>> Announcer: Live from Barcelona, Spain it's theCUBE covering Cisco Live 2020, brought to you by Cisco and its ecosystem partners. >> Okay, welcome back everyone. It's theCUBE's live coverage here in Barcelona, Spain for Cisco Live 2020, I'm John Furrier host of theCUBE, My co Stu Miniman. We've been talking about the value of data for many, many years and privacy and today's Data Privacy Day, and super important we are here every year past couple years, and the routine at Cisco has some answers for us. Our next guest Robert Waitman Director, Data Privacy and Economic Security and Trust Organization at Cisco, Robert Cube alumni, welcome back, good to see you. Thanks for coming back on. >> Thank you. Great to see you again. >> John: So you know we've had great chats in the past. You knows my favorite topic, the value of data, the role of data, we all believe data driven organizations. You guys just put out your annual report, which is privacy to profit. We asked question here on theCUBE, what's the value of data? That's the Holy Grail. But you guys actually got some progress on this, and narrowly defining around privacy, what's it worth with privacy if you invest in privacy, there is an ROI. We've seen similar reports on diversity, investing in these areas that look like impact mission based items actually has economic value. You guys have new data on a return on investment of privacy, share us the results. >> Happy to do so. And we've been on this journey for three years to try to understand where the value is coming from from privacy, putting protections in place. We first saw that it was showing up in terms of better sales motions, we're having fewer sales delays because organizations put privacy in place. Last year, we started looking at some of the security benefits that those organizations that invested in privacy we're seeing fewer and less costly breaches for example, and less records exfiltrated. So the idea of getting your data house in order is translating into business value. This year, we've not only validated those results from the past two years, but we've now taken it to the next step to have an actually a return on investment on those privacy investments. So our survey this year, which we put out yesterday, was based on 2800 companies, 2500 of which knew about privacy at their organizations. And we asked them about their investments, we ask them about the benefits that they thought they were getting, some in tangible ways and also some intangible ways, like competitive advantage, or operational efficiency, things that are hard to quantify. Overall results on that the average organization spends $100 on privacy, they're getting $270 back, it is a great investment. I don't know how many investments they have to have that kind of return. But in this environment, and this is where we're seeing, the customers who want these kinds of protections, it's a great investment. >> It's an omni directional kind of forcing function if you think about it. I wanted to ask you, how do you see some of the categories because I can certainly see the benefit of just, people who are afraid of their privacy and their data. You see a lot of train wrecks in the industry, from Facebook to other things where users are in control, right? They want to be in control. That's the trend. So I can see the halo effect of saying, well, this company's got good privacy, I like that company. >> Robert: Right? >> It's almost a modern kind of table stakes, like going green or something like that. Is there areas that pop out in the survey, where the ROI was a must have, in terms of privacy or sort of categorical? >> Well, the this idea of building your loyalty and trust of your customers, is something that we had explored. If like, there's a companion piece that we just put out a few weeks ago, exactly on this issue of the consumer interest in having that available to them. And I would say, wouldn't take it for granted. Until recently, most people have said, privacy is dead, and I don't know who has access to my data, and I don't know what's controlling it. But the combination of GDPR, which swung the pendulum a little bit back so that users again had the ability to know what data companies had about them, and in some cases to modify or delete it, started that tread, the CCPA in California, carries out a little bit further. And what we saw in this companion survey around individuals was fascinating because we saw people that are more active. They're saying not only do I care about privacy, which most people will say that I will spend time and money, which many people may say that, but the real test was here that they've made a change, that they've changed a provider or someone that they work with over their data practices or data policies. And what that saying to us is, there's an active community, we're calling them privacy actives. It's a third of the population today, who are standing up to say, I now know that I have some control over how my data is used. Therefore, think about the companies and how they relate to that their customers are saying to them, I'm not going to work with you. And I'm not going to do business with you. And I want to only work with companies who I know how the data is being used. It's now become an important priority. It's part of the brand. It's part of the overall customer experience. So customers aren't going to-- >> John: I think you are understanding the numbers too. I think you I believe what you just said, is only going to be amplified because with social networking and what we've seen with virality and even just with fake news and disinformation. There's also information that could go viral, like, hey, this company, the buyer swing, the influence that these groups could have could be a force multiplier on impact negatively and positively. >> Robert: Right. And I think that actually, we would bear that out as well. So even though I described the third of people who already have made that change, there's another 30 plus percent, who said the first two, they just haven't made that change yet, maybe they aren't comfortable with doing it yet or they haven't had the opportunity. So again, this is something that all companies A need to pay attention to, and B it's going to be fundamentally part of the overall experience. If you don't have the privacy right, you're like not in business. And again, I think that's a positive trend, getting to the creating the conditions in the world that I think we all want to live in where, where when I share my information with somebody who uses it well, I'm happy with that. If I share it with somebody who misuses it, I don't want anything to do with them. And that's, I think, what we all think how it should work. >> Yeah, that's really fascinating and I love what you're saying about how the consumers are getting involved. I was a little bit concerned that things like GDPR and CCPA were going to be like the old, software accept it to use it. Nobody reads it, nobody pays any attention to it, I just opt in to anything. So, what advice do you have to users, how do you make sure that you're working with companies that are going to be using your data correctly and get involved, if they're not? >> Robert: Well, first thing they should do is be aware of the regulations and the rights that they have. I mean, the awareness even if GDPR in Europe runs under two thirds, right? So it's not something to take for granted that everybody knows about what they can do. So the first thing is know what you can do ask for the data if you're not sure. And ask the questions about how your data is being