(upbeat music) >> Welcome to today's session of theCUBE's presentation of the AWS Startup Showcase, The Next Big Thing in AI, Security, & Life Sciences, and in this segment, we feature Sonrai security, of course for the security track I'm your host, Dave Vellante, and today we're joined by Sandy Bird, who's the co-founder and chief technology officer of Sonrai, and Avi Boru, who's the director of cloud engineering at World Fuel Services, and in this discussion, we're going to talk about 22 to two data centers, how World Fuel Services and Sonrai Security actually made it happen securely. Folks, welcome to theCUBE, come on in. >> Thank you. >> So we hear consistent themes from chief information security officers, that many if not most enterprises they struggle today with cloud security, there's confusion with various tools and depressing lack of available talent to attack this problem. So Sandy, I want to start with you, we always love to ask co-founders, why did you start your company? Take us back to that decision. >> Yeah, I think looking at Sonrai Security was interesting in that, it was a time to start over, it was a time to build a native in the cloud, as opposed to having a data center, and be able to use, you know, a vendor of infrastructure, be able to use the latest and greatest technology and really change the way people secure their workloads, what was interesting, you know, when we started the company, I believe that the world was in a more mature space probably in cloud than they were at the time when we were starting it, in that we were really focused around, if we could understand all of the rights and entitlements to data, we could understand data movement, we'd had hope in protecting the data and arriving in cloud, we realized that the maturity of the companies building in cloud, we're not quite there yet, they were really struggling with, you know, the identities models in the cloud, how to actually secure, you know, workloads, server less functions that are ephemeral these types of things, and even just sometimes basic governance problems, and the technology we had built was great at understanding all of the ways that data could be accessed, and we were able to expand that into all the resources of the cloud and it's an exciting space to be in, and it's also, I truly believe we'll be able to actually make cloud environments more secure than what we were doing in enterprise, because again for the first time ever you have full inventory, you have the ability to make controls that apply to the entire infrastructure, it's really an exciting time. >> I mean, I've said many times I feel like security is a do over and the fact that you're coming at it as a data problem and bringing in the cloud that intersection, I think is actually quite exciting. So Avi let's bring you into the conversation, you know, obviously we've seen cloud exploding it's continuing to be a staple of digital business transformations and acceleration especially around identity, so what's your point of view on cloud security, what's different and how does your company approach it? >> Sure, thank you for having me Dave, and just to give you a bit of World Fuel Services, World Fuel Services is a public company, and it's based out of Miami, and we are ranked 91 in the fortune 500 list, so we are spread all across the globe, and as part of our transformation to distress our business, we took over a big challenge to migrate all our global infrastructure from 22 data centers to AWS, that was a massive challenge for us, and we are downright now to 20 data centers, we only have two more to go, and we did this in the last two years, and that was really good for us, but as we've been doing this migration, there was also a strong need for us to build a strong security foundation, because going into the cloud as much as capabilities it gives us to innovate, it also gives us a lot of challenges to deal with from security standpoint, and as part of building the security foundation, we had to tackle some key challenges, one was how do we build our cloud security operating model and how do we up skill our people, the talent that you've been binding it out, and how do we make security a way of working in this new world, and more than choosing a solution we needed a really strong security partner who can help us guide in this journey, help us build the foundations and take us further and mature us in this, and that's where it was really interesting for us to partner with Sonrai, who helped us along the way, develop a foundation and now helping us mature our security platform. >> Avi, what were the technology underpinnings, that enticed you to work with Sonrai? >> Sonrai has lot of unique capabilities but I'll take it out on two key points, right? One, Sonrai has a cloud security posture management which is different from other platforms that are out there because they give you capability for a lot of out of the box frameworks and controls, but in addition to that, every organization has need to build unique specific frameworks, specific controls, they give you that capability, which is massive for enterprises, and the second key thing is, if you look at AWS, it has more than 200 services and every service has its unique capability but one key component they use across all the services, is Identity and Access Management, IAM and Sonrai has a unique perspective of using IAM to track risks and identify the interactions between user and machine identities which was really exciting and new for us, and we felt that was a really good foundation and stepping point to use Sonrai. >> All right, Sandy, we definitely saw the need for a better identity explode, in conjunction with the cloud migrations during the pandemic, it was sort of building and building and then it was accelerated, maybe talk a little bit about how you approach this, and specifically talk about your identity analytics and the graph solution that you guys talk about. >> Yeah, I've been a fan of graph solutions for many years, one of the great benefits in this particular space with identity is that, the cloud models for identity are fairly complex and quite different between AWS, Azure and GCP, however, the way that entitlements work, some identity is granted in entitlement, and that entitlement gives them access to do something, sometimes that's something is to assume another identity, and then do something on that identities behalf, and when you're actually trying to secure these clouds this jumping of identities, which happens a lot in the AWS model, or inheritance which happens a lot in the Azure model where you're given access at one level of the tree and you automatically gain access to things below that if you have that entitlement, those models inside of graph allow us to understand exactly how any given identity when we talk about identity we always think of people, but it's not, of course as you said, sometimes it's a machine, sometimes it's a cloud service, it could be many different things, how does every single one of those identities get access to that given resource? And it's not always as clear as, okay, well, here are the direct identities that can access this resource, it may only be able to be accessed with a single key, but who has access to the key, and what has access to the key, and what's the policy on that key, and if that's set too widely can other maybe nefarious actors get access to that key, and by using the graph, we can tie that whole model together to understand the entire