>> Live from San Francisco, it's theCUBE, covering Google Cloud Next 2018. Brought to you by Google Cloud and it's ecosystem partners. >> Hello everyone, welcome back to theCUBE's exclusive coverage of Google Cloud here at Moscone South, in San Francisco. I'm John Furrier with Dave Vellante, covering all the stop stories here, and day one of three days of coverage with siliconeangle.com, thecube.net for all the great content. Our next guest is Suzanne Frey, director of security, trust, and compliance and privacy at Google Cloud, welcome to theCUBE, thanks for coming in today. >> Thank you so much, it's a pleasure to be here today. >> Don't you love the cube that Google built out here, fits the theme, it's beautiful. >> It is mighty fly, it is awesome. It's so exciting. >> That's great. Great to see Google kind of go the next level. The energy, the people in the company I've talked to, we've been following Diane's career since VMware. I knew she was an investor in Cloud, theCUBE actually started at the Cloud Air office when they got their first round of funding, so really a savvy industry executive. Now two years in the gestation period you can kind of see it. The best of Google being exposed to the world is really kind of a great strategy, we've been commenting on that, but one of things Google has, and has had for a long time is, they've had that really open culture of openness, open source, but trust; "Do no evil's" the slogan and they have all this expertise. >> Yep. >> Is your job to harness that. Take a minute, what is your job? Are you brokering all this greatness? Are you shepherding it? Are you influencing product? What's your role? >> My role, specifically, is to ensure that we make Google Cloud the most trusted place for user data. Now, trust is a multi-faceted thing. I often say that trust starts with making sure that what you expect is what you experience. That's the foundation of it and so my job is first to start there and make sure that everything that we do is in line with the customer's expectations and it's in line with what they experience once they're in the Cloud and that's everything from making sure that we're compliant, that we handle their data responsibly in line with all the rules and regulations around the world which vary greatly. You know all the way through to making sure that we're building exceptional, simple, smart, and secure products every single day across our stack. So that's my job and it's to galvanize that, not just in product and not just in expectations, but also in the people we hire and the culture we engender. >> You know it's interesting, we live in an interesting time right now, and as they say, if you look at the global landscape; from politics, play, to technology, a transformation is happening where security trust, the data, you got GDPR happening in Europe, you got fake news on Facebook, you got users not trusting where's my data, so you have this cultural dynamic, kind of independent of the mission of the big companies where there's an opportunity to use AI for good. There's an opportunity to have a compliance model that's going to maintain that. How does that affect you guys? I'm sure it does in some way, but this is on the minds of people. Surely no one want to be hacked, they want their data to be secure. I want to control my data. I want my data to be leverageable. I want to get utility out of the system, Because it's something bigger with Google Cloud, it's not part of a system. How are you guys talk about that internally? What are some of the conversations that you guys have around this cultural shift? >> It's day one of any new product of feature we develop, those conversations occur. It's part of our process in developing any new product or feature. We have a team, in fact a large portion of my organization is entirely dedicated to reviewing and scrutinizing every single feature, every single new product we bring to bear. Even if a customer wants to build, or I should say, even if an internal developer wants to build a new model, our team is responsible for reviewing that and making sure it's in line with the commitments we have to both legal commitments as well as our customers. So it's part of, and it continues all the way through to the point where I hit the launch button and say, "This is okay to go." >> (laughs) Nice. >> So the way you measure trust is that the expectations match the experience. Now when I look at your scope, we run our business on your scope. G-mail, Inbox, I personally love Inbox, I'm like an Inbox ambassador. >> Fantastic. >> And so thank you for developing that product. Google Drive, Docs, Sheets, you count it, I mean we run our business on your products. And so I wonder sometimes are we doing it right? Some of the challenges we have I think are onboarding and off-boarding folks. When somebody leaves the company or comes on the company you want to give them access to certain sheets or certain documents and then you sort of forget to take them off. How do you handle that? What's best practice there? Are you develop tooling around that? Maybe you could take about that a little bit. >> So we do it in many, many ways. And there certainly are best practices, they are documented out there through a number of tools and papers that we produce. We also have partners that work with our customers that engender those practices, but also then we bake the technology in so that you don't have to think about these things. And a good example would be; we released Team Drives last year. Team Drives is a great example of how you manage documentation for the inbound and outbound employees. It used to be that somebody'd actually have to think, "oh wait, Joe's no longer on this, We need to move him off," And all of that. But with the Team Drive that's handled automatically. Groups is another way. Google