>>Welcome to this cube conversation. I'm john Kerry host of the cube here in Palo alto California. We got a hot startup doing new things differently. The new way the cloud native way brendon, Hannigan, Ceo of sun rays securities. They deliver an awesome new solutions platform on all clouds to change the game and how security is done Brendan. Thanks for joining me on this cube conversation. >>Really nice to talk to you today, john >>you know, I loved showcasing companies that are, that are thinking about their entire optimizing their efforts to bring in the new, the new way to do things. And we certainly with the pandemic we've seen and everyone's validating this general global consensus that cloud scale and devops and def sec apps is generating a new kind of modern applications and this is just clearly has been known for a while inside the industry, but now it's mainstream. You guys are building a company around this notion of security. So let's get into it. What do you guys do is get right to it? What's the product? >>Well, firstly to get going And before getting into the specifics of product, john just I like to frame it, which is the ways in which I started out as a software engineer. You know, a long, long time ago built a company based on classic, traditional ways of developing software. The way we develop software has just changed dramatically change from stem to stern. We've gone from monolithic applications to microservices. We've gone from 18 month development cycles to two weeks from business units and I. T. Controlling it to devoPS teams. And then the amazing this is the incredible thing from a security perspective is we used to call up people in traditional networks and data centers to reconfigure the firewall so I could put my application of data center. But now I represented in code infrastructure is code that basically represents the infrastructure I have shows up in of course the cloud. The reason why I'd like to explain this story is we talk about cloud security and the complexities of cloud security. That's just where it all comes together. The reality is everything has changed around it. And we have a simple belief if everything has changed in terms of how it is, you build technology, value, deploy it and operators, we have to change how it is reduced security and it has to be also from stem to stern. So that's what basically that's why we started this business. Our mission is simple. We want to reinvent how it is. People secure new technology in these new environments and we do it by building a service that sits on top of companies usage of cloud amazon as your google cloud. And we help find risks automatically, eliminate them, Make sure they never come back and then deliver incredible new ways of continuously monitor activity to prevent cyber security incidents from happening in the first place. >>So this reinvention is a big, big trend. We've talked about this on the cube, you know, with many guests, even Pat Gelsinger's now the ceo of intel. When was that VM ware told us that you need to do over it in security, got to redo it all, not just incremental improvement. You know, fundamental revolutionary change was you're basically getting out here. So the question is top to bottom reinvention totally get that. How do you do it? Okay, Do you change the airplane engine out of 30,000 ft? It's hard people, it's easier said than done. What are the elements to reinvent security >>in this? We have we have a magical opportunity here because of cloud. So what happens is into traditional data centers and the traditional enterprise networks, There's, there's kind of Control points that are traditionally, which we understand and security John, right. And it's built up over 2030, 50 years. Right. And there's certain ways around which we rotate our security controls and you're familiar with them, right? Firewalls, Endpoint, antivirus security, information, security, event management system. Think of all those things, those control points are not relevant in the cloud. It's not, it's, they're interesting. V p c s and narrow grooves are kind of interesting in the cloud. Totally insufficient. So there's a necessity to reinvent and there's new control points and I will then tell you why it leads with an incredible better result. The new control points of the cloud, we believe and strenuously push when we speak to our customers, our identities. And it's not about Brandon and john, it's nearly always about non people identities, serverless functions, pieces of compute containers, all of these things have rights to like people. The second control point our data. Where is it? We used to have a data center. It's in the word, it says it data center, but in this instance I may have 20 devops teams. Each one of them is using RDS. One of them is using elastic cash. One of them is using a different thing. So data is the second one. The third one is applications. Why is this so important? The service providers have done a great job with core infrastructure. They give us two mechanisms to set up these environments. We need to help our customers organize and reinvent our security around these three pillars. The reason why it's so important, I love what you said is God, we've got to start from scratch. You get to start from scratch and when you do it, you actually can deliver a level of granularity and control and security that is unimaginable in the traditional enterprise network and data center. >>It's like golf, you got an extra Mulligan off the T if you hit it out of bounds and security, you get a do over. This is this is an opportunity. I love that concept because this is I mean it's not many times you get this clean sheet of paper or the opportunity to to pivot or reinvent or refresh re platform re factor whatever word you use. This is a time >>once in our life this transition, we know digital transformation is transforming industries, every industry is feeling it. We can see and understand the significance of the inventions like like AWS, it's an amazing invention, the power of it and what it delivers to us. The opportunity which is a must take opportunity is reinventing security from top to bottom. And by the way if you don't do it, if you just do this kind of half I have asked you end up with a mess on your hands if you do it properly, you end up in a better place than you would have been a traditional enterprise network and data center. >>The old expression you gotta burn the boats to get people motivated to kind of get it done right with the cloud. Let me ask you questions. Identity security and the data secure. Love that perspective because Identity the first thing in terms in my head when you said that was I thought about the identity of the individual their I. D. You know and you could actually get down to the firmware of a phone or you know to fact multifactor authentication. I get that access authentication. You're talking more in terms of other naming spaces and naming systems like specifically around services and applications identity, not just users. Right? >>Can you expand more on that? We we we we understand this as many people now understand this at a superficial level, but they haven't truly understand stood what's under the hood of what's happening inside cloud when you have reinvented applications, microservices, applications, auto scaling applications, it's all cloud is about incredible innovation happening across teams. What happens in the cloud is you have developers, administrators creating workloads. Those work clothes have huge numbers of compute functions which could be a container, a compute instance, a serverless function. They're gaining access to resources, other compute resources, cues and data to give you a sense of scale job you could have a company. It's not unusual. 