>> Narrator: Live from Las Vegas, it's theCUBE. Covering AWS reInvent 2017, presented by AWS, Intel, and our ecosystem of partners. >> Okay, welcome back everyone, this is theCUBE's exclusive coverage, live, in Las Vegas, 45,000 people here on the ground, for Amazon Web Services reInvent 2017. Their annual conference. Our fifth year doing it, I got two sets, two cubes, a lot of action. Day two of three days of wall to wall coverage. My next guest, Tom Kemp, CEO, of Centrify, security company out of California in Silicon Valley, leader in identity based security in the cloud, on-prem, big business growing, fast growing startup in the area. Good to see you. >> Yeah it's great to be here again. >> Security has been Amazon's kryptonite for many years. They've done their work, their paying their dues, they're checking the boxes. Certainly we see that on the federal side, public sector. Great success, Teresa Carlson, has done an amazing job. It's been fun watch her go from an outcast to, in the marketplace, "Ah, we don't trust the cloud", to winning. They've done the work. Security, you've gotta do the work. >> Yeah, I mean, they've done a great job of evangelizing the shared responsibiloty model where they clearly identify, "Hey, this is what we do", and then, "This is what the customer needs to do." So it's actually a very nice model that they offer that vendors such as us can slot into. >> And they move so fast but again, security is one of those things, you can't fake it til you make it. Right? (Tom laughs) You can't make it til you make it. Which means, it's hard. What are you guys doing with Amazon now? What's your story here for Centrify? >> Yeah, we're doing a couple of things. So the first thing is that we do privilege management. I mean the reality is is that the keys to the kingdom are in the AWS console in terms of the billing systems, firing up servers, shutting down servers et cetera. A lot of the more recent hacks have been because people have gotten the access to those keys of those systems as well. So we help lockdown the AWS environment and then we also help lockdown the actual servers being deployed on EC2. We provide multifactor authentication et cetera. The other thing that we do is and what we announced just the other day is we've actually moved our platform over to AWS. So before we ran on at Azure, can I say that at this, ah? >> John: That's fine. >> It's okay, yeah, just joking. >> All fair in love and sharing the cloud. >> So now we have a production cloud on AWS and we've also integrated in the marketplace. So there's SaaS billing that people can get as well, which actually is a very unique thing that AWS offers that the other cloud providers don't do. >> Alright, so I gotta ask you, obviously, to me, super exciting show because some of the announcements are really kind of cool and sexy, and some are under the hood geeky, like Lambda. And then you got the cool AI stuff happening, whether it's VR, AR, or recognition, all these cool machine learning, democratized toolkits. So does this help you? I mean Lambda server lists is a dream for a developer. Just, "Oh my God, I don't have to worry about anything. "What's a local host? "I don't need to know what a load balancer is." Does that help you guys or not? >> Yeah it does, I mean the reality is is that the amount of servers and applications, be it server or server-less, the amount of applications, the users that are connecting to it, it just adds more to the potential complexity. And we can, through the power of identity, provide a control plane to give people identity driven security and really allow people to move-- >> But it doesn't replace us. My point is, I guess, if you're locking down servers, this is a value right? >> Yeah. >> EC2 instances. But if the developers aren't using EC2 instances 'cause it's server-less. Are you guys transparent, are you abstracted away? >> So we also then, then integrate into the application and then help facilitate security for the actual users themselves. But look the reality of the situation is is that people are always gonna have a hybrid environment. They still have on-premises, which users have to access that environment. They're gonna have the cloud environment. And it's gonna be heterogenous. So AWS is a clear leader in the cloud but you're also gonna have Azure, Google, and then the SaaS applications as well, which are gonna be used in conjunction with the custom applications people are building. So the one constant-- >> I've been saying, I've been saying this for years, the specialty cloud is a big market. Oracle's a specialty cloud, Microsoft's a specialty cloud, 'cause they have apps for them. They can be different clouds. Multi-cloud is what's coming, would you agree? >> Yeah, and the reality is as companies go through digital transformation they're gonna open up more and more of their applications to more and more users. They're gonna be more and more devices, and that's just gonna lead to identity sprawl, more and more passwords that people have to deal with as well. And that's why in a world in which-- >> How bad is that problem? 'Cause that's a huge problem, at least in my mind. Identity sprawl, explain what that is and how bad is it? And what are the consequences if it's not fixed? >> Well look the reality is 80% of breaches nowadays involve compromised credentials. I mean we had the whole election, Podesta, the DNC, the recent hack of HBO, you had Sony. It always tied into people stealing credentials and people having too many credentials, sharing credentials, et cetera. So the problem that we face as consumers in terms of having too many user names and passwords has now entered into the actual enterprise and we're now in a situation that, yeah, there's an app for that but that means that there's a password for that. So IT is having a hard time controlling who can access what while end users are just dealing with too many user names and passwords as well. So you have identity sprawl, it's difficult to provision access. And then now you have IoT coming onboard and those devices need an identity unto themselves. And probably the thing that excites me most about some of today's announcements is what AWS is doing with IoT. Some pretty cool stuff. >> I mean I think IoT is the trend, AI and IoT, because, to me the data center, and this might be a little bit over the top, but I'll say it anyway. I think private cloud is real, the way Wikibon talks about it but it's still cloud and the cloud looks at these endpoints as edge devices. So a data center is just an IoT device, a big one. >> Yeah. >> Or, a series of devices connected to the network which connect to the cloud. I mean if it's operating as a cloud what's the difference? Private and public. >> Yeah, no, I, I, I-- >> IoT has gotta be connected. That's where identity could be helpful. >> Identity, I mean, 'cause look, every device has an identity beyond just an IP address. I mean some of the attacks have even taken over IoT devices and then pointed them against websites and brought those websites down as well. So users have multiple identities. Devices have identities unto themselves so you've got this kinda n-by-m, you know, situation where you multiply the number of users times the number of devices, and we're told digital transformation, more and more users are coming online connecting to applications. So I think that's a, it's just a great market to be in. >> Tom, great to have you on theCUBE, congratulations on your business growth. What's your secret sauce? We'll end this segment by you just taking a minute to describe to the folks watching why are you doing so good, what's your secret sauce, what are the tailwinds for you, why the success? >> Well the tailwinds are, first of all, identity has become the top attack vector. It's now involved, compromised credentials stolen at NEs is now involved in over 80% of all breaches. And the other tailwind is the whole move to the cloud that just says, introduces password sprawl. And we're very unique in the market in that we can secure both end users and their identities but we can also secure the privileged accounts that are built into the infrastructures of service. The AWS, EC2, IAM-- >> John: The critical resources. >> Yeah, and we do this in a hybrid environment. So, yes, people are aggressively moving to the cloud but you know and I know that still, what, 70, 80% of IT is still on-prem, and it's gonna be a mixed hybrid environment. And we offer both software and cloud services to secure both end users as well as privileged accounts in that environment. >> Alright, the bottom line, the AWS cloud phenomenon. Describe it in a sentence. >> In a sentence? Oh, it's just, the complete consolidation of all IT in a single platform. I mean, it's amazing that every year they announce another couple a hundred new brand new services as well. So it's just like a phenomena that I've never seen before in terms of a vendor aggressively able to come out with new capabilities and deliver more and more features. >> Cloud as an operating system that's what I always say. And I can see it coming together, and they're staying on their track. I gotta give Andy Jassy credit, even though I busted his chops by putting the Gartner slide on there, because that's old guard technically, doesn't match his presentation, so he's gotta fix that. They stay on their line, they're not wavering. They are mission focused. Changing the game, adding value for customers. >> And they're thinking about new app scenarios and I think it was brilliant that, take IoT, there's so many different flavors of operating systems for IoT. They're saying, "Hey, we're gonna come out "with a standard operating system "that you can leverage. "And we're gonna provide device management, "and we're gonna tie it back into the platform." So they're gonna capture the, they're trying to capture the edge. And the good news is stuff like that does provide opportunities for vendors such as Centrify. >> And they surround themselves with a great ecosystem. You guys are doing great in there. I know you're growing but you're soon to be bigger. But Intel, they're doing great with Intel. Intel gets a lift off this, more compute, everywhere. >> Absolutely. >> So even if they, they kind of have to split some of the business, whatever they do, who knows what happens there but Intel wins with this scenario. Amazon's not trying to eat the whole pie, they're sharing. They're sharing the wealth. And they do it, in the case of security again I go back to their shared responsibility model. It provides a great framework where it makes it very easy for vendors such as ourselves to say, "We play here, here, and here." So it makes it great to partner with and the ability for them to actually have SaaS based applications in their marketplace as well. And that's powerful, and no other of the cloud guys have a similar concept. Yeah, you could put AMIs on infrastructure as a service but to actually have a cloud based service tied into the billing system of AWS is incredibly powerful. We're very excited about being a part of that. >> And we will keep an eye on them on the open source side, certainly that's an area we're watching very carefully. Hey the developers love Amazon and that's a good thing. Now the enterprise love Amazon, public sector loves Amazon. Who doesn't love Amazon Web Services? We'll be following that very closely over the course of the next few months and next year, 2018. Of course live here in here in Las Vegas is AWS reInvent 2017. Back with more coverage after this short break. (upbeat electronic music)

>> Announcer: Live from New York City, it's theCube covering Cyber Connect 2017. Brought to you by Centrify and The Institute for Critical Infrastructure Technology. >> Okay, welcome back everyone, this is a live Cube coverage here in New York City at the Grand Hyatt Ballroom. I'm John Furrier with my co-host Dave Vellante. This is Cyber Connect 2017, the inaugural conference of a new kind of conference bringing industry and government and practitioners together to solve the crisis of this generation, according to Keith Alexander, who was on stage earlier. Our next guest is the CEO of the company that's under running this event, Tom Kemp, co-founder and CEO of Centrify. Congratulations, Tom, we met, we saw you last week, came in the studio in Palo Alto. Day one was coming to a close. Great day. >> Yeah, it's been amazing, we've had over 500 people here. We've been webcasting this, we have 1,000 people. And, of course, we've got your audience as well. So, clearly, over 2,000 people participating in this event, so we're really pleased with the first day turn-out. >> So, I would say this is, like, a new kind of event, a little bit different than most events in the business. Response has been very well received, sold out, packed house, I couldn't get a chair, strolled in, not late, but, I mean, you know, towards the end of your Keynote. This is the dynamic, there's demand for this. Why is this so popular? You guys had a good hunch here, what's been the feedback? >> Well, the feedback's been great, first of all. But, the reality is, is that, organizations are spending 10% more per year on security but the reality is the breaches are growing 40 to 70% per year. So, no matter how much money they're throwing at it, the problem's getting worse, and so people are, for the most part, kind of throwing up their hands and saying, how can we re-think security as well? So, I think there's just a complete hunger to hear best practices from some of the top CSO's. You know we had US bank CSO, we had Etna, Blue Cross Blue Shield, etcetera. What are these guys doing to keep their data secure and make sure that they don't make headlines? >> So, I want to ask you a question on the business front, obviously we saw last week, Alphabet, AKA Google, Twitter and Facebook in front of the Setna committee, around this influence thing going on with the media, still an exploit, but a little bit different than pay load based stuff we're normally seeing with security hacks, still relevant, causes some problems, you guys have been very successful in Washington. I'm not saying you're lobbying, but as a start up, you ingratiated yourself into the community there, took a different approach. A lot of people are saying that the tech companies could do a better job in D.C., and a lot of the times Google and these treasure troves of data, they're trying to figure it out. You took a different approach and the feedback we heard on theCube is working. You guys are well received in there, obviously the product, good timing to have an identity solution, and zero trust philosophy you have. Well, you did something different. What was the strategy? Why so much success in D.C. for Centrify? >> Well, we actually partnered with the IT folks and the security people. I mean, we actually spent a lot of time on site, talking with them, and actually, we built a lot of capabilities for what the government was looking to address from an identity access security perspective. That's just the reality of the situation. And so, we took a long haul view, we've done very great in the, two of our largest customers are intelligence agencies, but we actually have over 20% of our sales that goes to the federal government, state and local as well. So, you really can't just go in there, spend a lot of money, do a lot of hype. You actually have to roll up your sleeves and help them solve the mission. They call it the mission, right, they have mission, and you got to be focused on how you can address them and work with the technologist out there to make sure, so it was just, really just blocking and tackling the ground game, >> So common sense sounds like, just do the work. >> Yeah, do the work, really listen. And think about it as a multi-year investment, right? I mean, in a lot of start ups, they just, like, oh, can't get the sale, move on, right. But you actually have to realize, especially in security, that most tech companies that have a big security presence, they should get 15-20% of their business from the US government. >> That's a big bet for you guys, were you nervous at first? I mean, obviously, you have confidence now looking back, I mean, it must've been pretty nerve wracking because it's a big bet. >> It's a big bet because you also have to meet certain government standards and requirements. You got to get FIP certification, you got to get common criteria, in the cloud, you got to get FedRAMP, and that means you also have to have customers in the federal government approve you and bring you in and then you have to go through the lengthy audit process. And we're actually about to get our FedRAMP certification, just passed the audit and that's going to be coming up pretty soon as well. So, yeah, to go get common criteria, to get FedRAMP, you have to spend a million dollars for those types of certifications. At the same time, working with the large federal agencies. >> So Tom, you gave us the numbers, 10% more spending every year on security but breaches are up 40 to 70%, you said in your talk that's two trillion dollars in lost dollars, productivity, IP, etcetera, so obviously it's not working, you've mentioned a number of folks in here talking today. What's their mindset? Is their mindset this is a do-over? Or, is it, just we got to do a better job? >> I think we're getting to the point where its' going to be a do-over. And I think, first of all, people realize that the legacy technology that they have have historically focused on premises. But, the world's rapidly moving to the cloud, right? And so, you need to have cloud-based scale, a cloud-based architecture, to deliver security nowadays because the perimeter is completely going away. That's the first thing. And, I think there's also realization that there needs to be Big Data machine learning applied to this. And you guys talk about this all the time, the whole rise of Big Data. But, security is probably the best vertical. >> Data application. >> Exactly, it's probably the best vertical, because you need real-time instantaneous should I let this person come into the system or not, right? Or, over time, is this, does this represent malicious activity as well? So, I think people are realizing that what they've been doing's not working, they realize they're moving to the cloud, they need to adopt cloud, to, not only secure cloud, but have their technology be based in the cloud and they need to apply machine learning to the problem as well. >> So, in your talk, you talked about a paradigm shift, which I inferred as a mindset shift in how security practices in technologies should be applied, you got to lot of content in there. But could you summarize for our audience sort of the fundamentals? >> Well, the first fundamental is, is that the attack vector is completely changed, right? Before, it was all about vulnerabilities that someone hadn't patched this latest version of Windows, etcetera. Those problems are really solved, for the most part. I mean, occasionally it kind of pops in now and then, but for the most part, enterprises and governments are good about patching systems etcetera. You don't hear about sequel injections anymore. So, a lot of those problems have been resolved. But, where the attackers are going, they're going after the actual users, and so, I know you had the Verizon folks here on theCube, and if you look at the latest Verizon data breacher port, eight out of 10 breaches involve stolen and compromised credentials, right? And that has grown over the last few years from 50% to 60% now to over 80%. Look at the election, right? You talk about all this Twitter stuff and Facebook and all that stuff, it's John Podesta's emails getting stolen, it's the democrat's emails getting stolen, and you know, now that people have the Equifax data, they've got even more information to help figure out-- >> Social engineering is a big theme here. >> Absolutely. >> They have this data out on the dark web, this methodologies and there's also, you know, we talked with the critical interset guys that you're partnering with about all the terrorism activity, so, there's influence campaigns going on that are influencing through social engineering, but that data's being cross connected for, you know, radicalizing people to kill people in the United States. >> Well, there's that. And then there's nation states, there's insiders. So, the reality is, is that, it turns out from a security perspective, that we, the humans, we're the weakest link in this. And so, yes, there needs to be process, there needs to be technology, there needs to be education here as well. But the reality is that the vast majority of spin on security is for the old stuff, it's like we're trying to fight a land war in Asia, and that's how we're investing, we're still investing in M1 tanks in security, but the reality is that 80% of the breaches are occurring because they're attacking the individuals. They're either fooling them, or stealing it by some means or mechanisms, and so the attack vector is now the user. And that's this, and people are probably spending less than 10% securing the users, but it represents 80% of the actual attack vector. >> Talk about the general, you've had some one-on-one times with him, he's giving a keynote here, gave a keynote this morning, very inspiring. I mean, I basically heard him pounding on the table, "we don't fix this mess, You know, we're going to be in trouble, it's going to be worse than it is!" Think differently, almost re-imagining, his vibe was almost about let's re-imagine, let's partner, let's be a community. What else can you share with you interaction with him? I know he's a very rare to get to speak, but you know, running the cyber command for the NSA, great on offense, we need work on defense. What have you learned from him that industry could take away? >> Yeah, I think you hit it, which is, and I didn't realize that there's a bigger opportunity here, which is, is that in real time, there needs to be more sharing among like constituents. For example, in the energy industry, these organizations, they need to come together and they need to share, not only in terms of round tables, but they actually need to share data. And it probably needs to happen in the cloud, where there's the threats, the attacks that are happening in real time, need to be shared with their peers in the industry as well. And so, and I think government needs to also play a part in that as well. Because each of us, we're trying to fight the Russians, right? And the Chinese and the North Koreans, etcetera and a enterprise just can't deal with that alone and so they need to band together, share information, not only from an educational, like we have today, but actually real time information. And then again, leverage that machine learning. That artificial intelligence to say, "wait a minute, we've detected this of our peers and so we should apply some preventative controls to stop it." >> And tech is at the center of the government transformation more than ever. And again, Twitter, Facebook, and Alphabet in front of the senate, watching them, watching the senators kind of fumbling with the marbles. You know, hey, what's Facebook again? I mean, the magnitude of the data and the impact of these new technologies and with Centrify, the collision between government and industry is happening very rapidly. So, the question is that, you know, how will you guys, seeing this going forward, is it going to be, you know, the partnership as they come together fast or will more mandates come and regulations, which could stifle innovations, so, there's this dimension going on now where I see the formation of either faster partnership with industry and government, or, hey industry, if you don't move fast enough poof, more regulations. >> And that's also what the general brought up as well, is that if you guys don't do something on your own, if you don't fix your own problems, right, then the government's going to step in. Actually, that's what's already starting to happen right now, that if Facebook, Twitter, all these other social networks are not going to do something about foreign governments advertising on their platform, they're going to get regulated. So, if they don't start doing something. So, it's better to be in front of these things right here, the reality is that, yes, from a cyber security in terms of protecting users, protecting data, enterprise needs to do more. But, you know what, regulations are starting to already occur, so, there's a major regulation that came out of New York with the financial services that a lot of these financial firms are talking about. And then in Europe, you got GDPR, right? And that goes into effect I think in May of next year. And there's some serious finds. It could be up to four percent of your revenue as well, while, in the past, the kind of, the hand slaps that have happened here, so if you do business in Europe, if you're a financial services firm doing business in New York. >> People are going to run from there, Europe. I mean, regulation, I'm not a big fan of more regulation, I like regulation at the right balance, cause innovation's key. What have you heard here from talks? Share, cause we haven't had a chance 'cause we've been broadcasting all day, share some highlights from today's sessions after, you know, Jim from Etna was on there, which, I'm sure you got a kick out of his history comment, you're a history buff. Weren't you a history major and computer science? >> I was a history major and computer science, you got that right. >> You'd be a great dean of the sciences by today's standards. But I mean, he had a good point. Civilization crumbles when there's no trust. That comment, he made that interesting comment. >> So, it's interesting what Etna's done, from his presentation, was they've invested heavily in models, they've modeled this. And I think