>> Announcer: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back everybody, Jeff Frick here with theCUBE. We're at the RSA conference in San Francisco 40,000 plus people talking about security, gets bigger and bigger every year. Soon it's going to eclipse Oracle Open World and Sales Force to be the biggest conference in all of San Francisco. But we've got somebody who's been coming here he said for 16 years, Ricardo Villidiego, the EDP and GM Security and Fraud for Cyxtera. Did I get that right, Cyxtera? >> Cyxtera. >> Jeff: Cyxtera Technologies, great to see you. >> Thank you Jeff, it's glad to be here. >> So you said you've been coming here for 16 years. How has it changed? >> Yeah, that's exactly right. You know it's becoming bigger, and bigger, and bigger I believe this is a representation of the size of the prowling out there. >> But are we getting better at it, or is it just the tax service is getting better? Why are there so many, why is it getting bigger and bigger? Are we going to get this thing solved or? >> I think it is that combination within we have the unique solution that is going to help significantly organizations to get better in the security landscape I think the issue that we have is there's just so many now use in general and I think that now is a representation of the disconnection that exists between the way technologies are deploying security and the way technologies are consuming IT. I think IT is completely, has a evolved significantly and is completely hybrid today and organizations are continuing to deploy security in a way like if we were in the 90s. >> Right. >> And that's the biggest connection that exists between the attacks and the protection. >> But in the 90s we still like, or you can correct me, and we can actually build some big brick walls and a moat and a couple crocodiles and we can keep the bad guys out. That's not the way anymore. >> It is not a way. And look, I believe we're up there every protection creates a reaction on the adversary. And that is absolutely true in security and it is absolutely true in the fraud landscape. Every protection measure will push the adversary to innovate and that innovation is what, for good and for bad, has created this big market which we can't complain. >> Right, right. So for folks that aren't familiar with Cyxtera give them the quick update on what you guys are all about. >> So see, I think Cyxtera is here to conquer the cyber security space. I think what we did is we put together technologies from the companies that we acquire. >> Right. >> With a combination of the call center facilities that we also acquired from Centurylink to build this vision of the secure infrastructure company and what we're launching here at the RSA conference 2018 is AppGate 4.0 which is the flagship offering around secure access. Secure access is that anchor up on which organizations can deploy a secure way to enable their workforce and their party relationships to get access the critical assets within the network in a secure way. >> Okay, and you said 4.0 so that implies that there was a three and a two and probably a one. >> Actually you're right. >> So what are some of the new things in 4.0? >> Well, it's great it gives it an evolution of the current platform we lounge what we call life entitlements which is an innovative concept upon which we can dynamically adjust the permitter of an an end point. And the user that is behind that end point. I think, you know, a permitter that's today doesn't exist as they were in the 90s. >> Right, right. >> That concept of a unique permitter that is protected by the firewall that is implemented by Enact Technology doesn't exist anymore. >> Right. >> Today is about agility, today is about mobility, today is about enabling the end user to securely access their... >> Their applications, >> The inevitable actions, >> They may need, right. >> And what AppGate does is exactly that. Is to identify what the security processor of the end point and the user behind the end point and deploy a security of one that's unique to the specific conditions of an end point and the user behind that end point when they're trying to access critical assets within the network. >> Okay, so if I heard you right, so instead of just a traditional wall it's a combination of identity, >> Ricardo: It's identity. >> The end point how their access is, and then the context within the application. >> That's exactly right. >> Oh, awesome so that's very significant change than probably when you started out years ago. >> Absolutely, and look Jeff, I think you know to some extent the way enterprises are deploying security is delusional. And I say that because there is a reality and it looks like we're ignoring ignoring the reality but the reality is the way organizations are consuming IT is totally different than what it was in the 90s and the early 2000s. >> Right. >> The way organizations are deploying security today doesn't match with the way they're consuming IT today. That's where AppGate SDP can breach that gap and enable organizations to deploy security strategies that match with the reality of IT obstacles today. >> Right. If they don't get it, they better get it quick 'cause else not, you know we see them in the Wall Street Journal tomorrow morning and that's not a happy place to be. >> Absolutely not, absolute not and we're trying to help them to stay aware of that. >> Right. Alright, Ricardo we'll have to leave it there we're crammed for time but thanks for taking a few minutes out of your day. >> Alright Jeff, thank you very much I love to be here. >> Alright. He's Ricardo I'm Jeff you're watching theCUBE from RSAC 2018 San Francisco. (upbeat music)

