>>Okay, welcome back. Everyone's cubes live coverage of eight of us reinforced 22. I'm John furrier, my host David Lon. We've got a great guest from Cisco, Eric Costin, technical marketing engineer, Cisco systems. Great to have you on. Thanks with >>The all right. Thanks for having, >>Of course we've doing a lot of Cisco laws, Cisco events, Barcelona us know a lot of folks over there. A lot of great momentum supply chain challenges, but you got the cloud with a lot of networking there too. A lot of security conversations, dev sec ops, the trend we're hearing here is operations security and operations. What are some of the business realities that you guys are looking at right now focused on from a Cisco perspective and a landscape perspective? >>Well, the transition to the cloud is accelerating and it's really changed the way we're doing business and what we do now, this combined with the more and more remote work by remote users and also the consumption of cloud-based tools to perform your business functions has dramatically changed the contour of the business environment. The traditional trust boundary has evaporated or at least transformed dramatically, but you still have those requirements for trust for micro segmentation. So what we've seen is a dramatic change in how we do business and what we do. And this is essential because the value proposition is enormous and companies are able to pursue more and more ambitious objectives. But from a security point of view, it's quite challenging because on one hand, what we call the attack surface has increased and the stakes are much higher. So you have more sophisticated malicious actors taking advantage of a broader security target in order to conduct your business in order to maintain business continuity and achieve your objectives. You need to protect this environment. And one, one of the, >>Sorry, just to, just to clarify, sure. You said the value proposition is enormous. You mean the value proposition of the cloud is enormous. Exactly. So the business is leaning in big time and there are security consequences to >>That precisely. And so, and one thing that we've seen happen in the industry is as these components of the business environment have change, the industry has sort of bolted on more and more security solutions. But the problem with that is that's led to enormous complexity in administering security for the company, which is very expensive to find people with those expertise. And also the complexity itself is a vulnerability. >>And, and that traditional trust boundary that you talked about, it hasn't been vaporized has it, it's still there. So are you connecting into that? Is there an interoperability challenge? Does that create more security issues or are people kind of redoing? We talk about security as a do over, how are customers approaching it? >>It is a challenge because although the concept of a trust boundary still exists, the nature of the hybrid multi-cloud environment makes it very difficult to define furthermore, the traditional solutions such as simply having a, a, a firewall and, and an on-premise network is now much more complex because the on-premise network has to connect to the cloud infrastructure and parts of the cloud infrastructure have to be exposed to the public. Other parts have to be protected. So it's not that the, the concept of trusted versus untrusted has gone away. It's just become fundamentally more complex. >>So Eric, I wanna get your thoughts on this higher level abstraction trend, because you're seeing the complexity being pushed to the customers and they want to buy cloud or cloud operations from partners platforms that take the heavy lifting from there, and best of breed products that handle the complexity. What's your reaction to that, that statement? Do you think that's happening or that will happen because either the complexity is gonna be solved by the customer, or they're gonna buy a platform or SA product. >>Now the, the it's it's unreasonable to expect the customers to constantly adapt to this changing environment. From the point of view of, of security, they have to be able to focus on their business objectives, which is to actually sell their products and pursue their ambitions. And it's a distraction that they really can't afford if they have to be focused on security. So the solutions have to take that challenge that distraction away from them, and that has to be integral to the solution. >>So you're saying that the, the vendors, the provi supplier has to deal the underlying complexities on behalf of the customer. >>Exactly. The vendor can't do this without a robust partnership with the cloud provider, working together, the both at the engineering level to develop the products together and in the implementation, as well as standing side by side with the customer, as they expand their business into the >>Cloud, this is super cloud it's super cloud. Right? Exactly. So give us the specifics. What are you doing? What's Cisco doing? How are you working with AWS? What solutions are you talking about? >>Well, Cisco has a wide variety, quite an expansive portfolio because there's a large number of components to the solution. This spans both the, the workload protection, as well as the infrastructure protection. And these are integrated and in partnership with AWS not only integrated together, but integrated into the cloud