that kind of goes back to the whole Big Data, so I think Etna is ahead of the game, and it's very impressive what he's put forth as well. And just think about the information that Etna has about their customers etcetera. That is not something that you want. >> He was also saying that he modeled, you don't model for model's sake because stuff's going on in real time, you know what I'm saying? So, the data lake wasn't the answer. >> Well, he said his mistake was, so they were operationalizing the real time, you know, security Big Data activity, and he didn't realize it, he said that was the real answer, not just, sort of, analyzing the data swamp, so. >> Yeah, absolutely. >> So, that was the epiphany that he realized. You know, that is where the opportunity was. >> John: It was unconventional tactics, too. >> What can businesses expect, Tom? What's the business outcome they can expect if they, sort of, follow the prescription that you talked about and, sort of, understand that humans are the weakest link and take actions to remediate that. What kind of business impact can that have? >> Yeah, so, we actually, we spent a lot of time on this and we partnered with Forrester, a well known analyst group, and we did this study with them, and they went out and they interviewed 120 large enterprises. And it was really interesting that one group, group A, was getting breached left and right and group B, about half the number of breaches, right? And we were like, what is group B doing versus group A? And it had to do with implementing a maturity model as it relates to identity which is, first and foremost, implementing identity assurance, getting, reducing the number of logins, delivering single sign-in, multi factor authentication. Which we should all do as consumers as well, turn on that MFA button for Twitter, and your Gmail etcetera. Then, from there, the organizations that were able to limit lateral movement and break down, make sure that people don't have too much access to too many things as well. There was an incident, it was Saudi Generale that there was a backend IT guy, he became a traitor, he started making some losses, and so he tried to, he doubled down, he leveraged the credentials that he had as a former IT person to continue trading even though he kind of turned off all the the guardrails right there, and he should have been shut down. When he made that move into that new position, so, there's just too much lateral movement aloud. And then, from there, you got to implement the concept of least privilege and then finally you got to audit, and so if you can follow this maturity model, we have seen that organizations have seen significant reduction in the number of breaches out there as well. So, that was another thing that I talked about at my keynote, that I presented this study that Forrester did by talking to customers and there turned out to be a significant difference between group A and group B in terms of the number of breaches as well. And that actually tied very well with what Jim was talking about as well, which was, you know, I call it a maturity model, he called it just models, right, as well. But there is a path forward that you can better be smarter about security. >> But there's a playbook. >> There is a playbook, absolutely. >> And it revolves around not having a lot of moving parts where human error, and this is where passwords and these directories of stuff out there, are silos, is that right? Did I get that right? So you want to go level? >> That's the first step, I mean the first step is that we're drowning in a sea of passwords, right, and we need what's known as identity assurance, we need to reduce the number of passwords. With the fewer passwords we have, we need to better protect it by adding stronger authentication. Multi-factor authentication. The new face ID technology, which I've been hearing good reviews about, coming from Apple as well, I mean, stuff like that, and say, look, before I log into that, yes, I need to do my thumbprint and do the old face ID. >> And multi factor authentication I think is a good point, also known as MFA, that's not two factor, it's more than one, but two seems to be popular cause you get your phone, multi factor could be device, IOT device, card readers, it starts getting down into other mechanisms, is that right? >> Absolutely, it's something you have, and something you know, right? >> Answer five questions. >> Yeah, but at the same time you don't want to make it too, >> Too restrictive. >> Too restrictive, etcetera. But then here's where the machine learning comes in, then you add the word adaptive in front of multi factor authentication. If the access is coming from the corporate network, odds are that means that person was badged, got through. So, maybe you don't ask as much, for much information to actually allow the person on right there. But, what if that person was, five minutes ago, was in New York, and now he's trying to access from China? Well wait a minute, right? Or what if it's a device that he or she's never accessed from before as well? So, you need to start using that machine learning and look at what is normal behavior and what deviates from that behavior? And then, factor it into the multi factor authentication. >> Well, we've seen major advancements in the last couple years, even, in fraud detection, you know, real time. And is that seeping into the enterprise? >> Well, it should, that's the ironic thing is, is that with our credit card, I mean, we get blocked all the time, right? >> It is annoying sometimes, but you know at the end of the day you say, good. >> Yeah, thank you for doing that, you know. And so that's, in effect, the multi factor authentication is you calling up the credit card company, ironically my credit card, maybe I shouldn't reveal this, too much information, someone will hack me, but I use US bank, right there, and we had Jason the CSO of US bank right there, but, you know, calling in and actually saying, yes, I'm trying to do this transaction represents another form of authentication. Why aren't we doing similar things for people logging onto mission critical servers or applications? It's just shocking. >> I'm going to ask you a personal question, so, you mentioned history and computer science, a lot of security folks that I talk to, when they were little kids, they used to sort of dream about saving the world. Did you do that? (laughter) >> Well, I definitely want to do something that adds value to society, so, you know, this is not like the Steve Jobs telling Scully, do you want to make sugared water and all that stuff? >> Dave: No, but like, superhero stuff, were you into that as a kid, or? >> D.C. or Marvel? >> Good versus evil? >> Don't answer that question, you like 'em both. >> But the nice thing about security is, when you're a security vendor, you're actually, the value that you have is real. It's not like, you know, some app or whatever where you get a bunch of teenagers to waste time and all that stuff. >> John: Serious business. >> Yeah, you're in serious business. You're protecting people, you're protecting individuals, their personal information, you're protecting corporations, their brand, look what happened to Equifax when their, when it was announced, the breach, their stock went down 13, 14%, Chipotle went down by 400 million, their market cap went. I mean, so, nowadays, if you have a, if there's a breach, you got to short that stock. >> Yeah, and security's now part of the product, cause the brand image, not just whatever the value is in the brand, I mean the product, the brand itself is the security. If you're a bank, security is the product. >> Absolutely, if you're known for being breached, who the heck's going to bank with you? >> Whole 'nother strategy there. Okay, final question from me is, this event, what are some of the hallway conversations, what's notable, what can you share for the folks watching? Some of the conversations, the interests, the kind of people here, what was the conversations? >> Yeah, I mean, the conference, we really did a great job working with our partner ICIT of attracting sea level folks, right? So, this was more of a business focus, this was not, you know, people gathered around a laptop and try to hack into the guy sitting right next to them as well. And, so, I think there, what has come out of the conversations is a better awareness of, as I said before, it's like, you know what, we got to completely, we got to like step back, completely rethink what we're trying to do here as well, cause what we're doing now is not working, right? And so I think it's, in effect, we're kind of forcing some soul searching here as well. And having others present what's been working for them, what technologies, cloud, machine learning, the zero trust concept, etcetera, where you only, you have to assume that your internal network is just as polluted as the outside. >> I know this might be early, but what's the current takeaway for you as you ruminate here on theCube that you're going to take back to the ranch in Palo Alto and Silicon Valley, what's the takeaway, personally, that you're now going to walk away with? Was there an epiphany, was there a moment of validation, what can you share about what you'll walk away with? >> There's just a hunger. I mean there's just a hunger to know more about the business of security etcetera. I mean, we're just, we were amazed with the turn out here, we're pleased with working with you guys and the level of interest with your viewership, our webcast, I mean, this is, you know, for the first time event to have both in-person and online, well over 2,000 people participating, that says a lot. That there's just this big hunger. So, we're going to work with you guys, we're going to work with ICIT and we're going to figure out how we're going to make this bigger and even better because there is an untapped need for a conference such as this. >> And a whole new generation's coming up though the ranks, our kids and the younger, new millennials , whatever they're called, Z or letters they're called, they're going to end up running the cyber. >> Yeah absolutely, absolutely. So there just needs to be a new way of going about it. >> Tom, congratulations. >> Thank you. >> Great event, you guys got a lot of credibility in D.C., you've earned it, it shows. The event, again, good timing lighting the bottle, The CyberConnect inaugural event, Cube exclusive coverage in Manhattan here, live in New York City at the Grand Hyatt Ballroom for the CyberConnect 2017 presented by Centrify, I'm here with the CEO and co-founder of Centrify, Tom Kemp, I'm John Furrier, Dave Vellante, more live coverage after this short break. (modern electronic music)

(upbeat music) >> Hello, everyone and welcome to this special CUBE conversation here in our studios in Palo Alto, California. I'm John Furrier, the co-founder of SiliconANGLE Media and cohost of theCUBE, with a special preview of CyberConnect 2017, a global security conference presented by Centrify, it's an industry-independent event. I'm here with the CEO and Founder of Centrify, Tom Kemp. Tom, thanks for joining me on this preview of CyberConnect 2017. >> It's great to be here again. >> So, you guys, obviously, as a company are no longer struggling, you're clearly clearing the runway on growth. Congratulations on the success. This event will be broadcasting live on theCUBE as folks should know on the site. CyberConnect 2017 is a different kind of event, it's really the first of its kind where it's an industry gathering, not just a Black Hat, I mean, RSA's got Black Hat and they try to weave a little business in. This is all about leadership in the industry. Is that right? >> Yeah, absolutely. You know, there's really a dearth of business-focused discussions with C-Level people discussing the issues around security. And so, what we found was, was that most of the conversations were about the hackers, you know, the methodology of goin' in and hacking in. And, that doesn't really help the business people, they have to understand what are the higher level strategies that should be deployed to make their organizations more secure. So, we kind of wanted to up-level the conversation regarding security and help C-Level people, board people, figure out what they should be doing. >> And, we've obviously been reporting at SiliconANGLE, obviously, the latest and greatest on hacks. You know, you've seen everything from cyber threats, where are real hacking, to nuanced things like the rushing dissidents campaign on Facebook around voter impressions. And we saw that in the hearings in the senate where Facebook got really grilled by, you know, "Is it a real threat," no, but it is a threat in the sense that they're putting opinion-shaping. So, there's a broad range of business issues, some are highly-nuanced, some are very specific business values, you're out of business if you get hacked. So, how do you see that, because is that the discussion point? Is it more policy, all of the above, what is the overall conversations going to be like at CyberConnect 2017? >> Yeah, I think it's, look, the reality is, is that breaches before were about potentially stealing your data. But, now it's an impact on your brand. Like, what if the Russians were doing that to Pepsi or Coca-Cola, et cetera? They could just completely setup a lot of negative sentiment about you, so there's a lot of different ways to impact organizations as well. And so, what we're doing at CyberConnect is, putting forth CIOs of Aetna, US Bank, and having them describe what they do. I mean, think about a major healthcare company, Aetna, US Bank, the list goes on, you know, Blue Cross Blue Shield. And we're having the major CSOs of these large organizations tell their peers what they're doing to protect their company, their brands, et cetera. >> Well, I want to get back to the business impact in a second, but some notable key notes here. Securing a Nation Amid Change, A Roadmap to Freedom, from Retired General Keith Alexander, Former Director of the NSA and Chief of the U.S. Cyber Command. Why is he there, what's the focus for his talk? >> Well, you can't ignore the government aspect. Well, first of all, government is a huge target and we obviously saw that with the election, we saw that with the hack of the Office of Personnel Management, et cetera. And so, you know, nation states are going after governments as well as criminal organizations, so General Alexander can talk about what he did to protect us as citizens and our government. But, he also has a great insight in terms of what hackers are doing to go after critical infrastructure. >> John: He's got some experience thinking about it, so he's going to bring that thinking in? >> Absolutely, and he's going to give us an update on the latest vectors of attacks that are happening, and give us some insight on what he experienced trying to protect the United States but also trying to protect our businesses and infrastructure. So, we wanted to have him kick things off to give, you know, what more, the NSA, the ex-NSA head telling us what's going on. >> And you got amazing guests here, again the CSO from Aetna, the Chief Security Officer from Cisco, The Global Value Chain, you got US Bank. You got Amazon Web Services here talking about the Best Practice of Running Workloads on an Amazon Service Cloud. So, you got the gamut of industry, as well as some government people who have experienced dealing with this from a practitioners standpoint? What's the convoluence of that, what's the trends that are coming out of those? What can people expect to hear and look forward to watching the videos for? >> You know, I think it's going to be some of the trends that you guys talk about. It's like, how can you leverage AI and machine learning to help better protect your organization as well? So, that's going to be one huge trend. I think the other trend, and that's why we have the folks from Amazon, is in a world in which we're increasingly using mobile and Cloud and leaving the perimeter, you know, in a world where there's no perimeter, how can you secure your users, your data, et cetera? So, I think the focus of the conference is going to be very much on leveraging modern and new technologies, AI, machine learning, discussing concepts like Zero Trust. And then, also, figuring out and helping people really get some good ideas as they make the move to Cloud, how can they secure themselves, make themselves, more secure than when they had the traditional perimeter set up? >> I mean, given the security landscape, you and I discussed this in and around the industry, go back seven years, "Oh, Cloud's un-secure," now Cloud seems to be more secure then on perim because of the work that Amazon, for instance, they upped their game significantly in security, haven't they? >> Absolutely, and you know, it's interesting, it's, I mean, you see it first hand, Google comes out with announcements, Microsoft, Oracle, et cetera, and security is a key issue. And they're trying to provide a more secure platform to get people comfortable moving with the Cloud. At the same time, there's vendors such as Centrify, that's there's value-add that we can provide and one area that we specifically provide is in the area of identity and controlling who can access what, as well. So, yeah, it completely reshapes how you do security, and the vendors are contributing. What's so important that the solutions that we had before are being completely disruptive and they need to be completely adopted for the new Cloud world. >> I know it's your first event, you guys are underwriting this, it's presented by Centrify, it's not sponsored by, it's not your show. Although you're doing a lot of heavy lifting in supporting this, but your vision for this CyberConnect is really more of a gathering amongst industry folks. We're certainly glad to be a part of it, thanks for inviting us, we're glad to be there. But, this is not a Centrify-only thing, explain the presented by Centrify vis-a-vis CyberConnect. >> So, and we've also put forth another organization that we've worked with. It's an organization called ICIT, the Institute for Critical Information Technology. And, what they are, is they're a think tank. And they are very much about how can we support and secure the infrastructure of the United States, as well? We didn't want this to be a vendor fest, we wanted to be able to have all parties, no matter what technologies they use, to be able to come together and get value of this. It benefits Centrify because it raises awareness and visibility for us, but even more important, that we wanted to give back to the community and offer something unique and different. That this is not just another vendor fest show, et cetera, this is something where it's a bringing together of really smart people that are on the front-lines of securing their organizations. And we just felt that so much value could be driven from it. Because, all the other shows are always about how you can hack and ATM and all that stuff, and that's great, that's great for a hacker but that doesn't really help business people. >> Or vendors trying to sell something, right? >> Exactly. >> Another platform to measure something? >> Yeah, exactly. >> This is more of a laid-back approach. Well, I think that's great leadership, I want to give you some props for that. Knowing that you guys are very, as you say, community-centric. Now you mentioned community, this is about giving back and that's certainly going to be helpful. But, security has always been kind of a community thing, but now you're starting to see the business and industry community coming together. What's your vision for the security community at this CSO level? What's needed, what's your vision? >> I think what's needed is better sharing of best practices, and really, more collaboration because the same attacks that are going to happen for, say one healthcare organization, the hackers are going to use the same means and methods, as well. And so, if you get the CSOs in the room together and hear what the others are experiencing, it's just going to make them more better. So, the first thing, is to open up the communication. The second thing is, is that could we figure out a way, from a platform or a technology perspective, to share that information and share that knowledge? But, the first step is to get the people in the room to hear from their peers of what's going on. And, frankly, government at one point was supposed to be doing it, it's not really doing it, so, I think an event like this could really help in that regard. >> Well, and also, I would just point out the growth in GovCloud and following some of the stuff going on at Amazon, as an example, had been skyrocketing. So, you're starting to see industry and government coming together? >> Yeah. >> And now you got a global landscape, you know, this is interesting times and I want to get your reaction to some of the things that have been said here on theCUBE but also, out in the marketplace where, you know, it used to be state-actor game, not state on state. And then, if they revealed their cards, then they're out in the open. But now, the states are sponsoring, through open source, and also, in these public domains, whether it's a WikiLeaks or whatever, you're starting to see actors being subsidized or sponsored. And so that opens up the democratization capability for people to organize and attack the United States. And companies. >> Oh, absolutely, and you could right now, they have a help desk, and it's like ordering a service. "Oh, you want 500 bots going after this?" >> John: Smear a journalist for $10k. >> (laughing) Exactly, it's like as a service. Hacking as a service, they have help desk, et cetera. And, the interesting thing is. >> It's a business model. >> It's a business model, you're absolutely right. The people, it's all pay to play, right? And, just the number of resources being devoted and dedicated, and we're talking about thousands of people in Russia, thousands of people in North Korea, and thousands of people in China. And, what came out just recently, is now that they're shifting their target to individuals, and so, now you may have an individual that there may be a person just dedicated to them in China, or Russia or North Korea, trying to hack into them as well. So, it's getting really scary. >> It's almost too hard for one company with brute force, this is where the collective intelligence of the community really plays a big difference on the best practices because when you thought you had one model nailed, not just tech, but business model, it might shift. So, it seems like a moving train. >> Yeah, and we're having Mist show up, and so we're getting the government. But, I really think that there does need to be, kind of, more of an open-sourcing of knowledge and information to help better fine tune the machine learning that's needed and required to prevent these type of breaches. >> So, what can we expect? Obviously, this is a preview to the show, we'll be there Monday broadcasting live all day. What can people expect of the event, content-wise, what are your favorites? >> Well, I mean, first of all, just the people that we have there. We're going to get the two CCOs from two of the biggest healthcare companies, we're going to get the former head of the NSA, we're going to get the CSO of US Bank, I mean, we're talking the biggest financial services organizations. We're going to have the biggest healthcare organizations. We're going to have the people doing cyber. >> John: MasterCard's there. >> Yeah, MasterCard, we have the German government there as well, so we've got government, both U.S. as well as European. We've got all the big people in terms of, that have to secure the largest banks, the largest healthcare, et cetera. And then, we also have, as you talked about, obviously Centrify's going to be there, but we're going to have AWS, and we're going to have some other folks from some of the top vendors in the industry as well. So, it's going to be a great mixture of government, business, as well as vendors. Participating and contributing and talking about these problems. >> So, it's an inaugural event? >> Yes. >> So, you're looking for some success, we'll see how it goes, we'll be there. What can you expect, are you going to do this every year? Twice a year, what's the thoughts on the even itself? >> It's been amazing, the response. So, we just thought we were going to have 400 people, we sold out, we're getting close to 600 people. And now, we're going to have over 1,000 people that are going to be doing the live streaming. There's just a huge, pent-up demand for this, as well. So, we actually had to shut down registration and said sold out a week or two ago. And, so far, it looks really good, let's see how it goes. It looks like we can easily double this. We're already thinking about next year, we'll see how the event goes. If you just look at the line-up, look at the interest, or whatever, there's a pent-up demand to better secure government and enterprises. >> And leadership, like you guys are taking this as an issue, plus, others coming together. We're certainly super glad to be a part of the community, and we look forward to the coverage. This is really, kind of, what the industry needs. >> Absolutely. >> All right, Tom Kemp, the CEO and Founder of Centrify, really fast growing start up, doing an event for the community. Very strong approach, I love the posture, I think that's the way to go than these vendor shows. You know how I feel about that. It's all about the community, this is a community. I mean, look at the Bitcoin, the Blockchain, know you're customer isn't into money laundering. It's an identity game. >> Yeah, absolutely. >> Now, by the way, quick, is there going to be any Blockchain action there? >> Oh, I don't know about that, I don't think so. >> Next year. (laughing) >> Next year, exactly. >> It's certainly coming, Blockchain security, as well as a lot of great topics. Check out CyberConnect 2017. If you can't make it to New York, they're sold out, theCUBE.net is where you can watch it live. And, of course, we'll have all the video coverage on demand, on theCUBE.net, as well. So, we'll have all the sessions and some great stuff. Tom Kemp, CEO. I'm John Furrier from theCUBE, here in Palo Alto, thanks for watching. (upbeat music)