>> Narrator: From downtown San Francisco it's TheCUBE covering RSA North American 2018. >> Hey, welcome back everybody. Jeff Frick from TheCUBE. We're on the floor at the RSA Conference 2018. 40,000 plus people packed in Moscone North, South, West, and we're excited to be here. It's a crazy conference, Security's top of mind obviously and everybody is aware of this. And our next guest, he's Bill Mann, chief product officer from Centrify. Bill, great to see you. >> Great to see you. >> So you guys have a lot of stuff going on but what I think what's interesting to me is you guys have this kind of no trust as your starting foundation. Don't trust anybody, anything, any device. How do you work from there? Why is that the strategy? >> Well that strategy is because we've got a really new environment now. A new environment where we have to appreciate that the bad actors are already within our environment. And if you stop believing that bad actors are already in your environment, you have to start changing the way you think about security. So it's a really different way of thinking about security. So what we call this new way of thinking about security is zero trust security. And you might have heard this from Google with BeyondCorp and so forth. And with that as the overarching kind of way we are thinking about security, we're focusing on something called NextGenAccess. So how do you give people access to applications and services where they're remote. They're not on the network and they're not behind a firewall because who cares about the firewall anymore because it's not secure. >> Right. So there's four tenants of NextGenAccess. One is verify the user, verify the device that they are coming from so they're not coming from a compromised device. Then give them limited access to what they are trying to access or what we call Limit Privilege and Access. And that last one is learn and adapt which is this kind of pragmatic viewpoint which is we're never going to get security right day one, right? To learn and adapt and what we're doing look at auto tune logs and session logs to change your policy and adapt to get a better environment. >> So are you doing that every time they access the system? As they go from app to app? I mean how granular is it? Where you're consistently checking all these factors? >> We're always checking the end factor and where we use an actual machine learning to check what's happening in the environment and that machine learning is able to give that user a better experience when they are logging in. Let's say Bill's logging into Salesforce.com from the same location, from the same laptop all the time. Let's not get in the way right? But if Bill the IT worker is going from a different location and logging into a different server that's prompting for another factor of authentication because you want to make sure that this is really Bill. Because fundamentally you don't trust anybody in the network. >> And that's really what you guys call this NextGenAccess, right? [Bill]- That right, that's right, that's right. >> It's not just I got a VPN. You trust my VPN. I got my machine. Those days are long gone. >> Well VPNs, no no to VPNs as well, right? We do not trust VPNs either. >> So a bit topic ever since the election, right, has been people kind of infiltrating the election. Influencing you know how people think. And you guys are trying to do some proactive stuff even out here today for the 2018 election to try to minimize that. Tell us a little bit more about it. >> Yeah we call it Secure The Vote. And if the audience has looked at the recent 60 Minutes episode that came on. That did a really good that walked everybody through what was really happening with the elections. The way you know the Russians really got onto the servers that are storing our databases for the registration systems and changed data and created chaos in the environment. But the fundamental problem was compromised credentials. I mean 80% of all breaches believe it or not have to do with compromised credentials. They are not around all the things we think are the problem. So what we're doing here with Secure The Vote is giving our technology to state and local governments for eight months for free. And essentially they can then upgrade their systems, right? So they can secure the vote. So fundamentally securing who has access to what and why and when. And if you look at the people who are working on election boards, they're volunteers, there are a lot of temporary staff and so forth. >> Right, right. >> So you can imagine how the bad guys get into the environment. Now we've got a lot of experience on this. We sell to state and local governments. We've seen our technology being used in this kind of environment. So we're really making sure that we can do our part in terms of securing the election by providing our technology for free for eight months so election boards can use our technology and secure the vote. >> So how hard is it though for them to put it in for temporary kind of situation like that? You made it pretty easy for them to put it in if they are not an existing customer? >> Absolutely I mean one of the things, one of the fallacies around this whole NextGenAccess space is the fact that it's complicated. It's all SAS-Space, it's easy to use, and it's all in bite-sized chunks, right? So some customers can focus on the MFA aspects, right? Some customers can focus on making sure the privileged users who have access to the databases, right, are limiting their access right? So there's aspects of this that you can implement based upon where you want to be able to, what problem you want to be able to solve. We do provide a very pragmatic best practices way of implementing zero trust. So we are really providing that zero trust platform for the election boards. [Jeff]- Alright well that's great work Bill and certainly appreciated by everybody. We don't want crazy stuff going on in the elections. >> Absolutely. >> Jeff: So we'll have to leave it there. We'll catch up back in the office. It's a little chaotic here so thanks for taking a few minutes. >> Thank you very much. >> Alright, he's Bill Mann and I'm Jeff Frick. You're watching TheCUBE from RSCA 2018. Thanks for watching. (bright music)

