>>Welcome back to HPD discovered 2021. My name is Dave Volonte and you're watching the cubes virtual coverage of discover we're going to dig into the most pressing topic not only for I. T. But entire organizations and that's cyber security with me. Miss O'Neil James, senior Director of security engineering at Hewlett Packard Enterprise. So Neil welcome to the cube. Come on in. >>Dave, thank you for having me. I appreciate it. >>Hey, you talked about Project Aurora today. Tell us about project Aurora. What is that? >>So I'm glad you asked. Project Aurora is a new framework that we're working on that attempts to provide the underpinnings for Zero Trust architectures inside of everything that we build at. Hp. Zero Trust is a way of providing a mechanism for enterprises to allow for everything in their enterprise. Whether it's a server, a human or anything in between to be verified and attested to before they're allowed to access or transact in certain ways. That's what we announced today. >>Well, so in response to a spate of damaging cyber attacks last month, President biden issued an executive order designed to improve the United States security posture and in that order essentially issued a zero trust mandate. You know, it's interesting. Zero Trust has gone from a buzzword to a critical part of a security strategy. So in thinking about a zero trust architecture, how do you think about that and how does project Aurora fit in? >>Yeah, Zero Trust architecture as a concept has has been around for quite some time now and over the last few years you've seen many a company attempting to provide technologies that they purport to be. Zero trust. Zero Trust is a framework. It's not one technology, it's not one tool, it's not one product. It is an entire framework of thinking and applying cyber security principles uh to everything that we just talked about beforehand. Project Aurora, as I said before hand, is designed to provide a way for our ourselves and our customers to be able to measure a test and verify every single piece of technology that we sell to them, whether it's a server or everything else in between. Now, we've got a long way to go before we're able to cover everything that HP sells. But for us these capabilities are the root of Zero Trust architectures, you need to be able to at any given moments notice, verify measure and a test and this is what we're doing with Project Aurora. >>So you founded a company called citadel and sold out to HPD last year. And my understanding is you were really the driving force behind the secure production identity framework, but you said zero Trust is really a framework, uh that's an open source project. Maybe you can explain what that is. I mean people talk about the nist framework for cybersecurity. How does that relate? What why is this important and how does Aurora fit into it? >>Yeah, so it's a good question. The next framework is a broader framework for cybersecurity that couples and covers many aspects of thinking about the security posture of an enterprise, whether it's network security, host based intrusion detection capabilities in response things of that sort Spiffy. What you're referring to secure production identity framework for everyone is an open source framework and technology base that we did work on when I was the ceo of Seattle. That was designed to provide a platform agnostic way to assign identity to anything that runs in a network. And so think about yourself or myself, we are uh, we have identities in our back pocket driver's license, passports, things of that sort. They provide a unique assertion of who we are and what we're allowed to do that does not exist in the world of software. And what spiffy does is it provides that mechanism so that you can actually use frameworks like project Aurora that can verify the underpinning infrastructure on top of which software workloads run to be able to verify the spiffy identities even better than before >>is the intensive product ties this capability within this framework. How do you approach this from HP standpoint >>suspicion inspire will and always will be. As far as I'm concerned, remain an open source project held by the cloud Native Computing Foundation. It's for the world. And we want that to be the case because we think that more of our enterprise customers are not living in the world of one vendor or two vendors. They have multiple vendors. And so we need to give them the tools and the flexibility to be able to allow for open source capabilities like Spiffy inspire to provide a way for them to assign these identities and assign policies and control regardless of the infrastructure choices they make today or tomorrow. H P E recognizes that this is a key differentiating capability for our customers. And our goal is to be able to look at our offerings that power the next generation of workloads, kubernetes instances, containers, serverless and anything that comes after that. And our responsibility to say, how can we actually take what we have and be able to provide those kinds of assertions, those underpinnings for zero trust that are going to be necessary to distribute those identities to others workloads and to do so in a scalable, effective and automated manner, which is one of the most important things that project Wara does. >>So a lot of companies senior will set up a security division, uh and and so, but is the IS HPV strategy to essentially uh embed security across its entire portfolio? How do you, how should we think about HP strategy in cyber? >>Yeah, so it's a it's a great question. Hp has a long history, uh security and other domains, networking and servers and storage and beyond. Uh the way we think about what we're building with project or this is plumbing, this is plumbing that must be and everything we built, customers don't buy one product from us and they think it's one custom, one company and something else from us and they think it's another company, they're buying HPV products. And our goal with Project Aurora is to ensure that this plumbing is widely and uniformly distributed and made available. So whether you're buying in Aruba device, a primary storage device or per alliance