcome they can expect if they, sort of, follow the prescription that you talked about and, sort of, understand that humans are the weakest link and take actions to remediate that. What kind of business impact can that have? >> Yeah, so, we actually, we spent a lot of time on this and we partnered with Forrester, a well known analyst group, and we did this study with them, and they went out and they interviewed 120 large enterprises. And it was really interesting that one group, group A, was getting breached left and right and group B, about half the number of breaches, right? And we were like, what is group B doing versus group A? And it had to do with implementing a maturity model as it relates to identity which is, first and foremost, implementing identity assurance, getting, reducing the number of logins, delivering single sign-in, multi factor authentication. Which we should all do as consumers as well, turn on that MFA button for Twitter, and your Gmail etcetera. Then, from there, the organizations that were able to limit lateral movement and break down, make sure that people don't have too much access to too many things as well. There was an incident, it was Saudi Generale that there was a backend IT guy, he became a traitor, he started making some losses, and so he tried to, he doubled down, he leveraged the credentials that he had as a former IT person to continue trading even though he kind of turned off all the the guardrails right there, and he should have been shut down. When he made that move into that new position, so, there's just too much lateral movement aloud. And then, from there, you got to implement the concept of least privilege and then finally you got to audit, and so if you can follow this maturity model, we have seen that organizations have seen significant reduction in the number of breaches out there as well. So, that was another thing that I talked about at my keynote, that I presented this study that Forrester did by talking to customers and there turned out to be a significant difference between group A and group B in terms of the number of breaches as well. And that actually tied very well with what Jim was talking about as well, which was, you know, I call it a maturity model, he called it just models, right, as well. But there is a path forward that you can better be smarter about security. >> But there's a playbook. >> There is a playbook, absolutely. >> And it revolves around not having a lot of moving parts where human error, and this is where passwords and these directories of stuff out there, are silos, is that right? Did I get that right? So you want to go level? >> That's the first step, I mean the first step is that we're drowning in a sea of passwords, right, and we need what's known as identity assurance, we need to reduce the number of passwords. With the fewer passwords we have, we need to better protect it by adding stronger authentication. Multi-factor authentication. The new face ID technology, which I've been hearing good reviews about, coming from Apple as well, I mean, stuff like that, and say, look, before I log into that, yes, I need to do my thumbprint and do the old face ID. >> And multi factor authentication I think is a good point, also known as MFA, that's not two factor, it's more than one, but two seems to be popular cause you get your phone, multi factor could be device, IOT device, card readers, it starts getting down into other mechanisms, is that right? >> Absolutely, it's something you have, and something you know, right? >> Answer five questions. >> Yeah, but at the same time you don't want to make it too, >> Too restrictive. >> Too restrictive, etcetera. But then here's where the machine learning comes in, then you add the word adaptive in front of multi factor authentication. If the access is coming from the corporate network, odds are that means that person was badged, got through. So, maybe you don't ask as much, for much information to actually allow the person on right there. But, what if that person was, five minutes ago, was in New York, and now he's trying to access from China? Well wait a minute, right? Or what if it's a device that he or she's never accessed from before as well? So, you need to start using that machine learning and look at what is normal behavior and what deviates from that behavior? And then, factor it into the multi factor authentication. >> Well, we've seen major advancements in the last couple years, even, in fraud detection, you know, real time. And is that seeping into the enterprise? >> Well, it should, that's the ironic thing is, is that with our credit card, I mean, we get blocked all the time, right? >> It is annoying sometimes, but you know at the end of the day you say, good. >> Yeah, thank you for doing that, you know. And so that's, in effect, the multi factor authentication is you calling up the credit card company, ironically my credit card, maybe I shouldn't reveal this, too much information, someone will hack me, but I use US bank, right there, and we had Jason the CSO of US bank right there, but, you know, calling in and actually saying, yes, I'm trying to do this transaction represents another form of authentication. Why aren't we doing similar things for people logging onto mission critical servers or applications? It's just shocking. >> I'm going to ask you a personal question, so, you mentioned history and computer science, a lot of security folks that I talk to, when they were little