(upbeat music) >> Well good to have you with us here as we continue the AWS startup showcase and we're joined now by the CEO of BigID, Dmitri Sirota. And Dmitri good afternoon to you? How are you doing today? >> I'm pretty good, it's Friday, it's sunny, it's warm, I'm doing well. >> Then that's a good start, yeah. Glad to have you with us here. First off, just about BigID and when you look at I would assume these accolades are, they are quite a showcase for you. Well economic forum technology pioneer. Forbes cloud 100, business insider startup the watch. I mean, you are getting a lot of attention, obviously for... >> Yep. >> And well-deserved, but when you see these kinds of recognitions coming your way- >> Yep. >> First of what does that do to inspire, motivate and fuel this great passion that you have? >> Yeah, look I think all of these recognitions help, I think affirm, I think what we aspire to be right? Provide the preeminent solution for helping organizations understand their data and in so doing, be able to address problems in privacy and protection and perspective. And I think that these recognitions are part of that as our customers, as our partners like AWS. So they're all part of that ad mixture. And I think they contribute to a sense that we're doing some pioneering work, right as they work from the world economic forum recognized. So I think it's important. I think it's healthy. It encourages kind of cooperative spirit at the company. And I think it's, you know, it's very encouraging for us to continue and build. >> So let's talk about BigID, a little bit for our viewers who might not be too familiar. You are a fairly new company, raised 200 million so far, five years of operations coming up on five years. >> Yep. >> But talk about your sweet spot in terms of the variety of services they provided in terms of protection and security. >> Yeah, sure. So we were founded with really this kind of precept that organizations need to have a better understanding of their data. I think when we got started about five years ago. Most organizations had some view of their data, maybe a few of their files, maybe their databases. What changed is the emerging privacy regulations like GDPR and CCPA later forced companies to rethink their approach to data understanding data knowledge, because part of the kind of the core consumption of privacy is that you and me and other individuals have a right to their data the data actually belongs to us. Similar to when you deposit a check in a bank. That money you deposited is yours. If you ever want to withdraw it, the bank has to give it back to you. And in a similar way, these privacy regulations require organizations to be able to give back your data or delete it or do other things. And as it happens there was no real technology to help companies do that, to help companies look across their vast data estates and pick out all the pieces of information all the detritus that could belong to Dimitri. So it could be my password, it could be my social security, it could be my click stream, it could be my IP address, my cookie. And so we developed from the ground up a brand new approach to technology that covers the data center and the cloud, and allow organizations to understand their data at a level of detail that never existed before. And still, I would argue doesn't exist today. Separate from BigID. And we describe that as our foundational data discovery in depth, right? We provide this kind of multidimensional view of your data to understand the content and the context of the information. And what that allows organizations to do is better understand the risk better meet certain regulatory requirements like GDPR and CCPA. But ultimately also get better value from their data. And so what was pioneering about us is not only that level of detail that we provided almost like your iPhone provides you four cameras to look at the world. We provide you kind of four lenses to look at your data. But then on top of that we introduced a platform that allowed you to take action on what you found. And that action could be in the realm of privacy so that you could solve for some of the privacy use cases like data rights or consent or consumer privacy preferences or data protection data security, so that you can remediate. You can do deal with data lifecycle management. You could deal with encryption, et cetera. Or ultimately what we call a data governance or data perspective, this idea of being able to get value from your data but doing so in a privacy and security preserving way. So that's kind of the conception we want to help you know, your data. And then we want to help you act on your data so that your data is both secure. It's both compliant , but ultimately you get value from your data. >> Now we get into this, helping me know my data better because you you've talked about data you know and data you don't right? >> Dimitri: Yeah. >> And you're saying there's a lot more that we don't or a company doesn't know. >> Dimitri: Yeah. >> Than it's aware of. And I find that still kind of striking in this day and age. I mean with kind of the sophistication of tools that we have and different capabilities that I think give us better insight. But I'm still kind of surprised when you're saying there's all a lot of data that companies are housing that they're not even aware of right now. >> They're not and candidly they didn't really want to be for a long, long time. I think the more you know sometimes the more you have to fix, right? So there needed to be a catalyzing event like these privacy regulations to essentially kind of unpack, to force a set of actions because the privacy regulation said, no, no, no you need to know whether you