list, of what gets access, I think that's actually what surprises a lot of the identity governance and data governance teams that are not in cloud, you know, when enterprise was very intentional, you configured the database to use the identity provider and the rules that you wanted it to use, and that's all that ever got access to that database. In cloud, there are a lot of configuration knobs and things and depending on how you turn them, you could open up a lot of identities to get access to whatever that resource is, often it's data, but it could be a network, it could be many things. So, the graph allows us to tie all that together, the second part of it is, it really allows us to see, we call them effective permissions, what the effective permission of that identity is, the clouds have done this phenomenal thing in using identities as a control mechanism just like in firewall, like an identity firewall, where they can take permissions away from things based on sets of conditions, so one of the great ways, let's say you didn't want to have any data stored deployed without encryption, you could write a policy at the top of your cloud, that says, anytime a data stores is deployed, if encryption is not there, deny that function. And so what happens is, is you can create this very protective environment using identity controls, but the problem is when you actually go to evaluate your cloud for risk, you may find a scenario where an identity has access as an example, to do something like create an internet gateway, or create a public endpoint, but there's this policy somewhere else, that's taking that away, and you don't want thousands of alerts because of that, you want to actually understand the model and say, look if we understand that this policy is mitigating your risk, then don't show the alert in the first place. And it really helps by putting it in a graph, because we can actually see all of these interconnections, we can see how they're interrelated, and determine the exact effective permissions of any identity and what risks that may have. >> So Avi, I mean, Sandy is really getting to the heart of sort of operationalizing you security in the cloud, and we looked at the compelling aspect of the cloud, and one of them anyway is scale, but people tell us to really take advantage of the cloud, they have to evolve that operating model maybe completely change the operating model, to really take advantage of scale, so my question is how do you operationalize your security practices, what should people think about, in terms of the time it takes to build in automations and bots for things like continuous compliance what can you share in terms of best practice? >> So traditional ways of operating if you look at it is, you identify a security risk, and a ticket is created and teams starts mitigating them. But with so many cloud services and with many solutions, the team start building in the cloud, it becomes too much of an overhead for teams to mitigate all these security risks that keep coming into the backlog, so as we partner with Sonrai in building a foundation, the way we tried to approach it is differently, we said why don't we build this using automatic recommendations, if we know what are the security risks, that we should not be creating in our environment and be noncompliant, how can we mitigate them? And with Sonrai and AWS API capabilities, it's not that hard for us to be a lot of intimidation buds because I didn't find risks, 'cause they have been taken care by Sonrai, the only aspect we need to take care is, how do we mitigate that? So that's the part we chose in building, cloud security operating model, is modeling more than an automated imitations, but as part building that there is always, where everything cannot be remediated automatically, and for these kinds of scenarios, we built a workflow where it still gets funneled to teams, so they can prioritize in their backlog, but other key thing that we did as part of operationalizing is, teams need to use Sonrai as their way of working, teams need to know what and why they should be using Sonrai. So we conduct a lot of training and onboarding and working sessions for teams, so they understand how we use Sonrai, how to consume the data coming out of Sonrai, so they can proactively start acting on how to stay compliant, but yeah, it's been an amazing experience building our foundation though. >> Sandy, I wonder if we can come back to, talking about comparisons with the traditional prevailing security models, I mean, we entering this API economy, as I said before, cloud is a staple of digital business, but you know people have been doing on-prem security for decades, you know, data loss prevention is an entire sub-industry, so what's different about doing it in the cloud, how should we think about that, in terms of whether you know, what responsibilities we have, the technology, what's your perspective on that? >> There's at least five questions in there Dave, so we'll. >> Pick your favorite. >> Yeah, you know, to feed off of what Avi was talking about, you know, he said many times, you know, teams need to solve these issues, teams need to see the issues they're creating, and it's interesting as we move to cloud, we decentralize some of these security functions, and that's actually an important part of the Sonrai solution and how you build a cloud security operating model, there's a set of findings, we'll call them, maybe there are security findings, maybe they're informational findings, that are a fairly low risk, and should be dealt with by the individual teams themselves, but that same team, you know, maybe isn't the person that can sign off on the risk if it's high enough, and if it's not then it needs to be escalated to the next level up to have that risk signed off on. A lot of times in large enterprise for workloads, that was done using unfortunately, you know tickets and systems and, you know, humans actually, you know, filling out some form of a checklist, saying, yes I met this, no I didn't, and we can automate huge numbers of those tests, including distributing them to the teams for the teams to solve themselves, and if they do their job right, there's not even the need for the central security body necessarily to know about the issues because they got solved, but when they don't get solved, that's when rather, you know, escalation to Boston automation or escalating to a centralized team starts to make sense, you kind of said a lot about DLP there as you were doing in cloud and just data security in general, and I do think, you know, cloud has given us this interesting opportunity, that's really upset data security in the old way on its head, you know, we used to do data security by putting agents on systems, or sometimes it was a proxy in front of it but either way that doesn't work well in cloud, when you're consuming platform as a service, you know, Amazon is not going to let you put an agent on their database that they're provisioning for you, and, you know, if you put in your own proxy in front of it you probably just messed up the elastic scalability that was built into the whole thing to begin with. So we needed a different way to look at this, however, we also took away a couple of things, in cloud the application teams themselves generally use fit for purpose data stores, they use the data store that's the best for the workload they're doing, our own workload has many data stores under the covers, it's not one data store, and so because of that, this