kids, they used to sort of dream about saving the world. Did you do that? (laughter) >> Well, I definitely want to do something that adds value to society, so, you know, this is not like the Steve Jobs telling Scully, do you want to make sugared water and all that stuff? >> Dave: No, but like, superhero stuff, were you into that as a kid, or? >> D.C. or Marvel? >> Good versus evil? >> Don't answer that question, you like 'em both. >> But the nice thing about security is, when you're a security vendor, you're actually, the value that you have is real. It's not like, you know, some app or whatever where you get a bunch of teenagers to waste time and all that stuff. >> John: Serious business. >> Yeah, you're in serious business. You're protecting people, you're protecting individuals, their personal information, you're protecting corporations, their brand, look what happened to Equifax when their, when it was announced, the breach, their stock went down 13, 14%, Chipotle went down by 400 million, their market cap went. I mean, so, nowadays, if you have a, if there's a breach, you got to short that stock. >> Yeah, and security's now part of the product, cause the brand image, not just whatever the value is in the brand, I mean the product, the brand itself is the security. If you're a bank, security is the product. >> Absolutely, if you're known for being breached, who the heck's going to bank with you? >> Whole 'nother strategy there. Okay, final question from me is, this event, what are some of the hallway conversations, what's notable, what can you share for the folks watching? Some of the conversations, the interests, the kind of people here, what was the conversations? >> Yeah, I mean, the conference, we really did a great job working with our partner ICIT of attracting sea level folks, right? So, this was more of a business focus, this was not, you know, people gathered around a laptop and try to hack into the guy sitting right next to them as well. And, so, I think there, what has come out of the conversations is a better awareness of, as I said before, it's like, you know what, we got to completely, we got to like step back, completely rethink what we're trying to do here as well, cause what we're doing now is not working, right? And so I think it's, in effect, we're kind of forcing some soul searching here as well. And having others present what's been working for them, what technologies, cloud, machine learning, the zero trust concept, etcetera, where you only, you have to assume that your internal network is just as polluted as the outside. >> I know this might be early, but what's the current takeaway for you as you ruminate here on theCube that you're going to take back to the ranch in Palo Alto and Silicon Valley, what's the takeaway, personally, that you're now going to walk away with? Was there an epiphany, was there a moment of validation, what can you share about what you'll walk away with? >> There's just a hunger. I mean there's just a hunger to know more about the business of security etcetera. I mean, we're just, we were amazed with the turn out here, we're pleased with working with you guys and the level of interest with your viewership, our webcast, I mean, this is, you know, for the first time event to have both in-person and online, well over 2,000 people participating, that says a lot. That there's just this big hunger. So, we're going to work with you guys, we're going to work with ICIT and we're going to figure out how we're going to make this bigger and even better because there is an untapped need for a conference such as this. >> And a whole new generation's coming up though the ranks, our kids and the younger, new millennials , whatever they're called, Z or letters they're called, they're going to end up running the cyber. >> Yeah absolutely, absolutely. So there just needs to be a new way of going about it. >> Tom, congratulations. >> Thank you. >> Great event, you guys got a lot of credibility in D.C., you've earned it, it shows. The event, again, good timing lighting the bottle, The CyberConnect inaugural event, Cube exclusive coverage in Manhattan here, live in New York City at the Grand Hyatt Ballroom for the CyberConnect 2017 presented by Centrify, I'm here with the CEO and co-founder of Centrify, Tom Kemp, I'm John Furrier, Dave Vellante, more live coverage after this short break. (modern electronic music)

(upbeat music) >> Narrator: Live, from Silicon Valley. It's the Cube. Covering Google Cloud X17. >> Okay welcome back, everyone. We are live in Palo Alto for two days of coverage of Google Next 2017. I'm John Furrier, we're here with Tom Kemp, CEO of Centrify. No longer a startup, they're scaling up. You guys do it very well. Tom, great to see you. Welcome to the Cube. >> Great to be here. >> Saw you at RSA, you guys had an exceptional event. One Presence to show, obviously a security show, you're in the security business. But also mobile world congress will try to get you on again security's hot, front and center at mobile world congress. >> Yeah. >> Security is front and center at Google Cloud Next. Security is front and center at blank event. It's happening everywhere right? So give us the update. What is Centrify, obviously the "No Breach" is your tagline. What's up with Centrify? Give us a quick update on what you're up to. >> Yeah, absolutely. So we're a security company focused, as you said, on identity. And we really address the issue of too many passwords