Groups is a great way to manage access to information and the like. And then we have tools like IRM, that allow you to sort of manage copying and forwarding information. And there's some more announcements that are coming tomorrow that'll let you also handle some of these things, but I can't talk about them quite yet. So stay tuned. >> You didn't want to release it too early. >> Can you talk about how you go to market with those cause every now and then I'll get a phone call or an e-mail from somebody at Google trying to either introduce me to something, maybe sell something, but it's kind of intermittent. What's the go-to market to inform people? We're obviously a small company. We heard today, "we want to help small, large, start-ups, big companies, governments." How do you guys go to market? >> We do it in lots of different ways. We certainly leverage our communication channels online heavily and we've been ramping up, I mean our investment in marketing and Cloud and getting all of these things, I mean you can see I right here at Next. This is a huge example of how we're trying to get the word out. We're at large across all of our verticals, across all of our customer sets, because I think that is information management and so that you understand, "hey I have these great tools to bear." That's super important for us to get right and we're continuing to evolve it. >> One of the things I always admire about Google from day one, the mission has always been speed. Load the pages faster, find what you're looking for, organize the information. With security and trust now, we were talking before we came on camera, I see Cloud as an opportunity, AI's an opportunity, as Diane Green said, security is the number one worry. Dave's asked this question every year, going back to since 2012, is security a do-over with the Cloud? You guys have such great experience with Sass and Cloud; is it an opportunity for customers going Cloud-native to do security over. Your thoughts? >> Well I think about this, so ill answer this in two ways, for us at Google it's not a do-over, it's been part of our DNA from day one because we were born in the Cloud. From the moment we started to think about how we design a data center to how we design a server to how we retire discs, this was mentioned in the keynote, that's been part of our DNA from day one. So for us we don't believe it's a do-over, we actually believe we're ahead of Darwin in terms of security, well ahead of it. And we'll put our words behind it, that we do believe, bar none, that we are the most secure cloud out there. Certainly customers using G-Suite, Chromebooks, Security Keys, we mentioned that at the keynote this morning as well- zero account hijackings. No one else can make that claim and we're proud to do it. For customers, however, I think many customers are realizing Patch Tuesdays and heterogeneous operating systems and tons of different platforms with customers that are storing information on their hard drives or their thumb drives- its a nightmare for many customers who have been operating on premise for many years and I think they're waking up to realize, "wait a minute, you're going to take care of all of that. You're going to take care of it. One operating system. All managed from the Cloud. One place. My documents are going to sit there. Oh my gosh, I can sleep again if I move to the Cloud." and that's really part of the overall narrative here. >> Just to follow up on that, so that was Chromebook, G Suite, and Two-factor authentication right? >> Yes. >> You called it Titan Security, is that right? >> Yes, Titan Security Keys, correct. >> And the Two-factor authentication comes from what, is it a dongle or- >> It's actually hardware based so if you think about- two-factor's not a new term, two-factor's been around for a long time. A lot of people would have these tokens that would generate a numeric key and you'd look at that and you'd plug it in. Well that's phishable actually, that key gets transmitted when you actually authenticate and that can be picked up. >> Exposed, yeah. >> Exposed. With hardware, its all base of the hardware, there's no key that's exchanged. It's all authenticated to your device and that makes it un-phishable. >> You don't think about it. >> Yeah, exactly. >> So lets talk about compliance for a second. That's part of your job. Honestly we see this year was kind of a- the earthquake, the tectonic plates of GDPR. >> Yes. (laughs) >> Certainly Google's experience, a little fine in the EU of some other areas of your business. Obviously data is a regional thing, obviously in Germany we know what's going on there, so as a customer goes global, you could be in the US, there's now policies that need to be implemented. Is that where softwares going to help? How are you guys talking to your customers and what's the solution that you guys see for compliance and making it seamless because it's a real hassle. >> Yep. >> Some sites and some companies aren't deploying their solution. Their website has been stripped down because they couldn't comply with the GDPR regulation which gives the users the ability to essentially tell you to forget me and all kinds of other things, I don't want to get into it, but the point is, that it puts the pressure on companies, like literally overnight, where it was policy. People in the database world know that data sprawls is a huge problem- people don't even know where the data is. What data base is that on. This is a huge issue. How do you guys talk about that? >> Well first I'll say that compliance is always a shared responsibility between ourselves and our customers. However, those customers who have worked with us, and have been going Cloud-native with us have found that the journey to be much much less friction-full, I will say, or I'd say its more friction-less. Because