kind of, you know, the old world of there being a data security team or you know, database optimization team, that you know optimize the database workloads, actually gets distributed as well all back to those teams, and so, we've gained kind of this, you know, fit for purpose smaller sets of data stores that are being used all over, and on top of that, the cloud vendors in many cases have done great things to enable monitoring, you know, part of the reason we were putting agents on database servers, is because the Oracle admin said I can't turn logging on, I don't have a big enough system to do it, it's going to crash the system, well in cloud parts of that go away, you can scale the systems up, you can enable loggings, now you can get that rich data that you wanted when you were an enterprise, and so, you know Sonrai is really kind of taken that model and said, look we can give you the visibility around data movement, we can give you the visibility around all of the entitlements to that data, we can understand, is your data at risk? And then we can profile all that for anomalies, and say, you know, it's kind of odd that the workload that normally connects into this through this automated fashion is now using its access key from a different location, that doesn't make any sense, why is that happening? And so you get kind of strong anomaly detection as well as the governance. So, you know, data security and cloud, if we kind of fast forward a few years, will look very different than it does today, I still believe some of the teams are not quite there yet in cloud, you know, they're still struggling with some of these identity problems we talked about, they still struggle some of them with CSBM problems, and so we have to solve those first obviously before we get to the true data security. But it's interesting that cloud has enabled us with such rich tooling and APIs to actually do it better than what we've done on enterprise. >> A lot of really powerful concepts in there, thank you Sandy. I mean, this notion of decentralizing security functions reminds me when Vogels describes this hyper decentralized distributed system that Amazon is building, and it is clearly a theme, you know, maybe it's bromide, but people talk about shifting left, designing security in, and it's important, not just bolting it on as an afterthought, and so, maybe this next question sort of really relates to the theme of this event, which is all about scale, here's the question Sandy, thinking about your contribution to the future of cloud, obviously you start a company, you want to grow that company, you want to serve customers and grow your revenues et cetera. But what's your defining contribution to the future of cloud scale? >> Look, we want to enable companies to scale faster, we want them to be able to put more workloads in cloud using, you know, the right set of security controls to keep those workloads safe, I know we can actually do this in a way where, you know, we talk about defense in depth for years, right? And usually in enterprise that meant many levels of networks before you got access, now we need to do defense in depth in terms of, you know, actually variety of controls, we can't throw the network control away, it still has to be there, we need an identity control, and it will be the primary control for what we do in cloud, we need a data lock, you know, rather that's through an encryption key policy or whatever it is, so we have multiple different layers of defense in depth, we can use in cloud today, and so it will be a much more secure environment than it was in the future, but we have to, again, so my contribution is hopefully I can help everybody get to that level, because right now we still see way too many breaches with very simple configuration problems that ended up exposing data unintentionally, and that's worrisome. >> You know, it's funny, a lot of people maybe can't relate to that defense in depth, I mean, obviously security people can, but we as individuals who now rely so much on our mobile phones, and things like SMS, and then you start to build in, non SMS, you know, base two factor authentication and you start to build your own personal layers, it's sort of a microcosm of the complexity that you have to think about in the enterprise, but in having tools to automate is critical, and expertise obviously, so let's wrap. Avi give us your final thoughts and key takeaways on building a world-class cloud security. >> I guess the key take of this would be, you know, to choose the right partner, it's not just the solution, another key takeaway is automate your way, because with security in the cloud is different than traditionally how do you do it, and the only fastest way to move is automate yourself away out of it and rely on talent, rely on a lot of young talent that's coming in and all the tools like Sonrai AWS are making it easier to operate in the cloud, so bring up the young talent and up skill the talent and leverage on these tools to be more secure on the cloud. >> Yeah, use automation to solve the big problem of, you know, that talent gap, there is not enough of it out there, and the adversaries they're well-equipped and quite capable. Okay Sandy, please give us your last word. >> Look again, I think a cloud is going to get us to a point where we are more secure than we were on enterprise, we have all of the right tools and controls to do it, we can decentralize the security and make it better, again, I think if anything just to encourage people to really look at a cloud security governance model, right? You can't do this ad hoc, trying to whack-a-mole small issues as they come up, you build it in as an operating model, you automate it and you deal with the exceptions. >> Yeah, I mean, you're very optimistic and I think is for good reason, I just remembered listening to Steven Schmidt a couple of years ago at reinforce, basically saying, look, we feel pretty optimistic about solving this problem, whereas, I have to say every year I look back in the enterprise and on-prem and I know it's getting worse, and so, keep up the good work gents, I really appreciate the time on theCUBE today, thank you. >> Thank you. >> Thank you. >> And thank you for watching theCUBE presentation of the AWS Startup Showcase, The Next Big Thing in AI, Security & Life Sciences. I'm Dave Vellante. (upbeat music)

>> Live from Miami Beach, Florida, it's theCUBE, covering UiPath Forward Americas brought to you by UiPath. >> Welcome back to Miami Beach, everybody. This is theCUBE, the leader in live tech coverage. I'm Dave Vallante with Stu Miniman. This is our one day coverage of UiPath. UiPath Forward Americas. UiPath does these events all over the world. They've reached about 14,000 customers to date and about 1,500 here, Stu. A great show, a lot of energy. We're watching the ascendancy of robotic process automation, the simplification of software robots. Courtney Dominiguez is here, she's the Vice President of World Fuel Services and she's joined by Ashim Gupta who's the UiPath's Chief Customer Success Officer. Welcome folks, thanks for coming on theCUBE. >> Thanks. >> Thank you. >> So, Courtney, let's start with you. World Fuel Services: what's that all about? >> So we're a logistics company, an energy logistics company. We're actually based here in Miami, Florida so it was a short commute over to the Fountain Blue for the day. >> Lucky you. >> Yes, exactly. So, yeah, we do fuel globally, all over the world. So we do for aviation, marine, and land. We