used. If the company is not completely upfront and transparent with how the data is being used, and I don't mean a 20 page consent document, which you can't figure out what they're doing, then you should be either not doing it or asking those questions and you should have comfort that there are a lot of other consumers out there that are doing the same. So make sure you're doing that. Cisco tries to work very hard to share with our customers exactly how data is using in all of our products that's why it published the data privacy maps and the data privacy sheets to kind of make that easy on our customers. But in any business, that's something that, a consumer should be asking, a customers should be asking and the company should explain, simply and transparency. The one number one complaint that individuals still have today is they don't understand what companies are doing with their data. >> Yeah. >> I mean, it's just mind boggling and that's, I think, again, the advice I give them is, you've got to get that right. >> How does Cisco do? What do you guys do? What do you offer people? I mean, let's just say people want to check. What was the mechanism that you guys are putting in place? Because I have no idea of WebEx my video is going to be facial recognition or my packets being routed through Cisco routers are being sniffed out, how do you guys put that transparency out there? >> Robert: Well, you like many customers ask those questions. And so we started creating and publishing these privacy data sheets, which were relatively streamlined, fairly short documents that you could go through and say, okay, I understand where the data is going. And we've done that on a whole bunch of the most requested products. We've taken another step to make them now very visual. I think we talked, we just launched that a year ago, where we tried to make them look like subway maps. Where you have sort of color coded ways the data flows through the system. And those are available. Anybody can come get them from trust.Cisco.com on the website, publicly available for customers who are interested in a product, don't have to go down the road and say well, it's just going to be my needs, they can get almost all of their questions answered through that. Yes, there may be some additional questions we want to answer later, like through the lawyers and through the conversations, but we least have a mechanism for giving the most of that information up front. >> Stu: Yeah, I love that trust was something that was front and center in the keynote this morning. I'm curious, Robert, with Cisco's position in the marketplace, the ecosystem you have is either something Cisco can lead or their industry considering to have kind of like a better business bureau. I shouldn't be able to go there and say, is this a reputable company? Am I okay, doing business with them? From a privacy standpoint, are there any initiatives in the works or is that something you might foresee going forward that I know oh, hey, this is somebody that it makes sense for me to work with. >> It's an interesting idea of, that could be created around that. I mean, I think where we are today is there's still a huge value of the government playing a role. I mean, the idea of GDPR and other regulations, if you have too much of it may not be helpful. But in today's environment, because the consumer can't always trust the company to do what they say they're going to do, you may not even be able to figure it out from the policy to begin with. But the government's role is to make sure that they're doing what they say they're going to do and therefore, consumers want government involved in that. So that again, there's a role to see fines and see penalties means that some of the guys are at least being-- >> Stu: Well, I wonder even you look at some of the fragmentation of the internet today, is there something that government or intergovernmental, kind of like the organization that runs the internet today, if there's there would be some room for them to be involved in something like that? I know it's a big audacious thing, but it is something that the general public companies, they don't trust most corporations with their information. >> Right. And it's a nice idea, especially in an environment where we want to avoid 50 different state legislative environments that companies are going to have to comply with. I mean, so far we go back to our study, we see this very positive return on privacy investment. If we get 50 more state laws that people have to comply with, that's very quickly going to get negative, right? So as although consumers are demanding more, it's more part of the brand. If we have too much regulation will start to see that around. So you're getting your idea of consolidation, having a single way is a very positive idea. >> Stu: In your report, I saw that GDPR and CCPA, oh, China's doing something, Brazil's doing something, it's going to be well it's from it's going to become onerous on the supplier and the consumer side if there isn't some commonality between them. >> Robert: Fully agree. That's right. >> John: Well, I got the report here folks, check it out. It is an amazing report. Every year, the team does an amazing job. This year it's about privacy ROI. This proves that good hiring works. Privacy, hiring practice, diversity inclusion, inclusion and diversity has pay off and this is the new modern era. I want to switch gears well on that note because Robert, we always love to talk about your role you're a data privacy and economics. So privacy economic, ROI, get that security and trust organization. The economic value is a big part of your study here. I think it's just scratching the surface. And I want to give you an example and I want you to react to it. Was having a conversation with a big time venture capitalist who just changed this job to start a fund for impact investing for profit. And one of his focus area is economics around self governing communities around policing some of these regulation issues. So there's so much regulation, business could get stunted. There's a trend going on now, Stu kind of lead it into it where communities are going to start to govern the brands as a check based on buyer behavior. So there's real signals that users are reacting to companies, policies, with data or whatever whether its environment whatever people are making purchasing decisions and organizing, that's going to change the economics, which is the top line impact, not just so much a cost structure to have certain regulatory policies. This is a venture capitalist. What's your reaction? He's investing in this direction. He thinks it's going to be big, your thoughts. >> Well, I think there's evidence for that, again, it's the idea that a company is more valuable because of some of the things that we're talking about was also we actually asked that question, did respondents think that their company was more valuable because they had progressed along the privacy dimension. Because you think about the loyalty and trust they built with their customers, aside from the operational benefits, and maybe the compliance benefits as well. So I would say, evidence for companies thinking that they themselves are further along, and those companies that have gone more than just the minimum that it's sort of becoming a little more mature, a little more accountable from their privacy programs are getting the best returns. We talked about that $270 on 100. If you're investing a little more and going up that curve, it's $310 on that 100. So again, better return on your investment, more loyalty and value