want to or not. So I think a lot of organizations for years and years outside of a couple of narrow fields like HIPAA, PCI unless there was a specific regulation, they didn't want to know too much. And as a consequence there, wasn't really technology to keep up with the explosion in data volumes and data platforms. Right? Think about like AWS didn't exist when a lot of these technologies were first built in the early 2000's. And so we had to kind of completely re-think things. And one thing I'll also kind of highlight is the need or necessity is not just driven by some of these emerging privacy regulations, but it's also driven by the shift to the cloud. Because when you have all your data on a server in a data center in New Jersey, you could feel a false sense of security because you have doors to that data center in New Jersey and you have firewalls to that data center in New Jersey. And if anybody asks you where your sensitive data you could say, it's in New Jersey! But now all of a sudden you move it into the cloud and data becomes the perimeter, right? It's kind of naked and exposed it's out there. And so I think there's a much greater need and urgency because now data is kind of in the ethos in the air. And so organizations are really kind of looking for additional ability for them to both understand contextualize and deal with some of the privacy security and data governance aspects of that data. >> So you're talking about data obviously AWS comes to mind, right? >> Dimitri: Yeah. And the relationship that you have with them it's been a couple of years in the making things are going really well for you and ultimately for your customers. What is it about this particular partnership that you have with AWS that you think has allowed you to bring that even more added value at the end of the day to your customer base? >> Look, our customers are going to AWS because its simplicity to kind of provision their applications, their services, the cost is incredibly attractive, the diversity of capabilities that AWS provides our customers. And so we have a lot of larger and midsize and even smaller organizations that are going to AWS. And it's important for us to be where our customers are. And so if our customers are using Red Sheriff, or using S creator, using dynamo or using Kinesis or using security hub. We have to be there, right? So we've kind of followed that pathway because of they're putting data in those places, part of our job is provide that insight and intelligence to our customers around those data assets, wherever they are. And so we build a set of capabilities and expertise around the broader AWS platform. So that we could argue that we can help you, whether you keep your data in S3 whether you keep it Dynamo, whether you keep it in EMR, RDS, Aurora, Athena the list goes on and on. We want to be that expert partner for you to kind of help you know your data and then tend to take action on your data. >> So the question about data security in general, obviously as you know, there are these major stories of tremendous breach that's right. >> Yep. >> Stayed afterwards, in some cases. >> Bad guys. >> Yeah, really bad guys and bad smart guys, unfortunately and persistent to say the least. How do you work with your clients in an environment like that? Where, you know, these threats are never ending, >> Yep. >> They're becoming more and more complex. And the tools that you have are certainly robust but at the end of the day, it's very difficult. If not impossible to say a 100% bulletproof, right? >> Yeah. >> It's if you are absolutely safe with us. But you still try, you give these insurances because of your sophistication that, should give people some peace of mind. Again, it's a tough battle your in. >> Yeah. So I think the first rule of fight club is that, to solve a problem, you need to know the problem, right? You can't fix what you can't find, right? So if you're unaware that there's a potential compromise in your data, potential risk in your data maybe you have passwords in a certain data store and there's no security around that. You need to know that you have passwords in a certain data store and there's no security around that. >> Because unless you know that first, there's no ability for you to solve it. So the first part of what we do that kind of know your data that K-Y-D, is we help organizations understand what data do they have that potentially is at risk, may violate a regulatory requirement like GDPR or CCPA, things of that sort. So that's kind of the first level of value because you can't solve for something you can't, you're unaware of, right? You need to be able to see it and you need to be able to understand it. And so our ability to kind of both understand your data and understand what it is, why it is, whose it is where it came from, the risk around it lets you take action on that. Now we don't stop there. We don't stop at just helping you kind of find the problem. We also help you understand if there's additional levels of exposure. Do you have access control around that data for instance. If that data is open to the world and you just put a bunch of passwords there or API keys or credentials, that's a problem. So we provide this kind of holistic view into your data and to some of the security controls. And then most importantly, through our application platform our own apps, we provide ways for you to take action on that. And that action could take many forms. It could be about remediating where you delegate to a security owner and say, hey, I want you to delete that data. Or I want you to encrypt that data. It could be something more automated where it just encrypts everything. But again, part of the value and virtue of our