and too much privilege. The fundamental issue that's happening within security, is like 75 billion dollars is being spent on it, it's one of the fastest growing market segments, but it's failing because the breaches are far outnumbering, and growing at a faster rate, than the amount of money being spent on that. And so, we're trying to rethink security by looking at where are the breaches are coming from, and they're coming in from, like in the case of Podesta, stealing usernames and passwords. And Verizon said two thirds of breaches involve stolen credentials. And Forrester just recently said that 80 percent of breaches involve the compromise of privileged accounts, the rude accounts for the infrastructure etc. So if two thirds, to 80 percent of breaches involve identity, we fundamentally believe you need to focus a lot more on that, and that's what we're all about. Focusing on identity. >> And what is this? Is this a new revelation, or is this something that you guys have felt was happening for a long time, or has it just been the matter of fact, that's what's happening? >> You know it's, we have some great investors, and we have Excel, Mayfield, Index, Sigma now called Jex, and Square Adventures. And one of the board members told me, the markets come to you, because we've been doing this for over 10 years. And focusing on identity, and people are like, "Oh okay, that's interesting." But now, if you look at just the massive number of breaches that are occurring, and the focus that identity is the leading attack vector, and then you couple it with the whole move to the Cloud, I know we're going to be talking about what Google is doing in the Cloud, etc. It actually makes the problem even worse. And so we feel that we've been plugging along, doing and focusing on identity, and now kind of the market has come to us, because of the move to Cloud, and the hackers are going after identities. >> Yeah it's interesting, I saw a Facebook friend, I won't say his name for privacy, because I don't have the right to talk about it, he's in bitcoin, so obviously that world is an underbelly in itself. Yeah but, interesting thing is that he had two factor authentication on his phone, and someone hacked his phone and they sent the password back to his phone, all his bank accounts are gone. >> Oh my goodness. >> So this is an example of that privileged identity. So that even two factor authentication, in that case, didn't work. So you starting to see this, right? So what's the answer, and how does it relate to cloud? There's no perimeter in the cloud. Is it federated identity, is it some blocked chain thing, is there new model? What's your view on this, and how you guys attacking it specifically? >> Yeah, I mean in a world in which we're increasingly moving to the cloud, what can you secure? Like if I'm at a Starbucks in Palo Alto, on my Ipad, talking to Google apps, talking to sales force etc., I don't have any Anti Virus, I'm not using any next gen firewall, or VPN etc. So the focus needs to shift to securing the user. And you really need to start integrating, and leveraging, from a multi factor authentication biometrics as well. Use that phone, use the touch ID, to actually ensure that. And then also, in the cloud, start analyzing user behavior. And actually determine, well wait a minute, this person normally doesn't login from China, but now he's accessing the sales force, or Facebook etc. So, it's becoming, evolving more to utilizing mobile device as part of your identity, and it's also leveraging machine learning to understand what normal behavior is, and blocking abnormal behavior. >> And also using big data techniques, because your point about China is interesting. Anyone who travels might have had this situation, we go to Vegas a lot for the Cube, but like I'm in Vegas then I pull out an ATM withdrawal, next I go to use my other credit card, and it says "woah fraud alert." >> Tom: Yes. >> Well, wait a minute, I made a cell phone call, I took money out of the bank, and yet the credit card didn't know that I'm in Vegas. Now that's interesting, so conversely, China's accessing my accounts, and I'm making phone calls in Palo Alto, that should be obvious. >> Yeah. >> That just seems like it's just so disfragmented data sets. >> So historically, the definition of identity was a username, and a password. But, in a Cloud world, identity should be redefined in terms of your applications, your device, your location, and your activity. So, if you are trying to access an app from China, it should ask you for four or five additional bits of information, instead of two factors, it should be multi-factor, and it should include biometrics as well. So, machine learning is this going to become even more critical to reduce fraud, and the compromise of credentials. >> So, let's talk about google next. Because one of the things that, I mean really we know Google, we're living in Palo Alto, they're all around us, they're in Mountain View, Larry Page lives in the hood here. Google has always been a technology innovator, and it's clear that that's the lead for their Cloud. But the enterprise, which they're by the way serious, Dian Green is very serious with enterprise, they're just starting to move down that road. You've been there for awhile, on mobile, and in the enterprise, what is some of the things that people should know about on how hard it is in the enterprise? Specifically with Cloud, what is some of the things that you see as