components. And this is what allows comprehensive protection across the hybrid cloud environment. >>So are we talking about solutions that are embedded into switches? We're talking about software layers, maybe give, describe, add a little color, paint, a picture of the portfolio. >>And, and it's really all of those things. So the most of the solutions historically could say evolved from solutions that were utilized in the physical infrastructure, in the firewalls, in the switches, in the routers. And some of these technologies are still basically confined to those, to those form factors. But some of the most important technologies we use such as snort three, which is a best of breed intrusion protection system that we have adopted is, is applicable as well to the virtual environment, so that we, we push into the cloud in a way that's seamless. So that if you're, if you've developed those policies for your on-prem solutions, you can extend them into the cloud effortlessly. Another example of something that adapts quite well to the cloud is security intelligence. Cisco has talus. Talus is the world's leading security intelligence operation. This is fundamental for addressing threats day zero attacks and Taos updates are products approximately once every hour with the new, with information about these emerging attacks, as well as informing the community as a whole of this. And now that that architecture is very easily extensible into the cloud because you can inform a virtual device just as easily as you can inform a physical device of an emergent threat, >>But technically, how do you do that integration? That's just through AWS primitives. How do you, how does Cisco work with AWS at an engineering level to make that happen? >>So, part of it is that we, we, we have taken certain of our products and we virtualized them. So you could say the, the, the simplest or more straightforward approach is to take our firewalls and, and our other products and simply make virtual machines out of them. But that's really not sort of the most exciting thing. The most exciting thing is that working with them, with integration, with their components and doing such things as having our management platforms, like our Cisco defense orchestrator, be able to discover the virtual environment and utilize that discovery to, to manipulate the security components of that environment. Yeah. >>Kurt, this is where I think you, you, onto something big here management is kind of like, oh yeah, we have software management software kind of always a thing. When you talk about large scale, multiple data point billions and billions of things happening a month. Quantum, we mentioned that in the keynote, we heard Kurt who's VP of platform. So about reasoning. This is kind of a whole nother level of technology. Next level reasoning, knowing things mentioned micro segmentation. So we're seeing a new era of not just policies, reasoning around the networks, around the software stuff that needs to be better than just machine learning, doing predictive and, you know, analysis. Can you share your reaction to that? Because I see this dots connecting at a whole nother level. >>Yes. Now, as we understand artificial intelligence machine learning, I think we appreciate that one of the key components there, we think about it as data science, as data management. But when you think about data, you suddenly recognize where's it coming from data requires visibility. And when we talk about the transition to the cloud and the dispersion of the workforce, visibility is one of the great challenges and visibility even prior to these transitions has been one of the primary focuses of Cisco systems. So as we transition to the cloud and we recognize the need to be able to interpret what we're seeing, we have expanded our capacity to visualize what's happening. And I think there's a, a significant contribution yeah. To the >>Dave and I were talking about this in context to our thesis about super cloud, how that's going evolving building on top of the hyperscalers CapEx investment, doing things, customer data control flows are a huge thing going across multiple geographies. It's global, you got regions, you got network, some trusted, some not. And you have now applications that are global. So you got data flows. >>Yes. >>I mean, data's gotta move across multiple environments. So that's a challenge >>And it has to move secure securely. And furthermore, there's a real challenge here with confidence, with confidence of the company that it's data flow is secure in this new environment that is frankly, can be a little bit uncomfortable. And also the customer and the partners of that business have to be confident that their intellectual property, that their security and identity is protected. >>Yeah. Dave and I were talking also, we're kind of old and seen some seen the movie before. Remember the old days of multi-vendor and OSI models and, you know, interoperability, we're kind of at a new inflection point where teamwork, not just ecosystem partners, companies working together to make sure things are secure. This is a whole nother data problem, opportunity. Amazon sees things that other people don't seek and contribute that back. How does this whole next level multi-vendor partnerships, the open source is a big part of the software piece of it. You got it's custom Silicon. You mentioned. How do