server. Project Aurora's capabilities are going to provide a consistent way to do the things that I've mentioned beforehand To allow for those zero trust architectures to become real. >>So it's I alluded to President biden's executive order previously, I mean you're a security practitioner or an expert in this area. It just seems as though, and I'd love to get your comments on this. I mean the adversaries are well funded. You know, they're either organized crime, their nation states, uh they're they're extracting a lot of very valuable information, they're monetizing that you've seen things like ransomware as a service now, so any any knucklehead can, can be in the ransomware business. Um it's just this endless escalation game. Um how do you see the industry approaching this? What needs to happen? So obviously I like what you're saying about the plumbing, you're not trying to attack this with a bunch of point tools, which is part of the problem. How do you see the industry coming together to solve this problem? >>Yeah, it's uh if you operate in the world of security, you have to operate from the standpoint of humility. And the reason why you have to operate from a standpoint of humility is because the attack landscape is constantly changing the things and tools and investments and techniques that you thought were going to thwart an attacker. Today, there quickly outdated within a week, a month, a quarter or whatever it might be. And so you have to be able to consistently and continuously evolve and adapt towards what customers are facing on any given moments notice I think to be able to as an industry tackle these issues more and more. So you need to be able to have all of us start to abide, not abide, but start to adopt these open source patterns. We recognize that every company hB included is here to serve customers and to make money for its shareholders as well. But in order for us to do that, we have to also recognize that they've got other technologies in their infrastructure as well. And so it's our belief, it's my belief that allowing for us to support open standards with spiffy inspire and perhaps with some of the aspects of what we're doing with project Aurora, I think allows for other people to be able to kind of deliver the same underpinning capabilities, the plumbing if you will, regardless of whether it's an HP product or somebody else along those lines as well. We need more of that generally across our industry and I think we're far from it. >>I mean this sounds like a war. I mean, it's it's more than a battle. It's a war that actually is never gonna end. Uh, and I don't think there is an end in sight. And you hear, see, so let's talk about the shortage of talent. Uh, they're getting inundated with point products and tools and then that just creates more technical debt. It's been interesting to watch interesting. Maybe it's not the right word, but the pivot 20 trust, endpoint security, cloud security and the exposure that we've now seen as a result of the pandemic was sort of rushed. And then of course, we've seen, you know, the the adversaries really take advantage of that. So, I mean, what you're describing is this ongoing, never ending battle, >>isn't it? Yeah, yeah, no, it's it's it's going to be ongoing. And by the way, Zero Trust is not the end state, right. I mean, there was things that we called the final nail in the coffin Five years ago, 10 years ago and yet the Attackers persevered. And that's because there's a lot of innovation out there. There's a lot of uh, infrastructure moving to dynamic architecture is like cloud and others that are going to be poorly configured and are going to not have necessarily the best and brightest providing security around that. So we have to remain vigilant. We have to work as hard as we can to help customers deploy Zero Trust architecture, but we have to be thinking about what's next. We have to be watching, studying and evolving to be able to prepare ourselves to be able to go after whatever the next capabilities are. >>What I like about what you're saying is, you're right. You have to have humility. I don't want to say. I mean it's it's hard because I do feel like a lot of times the vendor community says, okay, we have the answer to your point. You know, okay. We have a zero trust solution or we have a security solution and there is no silver bullet in this game. And I think what I'm hearing from you is look, we're providing infrastructure, Plumbing is the substrate, but it's an open system. It's got to evolve. We've anything you didn't say, but I love your thoughts on this is we got to collaborate with who some of you might think is your competitor because they're still, they're the good guys. >>Yeah. I mean our our customers are customers don't care that we're competitors with anybody. They care that we're helping them solve their problems for their business. So our responsibility is to figure out what we need to do to work together to provide the basic capabilities that allow for our customers to to remain in business. Right. If cybersecurity issues plague any of our customers, that doesn't affect just HP. That affects all of the companies that are serving that customer itself. So I think we have a shared responsibility to be able to protect our customers >>and you've been in cyber for much, if not most of your career. Right, correct. Let's go. So I got to ask you, did you have a superhero when you were a kid? Did you have sort of uh, you know, save the world thing going? >>Did I have to say, you know, I I didn't have to save the world thing going. But I had um I had, I had two parents that cared for for the world in many, many ways. They were both in the world of health care and so every day I saw them taking care of other people. And I think that probably rubbed off in some of the decisions that I made too >>Well. It's awesome. You can do a great work, really appreciate you coming on the cube and and thank you so much for your insights. >>I appreciate that. Thanks >>All right. Thank you for being with us for our ongoing coverage. HPD discovered 21. This is Dave Volonte. You're watching the cube. The leader in digital tech coverage will be right back. Mhm.