(upbeat music) >> Announcer: From downtown San Francisco, it's theCUBE. Covering RSA North America 2018. >> Welcome back everybody, Jeff Frick here, with theCUBE. We're at RSA Conference 2018 in downtown San Francisco, 40,000 plus people, it's a really busy, busy, busy conference, talking about security, enterprise security and, of course, a big, new, and growing important theme is cloud and how does public cloud work within your security structure, and your ecosystem, and your system. So we're excited to have an expert in the field, who comes from that side. He's Tim Jefferson, he's a VP Public Cloud for Barracuda Networks. Tim, great to see you. >> Yeah, thanks for having me. >> Absolutely, so you worked for Amazon for a while, for AWS, so you've seen the security from that side. Now, you're at Barracuda, and you guys are introducing an interesting concept of public cloud firewall. What does that mean exactly? >> Yeah, I think from my time at AWS, one of my roles was working with all the global ISVs, to help them re-architect their solution portfolio for public cloud, so got some interesting insight into a lot of the friction that enterprise customers had moving their datacenter security architectures into public cloud. And the great biggest friction point tend to be around the architectures that firewalls are deploying. So they ended up creating, if you think about how a firewall is architected and created, it's really designed around datacenters and tightly coupling all the traffic back into a centralized policy enforcement point that scales vertically. That ends up being a real anti-pattern in public cloud best practice, where you want to build loosely coupled architectures that scale elastically. So, just from feedback from customers, we've kind of re-architected our whole solution portfolio to embrace that, and not only that, but looking at all the native services that the public cloud IaaS platforms, you know, Amazon, Azure, and Google, provide, and integrating those solutions to give customers the benefit, all the security telemetry you can get out of the native fabric, combined with the compliance you get out of web application and next-generation firewall. >> So, it's interesting, James Hamilton, one of my favorite people at AWS, he used to have his Tuesday Nights with James Hamilton at every event, very cool. And what always impressed me every time James talked is just the massive scale that Amazon and the other public cloud vendors have at their disposal, whether it's for networking and running cables or security, et cetera. So, I mean, what is the best way for people to take advantage of that security, but then why is there still a hole, where there's a new opportunity for something like a cloud firewall? >> I think the biggest thing for customers to embrace is that there's way more security telemetry available in the APIs that the public cloud providers do than in the data plane. So most traditional network security architects consider network packets the single source of truth, and a lot of the security architecture's really built around instrumenting in visibility into the data plane so you can kind of crunch through that, but the reality is the management plane on AWS and Azure, GCP, offer tremendous amount of security telemetry. So it's really about learning what all those services are, how you can use the instrument controls, mine that telemetry out, and then combine it with control enforcement that the public cloud providers don't provide, so that kind of gives you the best of both worlds. >> It's interesting, a lot of times we'll hear about a breach and it'll be someone who's on Amazon or another public cloud provider, and then you see, well they just didn't have their settings in the right configuration, right? >> It's usually really kind of Security 101 things. But the reality is, just because it's a new sandbox, there's new rules, new services, you know, and engineers have to kind of, and the other interesting thing is that developers now own the infrastructures they're deploying on. So you don't have the traditional controls that maybe network security engineers or security professionals can build architectures to prevent that. A developer can inadvertently build an app, launch it, not really think about security vulnerabilities he put in, that's kind of what you see in the news. Those people kind of doing basic security misconfigurations that some of these tools can pick up programmatically. >> Now you guys just commissioned a survey about firewalls in the cloud. I wonder if you can share some of the high-level outcomes of that survey. What did you guys find? >> Yeah, it's similar to what we're chatting. It's just that, I think, you know, over 90% of enterprise customers acknowledge the fact that there's friction when they're deploying their datacenter security architectures, specifically network security tools, just because of the architectural friction and the fact that, it's really interesting, you know, a lot of those are really built because everything's tightly coupled into them, but in the public cloud, a lot of your policy enforcement comes from the native services. So, for instance, your segmentation policy, the route tables actually get put into the, when you're creating