and you see your company as being more valuable. So I think there's strong evidence for that happening again, you know how that actually works operationally another question, but there's something there. >> John: Stu and I were talking about how advertising and how social network and medium is all changing. And one of the things is you're driving at is that advertising used to be an attention game, get on TV, spread the message around, while you're teasing out and what Stu was talking about earlier in our other session is that influence and reputation is a new benchmark. So it's not so much, know my brand, my key rating or brand impression, its reputation, you're getting at something that's really interesting around reputation, which is swinging buying behavior. This is a new dynamic. >> Robert: Yeah, I think that reputational aspect is such an important part of the brand and even doing business and why this whole issue. I mean, the idea of privacy becoming a central tenet of the company and the brand and the overall experience is kind of what we're seeing as that pendulum swings back to the consumer and the ability to make those choices. It's becoming more and more important for the companies to get that right and have that be part of it. That's the value of the company, again, the value of the overall relationship. So I think that's a positive direction. >> John: We really appreciate you coming on. I want to get your thoughts, last question. What's your vision of where we are today in the world? You look around and you'll be happy with some of the things. You look at things like Facebook's going through a change, Jeff Bezos' phone was hacked via video on WhatsApp. You got the political environment, you have this entire trust equation. And it's just a dynamic time, your vision of how trust and data privacy and the economics and all your role. What do you see happening? What's your vision? >> I'm very optimistic about where it's going. I mean, I think we see ups and downs and we see setbacks. We see millions of records get exposed on users, and they get concerned about things. But I think we're trying to put the right processes and controls in place so that those controls and so the right things do happen with data, all trying to create that world that we all want to live in. That when our data is shared, it's used appropriately. So it's not going to be a smooth upward curve, but again, I think that idea of not only the legislative process where our governments are seeing that consumers need these protections that we can't go it alone, we need help with the companies that we work with, and the idea that they're willing to take it more into themselves. I mean, the fact that governments and companies who are concerned about the regulations and individuals themselves, would share the responsibility for creating all of those protections is, I mean, that makes me very positive about where it's going. >> John: And as politicians from all around the world, whether it's United States or other countries have to figure out how much regulation to put on the tech companies, this is a flashpoint of where industry could do their part and be part of the solution, not just be regulated, hopefully. Too much regulation kills entrepreneurship, in my opinion, but that's my opinion. >> Robert: It would kill our ROI right? >> ROI. >> Down the toilet. >> Okay, theCUBE comes bringing all the great conversations here at Barcelona, Data Privacy Day, this is a big part of our society now, and there's now evidence that it's worth investing in privacy thanks to Cisco's report. Good ROI. Of course great ROI of you stay with theCUBE for more action after this short break

>> Live from Barcelona, Spain it's theCUBE! Covering Cisco Live! Europe brought to you by Cisco and its ecosystem partners. >> Hello everyone, welcome back to theCube's live coverage here in Barcelona, Spain for Cisco Live! Europe 2019. We're at day three of three days of coverage I'm John Furrier with Dave Vellante Our next two guests we're going to talk about privacy data Michelle Dennnedy, VP and Chief Privacy officer at Cisco and Robert Waitman who is the Director of Security and Trust. Welcome back, we had them last year and everything we talked about kinda's happening on steroids here this year >> Yep. >> Welcome back >> Thank you glad to be here >> Thanks for having us >> So security, privacy all go hand in hand. A lot going on. You're seeing more breaches you're seeing more privacy challenges Certainly GDPR's going to the next level. People are, quote, complying here's a gig of data go figure it out. So there's a lot happening, give us the update. >> Well, as we suggested last year it was privacypalooza all year long running up to the enforcement deadline of May 25, 2018. There were sort of two kinds of companies. There's one that ran up to that deadline and said woohoo we're ready to drive this baby forward! And then there's a whole nother set of people who are still sort of oh my gosh. And then there's a third category of people who still don't understand. I had someone come up to me several weeks ago and say what do I do? When is this GDPR going to be a law? I thought oh honey you need a hug >> Two years ago, you need some help. >> And some companies in the US, at least were turning off their websites. Some media companies were in the news for actually shutting down their site and not making it available because they weren't ready. So a lot of people were caught off guard, some were prepared but still, you said people would be compliant, kind of and they did that but still more work to do. >> Lots more work to do and as we said when the law was first promulgated two and a half years ago GDPR and the deadline A, It's just one region but as you'll hear as we talk about our study it's impacting the globe but it's also not the end of anything it's the beginning of the information economy at long last. So, I think we all have a lot to do even if you feel rather confident of your base-level compliance now it's time to step up your game and keep on top of it. >> Before we get into some of the details of the new finding you guys have I want you to take a minute to explain how your role is now centered in the middle of Cisco because if you look at the keynotes data's in the center of a lot of things in this intent based network on one side and you've got cloud and edge on the other. Data is the new ingredient that's feeding applications and certainly collective intelligence for security. So the role of data is critical. This is a big part of the Cisco tech plan nevermind policy and or privacy and these other things you're in the middle of it. Explain your role within Cisco and how that shapes you. >> How we sort of fit in. Well it's such a good question and actually if you watch our story through theCUBE we announced, actually on data privacy day several years ago that data is the new currency and this is exactly what we're talking about the only way that you can operationalize your data currency is to really think about it throughout the platform. You're not just pleasing a regulator you're not just pleasing your shareholders you're not just pleasing your employee base. So, as such, the way we organize our group is my role sits under the COO's office our Chief Operations Office under the office of John Stewart who is our Chief Trust officer. So security, trust, advanced research all live together in operations. We have sister organizations in places like public policy, legal, marketing, the sales groups the people who are actually operationalizing come together for a group. My