(clicking noise) >> Hello, I'm John Furrier, SiliconANGLE media, co-host of theCUBE. We are here on the ground in, here in Santa Clara, California, Centrify's headquarters, with Tom Kemp, the CEO of Centrify, and Parham Eftekhari, who's the co-founder and senior fellow of ICIT, which is the Institute of Critical Infrastructure Technologies, here to talk about security conversation. Guys, welcome to theCUBE's On the Ground. >> Thank you. >> Great to be here. >> Great to see you again, Tom. >> Yeah, absolutely. >> And congratulations on all your success. And Parham, GovCloud is hot. We were just in D.C. with Amazon Web Services Public Sector Summit. It's gotten more and more to the point where cyber is in the front conversation, and the political conversation, but on the commercial side as well. There's incidents happening every day. Just this past month, HBO, Game of Thrones has been hijacked and ransomed. I guess that's ransom, or technically, and a hack. That's high-profile, but case after case of high-profile incidents. >> Yeah, yeah. >> Okay, on the commercial side. Public sector side, nobody knows what's happening. Why is security evolving slow right now? Why isn't it going faster? Can you guys talk about the state of the security market? >> Yeah, well, ya know, I think first of all, you have to look at the landscape. I mean, our public and private sector organizations are being pummeled every day by nation states, mercenaries, cyber criminals, script kiddies, cyber jihadists, and they're exploiting vulnerabilities that are inherent in our antiquated legacy systems that are put together by, ya know, with a Frankenstein network as well as devices and systems and apps that are built without security by design. And we're seeing the results, as you said, right? We're seeing an inundation of breaches on a daily basis, and many more that we don't hear about. We're seeing weaponized data that's being weaponized and used against us to make us question the integrity of our democratic process and we're seeing, now, a rise in the focus on what could be the outcome of a cyberkinetic incident, which, ultimately, in the worst case scenario, could have a loss of life. And so I think as we talk about cyber and what it is we're trying to accomplish as a community, we ultimately have a responsibility to elevate the conversation and make sure that it's not an option, but it is a priority. >> Yeah, no, look, I mean, here we are in a situation in which the industry is spending close to 80 billion dollars a year, and it's growing 10 percent, but the number of attacks are increasing much more than 10 percent, and as Parham said, you know, we literally had an election impacted by cyber security. It's on the front page with HBO, et cetera. And I really think that we're now in a situation where we really need to rethink how we do security in, as enterprises and as even individuals. >> And it's seems, talking about HBO, talking about the government, you mentioned, just the chaos that's going on here in America, you almost don't know what you don't know. And with the whole news cycle going on around this, but this gets back to this notion of critical infrastructure. I love that name, and you have in your title 'ICIT,' Institute of Critical Infrastructure, because, ya know, and certainly the government has had critical infrastructure. There's been bridges, and roads, and whatnot, they've had the DNS servers, there's been some critical infrastructure at the airports and whatnot, but for corporations, the critical infrastructure used to be the front door. And then their data center. Now with cloud, no perimeter, we've talked about this on theCUBE before, you start to change the notion of what critical infrastructure is. So, I guess, Parham, what does critical infrastructure mean, from a public and commercial perspective? Tell me, you can talk about it. And what's the priorities for the businesses and governments to figure out what's the order of operations to get to the bottom of making sure everything's secure? >> Yeah, it's interesting, that's a great question, you know, when most people think about critical infrastructure as legacy technology, or legacy's, you know, its roads, its bridges, its dams. But if you look at the Department of Homeland Security, they have 16 sectors that they're tasked with protecting. Includes healthcare, finance, energy, communications, right? So as we see technology start to become more and more ingrained in all these different sectors, and we're not just talking about data, we're talking about ICS data systems. A digital attack against any one of these critical infrastructure sectors is going to have different types of outcomes, whether you're talking about a commercial sector organization, or the government. You know, one of the things that we always talk about is really the importance of elevating the conversation, as I mentioned earlier, and putting security before profits. I think, ultimately, we've gotten to this situation because a lot of companies do a cost-benefit analysis, say, "You know what? I may be in the healthcare sector, "and ultimately it'll be cheaper for me to be breached, "pay my fines, and deal with potentially even the "loss to brand, to my brand, in terms of brand value, "and that'll cheaper than investing what "I need to to protect my patients and their information." And that's the wrong way to look at it. I think now, as we were talking about this week, the cost of all this is going higher, which is going to help, but I think we need to start seeing this fundamental mind-shift in how we are prioritizing security, as I mentioned earlier. It's not an option, it must be a requisite. >> Yeah, I think what we're seeing now, is in the years past, the hackers would get at some bits of information, but now we're seeing with HBO, with Sony, they can strip mine an entire company. >> They put them out of business. >> Exactly. >> The money that they're doing with ransomeware, which is a little bit higher profile, ransomware, I mean, there's a specific business outcome, here, and it's not looking good, they go out of business. >> Oh, absolutely, and so Centrify, we just recently sponsored a survey, and nowadays, if you announce that you got breached, and you have to, now. It's 'cause you have to tell your shareholders, you have to tell your customers. Your stock drops, on average, five percent in a day. And so we're talking about billions of dollars of market capitalization that can disappear with a breach as well. So we're beyond, it's like, "Oh, they stole some data, "we'll send out a letter to our customers, "and we'll give 'em free Experian for a year." Or something like that." Now, it's like, all your IP, all the content, and John, I think you raised a very good point, as well. In the case of the federal government, it's still about the infrastructure being physical items, and of course, with internet a thing since now it's connected to the internet, so it's really scary that a bridge can flip open by some guy in the Ukraine or Russia fiddling with it. But now with enterprises, it's less and less physical, the store, and we're now going through this massive shift to the cloud, and more and more of your IP is controlled and run. It's the complete deperimeterization that makes things every more complicated. >> Well it's interesting you mentioned the industrial aspect of it, with the bridge, because this is actually a real issue with self-driving cars, this was on everyone's mind, we were just covering some content, covering Ford's event yesterday in San Francisco. They got this huge problem. Ya know, hacking of the cars. So, industrial IOT opens up, again, the surface area, but this kind of brings the question down to customers, that you guys have or companies or governments. How do they become resilient? How do they put steps in place? Because, you know, I was just talking to someone who runs a major port in the U.S., and the issues there are maritime, right? So you talk about infrastructure, container ships, obviously worry about terrorists and other things happening. But just the general IT infrastructure is neanderthal, it's like, 30 years old. >> Yeah. >> So you have legacy infrastructure, as you mentioned, but businesses also have legacy, so how do you balance where you are? How do you know the progress bar of your protection? How do you know the things you need to put in place? How do you get to resilience? >> Yeah, but see, I think there also needs to be a rethink of security. Because the traditional ways that people did it, was protecting the perimeter, having antivirus, firewalls, et cetera. But things have really changed and so now what we're seeing is that an entity has become the top attack vector going in. And so if you look at all these hacks and breaches, it's the stealing of usernames and passwords, so people are doing a good job of, the hackers are social engineering the actual users, and so, kind of a focus needs to shift of securing the old perimeter, to focusing on securing the user. Is it really John Furrier trying to access e-mail? Can we leverage biometrics in this? And trying to move to the concept of a zero-trust model, and where you have to, can't trust the network, can't trust the IP address, but you need to factor in a lot of different aspects. >> It's interesting, I was just following this blog chain because we've been covering a lot of the blog chains, immutable and encrypted, the wallets were targets. (laughing) Hey, this Greta the Wall, where they store the money. Now we own that encrypted data. So, again, this is the, hackers are fast, so, again, back to companies because they have to put if they have shareholder issues, or they have some corporate governance issues. But at the end of the day, it's a moving train. How does the government offer support? How do companies put it in place? What do they need to do? >> Yeah, well, there's a couple of things you can look at. First of all, you know, as a think tank, we're active on Capital Hill, working with members of both minority and majority sides, we're actively proposing bipartisan legislation, which provides a meaningful movement forward to secure and address some of the issues you're talking about. Senator Markey recently put out the Cyber Shield Act, which creates a type of score, right? For a device, kind of like the ENERGY STAR in the energy sector. So just this week, ICIT put out a paper in support of an amendment by Senator Lindsey Graham, which actually addresses the inherent vulnerabilities in our election systems, right? So there's a lot of good work being done. And that really goes to the core of what we do, and the reasons that we're partnering together. ICIT is in the business of educating and advising. We put out research, we make it freely available, we don't believe in com`moditizing information, we believe in liberating it. So we get it in the hands of as many people as possible, and then we get this objective research, and use it as a stepping stone to educate and to advise. And it could be through meetings, it could be through events, it could be through conversation with the media. But I think this educational process is really critical to start to change the minds of-- >> You know, if I can add to that, I think what really needs to be done with security, is better information sharing. And it's with other governments and enterprises that are under attack. Sharing that information as opposed to only having it for themselves and their advantage, and then also what's required is better knowledge of what are the best practices that need to be done to better protect both government and enterprises. >> Well, guys, I want to shift gears and talk about the CyberConnect event, which is coming up in November, an industry event. You guys are sponsoring, Centrify, but you guys are also on the ball, there's a brand new content program. It's an independent event, it's targeted to the industry, not a Centrify user group. Parham, I want to put you on the spot before we get to the CyberConnect event. You mentioned the elections. What's the general, and I'm Silicon Valley and so I had to ask the question 'cause you're in the trenches down in D.C. What is the general sentiment in D.C. right now on the hacking? Because, I was explaining it to my son the other day, like, "Yeah, the Russians probably hacked everybody, "so technically the election "fell into that market basket of hats." So maybe they did hack you. So I'm just handwaving that, but it probably makes sense. The question is, how real is the hacking threat in the minds of the folks in D.C. around Russia and potentially China and these areas? >> Yeah, I think the threat is absolutely real, but I think there has to be a difference between media, on both sides, politicizing the conversation. There's a difference between somebody going in and actually, you know, changing your vote from one side to the other. There's also the conversation about the weaponization of data and what we do know that Russia is doing with regards to having armies of trolls out there or with fake profiles, and are creating faux conversations and steering public sentiment of perception in directions that maybe wasn't already there. And so I think part of the hysteria that we see, I think we're fearful and we have a right to be fearful, but I think taking the emotion and the politics out of it, and actually doing forensic assessments from an objective perspective to understanding what truly is going on. We are having our information stolen, there is a risk that a nation state could execute a very high-impact, digital attack that has a loss of life. We do know that foreign states are trying to impact the outcomes of our democratic processes. I think it's important to understand, though, how are they doing it and is what we're reading about truly what's happening kind of on the streets. >> And that's where the industrial thing you were kind of tying together, that's the loss of life potential, using digital as an attack vector into something that could have a physical, and ultimately deadly outcome. Yeah, we covered, also that story that was put out, about the fake news infrastructure. It's not just the content that they're making up, it's actually the infrastructure fake news. Bionets, and whatnot. And I think Mike Rowe wrote a story on this, where they actually detailed, you can smear a journalist for 40K. >> Yeah. >> These are actually out there, that are billed for specifically these counter... Programs. >> As a service. You know, go on a forum on the Deep Web and you can contract these types of things out. And it's absolutely out there. >> And then what do you say to your average American friends, that you're saying, hey, having a cocktail with, you're at a dinner. What's going on with security? What do you say to them? You should be worried, calm down, no we're on it. What's the message that you share with your friends that aren't in the industry? >> Personally, I think the message is that, you know, you need to vigilant, you need to, it may be annoying, but you do have to practice good cyber hygiene, think about your passwords, think about what you're sharing on social media. We'd also talk, and I personally believe that, some of these things will not change unless we as consumers change what is acceptable to us. If we stop buying devices or systems or apps based on the convenience that it brings to our lives, and we say, "I'm not going to spend money on that car, "because I don't know if it's secure enough for me." You will see industry change very quickly. So I think-- >> John: Consumer behavior is critical. >> Absolutely. That's definitely a piece of it. >> Alright, guys, so exciting event coming up, theCUBE will be covering the CyberConnect event in November. The dates, I think, November-- >> Sixth and seventh. >> Sixth and seventh in New York City at the Grand Hyatt. Talk about the curriculum, because this is a unique event, where you guys are bringing your sponsorship to the table, but providing an open industry event. What's the curriculum, what's the agenda, what's the purpose of the event? >> Yeah, Tom. >> Okay, I'll take it, yeah. I mean, historically, like other security vendors, we've had our users' conference, right? And what we've found is that, as you alluded to, that there just needs to be better education of what's going on. And so, instead of just limiting it to us talking to our customers about us, we really need to broaden the conversation. And so that's why we brought in ICIT, to really help us broaden the conversation, raise more awareness and visibility for what needs to be done. So this is a pretty unique conference in that we're having a lot of CSOs from some incredible enterprise, as well as government. General Alexander, the former of the Cyber Security Command is a keynote, but we have the CSO of Aetna, Blue Cross involved, as well. So we want to raise the awareness in terms of, what are the best practices? What are the leading minds thinking about security? And then parallel, also, for our customers, we're going to have a parallel track where, if they want to get more product-focused technology. So this is not a Centrify event. This is an industry event, ya know. Black Hat is great, RSA is great, but it's really more at the, kind of the bits and bytes-- >> They're very narrow, but you are only an identity player. There's a bigger issue. What about these other issues? Will you discuss-- >> Oh, absolutely. >> Yeah, well-- >> Is it an identity or is it more? >> It actually is more, and this is one of the reasons, at a macro level, the work that we've done at Centrify, for a number of years now. You know, we have shared the same philosophy that we have a responsibility, as experts in the cyberspace, to move the industry forward and to really usher in, almost a cyber security renaissance, if you will. And so, this is really the vision behind CyberConnect. So if you look at the curriculum, we're talking about, you know, corporate espionage, and how it's impacting commercial organizations. We're talking about the role of machine-learning based artificial intelligence. We'll be talking about the importance of encrypting your data. About security by design. About what's going on with the bot net epidemic that's out there. So there absolutely will be a very balanced program, and it is, again, driven and grounded in that research that ICIT is putting out in the relationships that we have with some of these key players. >> So you institute a critical infrastructure technology, the think tank that you're the co-founder of. You're bringing that broader agenda to CyberConnect. >> That's correct, absolutely. >> So this is awesome, congratulations, I got to ask, on the thought leadership side, you guys have been working together. Can you just talk about your relationship between Centrify and ICIT? So you're independent, you guys are a vendor. Talk about this relationship and why it's so important to this event. >> Well, absolutely. I mean, look, as a security vendor, you know, a lot of, a big percentage of security vendors sell into the U.S. federal government, and through those conversations that a lot of the CSOs at these governments were pointing at us to these ICIT guys, right? And we got awareness and visibility thought that. And it was like, they were just doing great stuff in terms of talking about, yes, Centrify is a leading identity provider, but people are looking for a complete solution, looking for a balanced way to look at it. And so we felt that it would be a great opportunity to partner with these guys. And so we sponsored an event that they did, Winter Summit. And then they did such a great job and the content was amazing, the people they had, that we said, "You know what? "Let's make this more of a general thing and "let's be in the background helping facilitate this, "but let the people hear about this good information." >> So you figured out the community model? (laughs) No, 'cause this is really what works. You got to enable, you're enabling this conversation, and more than ever in the security system, would love to get your perspective on this, is that there's an ethos developing, has been developed. And it's expanding aggressively. Kind of opens doors on one side, but security's all about data sharing. You mentioned that-- >> Yeah, absolutely. >> From a hacking standpoint, that's more of a statutory filing, but here, the security space is highly communicative. They talk to each other, and it's a trust relationship, so you're essentially bringing an independent event, you're funding it. >> Yeah, absolutely. >> It's not your event, this is an independent event. >> Absolutely. >> Yeah, and so Tom said it very well, as an institute, we rely on the financial capital that comes in from our partners, like Centrify. And so we would be unable to deliver at a large scale the value that we do to the legislative community, to federal agencies, and the commercial sector, and the institute's research is being shared on NATO libraries and embassies around the world. So this is really a global operation that we have. And so when we talk about layered security, right, we're not into a silver bullet solution. A lot of faux experts out there say, "I have the answer." We know that there's a layered approach that needs to be done. Centrify, they have the technology that plays a part in that, but, even more important than that for us is that they share that same philosophy and we do see ourselves as being able to usher in the changes required to move everything forward. And so it's been a great, you know, we have a lot of plans for the next few years. >> Yeah, that's great work, you're bringing in some great content to the table, and that's what people want, and they can see who's enabling it, that's a great business model for everyone. I got to ask one question, though, about your business. I love the critical infrastructure focus and I like your value you guys are bringing. But you guys have this fellow program. Can you just talk about this, 'cause your a part of the fellowship-- >> Yeah, absolutely. >> You're on a level, and I don't want to say credit 'cause you're not really going to get credit. But it's a badge, it's a bar. >> Yeah, yeah, no-- >> Explain the fellow program. >> That's a great question. At the institute, we have a core group of experts who represent different technology niches. They make up our fellow program, and so as I discussed earlier, when we're putting out research, when we're educating the media, when we're advising congress, when we're doing the work of the institute, we're constantly turning back to our fellow program members to provide some of that research and expertise. And sharing, you know, not just providing financial capital, but really bringing that thought leadership to the table. Centrify is a part of our fellows program, and so we've been working with them for a number of years. It's very exclusive and there's a process. You have to be referred in by an existing fellow program member. We have a lot of requests, but it really comes down to, do you understand what we're trying to accomplish? Do you share our same mission, our same values? And can you be part of this elite community that we've built? And so, you know, Centrify is a big part of that. >> And the cloud, obviously, is accelerating everything. You've got the cloud action, certainly, in your space, and we know what's going on in our world. >> Yeah, absolutely. >> The world is moving at a zillion miles an hour. It's like literally moving a train. So, congratulations, CyberConnect event in November. Great event, check it out, theCUBE will be there, we'll have live coverage, we broadcast, be documenting all the action and bringing it to you on theCUBE, obviously, (mumbles) John Furrier, here at Centrify's headquarters in California, in Silicon Valley, thanks for watching. (upbeat electronic music)