also focus on renewable energy and we're really developing over in Europe as well. >> So, interesting, a lot of interesting drivers and dynamics in your business, fast moving, a lot of change, sometimes hard to predict. >> Yes. >> In terms of your role, talk about your role and what some of the key business drivers are that force you to be on top of your game. >> Yeah, so, I'm in charge of shared services and automation for the company so it's really my role to help us operate more efficiently and do things smarter. You know everybody's being challenged to do more with less and as you grow the business, your transaction accounts grow as well so we're really in charge of transforming and providing solutions. UiPath is a component, a big component, of what we're going to be rolling out and helping to really do transformation. >> So, Ashim, Courtney saying, do more with less, that's got to be music to your ears. Your job is to make, Courtney, her company, successful. So, talk about your role and how you actually make your success. >> Sure, so, one, I was a former customer. So you look at Daniel Dines' strategy and UiPath's strategy and it's bringing people in who really have a passion for the industry and have that experience to go and try and operationalize a lot of our mission. As a former customer, I know a lot of times you get sold software and you don't get a lot of the tools or you got to go buy another set of tools to make the first set of tools work. So customer success is about giving technical talent and really great experts and put them in the hands of our best customers to answer the questions that are out there as they embark on their RPA journey. That can go from anything from infrastructure, technical hurdles that they may face to how to really think about RPA, how to eventualize it within their areas. And by doing that, we get people to up that adoption curve, they start seeing the benefits of RPA and it becomes a no-brainer, both for the company to invest in and employees to understand the value that RPA brings. >> So, Courtney, was RPA kind of a no-brainer for you? Was it a, "What is this technology?" How did you go about sort of bringing RPA into your organization? >> Yeah, I think all of the above. So, it seems very intuitive. You know, you want to do things smarter and do things more efficiently but that makes people nervous too so there's a lot of people that say, "I like what I do" "and if you do it smarter and more efficient," "do you still need me?" And I also think that, from the top, it's easy to say robots, and that sounds really cool but really putting it into the water supply is a different story. So, one of the things that we did, we hosted a RPA awareness day, partnered with UiPath. They came in and worked with us on that. And then after that we hosted a bot-a-thon. So, we went out and we had our whole enterprise download the community version of UiPath and just had them start experimenting and coming up with their own ideas and honestly, it was a great crowd-sourcing engine for us. And we just came up with an instant pipeline of ideas and people really caught on and bought into it at that point. So it was fantastic. >> Courtney, I want you to expand a little bit on that. In my career, I've always said, "I know next quarter," "next year, I'm going to have more to do." When I managed a group in operations it was, "You need to figure out what you can get rid of," "you know, what you can," I mean automated a decade ago was quite different than what you do today but I like what you said about how you engaged everybody and got them to, kind of, get over that fear of the unknown. How long's the process going to take? Did you have senior management involvement in the planning? >> Yeah honestly, this was a great, ground roots kind of a way of getting it out and it didn't take long at all. I mean we've only been on this journey a couple of months quite honestly and it's caught on like wildfire and we're really excited about it. So you know, I think it's great that we were able to partner some of our great, younger talent with some of our more, people who've been doing it for a long time. And we partnered together, we partnered them together and then they came up with their own ideas. It's easy for me to, Monday morning, quarterback, and stand on the other side and say, "Oh, you should do this or do that" but the people that are doing it everyday are the ones who have the best ideas. They know what they don't want to do. They know what they want to spend their time working on. So they're the best ones to figure out how to make that other stuff that's not quite as fun go away. So, yeah, it's been fantastic. >> So, Ashim, if I could ask, how do you help your customers figure out what the right metric is? What is success for them? You've been on the customer side, you've been talking to users, it's often like, "Oh, I think I'm going to be able" "to save money but maybe it's growing revenue." There's a lot of pieces there. >> I mean, a lot of it starts with listening because I don't think there's one right answer. You know, a lot of software companies come in and say, "It is just about cost", or, "It is just about X". We think about it very differently. Some of our customers think about it in terms of cost equality, getting accurate data, getting things done 100% accurate and getting data quality up. Some of them, it is a productivity game, right? It's important to get that cost down. We have customers in Japan who are using it to augment their workforce because they need more workers than the market can supply and RPA gets it. So I would say the first is listening to our customers. The second piece of it is, then, there are some standard things across our customer base that we're all learning together. You know, one of our customers started looking at the time, the run time of a bot. Or how long, how much infrastructure does it consume? So we're able to get best practices across to be able to figure out what are the right metrics that suits our customers' needs. >> Courtney, I'm trying to understand if it was a top-down initiative or a bottoms-up or both? >> It's both, yeah I think it's really both. So I think it's that top level setting the direction and saying, "This is what we want to do." One of the things we have at World Fuel is, a lot of people have the mantra, and Dan said this this morning as well, is, "We don't want to touch the keyboard." Right? We want to be no-touch. We want things to come through seamlessly. So that's getting great data quality at the beginning with customer onboarding and then getting it all the way through and out the door because, at the end of the day, we need to get the invoices out and the money back in, right? And I need accurate data to do that and do things efficiently. So, I think it's from the top saying, "We want to be no-touch", and then it's up to my team to help provide solutions and work with the businesses and figure out how to make that happen. >> So it sounds like you had this ideation initiative and did you just pick one or two or did you say, "Okay, guys, go?" Where did you start, what did you have to do to really prove out the value? >> We did, we definitely picked one or two. It went with quick wins but when you go with quick wins and you say, "This is what we did in a really short" "amount of time with minimal effort," "think of the art of the possible, think of what we can do?" And now our focus is not on quick wins. Our focus is on, "How do we transform