the networking environment. So the security tools, a network security tool, has to work in conjunction with those native services in order to build architectures that are truly compliant. >> So is firewall even the right name anymore? Should it have a different name, because really, we always think, all right, firewall was like a wall. And now it's really more like this layered risk management approach. >> There's definitely a belief, you know, among especially the cloud security evangelists, to make sure people don't think in terms of perimeter. You don't want to architect in something that's brittle in something that's meant to be truly elastic. I think there's kind of two, you know the word firewall is expanding, right, so more and more customers are now embracing web application firewalls because the applications are developing are port 80 or 443, they're public-facing web apps, and those have a unique set of protections into them. And then next-generation firewalls still provide ingress/egress policy management that the native platforms don't offer, so they're important tools for customers to use for compliance and policy enforcement. They key is just getting customers to understand thinking through specifically which controls they're trying to implement and then architect the solutions to embrace the public cloud they're playing in. So, if they're in Azure, they need to think about making sure the tools they're choosing are architected specifically for the Azure environment. If they're using AWS, the same sort of thing. Both those companies have programs where they highlight the vendors that have well-architected their solutions for those environments. So Barracuda has, you know, two security competencies, there's Amazon Web Services. We are the first security vendor for Azure, so we were their Partner of the Year. So the key is just diving in, and there's no silver bullet, just re-architecting the solutions to embrace the platforms you're deploying on. >> What's the biggest surprise to the security people at the company when they start to deploy stuff on a public cloud? There's obviously things they think about, but what do they usually get caught by surprise? >> I think it's just the depth and breadth of the services. There's just so many of them. And they overlap a little bit. And the other key thing is, especially for network security professionals, a lot of the tools are made for software developers. And they have APIs and they're tooling is really built around software development tools, so if you're not a software developer, it can be pretty intimidating to understand how to architect in the controls and especially to leverage all these native services which all tie together. So it's just bridging those two worlds, you know, software development and network security teams, and figuring out a way for them to collaborate and work together. And our advice to customers have been, we've seen comical stories for those battles between the two. Those are always fun to talk about, but I think the best practice is around getting, instead of security teams saying no, I think everybody's trying to get culturally around how do I say yes. Now the burden can be back to the software development teams. The security teams can say, here the list of controls that I need you to cover in order for this app to go live. You know, HIPAA or PCI, here are these compliance controls. You guys chose which tools and automation frameworks work as part of your CI/CD pipeline pr your development pipeline, and then I'll join your sprints and you guys can show incrementally how we're making progress to those compliance. >> And how early do they interject that data in kind of a pilot program that's on its way to a new production app? How early do the devs need to start baking that in? >> I think it has to be from day zero, because as you embrace and think through the service, and the native services you're going to use, depending on which cloud provider, each one of those has an ecosystem of other native services that can be plugged in and they all have overlapping security value, so it's kind of thinking through your security strategy. And then you can be washed away by all the services, and what they can and can't do, but if you just start from the beginning, like what policies or compliance frameworks, what's our risk management posture, and then architect back from that. You know, start from the end mine and then work back, say hey, what's the best tool or services I can instrument in. And then, it may be, starting with less cloudy tools, you know, just because you can instrument in something you know, and then as you build up more expertise, depending on which cloud platform you're on, you can sort of instrument in the native services that you get more comfortable with then. So it's kind of a journey. >> You got to start from the beginning. Bake it in from the zero >> Got to be from the zero. >> It's not a build-on anymore. All right Tim, last question. What are we looking forward to at RSA this week? >> I'm very cloud-biased, you know, so I'm always looking at the latest startups and how creative people are about rethinking how to deploy security controls and just kind of the story and the pulse around the friction with public cloud security and seeing that evolve. >> All right, well I'm sure there'll be lots of it. It never fails to fascinate me, the way that this valley keeps evolving and evolving and evolving. Whatever the next big opportunity is. All right, he's Tim Jefferson, I'm Jeff Frick, thanks for stopping by. You're watching theCUBE. We're at RSAC 2018 in San Francisco. Thanks for watching. (upbeat techno music)