table stakes? >> Yeah, it's actually having meat eating sales reps out in the field. Not relying on some person who's-- >> John: Some bot. >> Yeah some bot, or some 20 year old calling from Austin, or Mountain View, but it's actually having someone there, with a technical architect, that can hop on a subway, or be there within a half hour to spend some quality time. >> John: And strategic selling too right? >> Exactly. Because they have a challenge, which is they're competing with both Microsoft and Amazon. And obviously Microsoft has the enterprise people, and Amazon is really ramping up in that area. And I think that, so you can throw the technology, but enterprise accounts want to be able to have a conversation face to face, more so than executive coming out and having a dinner with someone. >> Take me through a sales motion, because this is important. You and I have talked about this in the past, and Dave Loth and I always talk about it on the Cube. And it used to be well known in the VC circles, that sales forces are expensive because the sales motions are different. What is the typical sales motion for an enterprise like Sell. Because it's not as simple as saying, "self service, Cloud, put your credit card down," and get you know, Cooper and Eddy's support, terminal access, static IP's, virtual servers, oh by the way I got a support DB2 as well. A non Oracle database, or Oracle. >> Well, look I mean, it's very easy to have that bite over the web for when you start a developer for a new application. And Amazon's done a great job at that, Microsoft's getting there as well. So if you really want the existing applications to move to the Cloud, you have to sit down and have conversations about a hybrid Cloud environment. Because people will have on premise active directory, they'll have a set of security policies, etc. And so the conversation needs to be had, is like how do you bridge on premise, with the Cloud as well, and make that heterogeneous environment look and feel and smell like it's homogeneous from authentication, authorization, audit perspective, compliance perspective, etc. So you certainly need to first and foremost be able to put architects out there, have that conversation, etc. And you just can't rely too much on partners. And I think from there service level agreements, and then also showing that your Cloud platform is incredibly secure as well. >> Yeah I would agree, I would just say one, on the meat eating sales rep, basically what that means people understand the domain, with an architect technically that's going to SC, and then you have to really kind of have an understanding that there's a multiple stakeholder role. One's a recommender, one's an influencer, one's a decision maker, and it is a campaign. It's a multi pronged campaign. >> Yeah you have to think-- >> John: Know their problems, give them a solution, value creation. >> Absolutely. >> John: Value selling. >> Because there's just a level of complexity. And again I'm not saying that Google for new projects, with the current sales motion, can't bring on an app, and maybe that app leverages their machine learning, which seems to be world class right? >> TensorFlow's getting great traction, Intel's building chips for that as well. >> Yeah. >> Google owns a great developer mind share, and I think they've really cracked the code on open source, and they have great empathy with the developers, we were talking about with Val earlier. But with operationally I just see a disconnect. And Amazon's quietly ramping up too, they're no spring chicken either when it comes to direct selling, but they're been working more years on that. >> And I think you seen the word Hybrid Cloud, and I know you spent time with the folks at Vmware, talking about the relationship with Ama... That's all about the Hybrid Cloud, which people need, the enterprises need a bridge and on ramp. And I think, from our perspective- >> Vmware is very solid with Gelsinger and their sales force. They're very, >> Yeah absolutely. >> Very strong with enterprise selling. >> And that's what we focus, cause we initially started on premise, we tied things in to active directory for example, but now we have a Cloud platform, and we advertise and promote ourselves as addressing identity for the Hybrid environment, and providing the bridge between the two, and I think that's critical. >> Now do you guys have an enterprise sales force, right? >> Absolutely. >> So you've invested in that, over ten years? >> Oh yeah, absolutely. So we have over 60 percent of the Fortune 50, and 80 percent of our sales comes from the Global 2000. We've grown, we're over 100 million in sales, so we're in there having that conversation with enterprises all the time. >> So Tom, so we know Diane Green lives in the neighborhood, so let's pretend she calls us up, "Hey Tom, John, come over. "We'll have a cocktail, and dinner. "I need your advice on how to ramp up my enterprise, "operational empathy, and strategy." What would we advise her? What would you advise her, I have my own opinion. But go to you first. >> I really think and focus on, obviously use the machine learning as a key wedge for new applications, but really focus on the concept of Hybrid. And she mastered going from physical to virtual. Now, everyone's virtualized, and so she needs to figure out how I can get virtual to Cloud, V to C, right? And have the people, and have the conversation, and provide bridging technologies as well. So I