our business? "How do we take this tool and really apply it" "and transform the way we work?" So I think it's important to have those quick wins initially and just kind of set the stage because that gets everybody thinking, "Wow, this can be really big." >> What kind of person was required to build the robots? Somebody who's fairly technical or was it a business person, was it a team, two people team? >> I have the best team ever and I really think we got a lot of them internally. Really, citizen, kind of data, scientist people. Not anybody that was necessarily trained in it. Now we're getting more and more data scientists added to the team. So we're getting more developer-type skills. We also have BAs, so we've got some people who are great at looking at process and how can we make things more efficient? It's a combination but I do really think that some of our best resources have just been people that are really eager to learn. I mean, UiPath does an amazing job of putting the certification and the academy, and so many online tools it's free. I mean, it's so easy to work with them and really pick it up. You know you don't need a lot of training and that's one of the reasons we selected UiPath you don't need to be a rocket scientist to figure this stuff out. And they really make it all so readily available. >> A lot of the customers we talked to today on theCUBE have gone through a business case, some rigorous, some sort of back-of-napkin, What kind of business case and justification did you go through? >> So we started small with the bots. So we said, "Lets prove it out with a small number of bots" "and if we can do that, then we can scale". And we were just chatting earlier that now we really want to look at it and say, "Over the next three", "six, 12 months, how can we really scale this" "and what do we think that looks like?" Again, start small and then, now okay now we know what's out there and we know what we can get so let's go big and we're ready to do that now. >> So did you go through a rigorous, sort of, quantification of the business value or was it more like, "Hey, it's low risk. Let's try it, see what we get." >> Yeah, yeah, it's low risk, let's just do it. >> I mean what was the result, what was the business event? >> Honestly, it's been fantastic. I mean the results back that we've had have been savings of 100,000s of dollars with minimal, again, minimal effort and minimal, really unsure of what we were going to get out of it. So, it's phenomenal. >> And the denominator, and I say denominator I'm talking about benefit divided by cost-- >> Yeah. >> Sounds like the denominator was pretty low. >> Pretty low, yeah. >> One of the best ways to get our eyes, lower the denominator. I always talk to my kids about this when it comes to college cost so you know what I mean, (laughing) And really, with the community version, getting that out there and free and just having people start playing around with it? I mean, that right there keeps your cost pretty low because they're funneling and putting ideas in the pipeline and then when it comes time to develop it and make it production ready, that's where our effort is involved but to just get that into the pipeline with a little bit of effort and a little bit of cost is a no-brainer. >> So it's clear, your strategy as a company is to lower the barriers to entry for your clients, train them, free training, get them hooked, and then let the rest of it soar. >> Yeah, I mean, one is we share that, our CEO talked about that today, we share that joy that automation brings to a lot of people's work. That's what drives them. So for us, it's not about nickel and diming people every step of the way, it is arming them with what they need to fulfill the mission for what we sold them automation or RPA for. And that's a huge part of it so it goes beyond just the academy, just the training, you know, it's the intimacy that we want to keep with our customers. So we're growing very fast in our number of employees. So, even though, I think we're getting close to 2,000 customers, our goal is to get to 2,000 employees here very quickly. And our CEO really stresses customer first in that equation so we learn and we do little pivot points along the way. An example could be internal marketing, helping people drive awareness. You know, the bot-a-thon that Courtney had for her team, we want to be able to sponsor those things. You know, be partners in getting that name of RPA out there. So it's everything they need to try to get up that curve. >> Courtney, your enthusiasm is palpable, as much of the feedback that we've had from customers, but if you had to do it over again, would you change anything, would you go faster? Would you have done anything differently if you'd had a mulligan? >> One of the concerns is that I feel like we've got a lot of momentum and I want to keep it going. So I want to, like Ashim, we need to scale our team as well so that we're able to handle that pipeline of work coming in and that we don't stall out because I really see a lot of enthusiasm for what we're developing and we want to be able to keep up with that. I love moving fast, I wish we could move faster, I push my team to say, "How much faster can we go?", because there's commitments as well at the board level saying, you know, "What are you guys doing and how are you transforming?" But I wouldn't do anything over so far. So far it's been fantastic. >> You know It strikes me that when you put in a robot, and automate a process, you're saving for an individual, and arm or a leg, you know, Lots of arms and legs. How have you thought about virtualizing those arms and legs into a team that can really drive this to your last point, through the organization, to keep that momentum going? >> Yeah, that's what we're looking in now, right? We want to look at that digital roadmap and say, not arms and legs, but we actually want to look at real resources and that doesn't necessarily mean a resource reduction, it just means being able to scale and do things more efficiently and hopefully, redeploy those resources to do stuff that requires a brain, right? >> Ashim, I'm curious. Do you have some tools to help customers as to how they scale and grow and keep the momentum going? It reminds me of a rocket going on, you've got those booster levels, and you want to reach escape velocity but then probably, keep accelerating. >> Yeah, so you'll start seeing our platform expanding this. At this conference, and Daniel must have talked about it, we launched UiPath Go. Getting openness and collaboration within organizations and across organizations, that's really what our Go platform will enable people to do. Sharing automations, learning best practices, being able to connect with different companies, different partners at a fast pace, that's so important because there's not a cookie cutter approach to this, we need collective knowledge to ramp up the speed and then, slowly by slowly, the features that we're starting to do: sharable libraries within the platform, you're going to see other process discovery type automations come out or tools that we're starting to roll out to our customers. And then we have events. Yesterday, Courtney was a part of our customer advisory counsel. It is incredible, when you put customers like Courtney in a room, who are so passionate and are incredible, sharing what's working and what's not and everybody leaves saying, "Okay, these are the two things that I'm either" "going to look out for or that I'm going" "to