role really is to provide two types of strategy. One, rolling out privacy engineering and getting across inside and outside of the company as quickly as possible. It's something new. As soon as we have set processes I put them into my sister organization and they send them out as routine and hopefully automated things. The other side is the work Robert and I do together is looking at data valuation models. Working about the economics of data where does it drive up revenue and business and speed time to closure and how do we use data to not just be compliant in the privacy risk but really control our overall risk and the quality of our information overall. It's a mouth full >> So that's interesting and Robert, that leads me to a question when we've seen these unfunded mandates before we saw it with Y2K, the Enron backlash certainly the United States the Federal Rules of Civil Procedure. And the folks in the corner office would say oh, here we go again. Is there any way to get more value beyond just reducing risk and complying and have you seen companies be able to take data and value and apply it based on the compliance and governance and privacy policies? >> Dave that's a great question. It's sort of the thought that we had and the hypothesis was that this was going to be more valuable than just for the compliance reasons and one of the big findings of the study that we just released this week was that in fact those investments you know we're saying that good privacy is very good for business. It was painful, some firms stuck their head in the sand and said I don't want to even do this but still, going through the GDPR preparation process or for any of the privacy regulations has taken people to get their data house in order and it's important to communicate. We wanted to find out what benefits were coming from those organizations that had made those investments and that's really what came out in our study this week for international data privacy day we got into that quite a bit. >> What is this study? can you give us some details on it? >> It's the Data Privacy Benchmark study we published this week for international data privacy day. It's sort of an opportunity to focus on data privacy issues both for consumers and for businesses sort of the one day a year kind of like mother's day that you should always think of your mom but mother's day's a good day so you should always think of privacy when you're making decisions about your data but it's a chance to raise awareness. So we published our study this year and it was based on over thirty-two hundred responses from companies around the world from 18 countries all sorts of sizes of companies and the big findings were in fact around that. Privacy has become a serious and a boardroom level issue that the awareness has really skyrocketed for companies who are saying before I do business with you I want to know how you're using my data. What we saw this year is that seven out of eight companies are actually seeing some sales delay from their customers asking those kinds of questions. But those that have made the investment getting ready for GDPR or being more mature on privacy are seeing shorter delays. If you haven't gotten ready you're seeing 60% longer delays. And even more interestingly for us too is when you have data breaches and a lot of companies have them as we've talked about those breaches are not nearly as impactful. The organizations that aren't ready for GDPR are seeing three times as many records impacted by the breach. They're seeing system downtime that's 50% longer and so the cost of the whole thing is much more. So, kind of the question of is this still something good to do? Not only because you have to do it when you want to avoid 4% penalties from GDPR and everything else but it's something that's so important for my business that drives value. >> So the upshot there is that you do the compliance. Okay, check the box, we don't want to get fined So you're taking your medicine basically. Turns into an upside with the data you're seeing from your board. Sales benefit and then just preparedness readiness for breaches. >> Right, I mean it's a nice-- >> Is that right? >> That's exactly right John you've got it right. Then you've got your data house in order I mean there's a logic to this. So then if you figured out where your data is how to protect it, who has access to it you're able to deal with these questions. When customers ask you questions about that you're ready to answer it. And when something bad goes wrong let's say there is a breach you've already done the right things to control your data. You've got rid of the data you don't need anymore. I mean 50% of your data isn't used for anything and of course we suggest that people get rid of that that makes it less available when and if a breach occurs. >> So I got to ask you a question on the data valuation because a lot of the data geeks and data nerds like myself saw this coming. We saw data, mostly on the tech side if you invested in data it was going to feed applications and I think I wrote a blog post in 2007 data's going to be part of the development kits or development environment you're seeing that now here. Data's now part of application development it's part of network intelligence for security. Okay, so yes, check, that's happening. At the CFO level, can you value the data so it's a balance sheet item? Can you say we're investing in this? So you start to see movement you almost project, maybe, in a few years, or now how do you guys see the valuation? Is it going to be another kind of financial metric? >> Well John, it's a great point. Seeing where we're developing around this. So I think we're still in somewhat early days of that issue. I think the organizations that are thinking about data as an asset and monetizing its value are certainly ahead of this we're trying to do that ourselves. We probed on that a little bit in the survey just to get a sense of where organizations are and only about a third of organizations are doing those data mature things. Do they have a complete data map of where their stuff is? Do they have a Chief Data Officer? Are they starting to monetize in appropriate ways, their data? So, there's a long way to go before organizations are really getting the value out of that data. >> But the signals are showing that there's value in the data. Obviously the number of sales there's some upside to compliance not just doin it to check the box there's actually business benefits. So how are you guys thinking about this cause you guys are early adopters or leaders in this how are you thinking about the data measurement of it? Can you share your insights on that? >> Yeah, so you know, data on the balance sheet Grace Hopper 1965, right? data will one day be on the corporate balance sheet because it's in most cases more valuable than the hardware that processes. This is the woman who's making software and hardware work for us, in 1965! Here we are in 2019. It's coming on the balance sheet. She was right then, I believe in it now. What we're doing is, even starting this is a study of correlation rather than causation. So now we have at least the artifacts to say to our legal teams go back and look at when you have one of our new improved streamline privacy sheets and you're telling in a more transparent fashion a deal. Mark the time that you're getting the question. Mark the time that you're finishing. Let's really be much more stilletto-like measuring time to close and efficiency. Then we're adding that capability across our businesses. >> Well one use case we heard on theCUBE this