80,000 pieces of compute 20,000 active at a particular point in time. We've got companies and then they assume these roles which give them access and rights to do things on these cloud services. It's not unusual to have 10,000 rolls in a cloud environment across multiple different accounts. Now, you see the identities, these pieces of compute have rights to do things. That's good because I can restrict what they do. It can be bad because if I don't have a handle on it, it's a mess. By the way, when you talk about this scale, human beings can't process this much information must be able to understand the risks, configure and automate remediation of these risks. The cloud providers give us the tools to build these flexible workloads. They're incredibly flexible. The dark side of it is in experience and basically inefficient deployment of those tools can lead to a whole host of risks that, quite frankly a lot of customers don't fully appreciate yet. >>And then people call that day to operation. But I love this idea of identity, the thousands and thousands of services out there because with microservices and you're seeing coming out of the cloud native world is these these new kinds of services could be stood up and torn down very quickly. So, you know, the observe ability trend is a great indicator in my opinion of this whole, you know, manic focus on data. So, you know, because you need machines to know, you don't know if something could be terminated and and stood up not even knowing about it, it could be errors. How do you log it? Right. So this is just an example. What's your thoughts on that? What's your reaction? Is that right? >>Ephemeral nature is the beauty of cloud. Right. Because, you know, there's problems that even now when we build our, we have a cloud native application ourselves and when we have a problem sometimes, of course we can go in and spin up 400 servers to go solve a problem and spin them back down half an hour later. We couldn't do that before a cloud. We can actually have developers doing this incredible rapid work with serverless functions to go and interrogate data to go out of data. Like to go and do analytics. It's wonderful. But what you said is their ephemeral. Now, just think about an environment. 20,000 pieces of compute 10,000 active, lots of 20 different teams across a 50 amazon accounts. Somebody comes in and basically during a period of time compromises. It compromises something and gets access to data, but it's a federal, it just comes and goes, we have to know that we have to know what's possible. We have to know if it's happened and then we have to basically greatly minimize the possibility of that happened. My promise because I'm security people are always trying to scare everybody which is valid. However, my promise the power of this cloud has created complexity opportunities but actually it also gives us the solution because using analytics machine learning in our case graphing technologies, we can actually find these things and give micro control two workloads so that actually we can see these things and automatically eliminate these risks and that was impossible >>in the the automation is programmable. You can actually set policies around automation. Pretty cool. I gotta ask you about get to the technical and want to understand the graphics and the platform more. But I want to ask you the question on the reinvention. If I follow your your playbook Yes. What's the end results? Can you take me through the all in bet the redo what happens? Can you just take me through the day in the life of an outcome? What's it look like and walk me through that? >>So firstly what the outcome I want to give our clients is they have these complex cloud environment spreading across, you know, any, even a moderate sized enterprise. What I basically want to be able to give our clients and when we have delivered for our clients is they basically managed to break that cloud from being this amorphous thing into specific work clothes. Each and every one of those workloads have specific controls in place that understand how that workload should operate in this environment across staging development and production. And actually we're able to essentially locked down what it is these workloads can do from an identity perspective, a data access perspective, a platform rights perspective and then monitor anything that changes. That's one thing. So the complexity were actually able to push away the complexity leveraged up lower to give that level of granularity at very deep levels. Identity, data platform. The second thing, actually, and this is john again, what's possible will clown? It doesn't it can't be all security teams, its security needs, It could be audit teams, its developers. So we have customers who have onboard tens and tens and tens of teams onto our platform. Why do we do that when we're finding issues and finding things that need to be resolved for directing it directly to the development teams? So we're saying developer to get into production, you're going to have to fix your identity set up in this environment. It's too risky, but it doesn't have to go to the security team. The security team will only hear about it if the developer doesn't fix it. >>Got it. So they're proactive, >>we're involving the teams responsible for creation and resolution of issues. The security and cloud teams are setting up the ground rules for a workload to operate in this environment and now we've got a level of granularity across workloads, whether they're in production or not. That basically is wonderful. That's the that's the ultimate endgame. >>What's the uh status of the vision and product on execution uh where your customers at now? Um how do you feel about it? Where is it going? Can you share a little bit about the roadmap and kind of where the product is? Uh It's a huge vision, it sounds easy to do, but it's not >>it's not actually and, you know, underlying it also, we actually, we've production service, we have wonderful, very large customers who are deployed and operational on our platform. You know, an example of