>> Narrator: New York City, it's the Cube covering CyberConnect 2017 brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Welcome back, everyone. This is the Cube's live coverage in New York City's Grand Hyatt Ballroom for CyberConnect 2017 presented by Centrify. I'm John Furrier, the co-host of the Cube with my co-host this week is Dave Vellante, my partner and co-founder and co-CEO with me in SiliconAngle Media in the Cube. Our next guest is James Scott who is the co-founder and senior fellow at ICIT. Welcome to the Cube. >> Thanks for having me. >> You guys are putting on this event, really putting the content together. Centrify, just so everyone knows, is underwriting the event but this is not a Centrify event. You guys are the key content partner, developing the content agenda. It's been phenomenal. It's an inaugural event so it's the first of its kind bringing in industry, government, and practitioners all together, kind of up leveling from the normal and good events like Black Hat and other events like RSA which go into deep dives. Here it's a little bit different. Explain. >> Yeah, it is. We're growing. We're a newer think tank. We're less than five years old. The objective is to stay smaller. We have organizations, like Centrify, that came out of nowhere in D.C. so we deal, most of what we've done up until now has been purely federal and on the Hill so what I do, I work in the intelligence community. I specialize in social engineering and then I advise in the Senate for the most part, some in the House. We're able to take these organizations into the Pentagon or wherever and when we get a good read on them and when senators are like, "hey, can you bring them back in to brief us?" That's when we know we have a winner so we started really creating a relationship with Tom Kemp, who's the CEO and founder over there, and Greg Cranley, who heads the federal division. They're aggressively trying to be different as opposed to trying to be like everyone else, which makes it easy. If someone wants to do something, they have to be a fellow for us to do it, but if they want to do it, just like if they want to commission a paper, we just basically say, "okay, you can pay for it but we run it." Centrify has just been excellent. >> They get the community model. They get the relationship that you have with your constituents in the community. Trust matters, so you guys are happy to do this but more importantly, the content. You're held to a standard in your community. This is new, not to go in a different direction for a second but this is what the community marketing model is. Stay true to your audience and trust. You're relied upon so that's some balance that you guys have to do. >> The thing is we deal with cylance and others. Cylance, for example, was the first to introduce machine learning artificial intelligence to get passed that mutating hash for endpoint security. They fit in really well in the intelligence community. The great thing about working with Centrify is they let us take the lead and they're very flexible and we just make sure they come out on top each time. The content, it's very content driven. In D.C., we have at our cocktail receptions, they're CIA, NSA, DARPA, NASA. >> You guys are the poster child of be big, think small. >> Exactly. Intimate. >> You say Centrify is doing things differently. They're not falling in line like a lemming. What do you mean by that? What is everybody doing that these guys are doing differently? >> I think in the federal space, I think commercial too, but you have to be willing to take a big risk to be different so you have to be willing to pay a premium. If people work with us, they know they're going to pay a premium but we make sure they come out on top. What they do is, they'll tell us, Centrify will be like, "look, we're going to put x amount of dollars into a lunch. "Here are the types of pedigree individuals "that we need there." Maybe they're not executives. Maybe they're the actual practitioners at DHS or whatever. The one thing that they do different is they're aggressively trying to deviate from the prototype. That's what I mean. >> Like a vendor trying to sell stuff. >> Yeah and the thing is, that's why when someone goes to a Centrify event, I don't work for Centrify (mumbles). That's how they're able to attract. If you see, we have General Alexander. We've got major players here because of the content, because it's been different and then the other players want to be on the stage with other players, you know what I mean. It almost becomes a competition for "hey, I was asked to come to an ICIT thing" you know, that sort of thing. That's what I mean. >> It's reputation. You guys have a reputation and you stay true to that. That's what I was saying. To me, I think this is the future of how things get done. When you have a community model, you're held to a standard with your community. If you cross the line on that standard, you head fake your community, that's the algorithm that brings you a balance so you bring good stuff to the table and you vet everyone else on the other side so it's just more of a collaboration, if you will. >> The themes here, what you'll see is within critical infrastructure, we try to gear this a little more towards the financial sector. We brought, from Aetna, he set up the FS ISAC. Now he's with the health sector ISAC. For this particular geography in New York, we're trying to have it focus more around health sector and financial critical infrastructure. You'll see that. >> Alright, James, I've got to ask you. You're a senior fellow. You're on the front lines with a great Rolodex, great relationships in D.C., and you're adivising and leaned upon by people making policy, looking at the world and the general layout in which, the reality is shit's happening differently now so the world's got to change. Take us through a day in the life of some of the things you guys are seeing and what's the outlook? I mean, it's like a perfect storm of chaos, yet opportunity. >> It really depends. Each federal agency, we look at it from a Hill perspective, it comes down to really educating them. When I'm in advising in the House, I know I'm going to be working with a different policy pedigree than a Senate committee policy expert, you know what I mean. You have to gauge the conversation depending on how new the office is, House, Senate, are they minority side, and then what we try to do is bring the issues that the private sector is having while simultaneously hitting the issues that the federal agency space is. Usually, we'll have a needs list from the CSWEP at the different federal agencies for a particular topic like the Chinese APTs or the Russian APT. What we'll do is, we'll break down what the issue is. With Russia, for example, it's a combination of two types of exploits that are happening. You have the technical exploit, the malicious payload and vulnerability in a critical infrastructure network and then profiling those actors. We also have another problem, the influence operations, which is why we started the Center for Cyber Influence Operations Studies. We've been asked repeatedly since the elections last year by the intelligence community to tell us, explain this new propaganda. The interesting thing is the synergies between the two sides are exploiting and weaponizing the same vectors. While on the technical side, you're exploiting a vulnerability in a network with a technical exploit, with a payload, a compiled payload with a bunch of tools. On the influence operations side, they're weaponizing the same social media platforms that you would use to distribute a payload here but only the... >> Contest payload. Either way you have critical infrastructure. The payload being content, fake content or whatever content, has an underpinning that gamification call it virality, network effect and user psychology around they don't really open up the Facebook post, they just read the headline and picture. There's a dissonance campaign, or whatever they're running, that might not be critical to national security at that time but it's also a post. >> It shifts the conversation in a way where they can use, for example, right now all the rage with nation states is to use metadata, put it into big data analytics, come up with a psychographic algorithm, and go after critical infrastructure executives with elevated privileges. You can do anything with those guys. You can spearfish them. The Russian modus operandi is to call and act like a recruiter, have that first touch of contact be the phone call, which they're not expecting. "Hey, I got this job. "Keep it on the down low. Don't tell anybody. "I'm going to send you the job description. "Here's the PDF." Take it from there. >> How should we think about the different nation state actors? You mentioned Russia, China, there's Iran, North Korea. Lay it out for us. >> Each geography has a different vibe to their hacking. With Russia you have this stealth and sophistication and their hacking is just like their espionage. It's like playing chess. They're really good at making pawns feel like they're kings on the chessboard so they're really good at recruiting insider threats. Bill Evanina is the head of counterintel. He's a bulldog. I know him personally. He's exactly what we need in that position. The Chinese hacking style is more smash and grab, very unsophisticated. They'll use a payload over and over again so forensically, it's easy to... >> Dave: Signatures. >> Yeah, it is. >> More shearing on the tooling or whatever. >> They'll use code to the point of redundancy so it's like alright, the only reason they got in... Chinese get into a network, not because of sophistication, but because the network is not protected. Then you have the mercenary element which is where China really thrives. Chinese PLA will hack for the nation state during the day, but they'll moonlight at night to North Korea so North Korea, they have people who may consider themselves hackers but they're not code writers. They outsource. >> They're brokers, like general contractors. >> They're not sophisticated enough to carry out a real nation state attack. What they'll do is outsource to Chinese PLA members. Chinese PLA members will be like, "okay well, here's what I need for this job." Typically, what the Chinese will do, their loyalties are different than in the west, during the day they'll discover a vulnerability or an O day. They won't tell their boss right away. They'll capitalize off of it for a week. You do that, you go to jail over here. Russia, they'll kill you. China, somehow this is an accepted thing. They don't like it but it just happens. Then you have the eastern European nations and Russia still uses mercenary elements out of Moscow and St. Petersburg so what they'll do is they will freelance, as well. That's when you get the sophisticated, carbonic style hack where they'll go into the financial sector. They'll monitor the situation. Learn the ins and outs of everything having to do with that particular swift or bank or whatever. They go in and those are the guys that are making millions of dollars on a breach. Hacking in general is a grind. It's a lot of vulnerabilities work, but few work for long. Everybody is always thinking there's this omega code that they have. >> It's just brute force. You just pound it all day long. >> That's it and it's a grind. You might have something that you worked on for six months. You're ready to monetize. >> What about South America? What's the vibe down there? Anything happening in there? >> Not really. There is nothing of substance that really affects us here. Again, if an organization is completely unprotected. >> John: Russia? China? >> Russia and China. >> What about our allies? >> GCHQ. >> Israel? What's the collaboration, coordination, snooping? What's the dynamic like there? >> We deal, mostly, with NATO and Five Eyes. I actually had dinner with NATO last night. Five Eyes is important because we share signals intelligence and most of the communications will go through Five Eyes which is California, United States, Australia, New Zealand, and the UK. Those are our five most important allies and then NATO after that, as far as I'm concerned, for cyber. You have the whole weaponization of space going on with SATCOM interception. We're dealing with that with NASA, DARPA. Not a lot is happening down in South America. The next big thing that we have to look at is the cyber caliphate. You have the Muslim brotherhood that funds it. Their influence operations domestically are extremely strong. They have a lot of contacts on the Hill which is a problem. You have ANTIFA. So there's two sides to this. You have the technical exploit but then the information warfare exploit. >> What about the bitcoin underbelly that started with the silk roads and you've seen a lot of bitcoin. Money laundering is a big deal, know your customer. Now regulation is part of big ICOs going on. Are you seeing any activity from those? Are they pulling from previous mercenary groups or are they arbitraging just more free? >> For updating bitcoin? >> The whole bitcoin networks. There's been an effort to commercialize (mumbles) so there's been a legitimate track to bring that on but yet there's still a lot of actors. >> I think bitcoin is important to keep and if you look at the more black ops type hacking or payment stuff, bitcoin is an important element just as tor is an important element, just as encryption is an important element. >> John: It's fundamental, actually. >> It's a necessity so when I hear people on the Hill, I have my researcher, I'm like, "any time you hear somebody trying to have "weakened encryption, back door encryption" the first thing, we add them to the briefing schedule and I'm like, "look, here's what you're proposing. "You're proposing that you outlaw math. "So what? Two plus two doesn't equal four. "What is it? Three and a half? "Where's the logic?" When you break it down for them like that, on the Hill in particular, they begin to get it. They're like, "well how do we get the intelligence community "or the FBI, for example, to get into this iphone?" Civil liberties, you've got to take that into consideration. >> I got to ask you a question. I interviewed a guy, I won't say his name. He actually commented off the record, but he said to me, "you won't believe how dumb some of these state actors are "when it comes to cyber. "There's some super smart ones. "Specifically Iran and the Middle East, "they're really not that bright." He used an example, I don't know if it's true or not, that stuxnet, I forget which one it was, there was a test and it got out of control and they couldn't pull it back and it revealed their hand but it could've been something worse. His point was they actually screwed up their entire operation because they're doing some QA on their thing. >> I can't talk about stuxnet but it's easy to get... >> In terms of how you test them, how do you QA your work? >> James: How do you review malware? (mumbles) >> You can't comment on the accuracy of Zero Days, the documentary? >> Next question. Here's what you find. Some of these nation state actors, they saw what happened with our elections so they're like, "we have a really crappy offensive cyber program "but maybe we can thrive in influence operations "in propaganda and whatever." We're getting hit by everybody and 2020 is going to be, I don't even want to imagine. >> John: You think it's going to be out of control? >> It's going to be. >> I've got to ask this question, this came up. You're bringing up a really good point I think a lot of people aren't talking about but we've brought up a few times. I want to keep on getting it out there. In the old days, state on state actors used to do things, espionage, and everyone knew who they were and it was very important not to bring their queen out, if you will, too early, or reveal their moves. Now with Wikileaks and public domain, a lot of these tools are being democratized so that they can covertly put stuff out in the open for enemies of our country to just attack us at will. Is that happening? I hear about it, meaning that I might be Russia or I might be someone else. I don't want to reveal my hand but hey, you ISIS guys out there, all you guys in the Middle East might want to use this great hack and put it out in the open. >> I think yeah. The new world order, I guess. The order of things, the power positions are completely flipped, B side, counter, whatever. It's completely not what the establishment was thinking it would be. What's happening is Facebook is no more relevant, I mean Facebook is more relevant than the UN. Wikileaks has more information pulsating out of it than a CIA analyst, whatever. >> John: There's a democratization of the information? >> The thing is we're no longer a world that's divided by geographic lines in the sand that were drawn by these two guys that fought and lost a war 50 years ago. We're now in a tribal chieftain digital society and we're separated by ideological variation and so you have tribe members here in the US who have fellow tribe members in Israel, Russia, whatever. Look at Anonymous. Anonymous, I think everyone understands that's the biggest law enforcement honeypot there is, but you look at the ideological variation and it's hashtags and it's keywords and it's forums. That's the Senate. That's congress. >> John: This is a new reality. >> This is reality. >> How do you explain that to senators? I was watching that on TV where they're trying to grasp what Facebook is and Twitter. (mumbles) Certainly Facebook knew what was going on. They're trying to play policy and they're new. They're newbies when it comes to policy. They don't have any experience on the Hill, now it's ramping up and they've had some help but tech has never been an actor on the stage of policy formulation. >> We have a real problem. We're looking at outside threats as our national security threats, which is incorrect. You have dragnet surveillance capitalists. Here's the biggest threats we have. The weaponization of Facebook, twitter, youtube, google, and search engines like comcast. They all have a censorship algorithm, which is how they monetize your traffic. It's censorship. You're signing your rights away and your free will when you use google. You're not getting the right answer, you're getting the answer that coincides with an algorithm that they're meant to monetize and capitalize on. It's complete censorship. What's happening is, we had something that just passed SJ res 34 which no resistance whatsoever, blew my mind. What that allows is for a new actor, the ISPs to curate metadata on their users and charge them their monthly fee as well. It's completely corrupt. These dragnet surveillance capitalists have become dragnet surveillance censorists. Is that a word? Censorists? I'll make it one. Now they've become dragnet surveillance propagandists. That's why 2020 is up for grabs. >> (mumbles) We come from the same school here on this one, but here's the question. The younger generation, I asked a gentleman in the hallway on his way out, I said, "where's the cyber west point? "We're the Navy SEALS in this new digital culture." He said, "oh yeah, some things." We're talking about the younger generation, the kids playing Call of Duty Destiny. These are the guys out there, young kids coming up that will probably end up having multiple disciplinary skills. Where are they going to come from? So the question is, are we going to have a counterculture? We're almost feeling like what the 60s were to the 50s. Vietnam. I kind of feel like maybe the security stuff doesn't get taken care of, a revolt is coming. You talk about dragnet censorship. You're talking about the lack of control and privacy. I don't mind giving Facebook my data to connect with my friends and see my thanksgiving photos or whatever but now I don't want fake news jammed down my throat. Anti-Trump and Anti-Hillary spew. I didn't buy into that. I don't want that anymore. >> I think millennials, I have a 19 year old son, my researchers, they're right out of grad school. >> John: What's the profile like? >> They have no trust whatsoever in the government and they laugh at legislation. They don't care any more about having their face on their Facebook page and all their most intimate details of last night's date and tomorrow's date with two different, whatever. They just don't... They loathe the traditional way of things. You got to talk to General Alexander today. We have a really good relationship with him, Hayden, Mike Rogers. There is a counterculture in the works but it's not going to happen overnight because we have a tech deficit here where we need foreign tech people just to make up for the deficit. >> Bill Mann and I were talking, I heard the general basically, this is my interpretation, "if we don't get our shit together, "this is going to be an f'd up situation." That's what I heard him basically say. You guys don't come together so what Bill talked about was two scenarios. If industry and government don't share and come together, they're going to have stuff mandated on them by the government. Do you agree? >> I do. >> What's going to happen? >> The argument for regulation on the Hill is they don't want to stifle innovation, which makes sense but then ISPs don't innovate at all. They're using 1980s technology, so why did you pass SJ res 34? >> John: For access? >> I don't know because nation states just look at that as, "oh wow another treasure trove of metadata "that we can weaponize. "Let's start psychographically charging alt-left "and alt-right, you know what I mean?" >> Hacks are inevitable. That seems to be the trend. >> You talked before, James, about threats. You mentioned weaponization of social. >> James: Social media. >> You mentioned another in terms of ISPs I think. >> James: Dragnet. >> What are the big threats? Weaponization of social. ISP metadata, obviously. >> Metadata, it really depends and that's the thing. That's what makes the advisory so difficult because you have to go between influence operations and the exploit because the vectors are used for different things in different variations. >> John: Integrated model. >> It really is and so with a question like that I'm like okay so my biggest concern is the propaganda, political warfare, the information warfare. >> People are underestimating the value of how big that is, aren't they? They're oversimplifying the impact of info campaigns. >> Yeah because your reality is based off of... It's like this, influence operations. Traditional media, everybody is all about the narrative and controlling the narrative. What Russia understands is to control the narrative, the most embryo state of the narrative is the meme. Control the meme, control the idea. If you control the idea, you control the belief system. Control the belief system, you control the narrative. Control the narrative, you control the population. No guns were fired, see what I'm saying? >> I was explaining to a friend on Facebook, I was getting into a rant on this. I used a very simple example. In the advertising world, they run millions of dollars of ad campaigns on car companies for post car purchase cognitive dissonance campaigns. Just to make you feel good about your purchase. In a way, that's what's going on and explains what's going on on Facebook. This constant reinforcement of these beliefs whether its for Trump or Hillary, all this stuff was happening. I saw it firsthand. That's just one small nuance but it's across a spectrum of memes. >> You have all these people, you have nation states, you have mercenaries, but the most potent force in this space, the most hyperevolving in influence operations, is the special interest group. The well-funded special interests. That's going to be a problem. 2020, I keep hitting that because I was doing an interview earlier. 