do differently to make sure the journey happens ahead." Those are just a few. >> Courtney, Daniel was on earlier today and we were asking him to give some advice to these young people, you know, he's kind of inspirational. He talked about this morning in his keynote about people laughed him out of their office and so forth. And one of the things he said is, "I didn't think big enough," "I started to think bigger, you got to think bigger." So as you put on your think-big hat, where do you think this could go? >> So I really see UiPath and RPA collaborating, right? I mean, we were investing in a lot of smart tools and I want to see how all of those tools can work together. I don't want it to be just UiPath or just another tool, or workflow tool. I want to see how they can all, because to me, that's where the value really comes in. I mean if you're leveraging best-of-breed options and best-of-breed tools and then we can say, "How do all of these work together?" That's transformational. So, really, at the end of next year, what I want my team and what I want my leaders to say is, "Wow. They have really transformed the way that we work" "and the way that we do business." To me, that's a win. If Ashim can make me successful in that, I'll be a happy camper. >> Awesome, guys, thanks so much for coming on theCUBE, we really appreciate it. We're seeing some of these trends that we talked about: the productivity gap, we have more jobs than we have employees to fill those jobs. The productivity line's not moving. RPA and the ascendancy of RPAs promises to change that and we'll be covering that ongoing. You're watching theCUBE live from UiPath Forward Americas. Stu Miniman And Dave Vellante. We will be right back.

>>Welcome to this cube conversation. I'm john Kerry host of the cube here in Palo alto California. We got a hot startup doing new things differently. The new way the cloud native way brendon, Hannigan, Ceo of sun rays securities. They deliver an awesome new solutions platform on all clouds to change the game and how security is done Brendan. Thanks for joining me on this cube conversation. >>Really nice to talk to you today, john >>you know, I loved showcasing companies that are, that are thinking about their entire optimizing their efforts to bring in the new, the new way to do things. And we certainly with the pandemic we've seen and everyone's validating this general global consensus that cloud scale and devops and def sec apps is generating a new kind of modern applications and this is just clearly has been known for a while inside the industry, but now it's mainstream. You guys are building a company around this notion of security. So let's get into it. What do you guys do is get right to it? What's the product? >>Well, firstly to get going And before getting into the specifics of product, john just I like to frame it, which is the ways in which I started out as a software engineer. You know, a long, long time ago built a company based on classic, traditional ways of developing software. The way we develop software has just changed dramatically change from stem to stern. We've gone from monolithic applications to microservices. We've gone from 18 month development cycles to two weeks from business units and I. T. Controlling it to devoPS teams. And then the amazing this is the incredible thing from a security perspective is we used to call up people in traditional networks and data centers to reconfigure the firewall so I could put my application of data center. But now I represented in code infrastructure is code that basically represents the infrastructure I have shows up in of course the cloud. The reason why I'd like to explain this story is we talk about cloud security and the complexities of cloud security. That's just where it all comes together. The reality is everything has changed around it. And we have a simple belief if everything has changed in terms of how it is, you build technology, value, deploy it and operators, we have to change how it is reduced security and it has to be also from stem to stern. So that's what basically that's why we started this business. Our mission is simple. We want to reinvent how it is. People secure new technology in these new environments and we do it by building a service that sits on top of companies usage of cloud amazon as your google cloud. And we help find risks automatically, eliminate them, Make sure they never come back and then deliver incredible new ways of continuously monitor activity to prevent cyber security incidents from happening in the first place. >>So this reinvention is a big, big trend. We've talked about this on the cube, you know, with many guests, even Pat Gelsinger's now the ceo of intel. When was that VM ware told us that you need to do over it in security, got to redo it all, not just incremental improvement. You know, fundamental revolutionary change was you're basically getting out here. So the question is top to bottom reinvention totally get that. How do you do it? Okay, Do you change the airplane engine out of 30,000 ft? It's hard people, it's easier said than done. What are the elements to reinvent security >>in this? We have we have a magical opportunity here because of cloud. So what happens is into traditional data centers and the traditional enterprise networks, There's, there's kind of Control points that are traditionally, which we understand and security John, right. And it's built up over 2030, 50 years. Right. And there's certain ways around which we rotate our security controls and you're familiar with them, right? Firewalls, Endpoint, antivirus security, information, security, event management system. Think of all those things, those control points are not relevant in the cloud. It's not, it's, they're interesting. V p c s and narrow grooves are kind of interesting in the cloud. Totally insufficient. So there's a necessity to reinvent and there's new control points and I will then tell you why it leads with an incredible better result. The new control points of the cloud, we believe and strenuously push when we speak to our customers, our identities. And it's not about Brandon and john, it's nearly always about non people identities, serverless functions, pieces of compute containers, all of these things have rights to like people. The second control point our data. Where is it? We used to have a data center. It's in the word, it says it data center, but in this instance I may have 20 devops teams. Each one of them is using RDS. One of them is using elastic cash. One of them is using a different thing. So data is the second one. The third one is applications. Why is this so important? The service providers have done a great job with core infrastructure. They give us two mechanisms to set up these environments. We need to help our customers organize and reinvent our security around these three pillars. The reason why it's so important, I love what you said is God, we've got to start from scratch. You get to start from scratch and when you do it, you actually can deliver a level of granularity and control and security that is unimaginable in the traditional enterprise network and data center. >>It's like golf, you got an extra Mulligan off the T if you hit it out of bounds and security, you get a do over. This is this is an opportunity. I love that concept because this is I mean it's not many times you get this clean sheet of paper or the opportunity to to pivot or reinvent or refresh re platform re factor whatever word you use. This is a