one of them would be world fuel services, fortunate 93 company were the center of their kind of new security environment and operating model for everything they're doing and cloud. It's a beautiful story job. They've gone from in, in, you know, a few years ago. They 22 to the centers today to to yeah, it's unbelievable. And now all that future real estate were the center of that cloud security operating model. What does it mean? A 50 ft plus different teams on boarded onto the platform, following the rules of the road. If they don't follow the rules where all the exceptions are coming in and we're doing a continuous monitoring process underneath it. What is it that we've done? That's interesting. We actually have this incredible, unique way of collecting information from the cloud so that we can gather it in a very uh continuous way. So we're constantly seeing what's happening in addition to interrogating A PS and clouds are actually monitoring logs so we can see all the actions, what you just said. By the way, something comes and goes, we see it. The second thing which we do is we gather the information. We build a graph. This was actually, this was hard because it's not just as simple as sticking things in a graph with all of it to be. But what is the graph doing? The graph is basically understanding the intricacies of all the identity and access management models. I can see everything that can do anything to any other resource in the cloud, right? There is a surplus functioning container or a VM And we boil it down to very simple things. So underneath it's complex. We represented grass with boiling two simple things. Then we run analytics across the graph too, find and eliminate plaque from risk, find and eliminate identity risk. Get customers to the privilege enforced separation of duties, find data that you may not know is there that has incredible amounts of things capable of accessing it and help our customers lockdown that access. And then finally had we getting it into an operational automation kind of pipeline so that basically on an ongoing operational perspective it's efficient. So we're actually doing this for customers. We've got some very large financial institution customers. We've got, you know, large customers like World Fuel Services. And now actually our mission this year is to actually help simplify a lot of what we're describing so that, you know, you know, other companies and maybe companies not as sophisticated as a big financial institution or World Fuel Services is able to just very quickly get the value out of a solution. Like, >>you know, when you have these new technologies, new way of doing things, it's exciting at the same time, you have to kind of vector into an environment where the customer is ready to be operationalized. So, um, I got to ask you about how um teams are forming. I've I've been having a lot of conversation with VPs of engineering, large enterprises and and also big companies and hyper scale as well. And they're all talking about how, because of what you're doing and the kind of the general philosophy that you're you guys have is changing how teams are organized. You have a platform engineer now who can work on a platform and then flex and go work with other say feature engineers. And so it used to be just to do your features, You got your platform guys, you got your networking people. Okay, now you don't have to talk to the networking people because you can abstract away the network. You now have more composite, more compose herbal applications with all the observe ability. And now you can actually build that foundational platform. Redeploy the platform engineers with the other teams. So you seem like and then you got sRS embedded into teams and so you kind of got this new engineering formation going on, new kind of ways to organize the new modern era is here, it's on on this, this how people organize their teams. >>Actually is. There's no, there's no entire recipe at because you go to different customers and customers are basically experimenting with different ways to organize their teams. There's no question. But actually, I think one thing that's changed in the last 18 months is companies realizing we definitely need to change how it is. We've organized our team. I'm going to give you a simple example. Again in the old world, they would have network teams and network security teams you call up, Let me re configure the firewall. That doesn't work. It's just, it's just so broken. It can't work in clarity, can't be calling on people to re configure a firewall. That's an example. Another example which companies are realizing the latest identity. They will go through an approval process and they go through a governance and certification process. Well, these, these teams in the class, they want to get to work out in into, they need to get it in a month in an hour, in an hour. They can take a month and a manual approval processes sort of realizing that you need a skill set antiseptic ground rules and then the teams should be allowed to innovate within the ground rules. That's what the platform teams need to do. And so what we see emerging, which I think is a really best practice, is cloud centers of excellence. They're responsible for what I would call the shared infrastructure of the enterprise. The 250 Amazon accounts for 50 is your subscriptions, whatever it is that is king. Then the devoPS teams are using this shared infrastructure. The question is, how do you interface, how do you help coordinate between these different responsibilities from a security and governance and risk perspective? And that's actually what a big part of what our product is, helping teams coordinate their activities. That's a big part of what our product is, >>love. The first principles, they're sitting those ground rules. I mean there's been a chef and a cook, you know, you know, working with the environment and putting the new ingredients together and then getting that operational. It's a huge opportunity. Great stuff. Brandon. I gotta ask you the final question. Well I got you here, Sunrise Securities, the name Sunray. Where'd that come from? What does it mean? >>It actually means it's a Gaelic word and it means data and it's just so central to you know, what are people trying to steal? Like we can talk about security we're going to face. But at the end of the day they're trying to do damage. You're trying to get access to data. That's the most valuable thing we're trying to protect. So that's why we put it in our name. >>Digital transformation, everything's data now, everything's data, content, data Securities, data, data is everything >>it is. and I did >>great stuff. Brendan. Thank you for sharing the story here on the cube conversation, Brennan Hannigan's ceo of suddenly secure. Thanks for joining me. >>Thank you very much, john, it was a great pleasure. >>Okay. It's the cube from Palo alto California remote. Still. Thanks for watching.