2020 is going to be a tug of war for the psychological core of the population and it's free game. Dragnet surveillance capitalists will absolutely be dragnet surveillance propagandists. They will have the candidates that they're going to push. Now that can also work against them because mainstream media, twitter, Facebook were completely against trump, for example, and that worked in his advantage. >> We've seen this before. I'm a little bit older, but we are the same generation. Remember when they were going to open up sealex? Remember the last mile for connectivity? That battle was won before it was even fought. What you're saying, if I get this right, the war and tug of war going on now is a big game. If it's not played in one now, this jerry rigging, gerrymandering of stuff could happen so when people wake up and realize what's happened the game has already been won. >> Yeah, your universe as you know it, your belief systems, what you hold to be true and self evident. Again, the embryo. If you look back to the embryo introduction of that concept, whatever concept it is, to your mind it came from somewhere else. There are very few things that you believe that you came up with yourself. The digital space expedites that process and that's dangerous because now it's being weaponized. >> Back to the, who fixes this. Who's the watchdog on this? These ideas you're talking about, some of them, you're like, "man that guy has lost it, he's crazy." Actually, I don't think you're crazy at all. I think it's right on. Is there a media outlet watching it? Who's reporting on it? What even can grasp what you're saying? What's going on in D.C.? Can you share that perspective? >> Yeah, the people that get this are the intelligence community, okay? The problem is the way we advise is I will go in with one of the silos in the NSA and explain what's happening and how to do it. They'll turn around their computer and say, "show me how to do it. "How do you do a multi vector campaign "with this meme and make it viral in 30 minutes." You have to be able to show them how to do it. >> John: We can do that. Actually we can't. >> That sort of thing, you have to be able to show them because there's not enough practitioners, we call them operators. When you're going in here, you're teaching them. >> The thing is if they have the metadata to your treasure trove, this is how they do it. I'll explain here. If they have the metadata, they know where the touch points are. It's a network effect mole, just distributive mole. They can put content in certain subnetworks that they know have a reaction to the metadata so they have the knowledge going in. It's not like they're scanning the whole world. They're monitoring pockets like a drone, right? Once they get over the territory, then they do the acquired deeper targets and then go viral. That's basically how fake news works. >> See the problem is, you look at something like alt-right and ANTIFA. ANTIFA, just like Black Lives Matter, the initiatives may have started out with righteous intentions just like take a knee. These initiatives, first stage is if it causes chaos, chaos is the op for a nation state in the US. That's the op. Chaos. That's the beginning and the end of an op. What happens is they will say, "oh okay look, this is ticking off all these other people "so let's fan the flame of this take a knee thing "hurt the NFL." Who cares? I don't watch football anyway but you know, take a knee. It's causing all this chaos. >> John: It's called trolling. >> What will happen is Russia and China, China has got their 13 five year plan, Russia has their foreign influence operations. They will fan that flame to exhaustion. Now what happens to the ANTIFA guy when he's a self-radicalized wound collector with a mental disorder? Maybe he's bipolar. Now with ANTIFA, he's experienced a heightened more extreme variation of that particular ideology so who steps in next? Cyber caliphate and Muslim brotherhood. That's why we're going to have an epidemic. I can't believe, you know, ANTIFA is a domestic terrorist organization. It's shocking that the FBI is not taking this more serious. What's happening now is Muslim brotherhood funds basically the cyber caliphate. The whole point of cyber caliphate is to create awareness, instill the illusion of rampant xenophobia for recruiting. They have self-radicalized wound collectors with ANTIFA that are already extremists anyway. They're just looking for a reason to take that up a notch. That's when, cyber caliphate, they hook up with them with a hashtag. They respond and they create a relationship. >> John: They get the fly wheel going. >> They take them to a deep web forum, dark web forum, and start showing them how it works. You can do this. You can be part of something. This guy who was never even muslim now is going under the ISIS moniker and he acts. He drives people over in New York. >> They fossilized their belief system. >> The whole point to the cyber caliphate is to find actors that are already in the self-radicalization phase but what does it take psychologically and from a mentoring perspective, to get them to act? That's the cyber caliphate. >> This is the value of data and context in real time using the current events to use that data, refuel their operation. It's data driven terrorism. >> What's the prescription that you're advising? >> I'm not a regulations kind of guy, but any time you're curating metadata like we're just talking about right now. Any time you have organizations like google, like Facebook, that have become so big, they are like their own nation state. That's a dangerous thing. The metadata curation. >> John: The value of the data is very big. That's the point. >> It is because what's happening... >> John: There's always a vulnerability. >> There's always a vulnerability and it will be exploited and all that metadata, it's unscrubbed. I'm not worried about them selling metadata that's scrubbed. I'm worried about the nation state or the sophisticated actor that already has a remote access Trojan on the network and is exfiltrating in real time. That's the guy that I'm worried about because he can just say, "forget it, I'm going to target people that are at this phase." He knows how to write algorithms, comes up with a good psychographic algorithm, puts the data in there, and now he's like, "look I'm only going to promote this concept, "two people at this particular stage of self-radicalization "or sympathetic to the kremlin." We have a big problem on the college campuses with IP theft because of the Chinese Students Scholar Associations which are directly run by the Chinese communist party. >> I heard a rumor that Equifax's franchising strategy had partners on the VPN that were state sponsored. They weren't even hacking, they had full access. >> There's a reason that the Chinese are buying hotels. They bought the Waldorf Astoria. We do stuff with the UN and NATO, you can't even stay there anymore. I think it's still under construction but it's a no-no to stay there anymore. I mean western nations and allies because they'll have bugs in the rooms. The WiFi that you use... >> Has fake certificates. >> Or there's a vulnerability that's left in that network so the information for executives who have IP or PII or electronic health records, you know what I mean? You go to these places to stay overnight, as an executive, and you're compromised. >> Look what happened with Eugene Kaspersky. I don't know the real story. I don't know if you can comment, but someone sees that and says, "this guy used to have high level meetings "at the Pentagon weekly, monthly." Now he's persona non grata. >> He fell out of favor, I guess, right? It happens. >> James, great conversation. Thanks for coming on the Cube. Congratulations on the great work you guys are doing here at the event. I know the content has been well received. Certainly the key notes we saw were awesome. CSOs, view from the government, from industry, congratulations. James Scott who is the co founder and senior fellow of ICIT, Internet Critical Infrastructure Technology. >> James: Institute of Critical Infrastructure Technology. >> T is for tech. >> And the Center for Cyber Influence Operations Studies. >> Good stuff. A lot of stuff going on (mumbles), exploits, infrastructure, it's all mainstream. It's the crisis of our generation. There's a radical shift happening and the answers are all going to come from industry and government coming together. This is the Cube bringing the data, I'm John Furrier with Dave Vellante. Thanks for watching. More live coverage after this short break. (music)

>> Host: New York City, it's The Cube covering Cyber Connect 2017, brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey, welcome back, everyone. This the Cube's live coverage in New York City. This is the Cyber Connect 2017, presented by Centrify, underwritten by such a large industry event. I'm John Furrier, Dave Vellante. Our next guest is Byron Acohido who's the journalist at lastwatchdog.com. Thanks for joining us, welcome to The Cube. >> Thank you, pleasure to be here. >> So, seasoned journalist, there's a lot to report. Cyber is great, we heard a great talk this morning around the national issues around the government. But businesses are also struggling, too, that seems to be the theme of this event, inaugural event. >> It really is a terrific topic that touches everything that we're doing, the way we live our lives today. So, yeah, this is a terrific event where some of the smartest minds dealing with it come together to talk about the issues. >> What's the top level story in your mind in this industry right now? Chaos, is it data, civil liberties, common threats? How do you stack rank in level of importance, the most important story? >> You know, it really is all of the above. I had the privilege to sit at lunch with General Keith Alexander. I've seen him speak before at different security events. So it was a small group of the keynote speakers, and Tom Kemp, the CEO of Centrify. And he just nailed it. He basically, what resonated with me was he said basically we're kind of like where we were, where the world was at the start of World War I, where Russia and Germany and England, we're all kind of lining up, and Serbia was in the middle, and nobody really knew the significance of what lay ahead, and the US was on the sidelines. And all these things were just going to converge and create this huge chaos. That's what he compared it today, except we're in the digital space with that, because we're moving into cloud computing, mobile devices, destruction of privacy, and then now the nation states, Russia is lining up, North Korea, and Iran. We are doing it too, that was probably one of the most interesting things that came at you. >> His rhetoric was very high on the, hey, get our act together, country, attitude. Like, we got a lot to bring to the table, he highlighted a couple use cases and some war stories that the NSA's been involved in, but almost kind of teasing out, like we're kind of getting in our own way if we don't reimagine this. >> Yes, he is a very great advocate for the private sector industry, but not just industry, the different major verticals like especially the financial sector and the energy sector to put aside some of the competitive urges they have and recognize that this is going on. >> Okay, but I got to ask you, as a journalist, Last Watchdog, General Alexander definitely came down, when he sort of addressed privacy, and Snowden, and the whole story he told about the gentleman from the ACLU who came in a skeptic and left an advocate. As a journalist whose job is to be a skeptic, did you buy that? Does your community buy that? What's the counterpoint to that narrative that we heard this morning? >> Well, actually I think he hit it right on the head. As a journalist, why I got into this business and am still doing it after all these years is if I can do a little bit to shed a little bit of light on something that helps the public recognize what's going on, that's what I'm here to do. And this topic is just so rich and touches everything. We were talking just about the nation state level of it, but really it effects down to what we're doing as a society, what Google, and Facebook, and Twitter, how they're shaping our society and how that impacts privacy. >> We were talking last night, Dave, about the Twitter, and Facebook, and Alphabet in front of the Senate hearings last week, and how it means, in terms, he brought it up today. The common protection of America in this time, given the past election, that was the context of the Google thing, really has got a whole opportunity to reimagine how we work as a society in America, but also on the global stage. You got China, Russia, and the big actors. So, it's interesting, can we eventually reimagine, use this opportunity as the greatest crisis to transform the crap that's out there today. Divisiveness, no trust. We're living in an era now where, in my life time I can honestly say I've never seen it this shitty before. I mean, it's bad. I mean, it's like the younger generation looking at us, looking at, oh, Trump this, Trump that, I don't trust anybody. And the government has an opportunity. >> Alright, but wait a minute. So, I'm down the middle, as you know, but I'm going to play skeptic here a little bit. What I basically heard from General Alexander this morning was we got vetted by the ACLU, they threw sort of holy water on it, and we followed the law. And I believe everything he said, but I didn't know about that law until Snowden went public, and I agree with you, Snowden should be in jail. >> John: I didn't say that. >> You did, you said that a couple, few years ago on The Cube, you said that. Anyway, regardless. >> I'm going to go find the archive. >> Maybe I'm rewriting history, but those laws were enacted kind of in a clandestine manner, so I put it out to both of you guys. As a citizen, are you willing to say, okay, I'll give up maybe some of my privacy rights for protection? I know where I stand on that, but I'm just asking you guys. I mean, do all your readers sort of agree with that narrative? Do all of The Cube? >> If you look at the World War I example the general, he brought up at lunch, I wasn't there, but just me thinking about that, it brings up a good perspective. If you look at reinventing how society in America is done, what will you give up for safety? These are some of the questions. What does patriotizing mean for if industry's going to work together, what does it mean to be a patriot? What I heard from the general onstage today was, we're screwed if we don't figure this out, because the war, it's coming. It's happening at massive speeds. >> Again, I know where I stand on this. I'm a law-abiding citizen. >> - Byron, what do you think? >> Go ahead and snoop me, but I know people who would say no, that's violating my constitutional rights. I dunno, it's worth a debate, is all I'm saying. >> It's a core question to how we're living our lives today, especially here in the US. In terms of privacy, I think the horse has left the barn. Nobody cares about privacy if you just look at the way we live our lives. Google and Facebook have basically thrown the privacy model-- >> GPS. >> That came about because we went through World War I and World War II, and we wanted the right to be left alone and not have authoritative forces following us inside the door. But now we don't live in just a physical space, we live in a cyberspace. >> I think there's new rules. >> There is no privacy. >> Don't try and paint me into a corner here, I did maybe say some comments. Looking forward the new realities are, there are realities happening, and I think the general illuminated a lot of those today. I've been feeling that. However, I think when you you define what it means to be a patriot of the United States of America and freedom, that freedom has to be looked through the prism of the new realities. The new realities are, as the General illuminated, there are now open public domain tools for anyone to attack the United State, industry and government, he brought it up. Who do they protect, the banks? So, this ends up, I think will be a generational thing that the younger generation and others will have to figure out, but the leaders in industry will have to step up. And I think that to me is interesting. What does that look like? >> I think leadership is the whole key to this. I think there's a big thread about where the burden lies. I write about that a lot as a central theme, where is the burden? Well, each of us have a burden in this society to pay attention to our digital footprint, but it's moving and whirling so fast, and the speaker just now from US Bank said there is no such thing as unprecedented, it's all ridiculous the way things are happening. So, it has to be at the level of the leaders, a combination, and I think this is what the general was advocating, a combination of the government as we know it, as we've built it, by and for the people, and industry recognizing that if they don't do it, regulations are going to be pushed down, which is already happening here in New York. New York State Department of Financial Services now imposes rules on financial services companies to protect their data, have a CSO, check their third parties. That just went in effect in March. >> Let's unpack that, because I think that's what new. If they don't do this, they don't partner, governments and industry don't partner together, either collectively as a vertical or sector with the government, then the government will impose new mandates on them. That's kind of what you're getting at. That's what's happening. >> It'll be a push and shove. Now the push is because industry has not acted with enough urgency, and even though they were seeing them in the headlines. California's already led the way in terms of its Data Loss Disclosure law that now 47 states have, but it's a very, I mean, that's just the level the government can push, and then industry has to react to that. >> I got to say, I'm just being an observer in the industry, we do The Cube, and how many events will we hear the word digital transformation. If people think digital transformation is hard now, imagine if the government imposes all these restrictions. >> What about GDPR? >> Byron: That's a good question, yeah. >> You're trying to tell me the US government is going to be obliged to leak private information because of a socialist agenda, which GDPR has been called. >> No, that's another one of these catalysts or one of these drivers that are pushing. We're in a global society, right? >> Here's my take, I'll share my opinion on this, Dave, I brought it up earlier. What the general was pointing out is the terror states now have democratized tools that other big actors are democratizing through the public domain to allow any enemy of the United States to attack with zero consequences, because they're either anonymous. But let's just say they're not anonymous, let's just say they get caught. We can barely convert drug dealers, multiple jurisdictions in court and around the world. What court is out there that will actually solve the problem? So, the question is, if they get caught, what is the judicial process? >> Navy SEALs? >> I mean, obviously, I'm using the DEA and drug, when we've been fighting drug for multiple generations and we still have to have a process to multiple years to get that in a global court. I mean, it's hard. My point is, if we can't even figure it out for drug trade, generations of data, how fast are we going to get cyber criminals? >> Well, there is recognition of this, and there is work being done, but the gap is so large. Microsoft has done a big chunk of this in fighting botnets, right? So, they've taken a whole legal strategy that they've managed to impose in maybe a half-dozen cases the last few years, where they legally went and got legal power to shut down hosting services that were sources of these botnets. So, that's just one piece of it. >> So, this World War I analogy, let's just take it to the cloud wars. So, in a way, Dave, we asked Amazon early on, Amazon Web Services how their security was. And you questioned, maybe cloud has better security than on premise, at that time eight years ago. Oh my God, the cloud is so insecure. Now it looks like the cloud's more secure, so maybe it's a scale game. Cloud guys might actually be an answer, if you take your point to the next level. What do you think? >> Correct me if I'm wrong, you haven't seen these kind of massive Equifax-like breaches at Amazon and Google. >> That we know about. >> That we know about. >> What do you think? Don't they have to disclose? >> Cloud players have an opportunity? >> That we know about. >> That's what I was saying. The question on the table is, are the cloud guys in a better position to walk around and carry the heavy stick on cyber? >> Personally, I would say no question. There's homogeneity of the infrastructure, and standardization, and more automation. >> What do you think? What's your community think? >> I think you're right, first of all, but I think it's not the full answer. I think the full answer is what the general keeps hammering on, which is private, public, this needs to be leadership, we need to connect all these things where it makes sense to connect them, and realize that there's a bigger thing on the horizon that's already breathing down our necks, already blowing fire like a dragon at us. It's a piece of the, yeah. >> It's a community problem. The community has to solve the problem at leadership level for companies and industry, but also what the security industry has always been known for is sharing. The question is, can they get to a data sharing protocol of some sort? >> It's more than just data sharing. I mean, he talked about that, he talked about, at lunch he did, about the ISAC sharing. He said now it's more, ISACs are these informational sharing by industry, by financial industry, health industry, energy industry, they share information about they've been hacked. But he said, it's more than that. We have to get together at the table and recognize where these attacks are coming, and figure out what the smart things are doing, like at the ISP level. That's a big part of the funnel, crucial part of the funnel, is where traffic moves. That's where it needs to be done. >> What about the the balance of power in the cyber war, cyber warfare? I mean, US obviously, US military industrial complex, Russia, China, okay, we know what the balance of power is there. Is there much more of a level playing field in cyber warfare, do you think, or is it sort of mirror the size of the economy, or the sophistication of the technology? >> No, I think you're absolutely right. There is much more of a level playing field. I mean, North Korea can come in and do a, this is what we know about, or we think we know about, come in and do a WannaCry attack, develop a ransomware that actually moves on the internet of things to raise cash, right, for North Korea. So there, yeah, you're absolutely right. >> That's funding their Defense Department. >> As Robert Gates said when he was on The Cube, we have to be really careful with how much we go on the offense with cyber security, because we have more to lose than anybody with critical infrastructure, and the banking system, the electrical grid, nuclear facilities. >> I interviewed a cyber guy on The Cube in the studio from Vidder, Junaid Islam. He's like, we can look at geo and not have anyone outside the US access our grid. I mean, no one should attack our resources from outside the US, to start with. So, core network access has been a big problem. >> Here's something, I think I can share this because I think he said he wouldn't mind me sharing it. At the lunch today, to your point that we have more to lose is, the general said yeah, we have terrific offensive capability. Just like in the analog world, we have all the great bombers, more bombers than anybody else. But can we stop people from getting, we don't have the comparable level of stopping. >> The defense is weak. >> The defense, right. Same thing with cyber. He said somebody once asked him how many of your, what percentage of your offensive attacks are successful? 100%. You know, we do have, we saw some of that with leaks of the NSA's weapons that happened this year, that gone out. >> It's like Swiss cheese, the leaks are everywhere, and it's by the network itself. I ran into a guy who was running one of the big ports, I say the city to reveal who it was, but he's like, oh my God, these guys are coming in the maritime network, accessing the core internet, unvetted. Pure core access, his first job as CIO was shut down the core network, so he has to put a VPN out there and segment the network, and validate all the traffic coming through. But the predecessor had direct internet access to their core network. >> Yeah, I think the energy sector, there's a sponsor here, ICIT, that's in the industrial control space, that I think that's where a lot of attention is going to go in the next couple of years, because as we saw with these attacks of the Ukraine, getting in there and shutting down their power grid for half a day or whatever, or with our own alleged, US own involvement in something like Stuxnet where we get into the power grid in Iran, those controls are over here with a separate legacy. Once you get in, it's really easy to move around. I think that needs to be all cleaned up and locked down. >> They're already in there, the malware's sitting in there, it's idle. >> We're already over there probably, I don't know, but that's what I would guess and hope. >> I don't believe anything I read these days, except your stuff, of course, and ours. Being a journalist, what are you working on right now? Obviously you're out there reporting, what are the top things you're looking at that you're observing? What's your observation space relative to what you're feeding into your reports? >> This topic, security, I'm going to retire and be long gone on this. This is a terrific topic that means so much and connects to everything. >> A lot of runway on this topic, right? >> I think the whole area of what, right there, your mobile device and how it plugs into the cloud, and then what that portends for internet of things. We have this whole 10-year history of the laptops, and we're not even solving that, and the servers are now moving here to these mobile devices in the clouds and IOT. It's just, attack surface area is just, continues to get bigger. >> And the IT cameras. >> The other thing I noticed on AETNA's presentation this morning on the keynote, Jim was he said, a lot of times many people chase the wrong attack vector, because of not sharing, literally waste cycle times on innovation. So, it's just interesting market. Okay, final thoughts, Byron. This event, what's the significance of this event? Obviously there's Black Hat out there and other industry events. What is so significant about CyberConnect from your perspective? Obviously, our view is it's an industry conversation, it's up-leveled a bit. It's not competing with other events. Do you see it the same way? What is your perspective on this event? >> I think that it's properly named, Connect, and I think that is right at the center of all this, when you have people like Jim Ralph from AETNA, which is doing these fantastic things in terms of protecting their network and sharing that freely, and the US Bank guy that was just on, and Verizon is talking later today. They've been in this space a long time sharing terrific intelligence, and then somebody like the general, and Tom Kemp, the CEO of Centrify, talking about giving visibility to that, a real key piece that's not necessarily sexy, but by locking that down, that's accessing. >> How is the Centrify message being received in the DC circles? Obviously they're an enterprise, they're doing very well. I don't know their net revenue numbers because they're private, they don't really report those. Are they well-received in the DC and the cyber communities in terms of what they do? Identity obviously is a key piece of the kingdom, but it used to be kind of a fenced off area in enterprise software model. They seem to have more relevance now. Is that translating for them in the marketplace? >> I would think so, I mean, the company's growing. I was just talking to somebody. The story they have to tell is substantive and really simple. There's some smart people over there, and I think there are friendly ears out there to hear what they have to say. >> Yeah, anything with identity, know your customer's a big term, and you hear in blockchain and anti-money laundering, know your customer, big term, you're seeing more of that now. Certainly seeing Facebook, Twitter, and Alphabet in front of the Senate getting peppered, I thought that was interesting. We followed those guys pretty deeply. They got hammered, like what's going on, how could you let this happen? Not that it was national security, but it was a major FUD campaign going on on those platforms. That's data, right, so it wasn't necessarily hacked, per se. Great stuff, Byron, thanks for joining us here on The Cube, appreciate it. And your website is lastwatchdog.com. >> Yes. >> Okay, lastwatchdog.com. Byron Acohido here inside The Cube. I'm John Furrier, Dave Vellante, we'll be back with more live coverage after this short break.