>> Announcer: From downtown San Francisco, it's theCUBE covering RSA North America 2018. >> Hey welcome back everybody, Jeff Frick here with theCUBE. We're in San Francisco at RSA conference 2018, as 40,000 plus professionals talking about security. It's quickly becoming one of the biggest conferences that we have in San Francisco right up there with Oracle OpenWorld and Salesforce.com, pretty amazing show and we're excited to get some of the insight with some of the experts that are here for the event and all the way from the East Coast, from New Hampshire Edna Conway's joining us, she's a chief security officer, global value chain for Cisco, Edna great to see you. >> Oh I'm delighted to be here Jeff, thank you. >> Absolutely so we're glad to get you out of the 21 degree weather that you said was cold and sleety when you departed. >> Cold and sleety, spring in New Hampshire, although it's not much nicer here in San Francisco. >> No, it's a little dodgy today. Well anyway let's jump into it. So you're all about value chain. What exactly when you think about value chain, explain to the people, what are you thinking? >> You know that's a great question because we define the value chain as the end to end life cycle for any solution. So it could be hardware, it could be software, it could be a service, whether it's a service afforded by a person, or a service afforded by the cloud. >> Now it's interesting because the number of components in a solution value chain just continue to grow over time as we have the API economy, and clouds, and all these things are interconnected so I would imagine that the complexity of managing and then by relation securing that value chain must be getting harder and harder over time as we continue to add all these, kind of API components to the solution. Is that what you see in the field? >> I think there's a challenge there without a doubt, but sometimes that interconnection actually gives you a hook in right, and so what we've been thinking about for years now is, is there a way to actually define a simple high level architecture that can be flexible and elastic with some rigidity that allows you to identify what your core goals are, and then allows those third party ecosystem members to join you in the effort to achieve those goals in a way that works for their business. >> Right and then how does open source play in that? Because that's also an increasing component of the value chain, is that integrated into more and more either just overtly, or you're implementing an open source solution or you've got all these people that are kind of open source plus and what they're building and delivering to the market. >> Yeah open source is a great challenge without a doubt. I think the way in which to deal with open source is to understand where you're getting it from, just like all third party ecosystem members. Who are they? What are they doing for you? And more precisely how are you going to utilize them and take a risk based approach to where you're embedding them. >> Right. >> Right. Not all things are created equally. And so your worry needs to be different depending on the utilization. >> Right. The risk based approach is a great comment because cause security in a way to me is kind of like insurance, you can't be ultimately secure unless you just lock the doors and sit in there by yourself. So it's always kind of this risk trade off, benefit versus trade off, and really a financial decision as to how much do you want to invest in that next unit of security relative to the return. So when you're thinking about it from a risk modeling basis versus just, you know, we're putting up the moat and nobody's coming in, which we know doesn't work anymore. What are some of the factors to think about so that you're achieving the right level of success at the right investment? >> I think there are a number of things to think about, and the primary one I would say is, look at what I believe is the currency of the digital economy which is trust. And in order to build trust what you need to do is understand the risks that you're taking. And those risks need to measured in the language of business. So all of a sudden, it becomes really clear when you know what someone is doing for you, and you know how they're doing it, and the invasiveness of your inquiry and partnership with them actually needs to be adjusted, and all of a sudden you develop not only a baseline, but an opportunity to enhance your trust for, let's take an example. So Cisco's working with Intel, we're going to deploy Intel threat detection technology, our first instantiation of that will be tetration. Clearly they're a third party ecosystem member. >> Right, right. >> And they have been for some time. Now what we're thinking about is how does Intel go about deploying that capability? And not only that, but how are we going to utilize it? And our view is if you take CPU telemetry and you combine it with our edge as well as our network telemetry, you have a better solution down the road, better solution for alerts, better solution for quicker decisions for the inevitable. That risk based approach says we're embedding into and partnering at a core solution level. >> Right. >> That's a different area of inquiry then somebody, we were talking earlier and I said, you know, if you're a sheet metal provider on the external part of a chassis, great. >> Don't they love the diligence on that piece? >> Quality due diligence, but security limited, yeah? >> So but it's interesting because on one hand you're opening up kind of new kind of threat surfaces if you will, the more components that are in a solution from the more providers. On the positive side, now you're leveraging their security expertise within the components that they're bringing to the solution. So