platform is that we both help you identify the potential risk points. And then we give you in the form of apps that sit on top of our platform, ways to take action on it, to secure it, to reduce it, to minimize the risk. >> Because these threats are ever evolving. Can you give us a little, maybe inside peek under the tent here, a bit about what you're looking at in terms of products or services down the road here. So if somebody is thinking, okay. What enhanced tools might be at my disposal in the near term or even in the longterm to try and mitigate these risks. Can you give us an idea about some things you guys are working on? >> Yeah. So the biggest thing we're working on I've already kind of hinted at this is really the kind of first in industry platform, in our category companies that look at data and by platform i mean, something like where you can introduce apps. So AWS has a platform. People can introduce additional capabilities on top of AWS. In the data discovery classification arena, that had never been the case because the tools were very, very old. So we're introducing these apps and these apps allow you to take a variety of actions. I've mentioned a few of them, there's retention. You can do encryption, you can do access control, you could do remediation, and you could do breach impact analysis. Each of these apps is kind of an atomic unit of functionality. So there's no different than on your iPhone or your Android phone. You may have an Uber app, when you click on it, all of a sudden your phone looks like an Uber application. You may have an app focused on Salesforce, you click on it, all of a sudden your phone looks like a Salesforce application. And so what we've done is we've kind of taken this kind of data discovery, classification and intelligence mechanism that kind of K-Y-D I referenced. And then we built a whole app platform. And what we're going to start announcing over the coming months, is more and more apps in the field of privacy, in the fields of data security or protection, and even the fields of data value what we call perspective and that's and we're actually coming out with an announcement shortly on this app marketplace. And there'll be BigID building apps, but you know what, there's going to be a lot of third parties building apps. So companies that do intrusion detection and integrations and all kinds of other things are also building apps on BigID. And that's an exciting part of what you're going to see coming from us in the coming weeks. >> Great. Well, thanks for the sneak peek and wait I feel like I just barely scratched the surface of it. Governance, compliance, right? Regulation, you have so many balls in the air but obviously you're juggling them quite well and we wish you continued success, job well done. Thanks, Dimitri. >> Dimitri: Thank you very much for having me. (upbeat music)

(upbeat music) >> Well good to have you with us here as we continue the AWS startup showcase and we're joined now by the CEO of BigID, Dmitri Sirota. And Dmitri good afternoon to you? How are you doing today? >> I'm pretty good, it's Friday, it's sunny, it's warm, I'm doing well. >> Then that's a good start, yeah. Glad to have you with us here. First off, just about BigID and when you look at I would assume these accolades are, they are quite a showcase for you. Well economic forum technology pioneer. Forbes cloud 100, business insider startup the watch. I mean, you are getting a lot of attention, obviously for... >> Yep. >> And well-deserved, but when you see these kinds of recognitions coming your way- >> Yep. >> First of what does that do to inspire, motivate and fuel this great passion that you have? >> Yeah, look I think all of these recognitions help, I think affirm, I think what we aspire to be right? Provide the preeminent solution for helping organizations understand their data and in so doing, be able to address problems in privacy and protection and perspective. And I think that these recognitions are part of that as our customers, as our partners like AWS. So they're all part of that ad mixture. And I think they contribute to a sense that we're doing some pioneering work, right as they work from the world economic forum recognized. So I think it's important. I think it's healthy. It encourages kind of cooperative spirit at the company. And I think it's, you know, it's very encouraging for us to continue and build. >> So let's talk about BigID, a little bit for our viewers who might not be too familiar. You are a fairly new company, raised 200 million so far, five years of operations coming up on five years. >> Yep. >> But talk about your sweet spot in terms of the variety of services they provided in terms of protection and security. >> Yeah, sure. So we were founded with really this kind of precept that organizations need to have a better understanding of their data. I think when we got started about five years ago. Most organizations had some view of their data, maybe a few of their files, maybe their databases. What changed is the emerging privacy regulations like GDPR and CCPA later forced companies to rethink their approach to data understanding data knowledge, because part of the kind of the core consumption of privacy is that you and me and other individuals have a right to their data the data actually belongs to us. Similar to when you deposit a check in a bank. That money you deposited is yours. If you ever want to withdraw it, the bank has to give it back to you. And in a similar way, these privacy regulations require organizations to be able to give back your data or delete it or do other things. And as it happens there was no real technology to help companies do that, to help companies look across their