time >>once in our life this transition, we know digital transformation is transforming industries, every industry is feeling it. We can see and understand the significance of the inventions like like AWS, it's an amazing invention, the power of it and what it delivers to us. The opportunity which is a must take opportunity is reinventing security from top to bottom. And by the way if you don't do it, if you just do this kind of half I have asked you end up with a mess on your hands if you do it properly, you end up in a better place than you would have been a traditional enterprise network and data center. >>The old expression you gotta burn the boats to get people motivated to kind of get it done right with the cloud. Let me ask you questions. Identity security and the data secure. Love that perspective because Identity the first thing in terms in my head when you said that was I thought about the identity of the individual their I. D. You know and you could actually get down to the firmware of a phone or you know to fact multifactor authentication. I get that access authentication. You're talking more in terms of other naming spaces and naming systems like specifically around services and applications identity, not just users. Right? >>Can you expand more on that? We we we we understand this as many people now understand this at a superficial level, but they haven't truly understand stood what's under the hood of what's happening inside cloud when you have reinvented applications, microservices, applications, auto scaling applications, it's all cloud is about incredible innovation happening across teams. What happens in the cloud is you have developers, administrators creating workloads. Those work clothes have huge numbers of compute functions which could be a container, a compute instance, a serverless function. They're gaining access to resources, other compute resources, cues and data to give you a sense of scale job you could have a company. It's not unusual. 80,000 pieces of compute 20,000 active at a particular point in time. We've got companies and then they assume these roles which give them access and rights to do things on these cloud services. It's not unusual to have 10,000 rolls in a cloud environment across multiple different accounts. Now, you see the identities, these pieces of compute have rights to do things. That's good because I can restrict what they do. It can be bad because if I don't have a handle on it, it's a mess. By the way, when you talk about this scale, human beings can't process this much information must be able to understand the risks, configure and automate remediation of these risks. The cloud providers give us the tools to build these flexible workloads. They're incredibly flexible. The dark side of it is in experience and basically inefficient deployment of those tools can lead to a whole host of risks that, quite frankly a lot of customers don't fully appreciate yet. >>And then people call that day to operation. But I love this idea of identity, the thousands and thousands of services out there because with microservices and you're seeing coming out of the cloud native world is these these new kinds of services could be stood up and torn down very quickly. So, you know, the observe ability trend is a great indicator in my opinion of this whole, you know, manic focus on data. So, you know, because you need machines to know, you don't know if something could be terminated and and stood up not even knowing about it, it could be errors. How do you log it? Right. So this is just an example. What's your thoughts on that? What's your reaction? Is that right? >>Ephemeral nature is the beauty of cloud. Right. Because, you know, there's problems that even now when we build our, we have a cloud native application ourselves and when we have a problem sometimes, of course we can go in and spin up 400 servers to go solve a problem and spin them back down half an hour later. We couldn't do that before a cloud. We can actually have developers doing this incredible rapid work with serverless functions to go and interrogate data to go out of data. Like to go and do analytics. It's wonderful. But what you said is their ephemeral. Now, just think about an environment. 20,000 pieces of compute 10,000 active, lots of 20 different teams across a 50 amazon accounts. Somebody comes in and basically during a period of time compromises. It compromises something and gets access to data, but it's a federal, it just comes and goes, we have to know that we have to know what's possible. We have to know if it's happened and then we have to basically greatly minimize the possibility of that happened. My promise because I'm security people are always trying to scare everybody which is valid. However, my promise the power of this cloud has created complexity opportunities but actually it also gives us the solution because using analytics machine learning in our case graphing technologies, we can actually find these things and give micro control two workloads so that actually we can see these things and automatically eliminate these risks and that was impossible >>in the the automation is programmable. You can actually set policies around automation. Pretty cool. I gotta ask you about get to the technical and want to understand the graphics and the platform more. But I want to ask you the question on the reinvention. If I follow your your playbook Yes. What's the end results? Can you take me through the all in bet the redo what happens? Can you just take me through the day in the life of an outcome? What's it look like and walk me through that? >>So firstly what the outcome I want to give our clients is they have these complex cloud environment spreading across, you know, any, even a moderate sized enterprise. What I basically want to be able to give our clients and when we have delivered for our clients is they basically managed to break that cloud from being this amorphous thing into specific work clothes. Each and every one of those workloads have specific controls in place that understand how that workload should operate in this environment across staging development and production. And actually we're able to essentially locked down what it is these workloads can do from an identity perspective, a data access perspective, a platform rights perspective and then monitor anything that changes. That's one thing. So the complexity were actually able to push away the complexity leveraged up lower to give that level of granularity at very deep levels. Identity, data platform. The second thing, actually, and this is john again, what's possible will clown? It doesn't it can't be all security teams, its security needs, It could be audit teams, its developers. So we have customers who have onboard tens and tens and tens of teams onto our platform. Why do we do that when we're finding issues and finding things that need to be resolved for directing it directly to the development teams? So we're saying developer to get into production, you're going to have to fix your identity set up in this environment. It's too risky, but it doesn't have to go to the security team. The security team will only hear about it if the developer doesn't fix it. >>Got it. So they're proactive, >>we're involving the teams responsible for creation and resolution of issues. The security and cloud teams are setting up the ground rules for a workload to operate in this environment and now we've got a level of granularity across workloads, whether they're in