from our studios in the heart of Silicon Valley Palo Alto California this is a cute conversation hi and welcome to the cube Studios for another cube conversation where we go in-depth with thought leaders driving innovation across the tech industry I'm your host Peter Buress every enterprise has to concern themselves with how they're going to go about ensuring the appropriate access to those crucial applications that run the business this is especially a key question in domains where the applications our seminal feature of the operations how can we set up IT so users see what they should see can access what they can access and that we have control over all about how these systems work and have that conversation we're here with Tony Ferguson an IT infrastructure architect at man energy solutions Tony welcome to the cube yeah thank you so Tony before we get into this crucial question about the appropriate level of visibility and the need for security between people users and applications tell us a little bit about man energy solutions yeah so we're a german-based company I'm working out of Copenhagen but we're part of the Volkswagen Group we have 16 thousand users globally across a hundred locations our company we we make large diesel entrants you also make smaller versions in our own factory and yeah in our company we have a course a lot of my irt on the actual engine and of course we have corporate IT and my job is to secure all of this infrastructure so specifically some of these big diesel engines as I understanding are being placed in locations and use cases that have an absolute requirements for security for example driving a ship is a major feature of the way that your engines are being used within the world so if I got that right yeah yeah that's correct and yeah and then the scale of this you know the number of engines and the number of vessels we need to access and the data we collect it is critical infrastructure we also have power plants so it's really important that we secure this infrastructure so it's a it's a it's a very it's an infrastructure that has very interesting physical characteristics but also has very interesting security characteristics as you went into thinking about how you're going to improve the applicability of the overall infrastructure that you use to drive your business use cases what were some of the issues that you find yourself struggling with yes so yeah a lot of issues actually one of the first things is that we wanted to authenticate the actual engineer and we wanted to make sure that the right people got to the right assets and we wanted to make sure that a thing dication was strong so like the two-factor multi-factor authentication and we wanted to show that the all the data between their engineer and the vessel was encrypted and another big problem for us is scale we need to scale the solution and one of the one of the things as these get brought for us is namespace routing we had the ability to really scale the system without using IP addresses were actually networking so this solved really a lot of problems for us and trying to get those engineers to all of the assets and the IOT on the engine now one of the things that you noted in your as you move forward was this notion of a black cloud where you could formalize the clock the types of relationships you wanted between your engineer users and other users and the Eric the applications you were running on a global scale basis to actually ensure the reliability of the product you had out in the field tell us a little bit about this notion of black cloud yeah so it ties it into a little bit around zero trust but how I see black cloud and how I would describe it is you know everything is dark right so if there's an attacker and he scans port scans of my infrastructure he won't see anything so so basically we would use their tech surface that means that there's no answer back and by doing this we we remove all these vulnerabilities all these zero-day vulnerabilities were remove this and in the same time we stall out that engineer to commit to their assets now how does that work in an environment that is as physically constrained as you know integrating or networking internet working with seagoing vessels yeah so of course a lot of this connectivity is over satellite and of course it's across the internet so it's important that we encrypt into end and it's important that we allow the right engineers to the right customers and we're able to access all these resources and to do Federation and make sure there's strong authentication for our customers we can we really tell them that this all the similar structure is completely secured dark and it's extremely difficult to to come into this black cloud so you've got a challenge the challenge that we've set up here is that you've got a use case that is constrained by the characteristics of the physical infrastructure where the security needs are absolutely paramount and still has to scale and very importantly be evolvable to allow you to be able to provide future classes of services that will further differentiate and improve your business that suggests that these decisions you had to make about the characteristics of the solution was gonna have an enormous impact ultimately on what you could achieve tell us a little bit about the thought process as you went through as you chose a set of sub technology suppliers to help you build out this black cloud and this application set yeah so we looked at a lot of different solutions but a lot of these solutions were based around the old knit work style right around VPNs around having files and around having ACLs and a lot of this is really network centric and what we were looking for is something that was more application centric something that moved up the stack and started to look at policy around what the user would want access to so putting those users and applications together and create meaningful policy based on the DNS rather than on the IP layer and this was really important for us to be able to scale and really make meaningful policy so in many respects it allowed you to not to necessarily de-emphasize but refocus your network design engineering and management efforts from device level assets and perimeter level assets to some of the assets that are really driving new classes of value the applications the users and the data that these engines are streaming and the models that you're using to assure optimal performance of them have I got that right yeah that's exactly right it's extremely important that that we don't have electrical movement you know we look today there's all sorts of were mobile malware attacks ransomware and you know you can imagine if something got into into this cloud that you wouldn't want to let remove so it's not just about the products but it's also about making sure that all these assets are designed from the ground up that that dark as well all right that even on the interns that they can't speak to each other all these very limited connectivity there Tony this has been a fascinating conversation about how you've taken this notion of a black cloud and applied it to a really crucial business case within man energy but I got to believe that this sets you up for a range of other use cases that the investments you've made here are gonna offer new classes of payback in a lot of different use cases how are you going to roll this black cloud concept using Z scalar out to the rest of the organization and the rest of the work that's being performed yeah it's a good question um so when we first looked at this technology we thought it was perfect for consultants because we could have very specific access policies and just allow them to the SS we will be required but then we also saw that there were so many other user cases here for example we are moving our applications from our data center to AWS and to Azura and as we move those applications the users need to connect to this so where would you have this black cloud and have the connectivity to it but we're not opening this to the Internet so you know as far as you're concerned I don't even have any resources or a service in AWS because it's black it's dark so there's a huge amount of security that we can add to this and then there's also a lot of other user cases like company mergers we had to buy a company so we could use this technology to to move to another company together because you don't need to worry about the network anymore you just worried about getting applications to users so I there's a number of great applications for this technology and I really see that this technology will really grow and I'm really excited about it so moving away from a physical orientation of the network to a more logical application and user oriented services or any care orientated a vision of the network has opened up a lot of strategic possibilities what's been the cost impact yes so it what's quite interesting we when you move to the cloud and move to a company like Z scalar is there a software company so forget about all the hardware you can imagine we have a hundred locations globally so we don't have to install all the hardware we don't have to have VPN concentrators we just have to have some software on the client some software the connectors in the cloud and then Z scalar do the magic so for the business they really love this technology because it is very simple it's sitting in the background they don't have to log on to the VPN all the time so it's very seamless for the user and for us we save a lot of money on buying hardware and appliances excellent Tony Ferguson I want to thank you very much for being on the cube Tony Tony Ferguson's the IT infrastructure architect at man energy solutions I'm Peter Burris once again until we have another cube conversation you [Music]