we are the team that's had to really implement the technical controls around the GDPR. And I want to emphasize, GDPR is incredibly important legislation. We believe it's very important. Two years ago we launched an initiative to be sure we were compliant on time. We're proud to say that we were among the first to announce that compliance in the Cloud. And we're really happy. Our customers have been happy. And our relationships- we take on a large responsibility for maintaining relationships with the legislators and the regulators around the world Many companies can't scale to do that and by going with Google you know you've got a tight and good relationship, a company that is focused on maintaining good relationships world-wide on that front and it's been important. >> So two years before GDPR went into effect, that's much better, most companies were two months before the fines went into effect. (laughs) >> It was roughly about two years, it wasn't quite exactly two years between the time it was announced, but it was close to that. >> But it's not just the technology problem too, which makes it so hard, it's a lot of people and a lot of process. >> Absolutely, yes. >> Shared responsibility as you said just now. >> Yes, and the fact that the data's all in one place of the Cloud, again, makes a huge huge difference with your posture, and your compliance posture for GDPR. >> Susanne, you've been at Google for over a decade, what's motivating you these days, obviously the Cloud market's pretty hot, so that's kind of a nice wave to be on. What's the culture like at Google now? What's the DNA? What's the in- cause Google Cloud's got to spring to their step, we can obviously feel it. We can see the results. But it's just the beginning of this new wave. >> Yep, yep. >> What's exciting you and what's the DNA of Google culture? Google Cloud culture? >> Well Sundar echoed this this morning and I was so happy to hear it. I'm at Google because of the mission. I'm here to manage the world's information, make it universally accessible and useful and secure. (laughs) I will add the "and secure" to my mission. I came because that was so exciting to me. As a kid I never got Encyclopedia's because my father was like, "there going to be out of date." (laughs) He know instantly. >> Data quality number one, he was smart. Data scientist- >> Yes he was, he was. And when Google started to evolve, I was so excited. I'm like, "oh my gosh, look at what's happening to information management in the world." And that's why I'm here and I'm surrounded by other fellow citizens who are so excited about that but also excited about the challenge of keeping information secure. So that's what excites me and to work around so many great data scientists and software engineers and site reliability engineers and customer engineers. Google is about engineering at it's core but we take such a human approach to working with our customers. Understanding how important their information, their productivity in the Cloud is, their security in the Cloud is, and that's what excites me every single day. >> Final question for you; talk about what you're working on. What's your guiding principles for your organization. Where are you guys hiring- obviously you mentioned earlier, which I loved, the expectation is the experience should match; that's a great quote, I think that's important but I would argue that, to add to that complexity, is that expectations that are coming are not yet known. You saying things like "block chain" for instance, that kind of hit a lot of exciting areas around security, decentralization, decentralized applications, token economics. So you're seeing the world starting to get a little bit different where those expectations are not yet seen. So you got to get out in front of that. How are you guys managing that? How are you hiring? What's the vision? >> Sure. So there's sort of three pillars that Prabhakar Raghavan talked about this morning; simple, smart, and secure. Those are kind of our guiding principles for everything we do and, for example, G Suite. How we're thinking about the future, well we're very very lucky that we are always getting low latency signals about what's happening in the world right now. We talk about spam and phishing protection and things like that and we get billions of signals every single day about malicious information or malware, ransomware, those sorts of things. So we have a very low latency view into what's happening at the next minute around the world in that respect. And that gives us a competitive edge in terms of really thinking about what's the next thing that's going to happen. We certainly know that machine learning, whether it's smart compose and smart reply, or it's actually based in security, an anomaly detection. What's an anomaly to one company, is not necessarily an anomaly to another, depends on what business you're in and the like. So investing in machine learning and understanding how to be that security guardian for our customers in an automated fashion, so the people don't have to worry about security, but we've taken care of it for them. That's the holy grail and that's what we're investing in right now. >> Suzanne thank you so much for coming on theCUBE, really appreciate it. We were just talking before we came on, Dave and I, before we went live that if security and some of these complexities can be just services under the wire, like electricity. All cue-ade before we even turn the lights on of computing. That's kind of the goal. (laughs) So we're super early. >> Yes, absolutely. >> That's great. Director of security, trust, compliance, and privacy at Google Cloud's theCUBE. Live coverage, stay with us. This is day one of three days of wall-to-wall coverage. I'm John Furrier, Dave Vellante, we'll be right back. >> Thank you. (techno music)