you view that whole team oriented approach in security? >>Now this is absolutely essential. The community, the industry has to work together. Fortunately, it's in the DNA of Cisco to interate, I've sat next to competitors at customer sites working to solve the customer's problem. It's just how we function. So it's not just our partnerships, but it's our relationship with industry because industry has common purpose in solving these problems. We have to be confident in order to pursue our objectives. >>You see, you see this industry at a flash point right now, everyone has to partner. >>Exactly. >>Okay. How would you summarize that? We, we are out of time, but so give us your leadership about the >>Part of you, of business leadership. A business needs business continuity, its contributors have to be able to access resources to perform their job. And the customers and partners need confidence to deal with that business. You need the continuity, you demand flexibility to adapt to the changing environment and to take advantage of emerging opportunities. And you expect security. The security has to be resilient. It has to be robust. The security has to be simple to implement Cisco in partnership with AWS provides the security. You need to succeed. >>Eric, thanks coming for so much for coming on the cube. Really appreciate your insights and your experience and, and candid commentary and appreciate your time. Thank >>You. Thank you very much for the >>Opportunity. Okay. We're here. Live on the floor and expo hall at reinforce Avis reinforced 22 in Boston, Massachusetts. I'm John ante. We'll be right back with more coverage after this short break.

>> Narrator: Live from San Francisco. It's the theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconAngle Media. >> Alright, welcome to theCUBE coverage here at RSA Conference in San Francisco and Moscone Halls, theCUBE. I'm John Furrier, the host of theCUBE, in a cyber security is all about encryption data and also security. We have a very hot startup here, that amazing guest, Dr. Ellison Anne Williams, CEO and Founder of Enveil just recently secured a $10 million Series A Funding really attacking a real problem around encryption and use. Again, data ,security, analytics, making it all secure is great. Allison, and thanks for coming on. Appreciate your time. >> Thanks for having me. >> So congratulations on the funding before we get started into the interview talking about the hard news, you guys that are around the funding. How long have you guys been around? What's the funding going to do? What are you guys doing? >> Yeah, so we're about three and a half years old as a company. We just announced our Series A close last week. So that was led by C5. And their new US Funds The Impact Fund and participating. Other partners included folks like MasterCard, Capital One Ventures, Bloomberg, Beta 1843, etc. >> So some names jumped in C5 led the round. >> For sure. >> How did this get started? What was the idea behind this three years you've been actually doing some work? Are you going to production? Is it R&D? Is it in market? Give us a quick update on the status of product and solution? >> Yeah, so full production. For production of the product. We're in fact in 2.0 of the release. And so we got our start inside of the National Security Agency, where I spent the majority of my career. And we developed some breakthroughs in an area of technology called homomorphic encryption, that allows you to perform computations into the encrypted domain as if they were in the unencrypted world. So the tech had never existed in a practical capacity. So we knew that bringing seeds of that technology out of the intelligence community and using it to seed really and start the company, we would be creating a new commercial market. >> So look at this, right? So you're at the NSA, >> Correct >> Your practitioner, they're doing a lot of work in this area, pioneering a new capability. And did the NSA spin it out did they fund it was the seed capital there or did you guys bootstrap it >> No. So our seed round was done by an entity called Data Tribe. So designed to take teams in technologies that were coming out of the IC that wanted to commercialize to do so. So we took seed funding from them. And then we were actually one of the youngest company ever to be in the RSA Innovation Sandbox here in 2017, to be one of the winners and that's where the conversation really started to change around this technology called homomorphic encryption, the market category space called securing data in use and what that meant. And so from there, we started running the initial version of a product out in the commercial world and we encountered two universal reaction. One that we were expecting and one that we weren't. And the one that we were expecting is that people said, "holy cow, this actually works". Because what we say we do keeping everything encrypted during processing. Sounds pretty impossible. It's not just the math. And then the second reaction that we encountered that we weren't expecting is those initial early adopters turned around and said to us, "can we strategically invest in you?" So our second round of funding was actually a Strategic Round where folks like Bloomberg beta,Thomson Reuters, USA and Incue Towel came into the company. >> That's Pre Series A >> Pre Series A >> So you still moving along, if a