>> Live, from Las Vegas, it's theCUBE, covering AWS re:Invent, 2018 brought to you by Amazon Web Services, Intel, and their ecosystem partners. >> Well, good morning. Welcome back, or good afternoon for that matter, if you're watching out on the East Coast. Good to have you have here on theCUBE as we continue our coverage here in Las Vegas. We're at the Sands Expo, Hall D to be exact, one of seven sites that are hosting the AWS re:Invent John Wallace here with Justin Warren. We're now joined by Ankur Shah, who is the vice president of Products, a public cloud security, Palo Alto Networks, and, Ankur, good to see you this morning. >> Yeah, happy to be here. >> Thank you for being with us. And Richard Wise, who is the cloud security engineer, or a cloud security engineer at Robert Half. Good morning to you, Richard. >> Good morning. >> Well, first off, let's tell us about Robert Half. So, you're a recruiting firm in a partnership with Palo Alto, but fill in a few more blanks for folks at home who might not know exactly what you do. >> Sure, we're a staffing and recruiting firm. We have offices worldwide. We have roughly 15,000 full-time employees. We also have many, many temporary employees, and, of course, we do recruiting. Many people I've met here at the conference, in fact, got their first job or one job in the past through Robert Half. And we also-- >> That's makes you a really popular guy-- >> Yes. when the show closes. >> And we also have Protiviti, our prestigious consulting arm. >> Okay, so now, about your partnership. How did you find Palo Alto, or how did Palo Alto find you? And talk about maybe that relationship, how it's developed and where it stands today. What are they doing for you? >> Sure, well, we found Palo Alto about two years ago. We're about seven years into our cloud journey, but it became very clear at a point in time that we needed to get a better handle on how we were managing and securing it. We were doing all the right things but we didn't have the visibility we needed, so we brought in Evident to do that. Also, compliance is very important to us, and the tools allowed us to ensure that we were conforming to all of the compliance standards that we needed to. >> So, maybe Ankur, you can get us in here. Explain how did this partnership get started? >> Yeah, so Robert Half is kind of prototypical customer for us at Palo Alto Networks. Customers moving to cloud. AWS is obviously one of the biggest clouds, so all our customers are migrating, a lot of their, you know, shutting down their data centers, and moving the work loads and applications to the cloud, but as they move to the cloud, they want to make sure that they have the visibility and the security controls to make sure that they are not in the news. So, that's how the partnership started. A lot of customers, just like Robert Half, starts with kind of, you know, I'd like to get a visibility into what's happening in my cloud environment, detect advance data breeches, like cryptojacking, stolen access keys, things of that nature, so that's how we kind of started this partnership. We've been kind of helping them kind of move more and more applications and more and more workloads in their AWS environments, and it's been a really amazing partnership. We've gotten some amazing feedback from them that has helped mature the product over the years. >> What's one of the more surprising things that you've noticed as part of this journey. What's something that you didn't realize that this was going to be a benefit to this partnership, and then, once you actually had Palo Alto come in there, it's like, oh wow, this is amazing. >> Well, there were a couple of things. First off, their RQL, the RedLock Query Language, is very powerful and flexible, and let's us take our compliance and security to the next level, but was really impressed when we first started talking to RedLock and Palo Alto, even before we had purchased the product, we saw some opportunities for product improvements, suggested them, and before we purchased it, within a couple of weeks, they were there. >> Wow. >> Yeah. >> That's pretty fast of all those cycles. I mean, that's what we're here for is rapid innovation. They're trying to change things at the speed of cloud. So, how do you do that safely and securely? Maybe you can tell us how does Palo Alto help do this rapid innovation but still keep everything really secure. >> Yeah, so our DNAs, obviously, network security is where the company started. Over a year now, the company has doubled down on public cloud security, and a lot of emphasis on, sort of, securing customers' cloud environment, helping a lot of customers migrate their applications into the cloud, and from a security standpoint, we look at it from different angles. One is kind of the basic configuration management aspects, making sure that customers don't leave open s3 buckets, permissive security groups, things of that nature. Above and beyond that, we also perform network analytics, so things like triple jacking, data exploration attempts. The platform is able to detect those kinds of advanced threats. Privileged activity monitoring, and anomaly detection is another thing we do, and last but not the least, host monitoring and host security aspects. That's something we do really, really well in the cloud as well, so when you combine all of that stuff, gives customers 360 visibility, as well as security for all things in the cloud. >> I'm sorry. Richard, how hard is your job these days? (laughing) And I mean that with all due respect. We've talked a lot about complexity. We've talked a lot about speed. We've talked a lot about versatility, and high demand, and all these things. Corner office is making demands on you, right? I mean, how tough is it to be in your shoes? >> If it was easy, it