week was around privacy and security in the network versus on top of the network and one point that was referenced was when a salesperson leaves they take the contacts with them. So that's an asset and people get sued over it. So this again, this is a business policy thing. so business policy sounds like... >> Well in a lot of the solutions that exist in the marketplace or have existed I've sat on three encrypted email companies before encrypted email was something the market desired. I've sat on two advisory boards of-- a hope that you could sell your own data to the marketers. Every time someone gets an impression you get a micro cent or a bitcoin. We haven't really got that because we're looking on the periphery. What we're really trying to do is let's look at what the actual business flow and processes are in general and say things like can we put a metric on having less records higher impact, and higher quality. The old data quality in the CDO is rising up again get that higher quality now correlate it with speed to innovation speed to close, launch times the things that make your business run anyway. Now correlate it and eventually find causal connections to data. That's how we're going to get that data on the balance sheet. >> You know, that's a great point the data quality issue used to be kind of a back office records management function and now it's coming to the fore and I just make an observation if you look at what were before Facebook fake news what were the top five companies in the United States in terms of market value Amazon, Google, Facebook was up there, Microsoft, Apple. They're all data companies and so the market has valued them beyond the banks, beyond the oil companies. So you're starting to see clearer evidence quantifiable evidence that there's value there. I want to ask you about we have Guillermo Diaz coming up shortly, Michelle and I want to ask you your thoughts on the technical function. You mentioned it's a board level issue now, privacy. How should the CIO be communicating to the board about privacy? What should that conversation be like? >> Oh my gosh. So we now report quarterly to the board so we're getting a lot of practice We'll put it that way. I think we're on the same journey as the security teams used to you used to walk into the board and go here's what ransomware is and all of these former CFOs and sales guys would look at you and go ah, okay, onto the financials because there wasn't anything for them to do strategically. Today's board metrics are a little soft. It's more activity driven. Have you done your PIAs? Have you passed some sort of a third party audit? Are you getting rejected for third party value chain in your partner communities? That's the have not and da da da. To me I don't want my board telling us how to do operations that's how we do. To really give the board a more strategic view what we're really trying to do is study things like time to close and then showing trending impacts. The one conversation with John Chambers that's always stuck in my head is he doesn't want to know what today's snapshot is cause today's already over give me something over time, Michelle, that will trend. And so even though it sounds like, you know who cares if your sales force is a little annoyed that it takes longer to get this deal through legal well it turns out when you multiply that in a multi-billion dollar environment you're talking about hundreds of millions of dollars probably a week, lost to inefficiency. So, if we believe in efficiency in the tangible supply chain that's the more strategic view I want to take and then you add on things like here's a risk portfolio a potential fair risk reporting type of thing if we want to do a new business Do we light up a business in the Ukraine right now versus Barcelona? That is a strategic conversation that is board level. We've forgotten that by giving them activity. >> Interesting what you say about Chambers. John you just interviewed John Chambers and he was the first person, in the mid 90s to talk about a virtual close, if you remember that. So, obviously, what you're talking about is way beyond that. >> Yeah and you're exactly right. Let's go back to those financial roots. One of the things we talk about in privacy engineering is getting people's heads-- the concept that the data changes. So, the day before your earnings that data will send Chuck Robbins to jail if someone is leaking it and causing people to invest accordingly. The day after, it's news, we want everyone to have it. Look at how you have to process and handle and operationalize in 24 hours. Figuring out those data stories helps it turn it on its head and make it more valuable. >> You know, you mentioned John Chambers one of the things that I noticed was he really represented Silicon Valley well in Washington DC and there's been a real void there since he retired. You guys still have a presence there and are doing stuff there and you see Amazon with Theresa Carlson doing some great work there and you still got Oracle and IBM in there doing their thing. How is your presence and leadership translating into DC now? Can you give us an update of what's happening at-- >> So, I don't know if you caught a little tweet from a little guy named Chuck Robbins this week but Chuck is actually actively engaged in the debate for US federal legislation for privacy. The last thing we want is only the lobbyists as you say and I love my lobbyists wherever you are we need them to help give information but the strategic advisors to what a federal bill looks like for an economy as large and complex and dependent on international structure we have to have the network in there. And so one of the things that we are doing in privacy is really looking at what does a solid bill look like so at long last we can get a solid piece of federal legislation and Chuck is talking about it at Davos as was everyone else, which was amazing and now you're going to hear his voice very loudly ringing through the halls of DC >> So he's upping his game in leadership in DC >> Have you seen the size of Chuck Robbins? Game upped, privacy on! >> It's a great opportunity because we need leadership in technology in DC so-- >> To affect public policy, no doubt >> Absolutely. >> And globally too. It's not just DC and America but also globally. >> Yeah, we need to serve our customers. We win when they win. >> Final question, we got to get wrapped up here but I want to get you guys a chance to talk about what you guys announced here at the show what's going on get the plug in for what's going on Cisco Trust. What's happening? >> Do you want to plug first? >> Well, I think a few things we can add. So, in addition to releasing our benchmark study this week and talking about that with customers and with the public we've also announced a new version of our privacy data sheets. This was a big tool to enable salespeople and customers to see exactly how data is being used in all of our products and so the new innovation this week is we've released these very nice, color created like subway maps, you know? They make it easy for you to navigate around it just makes it easy for people to see exactly how data flows. So again, something up on our site at trust.cisco.com where people can go and get that information and sort of make it easy. We're pushing towards simplicity and transparency in everything we do from a privacy standpoint and this is really that trajectory of making it as easy as possible for anyone to see exactly how things go and I think that's the trajectory we're on that's where the legislation both where GDPR