>>from San Francisco. It's the queue covering our essay conference. 2020. San Francisco Brought to you by Silicon Angle Media >>Welcome back to our C for cube coverage Here in our state conference, I'm John Furrier with the Cube. Our next guest is a car guy who's with the McAfee, and he's a technical fellow, formerly chief scientist and co founder of Sky High Networks, which was acquired by really pioneering. Some of what we're seeing is Cloud is the driver screen paradigm. Thanks for coming on, John. Thank you so much. I know a lot of times we'll jump right in. The cloud is changing the game. You guys saw the wave early at sky high. So how is it rendered itself today? Was seeing the signals out there. How all the members earnings were down this week because of their on premises is shifting to the cloud. We think we'll do well, but it's also impacting. Everyone's got a shift, including their customers. What's going >>on? This is amazing, you know, last year, I think a few months back we did a survey of large enterprises. For the first time, we found that the majority of the CIOs and CSOs felt that cloud is more secure than on Prem. That's a big deal. I mean, I've never seen that before. I didn't expect it to be this quick, but that that actually manifest itself in and Price is ready to be cloud first are very cloud friendly. And that's significantly different from when we started Sky High and even a couple of years ago on. Because of that, how you secure the data, how you secure it connects to the kind of threats I need to be looking at the different lens on. I mean, you've seen breaches happen every week. If you look back over the last year and a lot of those cloud native threats, these are not malware based breaches of data, which is what you would think of any traditional look at micro services breaches. No, these cloud breaches, because Cloud has It's very good, right? It's got transparency. It's got AP eyes. So whatever AP eyes use, a bad actor could use it as well, really. Land exfiltrate on expanding the cloud footprint is very different from how traditional malware attacks happen within the enterprise. And so we've been looking at cloud native. That's on what it means to even secure data in the cloud, which is very different from, you know, securing data in your enterprise. For example, I run a deal, be on my laptop. You know what kind of since the data's there, but in the cloud you don't do that because the data is cloud native and we've In our analysis, you've seen that 50% of traffic is cloud to cloud, so it bypasses a traditional enterprise network by positive devices. And so when you talk about data protection, you need to look at new ways of understanding, cloud and integrating into. >>It's interesting I've talked to many CSOs have been cloud native and born in the cloud, and they say their their their worst day in cloud security is better than any day they've had on premise security. There's actually more security in the cloud, but then when they start getting into hybrid, and now what we see is multi clouds. That third wave coming, you start to look at on premise to Cloud Cloud Cloud. You have a network component becomes a big part of Could you share your vision on how the network needs to evolve because Amazon and Azure they have their own networks. It's also not on premise, either, So I want to run a route from here to here. What's the network? And >>I don't think network this security controls going away. And if you look at what McAfee and insist today is what we call the unified cloud edge, we acknowledge that security's it's security at the end point at the cloud and in the network. So we are the first product really. Teoh integrated policies on visibility into data flow between the clouds you want from the cloud on any device. And so in that model you have a network components of users Secure Gateway, which is cloud hosted. So it's interesting you see that a lot of security do there also becoming cloud native. So that's what we've leveraged. Our cloud Native Cloud security platform, cloud, native Swat, Web gateway as well as ER and endpoint. Protection from the >>question is the chief scientist Andrew you, are the security posture of companies certainly is changing the cloud. How would you describe the current posture from a customer perspective? The cloud in a good way. What do they need to be thinking about. >>Yeah, I think actually, Gartner said it very well. In fact, a couple of years you last year they had a mq Mr. Actually said that 99% off your data breaches in the cloud is going to be because of customer fall. It may be the most trivial things, but those are the ones that get you right. And it turns out that cloud is easy and quick that up. It's very easy to miss configure >>stuff. So human error. >>Yeah, it's completely, and I kid you not. Majority of the shoes are failure to understand your shared responsibility >>model or the cost of a breach. When the doors wide open, they're just walking through. That's not really a breach that called just the door's open they walk through. I mean, that's what you're talking about >>exactly. I have the responsibility of the customers to configure it appropriately. I think that will take care of the lowest hanging fruit for them and then as their wall, their workloads moving into the cloud. They need to think about hybrid and not get into the trap of creating silos. That's a classic example, right? Security vendors were created building that kind of product companies around it, the container security. They're VM security. There's cloud security. At the end of the day, our customers are moving their workload and application in the cloud. They need a consistent way to ensure that configurations right data is secure and there's no threats to it. I we need to make that model of simplicity of consistency across all of these vendors. >>It's clear that McAfee is transforming their business to cloud. You guys have been a big part of that. Congratulations. How would you describe McAfee? Is current situation with respect to the cloud growth Now the on premise, cloud hybrid integration and multi cloud coming because you now have this entire systems architecture, a k a cloud, multi cloud hybrid public all need to work together. >>I think McAfee is very well positioned and honestly, when we joined McAfee, McAfee strength was in the end point and actually got a very good business in the server and pointed out with the CWS product when we came into the cloud native approach where that product was selling very well for the private data center on Prem, what we were able to do is add a cloud security story, but also create a sort of be the catalyst for ambition and vision is really this broad umbrella within McAfee for doing orderly cloud security. But, er insights, not products which can run in the cloud at scale in a multi tenant manner. >>You can create a data driven approach to make that human personalization work. Exactly. Don't forget, secure. That s three bucket. Exactly. I think when you go to your car is like you left your keys in. There's a new level of personalization coming from the data that you say that the >>video, clearly what we see with customers is going back to the shared responsibility model. It's almost like you're in the car. The center has some responsibilities rental agency and the car manufacturer responsibility that all of us have Understanding what those >>responsible. Just talking Another guest. We're saying, Hey, that role is used data to tell the human not to screw up. Yeah, you're flying on a plane, you gotta go secure your door. It's about reminding the environment you're working with getting >>doing it, doing it in real time because configurations change in the CD pipelines and real time right on being able to catch that and what we've done a part of my career the last year is do something that we call it Shift left, which is really before an application is born to make it secure. And it's possible in the cloud because it's very transparent. We can infrastructure this quote. So as the court gets checked in weaken, validate it. And >>well, I'm glad you brought that point real quick. I know you got to go. Dev. Ops has been a real influence on a lot of infrastructure as code, but now you have SEC ops dev sec off. So it's kind of the same melting pot. That's agility iteration real time. What's your version of security version of Dev Ops? >>Yeah, it is that it is basically playing whack a mole after the fact, you know, going and looking at configuration failures, DLP, whatever Push it. It actually helps the security team because they don't have bandwidth. They want to be able to coop developers and literally 100 X more developers and security folks. And so being able to integrate it with the tooling for continuous integration deployment is something we've done. It's a huge win for customers. >>Thanks for sharing the inside. We'll be able to empower event coming up. We'll do more interviews there and do a deep dive real quick. What are you working on right now? That's exciting. That's getting you motivated. That puts a little spring in your step. What's happening? >>I mean, this is a huge issue on Cloud Native sets on how we use miter and other frameworks to make the soccer teams more not get lost in all the nice on. You. See a lot of that work from us, but there's a lot of exciting >>work that innovation coming out of a lot of innovation. Software driven, obviously. Cloud. Yeah, we'll get back and talk about some of the cloud native nuances. KUBERNETES. State State. We've done a lot of data. We had a lot of action, lot of tech, a lot of potential opportunities, challenges. Thanks for coming on the Cube here with the Cube. We're here on the ground at RSA Conference. We'll be right back. Thanks for watching. >>Yeah, yeah,