>> Narrator: Live from Silicon Valley, it's theCUBE, covering Google Cloud, Next 17. >> Hey, welcome back everyone. We're here live in the Palo Alto Studios, SiliconANGLE Media, is theCUBE's new 4400 square foot studio, here in our studio, this is our sports center. I'm here with Stu Miniman, analyst at Wikibon on the team. I was at the event all day today, drove down to Palo Alto to give us the latest in-person updates, as well as, for the past two days, Stu has been at the Analyst Summit, which is Google's first analyst summit, Google Cloud. And Stu, we're going to break down day one in the books. Certainly, people starting to get onto there. After-meetups, parties, dinners, and festivities. 10,000 people came to the Google Annual Cloud Next Conference. A lot of customer conversations, not a lot of technology announcements, Stu. But we got another day tomorrow. >> John, first of all, congrats on the studio here. I mean, it's really exciting. I remember the first time I met you in Palo Alto, there was the corner in ColoSpace-- >> Cloud Air. >> A couple towards down for fries, at the (mumbles) And look at this space. Gorgeous studio. Excited to be here. Happy to do a couple videos. And I'll be in here all day tomorrow, helping to break down. >> Well, Stu, first allows us to, one, do a lot more coverage. Obviously, Google Next, you saw, was literally a blockbuster, as Diane Greene said. People were around the block, lines to get in, mass hysteria, chaos. They really couldn't scale the event, which is Google's scale, they nailed the scale software, but scaling event, no room for theCUBE. But we're pumping out videos. We did, what? 13 today. We'll do a lot more tomorrow, and get more now. So you're going to be coming in as well. But also, we had on-the-ground, cause we had phone call-ins from Akash Agarwal from SAP. We had an exclusive video with Sam Yen, who was breaking down the SAP strategic announcement with Google Cloud. And of course, we have a post going on siliconangle.com. A lot of videos up on youtube.com/siliconangle. Great commentary. And really the goal was to continue our coverage, at SiliconANGLE, theCUBE, Wikibon, in the Cloud. Obviously, we've been covering the Cloud since it's really been around. I've been covering Google since it was founded. So we have a lot history, a lot of inside baseball, certainly here in Palo Alto, where Larry Page lives in the neighborhood, friends at Google Earth. So the utmost respect for Google. But really, I mean, come on. The story, you can't put lipstick on a pig. Amazon is crushing them. And there's just no debate about that. And people trying to put that out there, wrote a post this morning, to actually try to illustrate that point. You really can't compare Google Cloud to AWS, because it's just two different animals, Stu. And my point was, "Okay, you want to compare them? "Let's compare them." And we're well briefed on the Cloud players, and you guys have the studies coming out of Wikibon. So there it is. And my post pretty much sums up the truth, which is, Google's really serious about the enterprise. Their making steps, there's some holes, there's some potential fatal flaws in how they allow customers to park their data. They have some architectural differences. But Stu, it's really a different animal. I mean, it's apples and oranges in the Cloud. I don't think it's worthy complaining, because certainly Amazon has the lead. But you have Microsoft, you have Google, you have Oracle, IBM, SAP, they're all kind of in the cluster of this, I call "NASCAR Formation", where they're all kind of jocking around, some go ahead. And it really is a race to get the table stake features done. And really, truly be serious contender for the enterprise. So you can be serious about the enterprise, and say, "Hey, I'm serious about the enterprise." But to be serious winner and leader, are two different ball games. >> And a lot to kind of break down here, John. Because first of all, some of the (mumbles) challenges, absolutely, they scaled that event really big. And kudos to them, 10,000 people, a lot of these things came together last minute. They treated the press and analysts really well. We got to sit up front. They had some good sessions. You just tweeted out, Diane Greene, in the analyst session, and in the Q&A after, absolutely nailed it. I mean, she is an icon in the industry. She's brilliant, really impressive. And she's been pulling together a great team of people that understand the enterprise. But who is Google going after, and how do they compete against so of the other guys, is really interesting to parse. Because some people were saying in the keynote, "We heard more about G Suite "than we heard about some of the Cloud features." Some of that is because they're going to do the announcements tomorrow. And you keep hearing all this G Suite stuff, and it makes me think of Microsoft, not Amazon. It makes me think of Office 365. And we've been hearing out of Amazon recently, they're trying to go after some of those business productivity applications. They're trying to go there where Microsoft is embedded. We know everybody wants to go after companies like IBM and Oracle, and their applications. Because Google has some applications, but really, their strength is been on the data. The machine the AI stuff was really interesting. Dr. Fei-Fei Li from Stanford, really good piece in the keynote there, when they hired her not that long ago. The community really perked up, and is really interesting. And everybody seems to think that this could be the secret weapon for Google. I actually asked them like, in some of the one-on-ones, "Is this the entry point? "Are most people coming for this piece, "when it's around these data challenges in the analytics, "and coming to Google." And they're like, "Well, it's part of it. "But no, we have broad play." Everything from devices through G Suite. And last year, when they did the show, it was all the Cloud. And this year, it's kind of the full enterprise suite, that they're pulling in. So there's some of that sorting out the messaging, and how do you pull all of these pieces together? As you know, when you've got a portfolio, it's like, "Oh well, I got to have a customer for G Suite." And then when the customer's up there talking about G Suite for a while, it's like, "Wait, it's--" >> Wait a minute. Is this a software? >> "What's going on?" >> Is this a sash show? Is this a workplace productivity show? Or is this a Cloud show? Again, this is what my issue is. First of all, the insight is very clear. When you start seeing G Suite, that means that they've got something else that they are either hiding or waiting to announce. But the key though, that is the head customers. That was one important thing. I pointed out in my blog post. To me, when I'm looking for it's competitive wins, and I want to parse out the G Suite, because it's easy just to lay that on, Microsoft does it with 365 of Office, Oracle does it with their stuff. And it does kind of make the numbers fuzzy a little bit. But ultimately, where's the beef on infrastructure as a service, and platform as a service? >> And John, good customers out there, Disney, Colgate, SAP as a partner, HSBC, eBay, Home Depot, which was a big announcement with Pivotal, last year, and Verizon were there. So these are companies, we all know them. Dan Greene was joking, "Disney is going to bring their magic onto our magic. "And make that work." So real enterprise use cases. They seem to have some good push-around developers. They just acquired Kaggle, which is working in some of that space. >> Apogee. >> Yeah, Apogee-- >> I think Apogee's an API company, come on. What does that relate to? It has nothing to do with the enterprise. It's an API management solution. Okay, yes. I guess it fits the stack for Cloud-Native, and for developers. I get that. But this show has to nail the enterprise, Stu. >> And John, you remember back four years ago, when we went to the re:Invent show for the first time, and it was like, they're talking to all the developers, and they haven't gotten to the enterprise. And then they over-pivoted to enterprise. And I listen to the customers that were talking and keynote today, and I said, "You know, they're talking digital transformation, "but it's not like GE and Nike getting up on stage, "being like, "'We're going to be a software company, "'and we're hiring lots--'" >> John: Moving our data center over. >> They were pulling all of over stuff, and it's like, "Oh yeah, Google's a good partner. "And we're using them--" >> But to be fair, Stu. Let's be fair, for a second. First of all, let's break down the keynotes. And then we'll get to some of the things about being fair. And I think, one, people should be fair to Diane Greene, because I think that the press and the coverage of it, looking at the media coverage, is weak. And I'll tell you why it's weak. Cause everyone has the same story as, "Oh, Google's finally serious about Cloud. "That's old news. "Diane Greene from day one says "we're serious with the Cloud." That's not the story. The story is, can they be a serious contender? That's number one. On the keynote, one, customer traction, I saw that, the slide up there. Yeah, the G Suite in there, but at least they're talking customers. Number two, the SAP news was strategic for Google. SAP now has Google Cloud platform, I mean, Google Cloud support for HANA, and also the SAP Cloud platform. And three, the Chief Data Science from AIG pointed. To me, those were the three highlights of the keynote. Each one, thematically, represents at least a positive direction for Google, big time, which is, one, customer adoption, the customer focus. Two, partnerships with SAP, and they had Disney up there. And then three, the real game changer, which is, can they change the AI machine learning, TensorFlow has a ton of traction. Intel Xeon chips now are optimized with TensorFlow. This is Google. >> TensorFlow, Kubernetes, it's really interesting. And it's interesting, John, I think if the media listened to Eric Schmidt at the end, he was talking straight to them. He's like, "Look, bullet one. "17 years ago, I told Google that "this is where we need to go. "Bullet two, 30 billion dollars "I'm investing in infrastructure. "And yes, it's real, "cause I had to sign off on all of this money. And we've been all saying for a while, "Is this another beta from Google. "Is it serious? "There's no ad revenue, what is this?" And Diane Greene, in the Q&A afterwards, somebody talked about, "Perpetual beta seems to be Google." And she's like, "Look, I want to differentiate. "We are not the consumer business. "The consumer business might kill something. "They might change something. "We're positioning, "this a Cloud that the enterprise can build on. "We will not deprecate something. "We'll support today. "We'll support the old version. "We will support you going forward." Big push for channel, go-to-market service and support, because they understand that that-- >> Yeah, but that's weak. >> For those of us that used Google for years, understand that-- >> There's no support. >> "Where do I call for Google?" Come on, no. >> Yeah, but they're very weak on that. And we broke that down with Tom Kemp earlier, from Centrify, where Google's play is very weak on the sales and marketing side. Yeah, I get the service piece. But go to Diane Greene for a second, she is an incredible, savvy enterprise executive. She knows Cloud. She moved from server to virtualization. And now she can move virtualization to Cloud. That is her playbook. And I think she's well suited to do that. And I think anyone who rushes to judgment on her keynote, given the fail of the teleprompter, I think is a little bit overstepping their bounds on that. I think it's fair to say that, she knows what she's doing. But she can only go as fast as they can go. And that is, you can't like hope that you're further along. The reality is, it takes time. Security and data are the key points. On your point you just mentioned, that's interesting. Because now the war goes on. Okay, Kubernetes, the microservices, some of the things going on in the applications side, as trends like Serverless come on, Stu, where you're looking at the containerization trend that's now gone to Kubernetes. This is the battleground. This is the ground that we've been at Dockercon, we've been at Linux, CNCF has got huge traction, the Cloud Native Compute Foundation. This is key. Now, that being said. The marketplace never panned out, Stu. And I wanted to get your analysis on this, cause you cover this. Few years ago, the world was like, "Oh, I want to be like Facebook." We've heard, "the Uber of this, and the Airbnb of that." Here's the thing. Name one company that is the Facebook of their company. It's not happening. There is no other Facebook, and there is no other Google. So run like Google, is just a good idea in principle, horizontally scalable, having all the software. But no one is like Google. No one is like Facebook, in the enterprise. So I think that Google's got to downclock their messaging. I won't say dumb down, maybe I'll just say, slow it down a little bit for the enterprise, because they care about different things. They care more about SLA than pricing. They care more about data sovereignty than the most epic architecture for data. What's your analysis? >> John, some really good points there. So there's a lot of technology, where like, "This is really cool." And Google is the biggest of it. Remember that software-defined networking we spent years talking about? Well, the first big company we heard about was Google, and they got up of stage, "We're the largest SDN deployer in the world on that." And it's like, "Great. "So if you're the enterprise, "don't deploy SDN, go to somebody else "that can deliver it for you. "If that's Google, that's great." Dockercon, the first year they had, 2014, Google got up there, talked about how they were using containers, and containers, and they spin up and spin down. Two billion containers in a week. Now, nobody else needs to spin up two billion containers a week, and do that down. But they learned from that. They build Kubernetes-- >> Well, I think that's a good leadership position. But it's leadership position to show that you got the mojo, which again, this is again, what I like about Google's strategy is, they're going to play the technology card. I think that's a good card to play. But there are some just table stakes they got to nail. One is the certifications, the security, the data. But also, the sales motions. Going into the enterprise takes time. And our advice to Diane Greene was, "Don't screw the gold Google culture. "Keep that technology leadership. "And buy somebody, "buy a company that's got a full blown sales force." >> But John, one of the critiques of Google has always been, everything they create, they create like for Google, and it's too Googley. I talked to a couple of friends, that know about AWS for a while, and when they're trying to do Google, they're like, "Boy, this is a lot tougher. "It's not as easy as what we're doing." Google says that they want to do a lot of simplicity. You touched on pricing, it's like, "Oh, we're going to make pricing "so much easier than what Amazon's doing." Amazon Reserved Instances is something that I hear a lot of negative feedback in the community on, and Google's like, "It's much simpler." But when I've talked to some people that have been using it, it's like, "Well, generally it should be cheaper, "and it should be easier. "But it's not as predictable. "And therefore, it's not speaking to what "the CFO needs to have. "I can't be getting a rebate sometime down the road. "Based on some advanced math, "I need to know what I'm going to be getting, "and how I'm going to be using it." >> And that's a good point, Stu. And this comes down to the consumability of the Cloud. I think what Amazon has done well, and this came out of many interviews today, but it was highlighted by Val Bercovici, who pointed out that, Amazon has made their service consumable by the enterprise. I think that's important. Google needs to start thinking about how enterprises want to consume Cloud, and hit those points. The other thing that Val and I teased at, was kind of some new ground, and he coined the term, or used the term, maybe he coined it, I'm not sure, empathy. Enterprise empathy. Google has developer empathy, they understand the developer community. They're rock solid on open source. Obviously, their mojo's phenomenal on technology, AI, et cetera, TensorFlow, all that stuff's great. Empathy for the enterprise, not there. And I think that's something that they're going to have to work on. And again, that's just evolution. You mentioned Amazon, our first event, developer, developer, developer. Me and Pat Gelsinger once called it the developer Cloud. Now they're truly the enterprise Cloud. It took three years for Amazon to do that. So you just can't jump to a trajectory. There's a huge amount of diseconomies of scale, Stu, to try and just be an enterprise player overnight, because, "We're Google." That's just not going to fly. And whether it's sales motions, pricing and support, security, this is hard. >> And sorting out that go-to-market, is going to take years. You see a lot of the big SIs are there. PwC, everywhere at the show. Accenture, big push at the show. We saw that a year or two ago, at the Amazon show. I talked to some friends in the channel, and they're like, "Yeah, Google's still got work to do. "They're not there." Look, Amazon has work to do on the go-to-market, and Google is still a couple-- >> I mean, Amazon's not spring chicken here. They're quietly, slowly, ramming up. But they're not in a good position with their sales force, needs to be where they want to be. Let's talk about technology now. So tomorrow we're expecting to see a bunch of stuff. And one area that I'm super excited about with Google, is if they can have their identity identified, and solidified with the mind of the enterprise, make their product consumable, change or adjust or buy a sales force, that could go out and actually sell to the enterprise, that's going to be key. But you're going to hear some cool trends that I like. And if you look at the TensorFlow, and the relationship, Intel, we're going to see Intel on stage tomorrow, coming out during one of the keynotes. And you're going to start to see the Xeon chip come out. And now you're starting to see now, the silicon piece. And this has been a data center nuisance, Stu. As we talked about with James Hamilton at Amazon, which having a hardware being optimized for software, really is the key. And what Intel's doing with Xeon, and we talked to some other people today about it, is that the Cloud is like an operating system, it's a global computer, if you want look at that. It's a mainframe, the software mainframe, as it's been called. You want a diversity of chipsets, from two cores Atom to 72 cores Xeon. And have them being used in certain cases, whether it's programmable silicon, or whether it's GPUs, having these things in use case scenarios, where the chips can accelerate the software evolution, to me is going to be the key, state of the art innovation. I think if Intel continues to get that right, companies like Google are going to crush it. Now, Amazon, they do their own. So this is going to another interesting dynamic. >> Yeah, it was actually one of the differentiating points Google's saying, is like, "Hey, you can get the Intel Skylake chip, "on Google Cloud, "probably six months before you're going to be able to "just call up your favorite OEM of choice, "and get that in there." And it's an interesting move. Because we've been covering for years, John, Google does a ton of servers. And they don't just do Intel, they've been heavily involved in the openPOWER movement, they're looking at alternatives, they're looking at low power, they're looking at from their device standpoint. They understand how to develop to all these pieces. They actually gave to the influencers, the press, the analysts, just like at Amazon, we all walked home with Echo Dot, everybody's walking home with the Google Homes. >> John: Did you get one? >> I did get one, disclaimer. Yeah, I got one. I'll be playing with it home. I figured I could have Alexa and Google talking to each other. >> Is it an evaluation unit? You have to give it back, or do you get to keep? >> No, I'm pretty sure they just let us keep that. >> John: Tainted. >> But what I'm interested to see, John, is we talk like Serverless, so I saw a ton of companies that were playing with Alexa at re:Invent, and they've been creating tons of skills. Lambda currently has the leadership out there. Google leverages Serverless in a lot of their architecture, it's what drives a lot of their analytics on the inside. Coming into the show, Google Cloud Functions is alpha. So we expect them to move that forward, but we will see with the announcements come tomorrow. But you would think if they're, try to stay that leadership though there, I actually got a statement from one of the guys that work on the Serverless, and Google believes that for functions, that whole Serverless, to really go where it needs to be, it needs to be open. Google isn't open sourcing anything this week, as far as I know. But they want to be able to move forward-- >> And they're doing great at open source. And I think one of the things, that not to rush to judgment on Google, and no one should, by the way. I mean, certainly, we put out our analysis, and we stick by that, because we know the enterprise pretty well, very well actually. So the thing that I like is that there are new use cases coming out. And we had someone who came on theCUBE here, Tarun Thakur, who's with Datos, datos.io. They're reimagining data backup and recovery in the Cloud. And when you factor in IoT, this is a paradigm shift. So I think we're going to see use cases, and this is a Google opportunity, where they can actually move the goal post a bit on the market, by enabling these no-use cases, whether it's something as, what might seem pedestrian, like backup and recovery, reimagining that is huge. That's going to take impact as the data domains of the world, and what not, that (mumbles). These new uses cases are going to evolve. And so I'm excited by that. But the key thing that came out of this, Stu, and this is where I want to get your reaction on is, Multicloud. Clearly the messaging in the industry, over the course of events that we've been covering, and highlighted today on Google Next is, Multicloud is the world we are living in. Now, you can argue that we're all in Amazon's world, but as we start developing, you're starting to see the emergence of Cloud services providers. Cloud services providers are going to have some tiering, certainly the big ones, and then you're going to have secondary partner like service providers. And Google putting G Suite in the mix, and Office 365 from Microsoft, and Oracle put in their apps in their Clouds stuff, highlights that the SaaS market is going to be very relevant. If that's the case, then why aren't we putting Salesforce in there, Adobe? They all got Clouds too. So if you believe that there's going to be specialism around Clouds, that opens up the notion that there'll be a series of Multicloud architectures. So, Stu-- >> Stu: Yeah so, I mean, John, first of all-- >> BS? Real? I mean what's going on? >> Cloud is this big broad term. From Wikibon's research standpoint, SaaS, today, is two-thirds of the public Cloud market. We spend a lot of time talking-- >> In revenue? >> In revenue. Revenue standpoint. So, absolutely, Salesforce, Oracle, Infor, Microsoft, all up there, big dollars. If we look at the much smaller part of the world, that infrastructures a service, that's where we're spending a lot of time-- >> And platforms a service, which Gartner kind of bundles in, that's how Gartner looks at it. >> It's interesting. This year, we're saying PaaS as a category goes away. It's either SaaS plus, I'm sorry, it's SaaS minus, or infrastructure plus. So look at what Salesforce did with Heroku. Look at what company service now are doing. Yes, there are solutions-- >> Why is PaaS going away? What's the thesis? What's the premise of that for Wikibon research? >> If we look at what PaaS, the idea was it tied to languages, things like portability. There are other tools and solutions that are going to be able to help there. Look at, Docker came out of a PaaS company, DockCloud. There's a really good article from one of the Docker guys talking about the history of this, and you and I are going to be at Dockercon. John, from what I hear, we're going to spending a lot of time talking about Kubernetes, at Dockercon. OpenStack Summit is going to be talking a lot about-- >> By the way, Kubernetes originated at Google. Another cool thing from Google. >> All right, so the PaaS as a market, even if you talk to the Cloud Foundry people, the OpenShift people. The term we got, had a year ago was PaaS is Passe, the nice piffy line. So it really feeds into, because, just some of these categorizations are what we, as industry watchers have a put in there, when you talk to Google, it's like, "Well, why are they talking about G Suite, "and Google Cloud, and even some of their pieces?" They're like, "Well, this is our bundle "that we put together." When you talk to Microsoft, and talk about Cloud, it's like, "Oh, well." They're including Skype in that. They're including Office 365. I'm like, "Well, that's our productivity. "That's a part of our overall solutions." Amazon, even when you talk to Amazon, it's not like that there are two separate companies. There's not AWS and Amazon, it's one company-- >> Are we living in a world of alternative facts, Stu? I mean, Larry Ellison coined the term "Fake Cloud", talking about Salesforce. I'm not going to say Google's a fake Cloud, cause certainly it's not. But when you start blending in these numbers, it's kind of shifting the narrative to having alternative facts, certainly skewing the revenue numbers. To your point, if PaaS goes away because the SaaS minuses that lower down the stack. Cause if you have microservices and orchestration, it kind of thins that out. So one, is that the case? And then I saw your