is heading and federal legislation as well to try to make this as easy as reading the nutrition label on the food item. To say what's actually here? Do I want to buy it? Do I want to eat it? And we want to make that that easy >> Trust, transparency accountability comes into play too because if you have those things you know who's accountable. >> It's terrifying. I challenge all of my competitors go to trust.cisco.com not just my customers, love you to be there too go and look at our data subway maps. You have to be radically transparent to say here's what you get customer here's what I get, Cisco, here's where my third party's. It's not as detailed as a long report but you can get the trajectory and have a real conversation. I hope everybody gets on board with this kind of simplification. >> Trust.cisco.com we're going to keep track of it. Great work you guys are doing. I think you guys are leading the industry, Congratulations. >> Thank you. >> This is not going to end, this conversation continues will continue globally. >> Excellent >> Thanks for coming on Michelle, appreciate it. Robert thanks for coming on. CUBE coverage here day three in Barcelona. We'll be back with more coverage after this break.

(upbeat contemporary music) >> Announcer: Live from Barcelona, Spain It's theCUBE covering Cisco Live 2018 brought to you by Cisco, Veeam, and theCUBE's ecosystem partners. >> Hello everyone welcome back to theCUBE's live coverage here in Barcelona, Spain for Cisco Live 2018 in Europe. I'm John Furrier cofounder SiliconANGLE cohost of theCUBE with my cohost partner Stu Miniman this week analyst at Wikibon.com also cohost at many shows across the industry. Our next two guests talking about data, data privacy is Michelle Dennedy who's the vice-president chief privacy officer at Cisco and Robert Waitman who works for her. We've got a smashing new data report to share with you about some of the surveys and customers and impact of privacy in business. Michelle, Robert thanks for joining us. >> Thank you. >> Thanks for having us. >> Michelle, good to see you again. You were on the front pages of SiliconAngle.com as a feature story this week of the interview you had on the ground with theCUBE team, welcome back. >> You can't get rid of me. >> Well we love having you on because it's really important because not only is GDPR which we reported on for our last interview but the role of data, data driven organizations you hear that at every C-Sweep from security to user experience and everything in between down the data center. You're measuring everything certainly Cisco managing data center and everything else. But this really nuanced thing here about impacts to businesses because now users are in control of their data and you're seeing things like cryptocurrency and immutable block chain on one end and then just what are the rights of the users and the consumers in context to digital business? This is one of the most cutting-edge social and technical issues. I mean GDPR is a nightmare in and of itself just to figure out where the hell the data is. >> Some people's nightmare is other people's dreams. >> It's good for users but not good for database administrators, good for the tech industry. What are the current challenges right now from your perspective? What are you seeing as the core top three issues that you see around data and data privacy impacting business? >> Well I think you actually put your finger right in the heart of it. It is coming together of human rights, human needs, policy law meets technology capability and functionality. So I think understanding that the data is the common currency across all of these systems whether you're talking about human rights and ownership, whether you're talking about legal rights and management that data currency goes across educating people and making them understand that currency is absolutely critical to surviving this next new era. >> As always I tell my kids advice, I say that if you want to get into something cutting edge, get into data science meets societal, political science and social science. >> Michele: Exactly >> As that's coming together and you know Steve Jobs had that liberal arts meets social meets technology kind of intersection. What are some of the brightest minds in the industry that are in your area working on? I mean how are they attacking this? Are they looking at it from a big picture? Are they diving deep into it? What are the brightest minds doing in this area? >> Well so I have a deep bias and of course I hired some of the best minds here, right? I think the pragmatic mind, I'll put it that way rather than judging anybody's thing. If you're writing pretty policies like, brava to you. But what I really like to see is looking at what is a data inventory? Starting to look at data as a supply chain issue. And the reason I love supply chain and management and measurement is we know how to do it. So we're applying these common business schemas and strategies to this newer functionality of data as a piece of currency that changes and is contextual over time. So the pragmatic thinking I'll put it that way is to really look at privacy engineering as first a business use case requirements gathering exercise and then figuring out how does it work in the architecture. What's your industry? What kind of data do you have? And then you can figure out what are those granular features and requirements. And then the rest of your supply chain pulls through. So when you take kind of that management approach it sounds a little plodding but it's actually very exciting. There's a lot of innovation, it must happen. >> Another thing that we cover I was looking on our research side is nailing that exact point. How do you instrument the data? So talk about some of the confluence things that you just mentioned but then as business starts to look at how they value themselves so we really haven't seen any cutting edge data on this, would love to get your perspective on how data is impacting the valuation of a business. Because valuation techniques have been mostly financial, because you can measure it. >> Yup >> But now that you have data as currency as you mentioned, how are companies looking at the valuation of their enterprise? >> So I brought along a little friend today, because we really believe that the mantra in my working group within Cisco is values to value. So figuring out the instrumentation of the gear. You know I have a lot of support to do that within Cisco, we do engineering pretty good. But then figuring out we actually went out to some academics, we looked at what other people in the marketplace as you say, not a lot of metrics about how to instead of saying how much have we lost, how do we know that there is progress? And so Robert Waitman joined my team about two years ago I stole him from the worlds of economy and finance and business preparation and he said, I don't know anything about privacy and data. He does now, but I said I don't really want you for that, I want to start to build a model that we can share with the world on how to value data and how to look at the upside as well as the downside. >> So Robert, I've got to ask you so one of the things we've been riffing on in theCUBE recently is with the role of decentralized applications and this kind of applies to network theory because Cisco has been a successful network company, the role of the chief economic officer a term that we made up because you're starting to see economics certainly with token economics with cryptocurrency that's all the rage right now so Facebook just recently banned all ads for the