as most things in life right, it's really kind of two sides of the same coin, opening up more threats, but leveraging another group of resources who have an expertise within that piece of the value chain. >> Absolutely. Look none of us make something from nothing, you know, the reality is we're relying more and more on the digital economy on those third parties. So understanding precisely how they're doing something is important, but we also have to be respectful of one another's intellectual property. And that is a unique wrinkle in a day and age of integration that we haven't seen previously. The other thing I think that's really important is we're seeing a wonderful, I think explosion of IOT, there's a downside obviously, the question is have folks deployed their IOT in a way that included the security community. You should have security at the table, but what IOT does is give you edge visibility that you've never had before. So I see it as a positive, but it needs to be informed by things like AI, it needs to be informed by things like machine learning, and they need to be gates within at the end of the day where the information is managed, which is at the network. >> Right, cause again it's just another entry point in as well, so good thing, bad thing. I want to circle back on kind of the boardroom discussion that we talked about a little bit earlier. Everyone's talking about securities and board conversation, clouds and board conversation, a lot of these big, kind of IT transformational things that are happening are now being elevated to the board cause everybody's a digital company and everybody's a digital business. When you want to talk to the board, and how should people talk to the board about security vis a vis kind of this risk analysis versus just a pure, you know, we're secure, or we're not secure, and I'm sure every CEO and board is worried for that announcement to come out in the paper that they were breached some time ago. And you almost think it's inevitable at some point in time, so what does the board discussion look like? How's the board decision changing as security gets elevated beyond kind of the basics? >> So let me answer that in the context of value chain security. >> Absolutely. >> I think we need to get to the point where security speaks the language of business. We need to walk into the board and say we have an architecture, we are deploying measures to achieve the architecture at a certain level of compliance and goal setting across the ecosystem on a risk based approach. Fabulous words, I'm a board member. What does that mean to me? >> Help me, help me, gimme a number. Exactly, well, and the number comes out of tolerance levels. So if you have this architecture and you have goals set we have 11 domains, we set goals flexibly based on the nature of the third party and what they do for us. Now we have a tolerance level and guess what you can report? I'm at tolerance, I'm above tolerance, I'm below tolerance. And if you start to model through a variety of techniques, there are a number of standards out there and processes some folks have written about them, where you can translate that risk of tolerance into dollars if you're in the US or currency of your choice and the reality is you're walking in and saying at tolerance means this degree of risk, below tolerance means I've reduced my risk to this. It might afford you an opportunity to say hmmm, perhaps you can share some of that benefit with me to take the program to a new level. >> Right, right or in a different area. >> About tolerance, higher degree of risk, what do we do about it? Now you're speaking the language of business. >> So that's pretty old school business right? I want to talk to you about something that's a little bit newer school which is block chain. And you've used the word trust I don't know how many times in this interview, we'll check the transcript, but trust is a really important thing obviously, and some people have said that they view block chain as trust as a service. I'm just curious to get your perspective as we hear more and more about block chain, and big companies like IBM and a lot of companies are putting a bunch of resources behind it, where do you see block chain fitting? What is Cisco's position or I don't know if they have a official position yet as block chain now is introduced into this world of trust. >> So I think we're all looking at it, Cisco included block chain is an incredibly useful tool without a doubt. I'm not sure that block chain's going to solve world hunger or world peace. >> Shoot. >> However, just as we said trust has elements of use artificial intelligence to inform your decisions, achieve a higher degree of trust, what you can have is a set of let's say, hashes, date and time stamps, as something passes through the network because remember, if the currency is trust the integrity of the data is the fuel that allows you to earn trust. And digital, digital ledger technology or block chain is something that I think allows us to develop what I call a passport for the data. So we have a chain of custody, you know I'm an old homicide prosecutor from many, many, years ago chain of custody was important in the trial so too chain of custody of your data and your actions across the full spectrum of a life cycle add a degree of integrity we've never had the ability to do easily before. >> Interesting times. >> Alright Edna well thank you for spending some of your day with us, I'm sure you have a crazy, busy RSA planned out for the next couple days so thanks again. >> My pleasure, thank you so much for having me. >> Alright she's Edna Conway, I'm Jeff Frick. You're watching theCUBE from RSA Conference 2018 thanks for watching. (theme music)