sandbox, you get some visibility >> Correct. >> Then were the products working on my god is you know, working. That's great. So I want to get into before I get into some of the overhead involved in traditionally its encryption there always has been that overhead tax. And you guys seem to solve that. But can you describe first data-at-rest versus data-in-motion and data-in-user. data at rest, as means not doing anything but >> Yeah, >> In flight or in you so they the same, is there a difference? Can you just tell us the difference of someone this can be kind of confusing. >> So it's helpful to think of data security in three parts that we call the triad. So securing data at rest on the file system and the database, etc. This would be your more traditional in database encryption, or file based encryption also includes things like access control. The second area, the data security triad is securing data- in- transit when it's moving around through the network. So securing data at rest and in transit. Very well solution. A lot of big name companies do that today, folks like Talus and we partner with them, Talus, Gemalto, etc. Now, the third portion of the data security triad is what happens to that data when you go use or process it in some way when it becomes most valuable. And that's where we focus. So as a company, we secure data-in-use when it's being used or processed. So what does that mean? It means we can do things like take searches or analytics encrypt them, and then go run them without ever decrypting them at any point during processing. So like I said, this represents a new commercial market, where we're seeing it manifest most often right now are in things like enabling secure data sharing, and collaboration, or enabling secure data monetization, because its privacy preserving and privacy enabling as a capability. >> And so that I get this right, the problem that you solved is that during the end use parts of the triad, it had to be decrypted first and then encrypted again, and that was the vulnerability area. Look, can you describe kind of like, the main problem that you guys saw was that-- >> So think more about, if you've got data and you want to give me access to it, I'm a completely different entity. And the way that you're going to give me access to it is allowing me to run a search over your data holdings. We see this quite a bit in between two banks in the areas of anti-money laundering or financial crime. So if I'm going to go run a search in your environment, say I'm going to look for someone that's an EU resident. Well, their personal information is covered under GDPR. Right? So if I go run that search in your environment, just because I'm coming to look for a certain individual doesn't mean you actually know anything about that. And so if you don't, and you have no data on them whatsoever, I've just introduced a new variable into your environment that you now have to account for, From a risk and liability perspective under something like GDPR. Whereas if you use us, we could take that search encrypt it within our walls, send it out to you and you could process it in its encrypted state. And because it's never decrypted during processing, there's no risk to you of any increased liability because that PII or that EU resident identifier is never introduced into your space. >> So the operating side of the business where there's compliance and risk management are going to love this, >> For sure. >> Is that really where the action is? >> Yes, compliance risk privacy. >> Alright, so get a little nerdy action on this one. So encryption has always been an awesome thing depending on who you talk to you, obviously, but he's always been a tax associate with the overhead processing power. He said, there's math involved. How does homeomorphic work? Does it have problems with performance? Is that a problem? Or if not, how do you address that? Where does it? I might say, well, I get it. But what's the tax for me? Or is your tax? >> Encryption is never free. I always tell people that. So there always is a little bit of latency associated with being able to do anything in an encrypted capacity, whether that's at rest at in transit or in use. Now, specifically with homomorphic encryption. It's not a new area of encryption. It's been around 30 or so years, and it had often been considered to be the holy grail of encryption for exactly the reasons we've already talked about. Doing things like taking searches or analytics and encrypting them, running them without ever decrypting anything opens up a world of different types of use cases across verticals and-- >> Give those use case examples. What would be some that would be low hanging fruit. And it would be much more higher level. >> Some of the things that we're seeing today under that umbrella of secure data sharing and collaboration, specifically inside of financial services, for use cases around anti-money laundering and financial crimes so, allowing two banks to be able to securely collaborate with with each other, along the lines of the example that I gave you just a second ago, and then also for large multinational banks to do so across jurisdictions in which they operate that have different privacy and secrecy regulations associated with them. >> Awesome. Well, Ellison, and I want to ask you about your experience at the NSA. And now as an entrepreneur, obviously, you