production or not. That basically is wonderful. That's the that's the ultimate endgame. >>What's the uh status of the vision and product on execution uh where your customers at now? Um how do you feel about it? Where is it going? Can you share a little bit about the roadmap and kind of where the product is? Uh It's a huge vision, it sounds easy to do, but it's not >>it's not actually and, you know, underlying it also, we actually, we've production service, we have wonderful, very large customers who are deployed and operational on our platform. You know, an example of one of them would be world fuel services, fortunate 93 company were the center of their kind of new security environment and operating model for everything they're doing and cloud. It's a beautiful story job. They've gone from in, in, you know, a few years ago. They 22 to the centers today to to yeah, it's unbelievable. And now all that future real estate were the center of that cloud security operating model. What does it mean? A 50 ft plus different teams on boarded onto the platform, following the rules of the road. If they don't follow the rules where all the exceptions are coming in and we're doing a continuous monitoring process underneath it. What is it that we've done? That's interesting. We actually have this incredible, unique way of collecting information from the cloud so that we can gather it in a very uh continuous way. So we're constantly seeing what's happening in addition to interrogating A PS and clouds are actually monitoring logs so we can see all the actions, what you just said. By the way, something comes and goes, we see it. The second thing which we do is we gather the information. We build a graph. This was actually, this was hard because it's not just as simple as sticking things in a graph with all of it to be. But what is the graph doing? The graph is basically understanding the intricacies of all the identity and access management models. I can see everything that can do anything to any other resource in the cloud, right? There is a surplus functioning container or a VM And we boil it down to very simple things. So underneath it's complex. We represented grass with boiling two simple things. Then we run analytics across the graph too, find and eliminate plaque from risk, find and eliminate identity risk. Get customers to the privilege enforced separation of duties, find data that you may not know is there that has incredible amounts of things capable of accessing it and help our customers lockdown that access. And then finally had we getting it into an operational automation kind of pipeline so that basically on an ongoing operational perspective it's efficient. So we're actually doing this for customers. We've got some very large financial institution customers. We've got, you know, large customers like World Fuel Services. And now actually our mission this year is to actually help simplify a lot of what we're describing so that, you know, you know, other companies and maybe companies not as sophisticated as a big financial institution or World Fuel Services is able to just very quickly get the value out of a solution. Like, >>you know, when you have these new technologies, new way of doing things, it's exciting at the same time, you have to kind of vector into an environment where the customer is ready to be operationalized. So, um, I got to ask you about how um teams are forming. I've I've been having a lot of conversation with VPs of engineering, large enterprises and and also big companies and hyper scale as well. And they're all talking about how, because of what you're doing and the kind of the general philosophy that you're you guys have is changing how teams are organized. You have a platform engineer now who can work on a platform and then flex and go work with other say feature engineers. And so it used to be just to do your features, You got your platform guys, you got your networking people. Okay, now you don't have to talk to the networking people because you can abstract away the network. You now have more composite, more compose herbal applications with all the observe ability. And now you can actually build that foundational platform. Redeploy the platform engineers with the other teams. So you seem like and then you got sRS embedded into teams and so you kind of got this new engineering formation going on, new kind of ways to organize the new modern era is here, it's on on this, this how people organize their teams. >>Actually is. There's no, there's no entire recipe at because you go to different customers and customers are basically experimenting with different ways to organize their teams. There's no question. But actually, I think one thing that's changed in the last 18 months is companies realizing we definitely need to change how it is. We've organized our team. I'm going to give you a simple example. Again in the old world, they would have network teams and network security teams you call up, Let me re configure the firewall. That doesn't work. It's just, it's just so broken. It can't work in clarity, can't be calling on people to re configure a firewall. That's an example. Another example which companies are realizing the latest identity. They will go through an approval process and they go through a governance and certification process. Well, these, these teams in the class, they want to get to work out in into, they need to get it in a month in an hour, in an hour. They can take a month and a manual approval processes sort of realizing that you need a skill set antiseptic ground rules and then the teams should be allowed to innovate within the ground rules. That's what the platform teams need to do. And so what we see emerging, which I think is a really best practice, is cloud centers of excellence. They're responsible for what I would call the shared infrastructure of the enterprise. The 250 Amazon accounts for 50 is your subscriptions, whatever it is that is king. Then the devoPS teams are using this shared infrastructure. The question is, how do you interface, how do you help coordinate between these different responsibilities from a security and governance and risk perspective? And that's actually what a big part of what our product is, helping teams coordinate their activities. That's a big part of what our product is, >>love. The first principles, they're sitting those ground rules. I mean there's been a chef and a cook, you know, you know, working with the environment and putting the new ingredients together and then getting that operational. It's a huge opportunity. Great stuff. Brandon. I gotta ask you the final question. Well I got you here, Sunrise Securities, the name Sunray. Where'd that come from? What does it mean? >>It actually means it's a Gaelic word and it means data and it's just so central to you know, what are people trying to steal? Like we can talk about security we're going to face. But at the end of the day they're trying to do damage. You're trying to get access to data. That's the most valuable thing we're trying to protect. So that's why we put it in our name. >>Digital transformation, everything's data now, everything's data, content, data Securities, data, data is everything >>it is. and I did >>great stuff. Brendan. Thank you for sharing the story here on the cube conversation, Brennan Hannigan's ceo of suddenly secure. Thanks for joining me. >>Thank you very much, john, it was a great pleasure. >>Okay. It's the cube from Palo alto California remote. Still. Thanks for watching.