think that is going to require, not just purely Cloud based stuff, but it's going to probably provide, she's going to need, either through partnerships, or developer stuff. >> Or M and A. >> Or M and A, she's going to have to build connectors, to help facilitate the bridging, because she can go after definitely the 20 percent of the new stuff, but if you want to attack the 80 percent of the existing stuff, and she did a masterful job of going physical to virtual-- >> At VMware. >> At VMware, and now her challenge is to go V to C. Virtual to Cloud. >> So my advice, Diane if you're watching, is the following: One, don't screw up the Google formula. And I know she's transforming Google, and that's a good thing, they need that right now. But I think, what I like about what I'm seeing at Google Next right now is that they have great technology chops. In kind of the Google, pat themselves on the back kind of way, which is they got mojo, they've always had great technology mojo, and that comes down from the founder. So the machine learning stuff, the AI, the stuff that they're doing in their portfolio has, I call the coolness-relevant factor on the tech. What I would do, is I would specifically nurture that, cause she's also a good knack for doing innovative things, and she's very innovative manager, and I've seen that at Vmware, and other places that she's been advising. So she's got a knack for, "Ahh that's cool, look we should do that cool technology "that's going to have legs in the future." So she's got a good sage picking out the technology. I would do an M and A. I would just stop expanding the existing Google culture relative to that sales motions and the enterpriseness, and just go buy somebody. Spend the billion dollars, or more, take someone out whose got full global, regional sales force, why not? Because then those guys already have the relationships, so the buy, build, to the sales force might take too long. I'm not sure that they could get there. I mean, what do you think about that? >> Yeah I think it's, I think they've been public about it. I think they have to invest in their own, but I do think that M and A, I mean they're number three, and they got to do something. Clearly the machine learning AI stuff is going to be huge. We're actually very impressed, I got emails from the folks at the show, about this whole video stuff, in terms of their ability to use the machine learning, and AI to interpret video, which is pretty impressive. But again that's going to be more for a vertical. Or a specific type of application. And so I think they're going to need to do a combination . >> Here's the thing that I'm seeing though. There's a speed of Google, and there's a speed of enterprise. They might have to throttle down, I don't want to say dumb down, that's particularly not the issue, it's more of throttle down the cadence of what enterprises are comfortable with. For example, SLA's, their SLA's are a little bit gray area, but they're awesome on, "hey it only costs X dollars, "import this great data and crunch all this stuff." So they've got great pricing. >> They need to master, Diane did a masterful job of like, overnight she had a utility that could go P to V, and you flipped it up, and everything just magically worked. And they need to prove that they can forklift the applications, with minimal to no changes, and things magically work. And that requires a bunch of software partnership technology, that it's like flipping a switch to go the Cloud. And if you don't like it, then you can roll it back as well. >> What's their security in position in your mind? You've done an audit, you been keeping track of it, or they're secure. Or what's the needs of the enterprise that they should be addressing for security? Well you guys have a relationship with any other booth at the event. >> Yeah absolutely, and we integrate at multiple levels as well. I think they're doing a pretty good job, I think that other vendors like Microsoft are really more heavily investing in areas that we're in, such as identity, so Microsoft has basically replicated the playbook with active directory, and they have something called Azure AD, and so Google doesn't have anything that's equivalent. That's good for us, that actually leads to opportunities, but they could do more in the areas of identity. I think if you look at what Amazon's doing in terms of web application firewalls, and protecting applications that are being spun up in the cloud. I think those are areas that can be improved. Encryption, key management, etc. So if you look at the slide that they have where they say insecurity, I think they list three items, but then if you were to compare it to say Microsoft, or Amazon, they've got five, six, seven items right there as well. I think that there's definitely going to be needs and requirements that need to be met and addressed there. So it's good, for us. >> Well to me it's just a matter of their evolution, they can only go as fast as they can go. That's what the people that I tend to talk to don't get. They can be critical of Google, but at the end of the day they can only go so fast. >> Yeah, and also another bit of advice, is they do have a very good install base with Gsuite, formerly Google apps, but they got to do a better job of leveraging that when people try to move to infrastructure as a server-- >> I think they're taken that advice because it was clear that they're at this event, was they're showcasing a lot of