coin offerings, but that is the trend that's happening, right? So you're starting to see the role of an economist in business. So with data the valuation, this seems to be a new trend. Your thoughts and reaction to that. >> Yeah, well you know data's not on the balance sheets, so we don't typically valuate and manage it the way you'd manage all of our other assets. But data, especially when it's well curated which is one of the things that privacy enables with that unlocks a lot of values. But that's kind of the focus of our research. Say look, GDPR and all those other things can require you to do certain things, but by having data that's well curated, you can unlock value for your organization. And there are a lot of different ways to do that, whether it's operational or whether it's revenue upside you can get from better understanding curation of your data. >> Before we get into the reports, I just want to ask you one follow up question. Do you see a day where there is going to be a fiscal and monetary data policy? >> Michelle: Yes >> Yes and yes? >> Absolutely and you know, this was predicted. This is my favorite quote. I say it everyday and I'll say it again today. Grace Hopper, 1965 that one day information will be on the corporate balance sheet, because it's more valuable than the hardware that processes it. That day is now. We have enough granularity in the system to actually have big data and analytics. We have enough compute power. The day is now to understand and now we have to figure out what's that report look like and how do we ride on that trend? >> Do you that that's a strategic imperative for CEOs of companies to actually get the data on the balance sheet? >> If so, how? >> I'm going to say that here first. The ones who get it on first are the ones who win. Now they won't get it on the balance sheets first as Robert pointed out. You cannot under our current accounting rules; however, just like we took brand and we turned it into an asset and we valued that asset. It's not allowed on many balance sheets. It's definitely something to invest in or divest in and to curate and measure. So I could go on for a long time about this particular topic. >> We'd love to hear a whole segment on this cutting edge data concepts and currency. Stu wants to get a question in here, go ahead Stu. >> Robert, the keynote yesterday it was security is one of those headwinds you know preventing companies from innovators to slow them down. You've got some good data on privacy and want share what is the mindset of the customers? You know, we've been asking is GDPR just going to slow things to a grinding halt, you know in IT? We think there are some opportunities there, but what's the data telling you? What are you hearing from customers? >> Well I think the world that we're in the background is that customers are asking more questions about data and data privacy, but before they buy a product or service, they want to know who has access to my data? What's it being used for? Is it going to be deleted? How long is it kept? All of those questions are contemplated by GDPR but it's a broader issue of general having privacy controls around data. So in seeing that environment we were wondering as a team is to what extent can we measure how much business may be slowed down by those kinds of questions. And so the study we released last week quantified that for the first time. And what we learned is that 65% of companies globally, and this is based on a survey of 3000 corporations around the world double-blind so we don't know who they are, 65% of them said that we are in fact they are in fact experiencing sales delays due to data privacy issues. And remarkably the average delay is seven point eight weeks. That's almost two months on average across all of these companies having a delay due to customers' asking the right questions about where their data is. We find that remarkable again adding to the idea that organizations who invest and do a better job on this can manage that to a greater degree. >> Just a clarification here this is the germ of the Privacy Maturity Benchmark Study >> Michelle: Correct >> And you can check it out on Robert's Twitter handle which is Robert Waitman his full name no space RobertWaitman W-A-I-T-M-A-N, saw that pinned on your top tweet. Impact to business >> Right >> More cost, more value again unlocking the value we totally agree with you by the way. How and at what cost? >> Well, that cost of sales delay translates into many things that affect the company's bottom line. You might miss quarterly or annual forecast because you're not making revenue. It could be that you lose sales. Once you delay a sale, you're more likely to lose a sale, so every company would be in a different situation as to how much impact it has on their product portfolio and to what degree they're seeing these delays. What we did find is that privacy and investments in privacy maturity can help manage it, so those organizations that are immature from a privacy standpoint are seeing the longest delays on average 16.8 weeks of the most immature and for the companies that are privacy mature according to the standard model only three point four weeks. So think about the difference. Sixteen point eight or three point four by having investments in privacy and we show that correlation and it makes sense because companies can manage their data better >> We've been also riffing on the notion that security was handled in the early days with perimeter based security and now, you know, it's no perimeter. It's the wild west. Security is a great example. You know, of all the vendors no one has more than four percent market share. It's a disaster and we know that. We have friends working on it. Privacy is the same way, it's almost like we got to cover the check box you know compliance. We have a privacy statement, we handle the data. It's more reactive more protection oriented not proactive. So the question is what should companies be doing to be more proactive in driving privacy oriented investments which now we see that translate to more of a business impact certainly at valuation and capability. >> Yup >> Thoughts? >> Well, I mean I would start by saying that what we're trying to put out there is that it's not just about compliance. So this is about both business value on the revenue or cost side as well as the ethical standards that we're trying to set. So we should be doing these privacy controls, because it's the right things to do regardless of the GDPR environment that we're in currently. So that's kind of the overall missioning and it's much longer term than just the GDPR timetable but it's trying to get companies to do the right things to protect the data and also because it's good for their businesses. >> Any anecdotal data on investment thesis, orientation posture from CEOs? What is the investment climate? Are they putting money into it or are they just kind of holding the line? Right now I'm trying to figure things out. Thoughts? >> Thoughts on this one? >> Million dollar question >> Yeah, so and it's a billion dollar question actually which is an important one. I think where we are seeing investment and when when we talk about privacy maturity you can come at it from a number of different vectors. So privacy engineering to Cisco is critical we sell IT things and we depend upon data as an asset, so you would expect us to do heavy investments in raising our security baseline. We've done it. We're having specific training for developers. We've done it and my team actually does not live in legal. I have a wonderful legal support team. I live