tweet with Sam Ramji, he formally ran Cloud Foundry, he's now at Google, knows his stuff, ex-Microsoft guy, very strong dude. What's he take? What's his take on this? Did you get a chance to chat with Sam at all? >> Yeah, I mean, it was interesting, because Sam, right, coming from Cloud Foundry said, what Cloud Foundry was one of the things they were trying to do, was to really standardize across the clouds. And of course, little bias that he works at Google now. But he's like, "We couldn't do that with Google, "cause Google had really cool features. And of course, when you put an abstraction layer on, can I actually do all the stuff? And he's like, "We couldn't do that." Sure, if you talked to Amazon, they'll be like, "Come on. "Thousand features we announced last year, "look at all the things we have. "It's not like you can just take all of our pieces, "and use it there." Yes, at the VM, or container, or application microservices layer, we can sit on a lot of different Clouds, public or private. But as we said today, the Cloud is not a utility. John, you've been in this discussion for years. So we've talked about, "Oh, I'm just going "to have a Cloud broker, "and go out in a service." It's like, this is not, I'm not buying from Domino's and Pizza Hut, and it's pepperoni pizza's a pepperoni pizza. >> Well, Multicloud, and moving workloads across Clouds, is a different challenge. Certainly, I might have to some stuff here, maybe put some data and edge my bets on leveraging other services. But this brings up the total cost of ownership problem. If you look at the trajectory, say OpenStack, just as a random example. OpenStack, at one point, had a great promise. Now it's kind of niched down into infrastructural service. I know you're going to be covering that summit in Boston. And it's going to be interesting to see how that is. But the word in the community is, that OpenStack is struggling because of the employment challenges involved with it. So to me, Google has an opportunity to avoid that OpenStack kind of concept. Because, talking about Sam Ramji, open source is the wildcard in all of this. So if you look at a open source, and you believe that that PaaS layer's thinning down, to infrastructure and SaaS, then you got to look at the open source community, and that's going to be a key area, that we're certainly watching, and we've identified, and we've mentioned it before. But here's my point. If you look at the total cost of ownership. If I'm a customer, Stu, I'm like, "Okay, if I'm just going to move to the Cloud, "I need to rely and lean on my partner, "my vendor, my supplier, "Amazon, or Google, or Microsoft, whoever, "to provide really excellent manageability. "Really excellent security. "Because if I don't, I have to build it myself." So it's becoming the shark fin, the tip of the iceberg, that you don't see the hidden cost, because I would much rather have more confidence in manageability that I can control. But I don't want to have to spend resources building manageability software, if the stuff doesn't work. So there's the issue about Multicloud that I'm watching. Your thoughts? Or is that too nuance? >> No, no. First of all, one of the things is that if I look at what I was doing on premises, before versus public Cloud, yes, there are some hidden costs, but in general I think we understand them a little bit better in public Cloud. And public Cloud gives us a chance to do a do-over for this like security, which most of us understand that security is good in public Cloud. Now, security overall, lots of work to do, challenges, not security isn't the same across all of them. We've talked to plenty of companies that are helping to give security across Clouds. But this Multicloud discussion is still something that is sorting out. Portability is not simple, but it's where we're going. Today, most companies, if I'm not really small, have some on-prem pieces. And they're leveraging at least one Cloud. They're usually using many SaaS providers. And there's this whole giant ecosystem, John, around the Cloud management platforms. Because managing across lots of environment, is definitely a challenge. There's so many companies that are trying to solve them. And there's just dozens and dozens of these companies, attacking everything from licensing, to the data management, to everything else. So there's a lot of challenges there, especially the larger you get as a company, the more things you need to worry about. >> So Stu, just to wrap up our segment. Great day. Wanted to just get some color on the day. And highlighting some parody from the web is always great. Just got a tweet from fake Andy Jassy, which we know really isn't Andy Jassy. But Cloud Opinion was very active to the hashtag, that Twitter handle Cloud Opinion. But he had a medium post, and he said, "Eric Schmidt was boring. "Diane Greene was horrible. "Unfortunately, day one keynote were missed opportunity, "that left several gaps, "failed to portray Google's vision for Google Cloud. "They could've done the following, A, "explain the vision for the Cloud, "where do they see Google Cloud going. "Identify customer use cases that show samples "and customer adoption." They kind of did that. So discount that. My favorite line is this one, "Differentiate from other Cloud providers. "'We're Google damn it,' isn't working so well. "Neither is indirect shots as S3 downtime, "didn't work either as well as either. "Where is the customer's journey going? "And what's the most compelling thing for customers?" This phrase, "We're Google damn it," has kind of speaks to the arrogance of Google. And we've seen this before, and always say, Google doesn't have a bad arrogance. I like the Google mojo. I think the technology, they run hard. But they can sometimes, like, "Customer support, self-service." You can't really get someone on the phone. It's hard to replies from Google. >> "Check out YouTube video. "We own that too, don't you know that?" >> So this is a perception of Google. This could fly in the face, and that arrogance might blow up in the enterprise, cause the enterprises aren't that sophisticated to kind of recognize the mojo from Google. And they, "Hey, I want support. "I want SLAs. "I want security. "I want data flexibility." What's your thoughts? >> So Cloud Opinion wrote, I thought a really thoughtful piece leading up to it, that I didn't think was satire. Some of what he's putting in there, is definitely satire-- >> John: Some of it's kind of true though. >> From the keynote. So I did not get a sense in the meetings I've been in, or watching the keynote, that they were arrogant. They're growing. They're learning. They're working with the community. They're reaching out. They're doing all the things we think they need to do. They're listening really well. So, yes, I think the keynote was a missed opportunity overall. >> John: But we've got to give, point out that was a teleprompter fail. >> That was a piece of it. But even, we felt with a little bit of polish, some of the interactions would've been a little bit smoother. I thought Eric Schmidt's piece was really good at end. As I said before, the AI discussion was enlightening, and really solid. So I don't give it a glowing rating, but I'm not ready to trash it. And tomorrow is when they're going to have the announcements. And overall, there's good buzz going at the show. There's lots going on. >> Give 'em a letter. Letter grade. >> For the keynote? Or the show in general? >> So far, your experience as an analyst, cause you had the, again, to give them credit, I agree with you. First analyst conference. They are listening. And the slideshow, you see what they're doing. They're being humble. They didn't take any real direct shots at its competitors. They were really humble. >> And that is something that I think they could've helped to focus one something that differentiated a little bit. Something we had to pry out of them in some of the one-on-ones, is like, "Come on, what are you doing?" And they're like, "We're winning 50, 60% of our competitive deals." And I'm like, "Explain to us why. "Because we're not hearing it. "You're not articulating it as well." It's not like we expect them, it's like, "Oh wait, they told us we're arrogant. "Maybe we should be super humble now." It's kind of-- >> I don't think they're thinking that way. I think my impression of Google, knowing the companies history, and the people involved there, and Diane Greene in particular, as you know from the Vmware days. She's kind of humble, but she's not. She's tough. And she's good. And she's smart. >> And she's bringing in really good people. And by the way, John, I want to give them kudos, really supported International Women's Day, I love the, Fei-Fei got up, and she talked about her, one of her compatriots, another badass woman up there, that got like one of the big moments of the keynote there. >> John: Did they have a woman in tech panel? >> Not at this event. Because Diane was there, Fei-Fei was there. They had some women just participating in it. I know they had some other events going on throughout the show. >> I agree, and I think it's awesome. I think one of the things that I like about Google, and again, I'll reiterate, is that apples and oranges relative to the other Cloud guys. But remember, just because Amazon's lead is so far ahead, that you still have this jocking of position between the other players. And they're all taking the same pattern. Again, this is the same thing we talked about at our other analysis, is that, certainly at re:Invent, we talked about the same thing. Microsoft, Oracle, IBM, and now Google, are differentiating with their apps. And I think that's smart. I don't think that's a bad move at all. It does telegraph a little bit, that maybe they got, they could add more to show, we'll see tomorrow. But I don't think that's a bad thing. Again, it does make the numbers a little messy, in terms of what's what. But I think it's totally cool for a company to differentiate on their offering. >> Yeah, definitely. And John, as you said, Google is playing their game. They're not trying to play Amazon's game. They're not, Oracle's thing was what? You kind of get a little bit of the lead, and kind of just make sure how you attack and stay ahead of what they're doing, going to the boating analogy there. But Google knows where they're going, moving themselves forward. That they've made some really good progress. The amount of people, the amount of news they have. Are they moving fast enough to really try to close a little bit on the Amazon's world, is something I want to come out of the show with. Where are customers going? >> And it's a turbulent time too. As Peter Burris, our own Peter Buriss at Wikibon, would say, is a turbulent time. And it's going to really put everyone on notice. There's a lot to cover, if you're an analyst. I mean, you have compute, network storage, services. I mean, there's a slew of stuff that's being rolled out, either in table stakes for existing enterprises, plus new stuff. I mean, I didn't hear a lot of IoT today. Did you hear much IoT? Is there IoT coming to you at the briefing? >> Come on. I'm sure there's some service coming out from Google, that'll help us be able to process all this stuff much faster. They'll just replace this with-- >> So you're in the analyst meeting. I know you're under NDA, but is there IoT coming tomorrow? >> IoT was a term that I heard this week, yes. >> So all right, that's a good confirmation. Stu cannot confirm or deny that IoT will be there tomorrow. Okay, well, that's going to end day one of coverage, here in our studio. As you know, we got a new studio. We have folks on the ground. You're going to start to see a new CUBE formula, where we have in-studio coverage, and out in the field, like our normal CUBE, our "game day", as we say. Getting all the signal, extracting it from that noise out there, for you. Again, in-studio allows us to get more content. We bring our friends in. We want to get the content. We're going to get the summaries, and share that with you. I'm John Furrier, Stu Miniman, day one coverage. We'll see you tomorrow for another full day of special coverage, sponsored by Intel, two days of coverage. I want to thank Intel for supporting our editorial mission. We love the enterprise, we love Cloud, we love big data, love Smart Cities, autonomous vehicles, and the changing landscape in tech. We'll be back tomorrow, thanks for watching.

(upbeat music) >> Narrator: Live, from Silicon Valley. It's the Cube. Covering Google Cloud X17. >> Okay welcome back, everyone. We are live in Palo Alto for two days of coverage of Google Next 2017. I'm John Furrier, we're here with Tom Kemp, CEO of Centrify. No longer a startup, they're scaling up. You guys do it very well. Tom, great to see you. Welcome to the Cube. >> Great to be here. >> Saw you at RSA, you guys had an exceptional event. One Presence to show, obviously a security show, you're in the security business. But also mobile world congress will try to get you on again security's hot, front and center at mobile world congress. >> Yeah. >> Security is front and center at Google Cloud Next. Security is front and center at blank event. It's happening everywhere right? So give us the update. What is Centrify, obviously the "No Breach" is your tagline. What's up with Centrify? Give us a quick update on what you're up to. >> Yeah, absolutely. So we're a security company focused, as you said, on identity. And we really address the issue of too many passwords and too much privilege. The fundamental issue that's happening within security, is like 75 billion dollars is being spent on it, it's one of the fastest growing market segments, but it's failing because the breaches are far outnumbering, and growing at a faster rate, than the amount of money being spent on that. And so, we're trying to rethink security by looking at where are the breaches are coming from, and they're coming in from, like in the case of Podesta, stealing usernames and passwords. And Verizon said two thirds of breaches involve stolen credentials. And Forrester just recently said that 80 percent of breaches involve the compromise of privileged accounts, the rude accounts for the infrastructure etc. So if two thirds, to 80 percent of breaches involve identity, we fundamentally believe you need to focus a lot more on that, and that's what we're all about. Focusing on identity. >> And what is this? Is this a new revelation, or is this something that you guys have felt was happening for a long time, or has it just been the matter of fact, that's what's happening? >> You know it's, we have some great investors, and we have Excel, Mayfield, Index, Sigma now called Jex, and Square Adventures. And one of the board members told me, the markets come to you, because we've been doing this for over 10 years. And focusing on identity, and people are like, "Oh okay, that's interesting." But now, if you look at just the massive number of breaches that are occurring, and the focus that identity is the leading attack vector, and then you couple it with the whole move to the Cloud, I know we're going to be talking about what Google is doing in the Cloud, etc. It actually makes the problem even worse. And so we feel that we've been plugging along, doing and focusing on identity, and now kind of the market has come to us, because of the move to Cloud, and the hackers are going after identities. >> Yeah it's interesting, I saw a Facebook friend, I won't say his name for privacy, because I don't have the right to talk about it, he's in bitcoin, so obviously that world is an underbelly in itself. Yeah but, interesting thing is that he had two factor authentication on his phone, and someone hacked his phone and they sent the password back to his phone, all his bank accounts are gone. >> Oh my goodness. >> So this is an example of that privileged identity. So that even two factor authentication, in that case, didn't work. So you starting to see this, right? So what's the answer, and how does it relate to cloud? There's no perimeter in the cloud. Is it federated identity, is it some blocked chain thing, is there new model? What's your view on this, and how you guys attacking it specifically? >> Yeah, I mean in a world in which we're increasingly moving to the cloud, what can you secure? Like if I'm at a Starbucks in Palo Alto, on my Ipad, talking to Google apps, talking to sales force etc., I don't have any Anti Virus, I'm not using any next gen firewall, or VPN etc. So the focus needs to shift to securing the user. And you really need to start integrating, and leveraging, from a multi factor authentication biometrics as well. Use that phone, use the touch ID, to actually ensure that. And then also, in the cloud, start analyzing user behavior. And actually determine, well wait a minute, this person normally doesn't login from China, but now he's accessing the sales force, or Facebook etc. So, it's becoming, evolving more to utilizing mobile device as part of your identity, and it's also leveraging machine learning to understand what normal behavior is, and blocking abnormal behavior. >> And also using big data techniques, because your point about China is interesting. Anyone who travels might have had this situation, we go to Vegas a lot for the Cube, but like I'm in Vegas then I pull out an ATM withdrawal, next I go to use my other credit card, and it says "woah fraud alert." >> Tom: Yes. >> Well, wait a minute, I made a cell phone call, I took money out of the bank, and yet the credit card didn't know that I'm in Vegas. Now that's interesting, so conversely, China's accessing my accounts, and I'm making phone calls in Palo Alto, that should be obvious. >> Yeah. >> That just seems like it's just so disfragmented data sets. >> So historically, the definition of identity was a username, and a password. But, in a Cloud world, identity should be redefined in terms of your applications, your device, your location, and your activity. So, if you are trying to access an app from China, it should ask you for four or five additional bits of information, instead of two factors, it should be multi-factor, and it should include biometrics as well. So, machine learning is this going to become even more critical to reduce fraud, and the compromise of credentials. >> So, let's talk about google next. Because one of the things that, I mean really we know Google, we're living in Palo Alto, they're all around us, they're in Mountain View, Larry Page lives in the hood here. Google has always been a technology innovator, and it's clear that that's the lead for their Cloud. But the enterprise, which they're by the way serious, Dian Green is very serious with enterprise, they're just starting to move down that road. You've been there for awhile, on mobile, and in the enterprise, what is some of the things that people should know about on how hard it is in the enterprise? Specifically with Cloud, what is some of the things that you see as table stakes? >> Yeah, it's actually having meat eating sales reps out in the field. Not relying on some person who's-- >> John: Some bot. >> Yeah some bot, or some 20 year old calling from Austin, or Mountain View, but it's actually having someone there, with a technical architect, that can hop on a subway, or be there within a half hour to spend some quality time. >> John: And strategic selling too right? >> Exactly. Because they have a challenge, which is they're competing with both Microsoft and Amazon. And obviously Microsoft has the enterprise people, and Amazon is really ramping up in that area. And I think that, so you can throw the technology, but enterprise accounts want to be able to have a conversation face to face, more so than executive coming out and having a dinner with someone. >> Take me through a sales motion, because this is important. You and I have talked about this in the past, and Dave Loth and I always talk about it on the Cube. And it used to be well known in the VC circles, that sales forces are expensive because the sales motions are different. What is the typical sales motion for an enterprise like Sell. Because it's not as simple as saying, "self service, Cloud, put your credit card down," and get you know, Cooper and Eddy's support, terminal access, static IP's, virtual servers, oh by the way I got a support DB2 as well. A non Oracle database, or Oracle. >> Well, look I mean, it's very easy to have that bite over the web for when you start a developer for a new application. And Amazon's done a great job at that, Microsoft's getting there as well. So if you really want the existing applications to move to the Cloud, you have to sit down and have conversations about a hybrid Cloud environment. Because people will have on premise active directory, they'll have a set of security policies, etc. And so the conversation needs to be had, is like how do you bridge on premise, with the Cloud as well, and make that heterogeneous environment look and feel and smell like it's homogeneous from authentication, authorization, audit perspective, compliance perspective, etc. So you certainly need to first and foremost be able to put architects out there, have that conversation, etc. And you just can't rely too much on partners. And I think from there service level agreements, and then also showing that your Cloud platform is incredibly secure as well. >> Yeah I would agree, I would just say one, on the meat eating sales rep, basically what that means people understand the domain, with an architect technically that's going to SC, and then you have to really kind of have an understanding that there's a multiple stakeholder role. One's a recommender, one's an influencer, one's a decision maker, and it is a campaign. It's a multi pronged campaign. >> Yeah you have to think-- >> John: Know their problems, give them a solution, value creation. >> Absolutely. >> John: Value selling. >> Because there's just a level of complexity. And again I'm not saying that Google for new projects, with the current sales motion, can't bring on an app, and maybe that app leverages their machine learning, which seems to be world class right? >> TensorFlow's getting great traction, Intel's building chips for that as well. >> Yeah. >> Google owns a great developer mind share, and I think they've really cracked the code on open source, and they have great empathy with the developers, we were talking about with Val earlier. But with operationally I just see a disconnect. And Amazon's quietly ramping up too, they're no spring chicken either when it comes to direct selling, but they're been working more years on that. >> And I think you seen the word Hybrid Cloud, and I know you spent time with the folks at Vmware, talking about the relationship with Ama... That's all about the Hybrid Cloud, which people need, the enterprises need a bridge and on ramp. And I think, from our perspective- >> Vmware is very solid with Gelsinger and their sales force. They're very, >> Yeah absolutely. >> Very strong with enterprise selling. >> And that's what we focus, cause we initially started on premise, we tied things in to active directory for example, but now we have a Cloud platform, and we advertise and promote ourselves as addressing identity for the Hybrid environment, and providing the bridge between the two, and I think that's critical. >> Now do you guys have an enterprise sales force, right? >> Absolutely. >> So you've invested in that, over ten years? >> Oh yeah, absolutely. So we have over 60 percent of the Fortune 50, and 80 percent of our sales comes from the Global 2000. We've grown, we're over 100 million in sales, so we're in there having that conversation with enterprises all the time. >> So Tom, so we know Diane Green lives in the neighborhood, so let's pretend she calls us up, "Hey Tom, John, come over. "We'll have a cocktail, and dinner. "I need your advice on how to ramp up my enterprise, "operational empathy, and strategy." What would we advise her? What would you advise her, I have my own opinion. But go to you first. >> I really think and focus on, obviously use the machine learning as a key wedge for new applications, but really focus on the concept of Hybrid. And she mastered going from physical to virtual. Now, everyone's virtualized, and so she needs to figure out how I can get virtual to Cloud, V to C, right? And have the people, and have the conversation, and provide bridging technologies as well. So I think that is going to require, not just purely Cloud based stuff, but it's going to probably provide, she's going to need, either through partnerships, or developer stuff. >> Or M and A. >> Or M and A, she's going to have to build connectors, to help facilitate the bridging, because she can go after definitely the 20 percent of the new stuff, but if you want to attack the 80 percent of the existing stuff, and she did a masterful job of going physical to virtual-- >> At VMware. >> At VMware, and now her challenge is to go V to C. Virtual to Cloud. >> So my advice, Diane if you're watching, is the following: One, don't screw up the Google formula. And I know she's transforming Google, and that's a good thing, they need that right now. But I think, what I like about what I'm seeing at Google Next right now is that they have great technology chops. In kind of the Google, pat themselves on the back kind of way, which is they got mojo, they've always had great technology mojo, and that comes down from the founder. So the machine learning stuff, the AI, the stuff that they're doing in their portfolio has, I call the coolness-relevant factor on the tech. What I would do, is I would specifically nurture that, cause she's also a good knack for doing innovative things, and she's very innovative manager, and I've seen that at Vmware, and other places that she's been advising. So she's got a knack for, "Ahh that's cool, look we should do that cool technology "that's going to have legs in the future." So she's got a good sage picking out the technology. I would do an M and A. I would just stop expanding the existing Google culture relative to that sales motions and the enterpriseness, and just go buy somebody. Spend the billion dollars, or more, take someone out whose got full global, regional sales force, why not? Because then those guys already