the stats on Gsuite, they're also talking about the apps. And that's consistent with IBM, Oracle, and Microsoft. They're throwing in their Sass layers as part of the stack as well. That's how they can differentiate from Google. What else do they have right? >> Really it's almost like a startup company that's been around for a few years. They have their initial product, and they come out with their second product and the board members will say, "Well what's the adoption of cross selling "the new product with the existing?" And so it should be interesting to see if they can get people that bought in to the Gsuite vision, to say, "Oh okay, now I'm going to start firing up servers "on the Google Cloud platform." >> Well you bring up a good point about their Gsuite, and I mentioned Microsoft using Office 365 as an example. Oracle throws their apps into the blender, if you will. On the numbers and everything. It's interesting Wikibon research is showing that the past layers squeezing, that's a big debate in our own research team, but Gartner research that I just recently looked at from February. Basically there's a new talk about Sass, so if you start including Sass, then you got to open up the conversation to Salesforce, Adobe, and on and on and on. Because there's a Cloud service provider model out there. Linkedin's a service provider. So what is Sass, I always look at it like what's the Sass equation look like. I mean, what does Cloud really look like? >> I look at the statistics, because we address both infrastructure as a service, and software as a service as well, with our identity solutions. Clearly infrastructure as a service is a much bigger market, Sass is pretty significant, but if you add up Sass, infrastructure, and Pass, it's about 24 billionish right there. But guess what, Amazon already has over 10 of it last year. Amazon has 40 percent of the Cloud market as well. And they've proven that you don't have to have a Sass capability to be incredibly successful in the Cloud. >> Well they have their one Sass that was called Amazon.com, but they broke that out. Alright, Tom what's next for you guys at Centrify. What's on your, anything coming up, things you're working on, share some quick plug for Centrify, and the progress you're making in status? >> We've been doing this for 10 years, and we feel really good about providing basically a platform for identity. And one theme and trend that we're seeing a lot of in the security market is that buyers have security fatigue, they're so sick of dealing with point solutions, and I think that's working to our advantage, that people are looking at a vendor such as us, that can address, not only single sign up, but multi-factor authentication, privilege account management as well. So we're very much focused these days on providing a set of solutions that are all built on a platform, and just kind of filling in-- >> When you say fatigue, you mean sprawl and applications they're buying just another platform, because they do try to try everything, why wouldn't they? They're getting tired of that? >> In security you just have a lack of security knowledge. There's a huge skills gap when it comes to security. And if you have to buy a point solution to address every little bit of security, you just can't hire people, right? And then you find that you have air gaps that actually makes you less secure. And so we've over time built this platform up, and now we're really seeing that people are like, I don't have to get a standalone EMM, a standalone SSO, a standalone MFA solution, a standalone password vault solution etc. So we're very much focused on selling our platform to customers and with this whole mindset of customers wanting to consolidate vendors. Historically vendor consolidation was about buyers wanting that, but now IT people want that. And so we're really just focusing on, internally articulating how we can actually address a lot of problems that people have with too much privilege, and too many passwords. >> And you guys are expanding your sales force team? >> Oh absolutely. We've definitely hit the critical mass. We're over a hundred million sales, we're growing fast, we're cash flow positive as well. >> John: Alright, congratulations. The VC's happy. Time to go public, so what's your evaluation? Unicorn. >> No comment on that, rule 40 and all that fun stuff. We got a lot of checkboxes right there. >> I think your VC partner is right, your investor, the world is spinning towards you because if you look at the identity, and nearly everything in the digital world, whether it's Cloud, data, or packets or people. It's going to be a persona based focus. Not like, what company you work for. >> We had this huge trend of consumerization of IT, so it's really about the user. So focus on securing the user, not focusing on securing the network, because the network's gone. >> Finally, 30 years later, it's coming back to the user. It's been talked about, the passports, the digital wallet. >> Exactly. >> John: Tom Kemp, CEO of Centrify, a hot startup growing over 100 million in sales. Heard here on the Cube. Very successful company. Really have a nice approach, world's spinning towards them. Really hopefully a great solution for our security and our liberties so we don't get hacked over and over again. It's the Cube, bringing you all the coverage of Google Next, here in the studio I'm John Furrier. Be right back with more, after this short break. (resonant techno music)