have some, you know, pedigree at the NSA, really, you know, congratulations. It's going to be smart to work there, I guess. Secrets, you know, >> You absolutely do. >> Brains brain surgeon rocket scientist, so you get a lot of good stuff. But now that you're on the commercial space, it's been a conversation around how public and commercial are really trying to work together a lot as innovations are happening on both sides of the fence there. >> Yeah. >> Then the ICC and the Intelligence Community as well as commercial. Yeah, you're an entrepreneur, you got to go make money, you got shareholders down, you got investors? What's the collaboration look like? How does the world does it change for you? Is it the same? What's the vibe in DC these days around the balance between collaboration or is there? >> Well, we've seen a great example of this recently in that anti-money laundering financial crime use case. So the FCA and the Financial Conduct Authority out of the UK, so public entity sponsored a whole event called a tech spread in which they brought the banks together the private entities together with the startup companies, so your early emerging innovative capabilities, along with the public entities, like your privacy regulators, etc, and had us all work together to develop really innovative solutions to real problems within the banks. In the in the context of this text spread. We ended up winning the know your customer customer due diligence side of the text brand and then at the same time that us held an equivalent event in DC, where FinCEN took the lead, bringing in again, the banks, the private companies, etc, to all collaborate around this one problem. So I think that's a great example of when your public and your private and your private small and your private big is in the financial services institutions start to work together, we can really make breakthroughs-- >> So you see a lot happening >> We see a lot happening. >> The encryption solution actually helped that because it makes sense. Now you have the sharing the encryption. >> Yeah. >> Does that help with some of the privacy and interactions? >> It breaks through those barriers? Because if we were two banks, we can't necessarily openly, freely share all the information. But if I can ask you a question and do so in a secure and private capacity, still respecting all the access controls that you've put in place over your own data, then it allows that collaboration to occur, whereas otherwise I really couldn't in an efficient capacity. >> Okay, so here's the curveball question for you. So anybody Startup Series today, but you really got advanced Series A, you got a lot of funding multiple years of operation. If I asked you what's the impact that you're going to have on the world? What would you say to that, >> Over creating a whole new market, completely changing the paradigm about where and how you can use data for business purposes. And in terms of how much funding we have, we have, we've had a few rounds, but we only have 15 million into the company. So to be three and a half years old to see this new market emerging and being created with with only $15 million. It's really pretty impressive. >> Yeah, it's got a lot of growth and keep the ownership with the employees and the founders. >> It's always good, but being bootstrap is harder than it looks, isn't it? >> Yeah. >> Or how about society at large impact. You know, we're living global society these days and get all kinds of challenges. You see anything else in the future for your vision of impact. >> So securing data and your supplies horizontally across verticals. So far we've been focused mainly on financial services. But I think healthcare is a great vertical to move out in. And I think there are a lot of global challenges with healthcare and the more collaborative that we could be from a healthcare standpoint with our data. And I think our capabilities enable that to be possible. And still respecting all the privacy regulations and restrictions. I think that's a whole new world of possibility as well. >> And your secret sauce is what math? What's that? What's the secret sauce, >> Math, Math and grit. >> Alright, so thanks for sharing the insights. Give a quick plug for the company. What are you guys looking to do? Honestly, $10 million in funding priorities for you and the team? What do you guys live in to do? >> So priorities for us? privacy is a global issue now. So we are expanding globally. And you'll be hearing more about that very shortly. We also have new product lines that are going to be coming out enabling people to do more advanced decisioning in a completely secure and private capacity. >> And hiring office locations DC. >> Yes. So our headquarters is in DC, but we're based on over the world, so we're hiring, check out our web page. We're hiring for all kinds of roles from engineering to business functionality >> And virtual is okay virtual hires school >> Virtual hires is great. We're looking for awesome people no matter where they are. >> You know, DC but primary. Okay, so great to have you gone. Congratulations for one, the financing and then three years of bootstrapping and making it happen. Awesome. >> Thank you. >> Thank you for coming ,appreciate it. So keep coming to your RSA conference in Moscone. I'm John Furrier. Thanks for watching more after this short break (pop music playing)