have the relationships, so the buy, build, to the sales force might take too long. I'm not sure that they could get there. I mean, what do you think about that? >> Yeah I think it's, I think they've been public about it. I think they have to invest in their own, but I do think that M and A, I mean they're number three, and they got to do something. Clearly the machine learning AI stuff is going to be huge. We're actually very impressed, I got emails from the folks at the show, about this whole video stuff, in terms of their ability to use the machine learning, and AI to interpret video, which is pretty impressive. But again that's going to be more for a vertical. Or a specific type of application. And so I think they're going to need to do a combination . >> Here's the thing that I'm seeing though. There's a speed of Google, and there's a speed of enterprise. They might have to throttle down, I don't want to say dumb down, that's particularly not the issue, it's more of throttle down the cadence of what enterprises are comfortable with. For example, SLA's, their SLA's are a little bit gray area, but they're awesome on, "hey it only costs X dollars, "import this great data and crunch all this stuff." So they've got great pricing. >> They need to master, Diane did a masterful job of like, overnight she had a utility that could go P to V, and you flipped it up, and everything just magically worked. And they need to prove that they can forklift the applications, with minimal to no changes, and things magically work. And that requires a bunch of software partnership technology, that it's like flipping a switch to go the Cloud. And if you don't like it, then you can roll it back as well. >> What's their security in position in your mind? You've done an audit, you been keeping track of it, or they're secure. Or what's the needs of the enterprise that they should be addressing for security? Well you guys have a relationship with any other booth at the event. >> Yeah absolutely, and we integrate at multiple levels as well. I think they're doing a pretty good job, I think that other vendors like Microsoft are really more heavily investing in areas that we're in, such as identity, so Microsoft has basically replicated the playbook with active directory, and they have something called Azure AD, and so Google doesn't have anything that's equivalent. That's good for us, that actually leads to opportunities, but they could do more in the areas of identity. I think if you look at what Amazon's doing in terms of web application firewalls, and protecting applications that are being spun up in the cloud. I think those are areas that can be improved. Encryption, key management, etc. So if you look at the slide that they have where they say insecurity, I think they list three items, but then if you were to compare it to say Microsoft, or Amazon, they've got five, six, seven items right there as well. I think that there's definitely going to be needs and requirements that need to be met and addressed there. So it's good, for us. >> Well to me it's just a matter of their evolution, they can only go as fast as they can go. That's what the people that I tend to talk to don't get. They can be critical of Google, but at the end of the day they can only go so fast. >> Yeah, and also another bit of advice, is they do have a very good install base with Gsuite, formerly Google apps, but they got to do a better job of leveraging that when people try to move to infrastructure as a server-- >> I think they're taken that advice because it was clear that they're at this event, was they're showcasing a lot of the stats on Gsuite, they're also talking about the apps. And that's consistent with IBM, Oracle, and Microsoft. They're throwing in their Sass layers as part of the stack as well. That's how they can differentiate from Google. What else do they have right? >> Really it's almost like a startup company that's been around for a few years. They have their initial product, and they come out with their second product and the board members will say, "Well what's the adoption of cross selling "the new product with the existing?" And so it should be interesting to see if they can get people that bought in to the Gsuite vision, to say, "Oh okay, now I'm going to start firing up servers "on the Google Cloud platform." >> Well you bring up a good point about their Gsuite, and I mentioned Microsoft using Office 365 as an example. Oracle throws their apps into the blender, if you will. On the numbers and everything. It's interesting Wikibon research is showing that the past layers squeezing, that's a big debate in our own research team, but Gartner research that I just recently looked at from February. Basically there's a new talk about Sass, so if you start including Sass, then you got to open up the conversation to Salesforce, Adobe, and on and on and on. Because there's a Cloud service provider model out there. Linkedin's a service provider. So what is Sass, I always look at it like what's the Sass equation look like. I mean, what does Cloud really look like? >> I look at the statistics, because we address both infrastructure as a service, and software as a service as well, with our identity solutions. Clearly infrastructure as a service is a much bigger market, Sass is pretty significant, but if you add up Sass, infrastructure, and Pass, it's about 24 billionish right there. But guess what, Amazon already has over 10 of it last year. Amazon has 40 percent of the Cloud market as well. And they've proven that you don't have to have a Sass capability to be incredibly successful in the Cloud. >> Well they have their one Sass that was called Amazon.com, but they broke that out. Alright, Tom what's next for you guys at Centrify. What's on your, anything coming up, things you're working on, share some quick plug for Centrify, and the progress you're making in status? >> We've been doing this for 10 years, and we feel really good about providing basically a platform for identity. And one theme and trend that we're seeing a lot of in the security market is that buyers have security fatigue, they're so sick of dealing with point solutions, and I think that's working to our advantage, that people are looking at a vendor such as us, that can address, not only single sign up, but multi-factor authentication, privilege account management as well. So we're very much focused these days on providing a set of solutions that are all built on a platform, and just kind of filling in-- >> When you say fatigue, you mean sprawl and applications they're buying just another platform, because they do try to try everything, why wouldn't they? They're getting tired of that? >> In security you just have a lack of security knowledge. There's a huge skills gap when it comes to security. And if you have to buy a point solution to address every little bit of security, you just can't hire people, right? And then you find that you have air gaps that actually makes you less secure. And so we've over time built this platform up, and now we're really seeing that people are like, I don't have to get a standalone EMM, a standalone SSO, a standalone MFA solution, a standalone password vault solution etc. So we're very much focused on selling our platform to customers and with this whole mindset of customers wanting to consolidate vendors. Historically vendor consolidation was about buyers wanting that, but now IT people want that. And so we're really just focusing on, internally articulating how we can actually address a lot of problems that people have with too much privilege, and too many passwords. >> And you guys are expanding your sales force team? >> Oh absolutely. We've definitely hit the critical mass. We're over a hundred million sales, we're growing fast, we're cash flow positive as well. >> John: Alright, congratulations. The VC's happy. Time to go public, so what's your evaluation? Unicorn. >> No comment on that, rule 40 and all that fun stuff. We got a lot of checkboxes right there. >> I think your VC partner is right, your investor, the world is spinning towards you because if you look at the identity, and nearly everything in the digital world, whether it's Cloud, data, or packets or people. It's going to be a persona based focus. Not like, what company you work for. >> We had this huge trend of consumerization of IT, so it's really about the user. So focus on securing the user, not focusing on securing the network, because the network's gone. >> Finally, 30 years later, it's coming back to the user. It's been talked about, the passports, the digital wallet. >> Exactly. >> John: Tom Kemp, CEO of Centrify, a hot startup growing over 100 million in sales. Heard here on the Cube. Very successful company. Really have a nice approach, world's spinning towards them. Really hopefully a great solution for our security and our liberties so we don't get hacked over and over again. It's the Cube, bringing you all the coverage of Google Next, here in the studio I'm John Furrier. Be right back with more, after this short break. (resonant techno music)

(upbeat music) >> Narrator: Live, from Silicon Valley, it's the theCUBE, covering Mobile World Congress 2017. Brought to you by Intel. >> Hey welcome back. We're here live in Palo Alto at the SiliconANGLE Media Cube studios, our new 4500 square foot office. We merged with our two offices here to have our own studio, and we're covering Mobile World Congress for two days. 8AM to 6 every day, breaking down all the analysis from the news, commentary and really breaking down the meaning and the impact of what's happening, and the trends. We're doing it here in California, bringing folks in and also calling people up in Barcelona, getting their reaction on the ground. We've got our reporters, we have analysts there but all the action's happening here in Palo Alto for our analysis. Our next guest is Christina Ku, director of NTT Docomo Ventures. Welcome to theCube, appreciate it. >> Hi. Well it was good to see you again. >> Great to see you. Obviously we've known each other for over a decade now and you've been in the investment community for a while. The first question is why aren't you there at a Mobile World Congress? Because it's changed so much, it's a telco show and some apps are now thrown in there. But there's so much more going on right now around 5G, AI, software, end to end fabrics. So it's not just "Give me more software, provision more subscribers." It's a whole other ball game. >> That's a great question. So our CEO of NTT Docomo is there, and the C-level team. But we are the innovation team. We have been here since 2005 doing research and then added business development about three years ago and then a ventures team that's been around and now we're part of NTT Docomo Ventures. What we're looking for is more services and software and this year I guess the focus is AI. And AI is, I would call it the new infrastructure. Since wireless networks are all data now, the new infrastructure is AI rules. Rules for everything, vertical and new maps. So I can talk a little bit more what we've been seeing in kind of the software and services area and how we're looking at the Bay Area as kind of the new innovation to bring back to Japan to work with NTT Docomo. >> That's awesome. Let's take a minute, Christina, if you can, just before we get started, take a minute to explain what your role is and the group that you're in at NTT Docomo here in the Bay area. What you guys are doing, the focus, and some of the things that you're involved in. >> Great yeah, thanks. So, I'm a director and I invest on behalf of two funds. One is NTT Docomo Ventures for NTT Docomo, the wireless carrier. Sixty-million subscribers, all in Japan. Our competitor is SoftBank. We're bigger in Japan, and have more market share. And also the NTT Group has a two hundred and fifty million dollar fund. They're off the 101 Freeway. There's NTT Security, i-Cube, a division of companies, as well. And the idea is to bring these technologies through start ups, through BD, to help them enter Japan. And also, to invest, a minority investment. >> That's awesome. So you have to pound the pavement, go out there and see all the action. Obviously, Silicon Valley, a lot of stuff happening here, and you've got a lot of experience here. Your thoughts on the business model, and how the AI as a service, you mentioned that, which is, we totally see the same thing. We see a confluence of old network models transforming into personal networks. We're seeing a trend where the relationship to the network, if you will, from a personal standpoint, could be the device initially, but now it's wearables. It's the watch, it's the tablet. So now people have this connection, digital connection to the network. Might not be just one network, it could be two, so now AI has to come in, and people are speculating that AI could be that nice brokering automation between all the digital services. Whether I'm jumping into an autonomous vehicle >> So if you refer to services for consumers, then the approach that we have is to offer a B to B to C business model, so in each lifestyle category. We purchased a cooking school, or a percentage of a cooking school, ABC Cooking. And then we were looking for kitchen devices, right, to offer that service, an oven, a bluetooth connected pan. I think some of these devices will be showing up at a Mobile World Congress. And then, people want a service wrapped around that. Same thing happened last year with fitness, with Fitbit, but also there's so many other devices to monitor your heartbeat and your health at the consumer level. But consumers want a service provider, someone to put that together for them. And I think AI would be in that layer. >> So when you say service, you don't mean like, network services or connections, you mean lifestyle services. You mentioned cooking. By the way, Twitch has one of the most popular shows in Korea. People watch each other eating food. It's one of the hottest live-streaming shows. But this kind of talks about that. You mentioned healthcare. Is this the kind of new software you see? And these are kind of the new digital services? Is that what you're looking at? >> That's exactly what we're looking at. I think people don't associate a carrier and services. In Asia, more so, maybe Korea, and Japan, because 5G will happen there, first. And Docomo will be the first carrier to have 5G in Japan. I think Korea, they'll have their version first. So I think with that, we have been, I guess since the days of i-mode, offering services, in a way. Because PC, and phone has been analogous, all data services have been just data in Japan. >> What's your take on 5G right now? Because obviously that's the big story at Mobile World Congress. Is it real? Is this one of the big upgrade areas? Do you see that being a catalyst? >> Yeah, I mean, we will have it for the Tokoyo Olympics. So we're working on that. >> And what kind of speeds are they talking about? Gigabit, is that what they're looking at? >> Yeah, I think it's within 30 seconds you can download a full HD movie. >> (laughs) I want that. >> For consumers like me right? >> Come on, I want that now. We had our last guest talking about that. "What am I going to do with a Gig?" I'm like, well, apps will figure it out. That's one of the beautiful things about software. What's the coolest thing that you've seen? In terms of, as you look at some of the things that are around the corner, what are some of the cool highlights that you see connecting the dots with some of these new kinds of services? What's the trends? >> Depends on if you say consumer, enterprise, or kind of core. Like I said, what's in the home is interesting. On the infrastructure side, mapping. I think new types of beyond Waze mapping, 3-D drone mapping. >> The drone thing is super hot. That is killer. >> But it requires a new data set. >> Yeah. >> Right? And if you look at, Waze is great, but if you look at it, it's almost outdated, now, right? In terms of what you can imagine, if there is a tree that comes up because of a storm, or has fallen down, you want that map to configure that. So that the drone can fly over the building, or the tree, or whatever's in the way. So you need real-time mapping, and I think that's an interesting area that we've been looking at a lot. >> And connectivity will fuel a lot of these devices, whether they're drones, or other sensors on the network. As that's, I'd imagine, the good instrumentation out there for that stuff. >> And also social data. The confluence of easy, cheap social data. And then marrying that, and stitching that in there. You know, we've found companies that will identify you through video, like computer vision, and a drone will follow you and recognize you through AI. >> That's cool. >> That's kind of, you know, there may be small increases in innovation, but without the AI and the machine learning, you can't- >> Yeah, it's interesting, you know, this lifestyle, these services. I think that's the right strategy in the right direction. Because we were just having a debate earlier this morning on theCube, here, about autonomous vehicles. Because one of the four categories of the hot trends in Mobile World Congress is autonomous vehicles, entertainment and media, smart cities, and home, automating and all that stuff. And that's all an opportunity for services. But we were debating that transportation's not going away, but I might not buy a car in the future. The differentiation might come from really cool software that allows me to take my preferences, my Spotify playlist, all my digital services that I am leveraging into an environment, whether it's a car, a theater, a park, a stadium. Whatever lifestyle I'm in, I can then move with my digital ecosystem, if you will. My personal- >> Your preferences. >> My digital aura, if you will, and not have to reboot, and connect. I mean right now, my phone works. I just associate, but you know, still, it feels clunky. So I think that's kind of a cool direction. Is that something that you see that telcos and most folks will pick up? Or is that just you guys doing that right now? >> I think what interests me about NTT Docomo when I joined was that they're kind of in the forefront, and in kind of leadership of that. And I think Korea and Japan, in Asia, are looking ahead. What do you do with unlimited data? And then kind of following you everywhere. So I think AI, uh, you know, we had SIRI, Shabette Concierge, which was, I guess, our version of SIRI a long time ago. There's a lot of voice-enabled applications. So, I guess, will that be the interface? I think another interesting concept is what will be the interface? The phone, Amazon Echo, what will be the natural interface for you to connect to these devices and preferences? >> Take us through the day to day in the life of a VC, kind of the deals that you do. What happens in your day to day life here in Silicon Valley? Take us through some of the things that you go through every day. >> Most days, I guess, just meeting with companies and trying to find, you know, the next one. There's so many great areas, and also the next trends. We also do a lot of enterprise deals. So I've been looking at security, cloud, a lot of the devops, or kind of what's around the cloud systems. Finding the right companies. And then, also intersecting with my, I have a business development team, and they connect to Tokyo, so there at night, talking to the business group leaders. And finding that balance of, what is a technology that would work in Japan? What are they interested in? And then, out here, scouting for those companies. >> Yeah, one of the sub-plots of the Mobile World Congress this year, which is consistent with pretty much the trend is that the enterprise, IT, is evolving very quickly because of the cloud. Amazon has certainly demonstrated the winning in the cloud. And security, no perimeter, API economy, these new trends are forcing IT to move from this proven operational methodology to very agile, data-driven, high-compute clouds. And security's one of the huge issues. And now you have multi-clouds, where I might have something in Azure, I might have something in Amazon, I might have something in a geographic basis around the world trying to operate globally, being a multinational, is challenging. What's your take on that? Because this is an area that is not sexy as the consumer play, but in the B-to-B space, it is really front and center. RSA conference just last week, we were talking on email about RSA. Two weeks ago, that was the number one thing. You've got the cybersecurity issues, you've got the cyber surveillance, and also just the threat detection from ransomware to just consumer phishing. What's your thoughts in this area? >> So, I guess we're looking at kind of what's the next new area, which would be using AI to analyze all this data that's coming in, from the perimeter, from the end point, on your network, right? And then what can bubble up to the surface? We've invested in two companies in this area: Centrify and Cyphort. Looking for, kind of, other companies that- >> John: Well, Centrify, they're really focused on the breech. >> They're really focused, yes. >> Tom Kemp, in fact we went to their party at the RSA, Jeff Frick and I. They had a great band. Had a good time with those guys. But they're doing extremely well. They're very focused on mobile. >> They're doing really well, yeah. >> So what is the challenge, in your mind, right now, if you're an entrepreneur out there, for the folks watching? They're looking for kind of like the white space. They're looking for some tea leaves to read. Could you share any color on just advice for the entrepreneurs out there? Because it's certainly a turbulent time in the enterprise, and just in general, the cloud market. >> It's very competitive. >> Advice for entres, where should they focus? What sort of key metrics should they be building their ventures around? >> I think it depends on if you have an idea, or have a product already, but I think it's very competitive, right? And it's hard to break out of. What's your product differentiation? On the enterprise space, I think building a product, solving the problem. And then once you've done that, built a great team, then sales. And I think in the security space, trying to get to a million ARR, right? Just getting to a certain scale- >> So tell us about Centrify. When did you guys invest in those guys? Early, was it later on, which round did you guys- >> We invested, in the last round, so, uh, we were late stage investors, but we're very happy with the investment. They're doing very well. >> Awesome. Any other cool things you're working on that you'd like to share? >> We have taken apart AI, and started to look at transportation, so I think mapping is a little bit a part of that. It's also driving different industries, like e-commerce, IoT. We've looked at IoT. >> You must get a lot of this all the time, and I've got to ask you the same question, because I always get asked, "John, what is AI?" Now, I have two answers. Oh, AI's been around for a long time, but then there's a new AI. How do you answer that question? Because AI as a service essentially is software in the world paradigm, and it certainly is happening where you're going to start to see some significant software advances. But AI in and of itself is evolving. How do you describe AI as a service? How would you describe it to the layperson out there? >> I think, maybe its early stage, it's the team, and the technology. How many PhDs, you know, what are you looking at? What type of machine learns? That's, we have the more technical team. We build services. You know, my boss' boss is the head of services and he reports to the CTO of Docomo. His team and he, they look at that. Then on the other hand, though, I think its later stage, is vertical industries. Have people taken it apart, put it together, and then are monetizing that? So I think it's- >> John: It's a lot of machine learning. A lot of data-driven, So algorithms over data, or data over algorithms? Is there a philosophy there? I mean, that's a debate that people love to talk about. >> Maybe it depends on where you're applying it, who it's for, where do you get the data, how do you train the data? And, you know, what is the result? And are people happy with the result? I think the core infrastructure, I think once an AI company becomes hot, then it gets bought, and at that point, we all know who the players are. And people are probably looking for more and more of those, so I think those are harder to find. So then, like I've said, we've taken that apart, and maybe we've looked at mapping. What are maybe more the components underneath that that we can start to say this is going to be huge in the future? >> Yeah, and I think that's a great philosophy, too. If you look at how IBM has branded Waston, you could almost look at how successful that's been because people can get a mental model around that. And they've taken a similar approach, although I would say they've done very good on the vertical packaging. And a lot of work's going on, now, I think we're seeing down in the guts of the tech. I think there's a machine learning and more going on there, which is really cool. >> Which utilizes the cloud, right, and- >> That's where the power- >> That's where the power is. >> The compute. I mean Amazon has that. At the last re-invent, they announced the machine learning as a service. You're starting to see this now, where people can take a iterative approach to leveraging this AI as a service. I'm really impressed by that. Congratulations on a great strategy. I think that should be a winner. >> Yeah. Thank you. And that's going to be probably a core business model. I think other telcos should take notice of that. But maybe we shouldn't tell them we're alive. We can't put it back. Christina, thanks so much for coming in, appreciate it. Christina Ku, here, inside theCube. Special coverage of Mobile World Congress. Doing all the investments, checking out all the new business models, and really looking at AI as a service, and that really is cutting edge. That really is consistent with the data. It's theCube, we'll be right back with more after this short break. (tech music) (digital music)