vast data estates and pick out all the pieces of information all the detritus that could belong to Dimitri. So it could be my password, it could be my social security, it could be my click stream, it could be my IP address, my cookie. And so we developed from the ground up a brand new approach to technology that covers the data center and the cloud, and allow organizations to understand their data at a level of detail that never existed before. And still, I would argue doesn't exist today. Separate from BigID. And we describe that as our foundational data discovery in depth, right? We provide this kind of multidimensional view of your data to understand the content and the context of the information. And what that allows organizations to do is better understand the risk better meet certain regulatory requirements like GDPR and CCPA. But ultimately also get better value from their data. And so what was pioneering about us is not only that level of detail that we provided almost like your iPhone provides you four cameras to look at the world. We provide you kind of four lenses to look at your data. But then on top of that we introduced a platform that allowed you to take action on what you found. And that action could be in the realm of privacy so that you could solve for some of the privacy use cases like data rights or consent or consumer privacy preferences or data protection data security, so that you can remediate. You can do deal with data lifecycle management. You could deal with encryption, et cetera. Or ultimately what we call a data governance or data perspective, this idea of being able to get value from your data but doing so in a privacy and security preserving way. So that's kind of the conception we want to help you know, your data. And then we want to help you act on your data so that your data is both secure. It's both compliant , but ultimately you get value from your data. >> Now we get into this, helping me know my data better because you you've talked about data you know and data you don't right? >> Dimitri: Yeah. >> And you're saying there's a lot more that we don't or a company doesn't know. >> Dimitri: Yeah. >> Than it's aware of. And I find that still kind of striking in this day and age. I mean with kind of the sophistication of tools that we have and different capabilities that I think give us better insight. But I'm still kind of surprised when you're saying there's all a lot of data that companies are housing that they're not even aware of right now. >> They're not and candidly they didn't really want to be for a long, long time. I think the more you know sometimes the more you have to fix, right? So there needed to be a catalyzing event like these privacy regulations to essentially kind of unpack, to force a set of actions because the privacy regulation said, no, no, no you need to know whether you want to or not. So I think a lot of organizations for years and years outside of a couple of narrow fields like HIPAA, PCI unless there was a specific regulation, they didn't want to know too much. And as a consequence there, wasn't really technology to keep up with the explosion in data volumes and data platforms. Right? Think about like AWS didn't exist when a lot of these technologies were first built in the early 2000's. And so we had to kind of completely re-think things. And one thing I'll also kind of highlight is the need or necessity is not just driven by some of these emerging privacy regulations, but it's also driven by the shift to the cloud. Because when you have all your data on a server in a data center in New Jersey, you could feel a false sense of security because you have doors to that data center in New Jersey and you have firewalls to that data center in New Jersey. And if anybody asks you where your sensitive data you could say, it's in New Jersey! But now all of a sudden you move it into the cloud and data becomes the perimeter, right? It's kind of naked and exposed it's out there. And so I think there's a much greater need and urgency because now data is kind of in the ethos in the air. And so organizations are really kind of looking for additional ability for them to both understand contextualize and deal with some of the privacy security and data governance aspects of that data. >> So you're talking about data obviously AWS comes to mind, right? >> Dimitri: Yeah. And the relationship that you have with them it's been a couple of years in the making things are going really well for you and ultimately for your customers. What is it about this particular partnership that you have with AWS that you think has allowed you to bring that even more added value at the end of the day to your customer base? >> Look, our customers are going to AWS because its simplicity to kind of provision their applications, their services, the cost is incredibly attractive, the diversity of capabilities that AWS provides our customers. And so we have a lot of larger and midsize and even smaller organizations that are going to AWS. And it's important for us to be where our customers are. And so if our customers are using Red Sheriff, or using S creator, using dynamo or using Kinesis or using security hub. We have to be there, right? So we've kind of followed that pathway because of they're putting data in those places, part of our job is provide that insight and intelligence to our customers around those data assets, wherever they are. And so we build a set of capabilities and expertise around the broader AWS platform. So that we could argue that we can help you, whether you keep your data in S3 whether you keep it Dynamo, whether you keep it in EMR, RDS, Aurora, Athena the list goes on and on. We want to be that expert partner for