wouldn't be fun. I've been working in cloud about as long as Robert Half has, about seven years, and moving into the security role, it's been an incredibly interesting challenge. Yes, it's hard. I do stay up at night on occasion worrying about, did I check this, did I check that? I'm fortunate that our management has a really good understanding of the importance of security and of cloud, and I've gotten a lot of support in my role there so, in that respect, it hasn't been too hard. >> And where is it that security, in terms of a deployment? So, you think about function, right, right? >> Yeah. >> What are we going to get done here? But is it a close second, is it a tie? Because, especially in your business, I mean, you have a lot of personal information with which you're working that you've got to protect. >> Absolutely, so, people trust us with their data. We have personal information for many, many people, and we take very seriously our responsibility to manage and protect that. One of the things that we've done with Palo Alto's tools is ensuring that we're compliant with all of the various standards like ISO 27001, and compliance is kind of like brushing your teeth, right. Everybody needs to do it, and somebody doesn't want to be friends with somebody who doesn't brush their teeth. So, we ensure that we brush our teeth using tools like Palo Alto's. We can demonstrate to people that we're brushing our teeth. >> Right. >> With the innovation of RedLock now, we're able to take that to the next level, so we're not only brushing our teeth now, but we're also grooming our hair. >> You're technologically flossing as well, I'm sure. >> We are, we are. >> So, Ankur, I think that makes you the dentist of cloud security. (laughing) >> So, you've got people brushing their teeth, they're flossing. What comes next? What should they be looking at? Should they be going beyond just hygiene factors, and is there something they can do that's more than just brushing their teeth? >> Yeah, so I touched upon some of those areas. So, I think it all starts with the basic hygiene that we've talked about it, right. So, you got to do it. That's the, kind of, the fundamental, but the next-gen attacks are not going to be very simple, right, because the cloud fundamentally increases the attack factor, right, so the malicious actor, they're smarter, right. So, like I mentioned, things like cryptojacking, stolen access keys, a lot of the next-gen breeches are going to happen in the cloud, so customers have to constantly understand the kind of AWS services that they're adopting, understand the security implications, make sure they have the security guard rails, and like I mentioned, that once they understand that, look at it more holistically, both from, sort of, the basic hygiene perspective, as well as from network security, user activity, as well host monitoring perspective. Once they cover all of that stuff, you know, hopefully they'll have good teeth forever. (laughing) >> Strong cloud teeth. I don't think that's a phrase I wouldn't have thought I'd say until today. >> You know, we hear a lot about the cat and mouse game in security, right? You're trying to stay one step ahead of bad actors who are spending a lot of time, and a lot of resources, and a lot of energy to stay a step ahead of you. So, in today's world, how do you really win that battle? How do you predict where the next wrong turn is going to come, if you will, or where that invasion's going to try to occur, and prevent that, or are you in a prophylactic state all the time where it's about seeing where that action's going, and then trying to stop it once you've learned of it? See what I mean? It's a conundrum that I think you find yourself in. >> You know, I think 90% of the problems that happen where bad actors get hold of your sensitive data is because of common, silly mistakes. So, making sure that there is a user training across the board, not just security teams. Now, DevOps teams have to be part of the equation as well. They need to be trained, and coached, and understanding the security implications of their day-to-day operations. Once you train the users, you'll find that a lot of these problems will go away because most of these actors are using simple techniques to get into the customer's cloud environment because those mistakes are being made. So, start with the user training. Obviously, you need third party tooling and technologies like Palo Alto Networks to make sure you have that security guard rails all the time. Beyond that, you know, you just have to hire a lot of smart people like Richard just to insure that you're ahead of the game, thinking two steps in advance, yeah. >> It's about locking the door. >> Yeah. >> Yeah, and I want to touch on a couple of the things that Ankur said. He talked about building security into DevOps. So, there's this concept we call shifting left where you're trying to build security more upfront into the development and deployment process before you even get into the wild, and that's something Palo Alto is helping us with. The other thing is, we cannot hire enough people to keep up with the pace at which we're scaling our cloud environments, so we need tooling and automation like RedLock in order to ensure that we can get visibility and control on this vast set of resources with just a small number of people. >> Yeah. >> So necessity driving invention in that case, right? >> Yes. >> You need it. Well, gentlemen, thanks for the time. We appreciate the conversation. I feel like I need to go brush or floss. (laughing) >> Yeah, thanks for having us. >> Very self-conscious all of a sudden, but thank you both. >> Thanks for having us. >> Brilliant discussion. Back with more from AWS re:Invent. You're watching theCUBE here in Las Vegas. (energetic electronic music)