in operations. So one of the investments you can make is to operationalize your working so you understand which of your business requirements are data sensitive and adding them on. The other piece of the study that is correlated again no causality yet, but we're correlating the number, mix and the complexity of your vendor set with the trend and reporting of the actual harm after a breach. >> Right, so we looked at the privacy maturity and also compared to companies who had been breached and how much they reported they had lost on this. And so interestingly again the privacy immature companies many more of them had lost enough metric here we used was over half a million dollars due to data breaches so 74% of those immature versus only 39% of the mature guys. Now why is that? We can speculate that those who are protecting their data, only keeping the data they need for their business purposes deleting it when they're done with it and having the right knowledge and inventory of where they are, are doing a better job at protecting that critical data asset. So it makes sense, but we need to learn more about what really is behind it and causing that. >> It's so interesting because there's a relationship with security, because that's where people react to what happens if there's a breach in security but they're also separate, decoupled in their own way, and it's interesting that you mention it in your organization and that's I think that is really notable and something I'd like to just double-click on. Most companies' viewed security in the early days metaphor for security in an organizational setting it's part of IT. Now it reports to the C-suite. >> Yes You're getting at a different angles. You're thinking about privacy and data as a separate group not being subservient as say legal or administration function. It's more central to the C-Suite. >> Absolutely >> Are you recommending that companies think differently? >> Absolutely >> Can you explain why? >> Oh I think and again it varies company to company, so I would love to say you know, I'm a legal person by training or I ran away from home from legal a long time ago, so I'm a business person. It's valuable to have lawyers we're nice people. We can be funny sometimes, but typically most companies it is like Bob, Joe, Sally and legal. Now what kind of an innovation posture are you taking? The other part is you know in our lawyers' defenses there is such a plethora and complexity of the laws that they have to be determinative and say this is just enough and this is the gray area. Innovators don't think like that. I don't want my innovators to think like that. I want to do the experimentation so in addition to the work we do in house with our economic guru we actually partner with universities to do financial studies to say where you're having potential breaches at every layer of the network what's the quanta? The other side is I have a seat at the table with all of our engineering teams and our business development teams so that makes a huge difference. >> I totally agree. Robert, I want to ask you a question. Back to my theory that we'll have a C-E-O chief economist officer as a standard role in a similar way not just call in the strategy guy, right? >> Michelle: Yes >> So it's like strategy hey you know whatever. This is really becoming a decentralized world global impact whether it's GDPR or other compliance economic impact is a really critical thing. >> Robert: Right >> What is your view for companies to think about the role of a company and or group to be like a economist center? Like a C-T-O is really important but you also have a V-P of engineering. So C-T-O, V-P of engineering Chief economist officer and group How do you look at that world and how do you envision it in unfolding? >> Well, I think that one element that most companies don't have today is somebody who really thinks about data and the economic value of it today and what it means. Again, because it's not on the balance sheet it's not treated the same way but it's one of our most important assets. So having someone who at least focuses on what is the value and importance of this data to my organization and all the ways that do. Whether it's my value you know in driving my ongoing operations whether it's allowing me to cut costs, whether it's unlocking value that my organization could uncover by inventorying and developing that. So I think that economic value piece of data you know is something that we're going to see more of and because data is being recognized as such an important asset I think there will be some progress in that. >> I think Michelle you made a great point about supply chain. We've been seeing the same trend in that. Block chain has been a great example where not so much bitcoin and a theory of encrypto, block chain as a technology has been impacting the supply chain. That's a data driven trend. >> Michelle: It's exclusively a data driven trend. I mean what you're talking about is indelible auth. And so there's always a place for authentication. Sometimes you just want a watermark. Sometimes you want a dossier. That's I mean that's the whole mystique of block chain is gorgeous but the reality is it's a wonderful tool if you want to authenticate something in the clair. Just like we were talking about P-K-I in the old days now if you apply that to data, so what you're calling a chief economic officer I would call a chief data officer. >> So again economics, ledger, hyper-ledger, block chain are we looking at maybe the world is going to circumvent existing standards with you know disruption with like a block chain, crypto centralized does that come together? I mean it's a collision course, no one knows the answer. Observation? >> Well, there may be some opportunities to do that. But I'm sure that we'll try to have the right ways to have controls around it as well. So not just to birth the system but to do it in a way that makes sense to protect the values that we are all trying to hold onto in terms of individual values you know as well as having the right monitoring and systems around them. >> You know Cisco disrupted the entire network protocols back in the 80s by unlocking value. And again value is the key driver of making change not just for the sake of subverting. >> I love that you're saying that because disruption has always bothered me. That's like me grabbing the chair and watching you fall down and going oh look I have a softer chair. I'd rather like have a more reductionist point of view and say what is essential value. Let's clear out the gunk that's getting in your way. >> Value is the north star for all >> It is. I think it's madly innovative and will it change businesses radically? Yes. If we want to call that disruption we can, but I think it's actually enablement of what we wanted in the first place but don't have yet. >> Well people know me I'm very bullish on crypto and block chain as a unlocking value and changing patterns and offering a new re-imagining industries that are just not moving fast enough >> Wow >> To capture the value >> Yeah >> John: Thanks so much guys for coming on. I know we slotted you in because it's a super important conversation to hear at Cisco Live and the industry. Love to have more time. Maybe we can do a follow-up with you guys. Great to see you again. >> Yeah, you too! >> It's theCUBE talking data privacy, investment, valuing data on the balance sheet. A lot of radical, progressive, cool value opportunities for the industry out there and enterprises. Yeah, this is theCUBE live coverage from Barcelona. More after this short break. (techno music)