you to kind of help you know your data and then tend to take action on your data. >> So the question about data security in general, obviously as you know, there are these major stories of tremendous breach that's right. >> Yep. >> Stayed afterwards, in some cases. >> Bad guys. >> Yeah, really bad guys and bad smart guys, unfortunately and persistent to say the least. How do you work with your clients in an environment like that? Where, you know, these threats are never ending, >> Yep. >> They're becoming more and more complex. And the tools that you have are certainly robust but at the end of the day, it's very difficult. If not impossible to say a 100% bulletproof, right? >> Yeah. >> It's if you are absolutely safe with us. But you still try, you give these insurances because of your sophistication that, should give people some peace of mind. Again, it's a tough battle your in. >> Yeah. So I think the first rule of fight club is that, to solve a problem, you need to know the problem, right? You can't fix what you can't find, right? So if you're unaware that there's a potential compromise in your data, potential risk in your data maybe you have passwords in a certain data store and there's no security around that. You need to know that you have passwords in a certain data store and there's no security around that. >> Because unless you know that first, there's no ability for you to solve it. So the first part of what we do that kind of know your data that K-Y-D, is we help organizations understand what data do they have that potentially is at risk, may violate a regulatory requirement like GDPR or CCPA, things of that sort. So that's kind of the first level of value because you can't solve for something you can't, you're unaware of, right? You need to be able to see it and you need to be able to understand it. And so our ability to kind of both understand your data and understand what it is, why it is, whose it is where it came from, the risk around it lets you take action on that. Now we don't stop there. We don't stop at just helping you kind of find the problem. We also help you understand if there's additional levels of exposure. Do you have access control around that data for instance. If that data is open to the world and you just put a bunch of passwords there or API keys or credentials, that's a problem. So we provide this kind of holistic view into your data and to some of the security controls. And then most importantly, through our application platform our own apps, we provide ways for you to take action on that. And that action could take many forms. It could be about remediating where you delegate to a security owner and say, hey, I want you to delete that data. Or I want you to encrypt that data. It could be something more automated where it just encrypts everything. But again, part of the value and virtue of our platform is that we both help you identify the potential risk points. And then we give you in the form of apps that sit on top of our platform, ways to take action on it, to secure it, to reduce it, to minimize the risk. >> Because these threats are ever evolving. Can you give us a little, maybe inside peek under the tent here, a bit about what you're looking at in terms of products or services down the road here. So if somebody is thinking, okay. What enhanced tools might be at my disposal in the near term or even in the longterm to try and mitigate these risks. Can you give us an idea about some things you guys are working on? >> Yeah. So the biggest thing we're working on I've already kind of hinted at this is really the kind of first in industry platform, in our category companies that look at data and by platform i mean, something like where you can introduce apps. So AWS has a platform. People can introduce additional capabilities on top of AWS. In the data discovery classification arena, that had never been the case because the tools were very, very old. So we're introducing these apps and these apps allow you to take a variety of actions. I've mentioned a few of them, there's retention. You can do encryption, you can do access control, you could do remediation, and you could do breach impact analysis. Each of these apps is kind of an atomic unit of functionality. So there's no different than on your iPhone or your Android phone. You may have an Uber app, when you click on it, all of a sudden your phone looks like an Uber application. You may have an app focused on Salesforce, you click on it, all of a sudden your phone looks like a Salesforce application. And so what we've done is we've kind of taken this kind of data discovery, classification and intelligence mechanism that kind of K-Y-D I referenced. And then we built a whole app platform. And what we're going to start announcing over the coming months, is more and more apps in the field of privacy, in the fields of data security or protection, and even the fields of data value what we call perspective and that's and we're actually coming out with an announcement shortly on this app marketplace. And there'll be BigID building apps, but you know what, there's going to be a lot of third parties building apps. So companies that do intrusion detection and integrations and all kinds of other things are also building apps on BigID. And that's an exciting part of what you're going to see coming from us in the coming weeks. >> Great. Well, thanks for the sneak peek and wait I feel like I just barely scratched the surface of it. Governance, compliance, right? Regulation, you have so many balls in the air but obviously you're juggling them quite well and we wish you continued success, job well done. Thanks, Dimitri. >> Dimitri: Thank you very much for having me. (upbeat music)