>> Live from Las Vegas, it's The Cube! Covering AWS re:Invent 2018. Brought to you by Amazon Web Serices, Intel, and their ecosystem partners. >> Good to have you back here on The Cube as we continue our coverage here at AWS re:Invent day one. We're here for all three days so we have probably about three dozen guests lined up here in this particular Cube set and really a delight to be here once again. Our seventh time at this show. I'm John Walls with Justin Warren. We're now joined by Milos Marjanovic who is vice president of product management at Zayo. Milos, good to see you sir. >> Good to see you too, thanks for having us. >> You bet, and Kevin Sheehan, who's the chief technology officer at Ciena. Kevin, how are you sir? >> Very good, thank you. >> Good. >> Nice to be here. >> Let's talk about your respective companies first. Just to let folks who are watching know what you do and then what do you do together? So Milos, first off tell us a little bit about Zayo. >> Sure, so Zayo is a communications infrastructure provider. Primarily we own and operate fiber-optic networks. Now, we're here to exhibit a product called CloudLink which specializes in getting people into the cloud by bypassing the public internet. So there's some inherent values associated with that. Because we operate at the infrastructure layer, as you get up the stack and you add on software and other solutions on top of that, partners like Ciena are important for us to have more holistic solutions for our customers that want to go into AWS. >> And so, Kevin, yeah when do you come into the picture? >> Yeah, so Ciena, our DNA, we're about 20 years old as a public company. And we've become known as being the best at moving bits across the globe in terms of whether it's for your mobile phone, your iPad, whatever data is moving around the world. And then over the past five or six years we've dove in in a big way into automating the movement of those bits with software, open software, open software platforms. And that's really, with Zayo we're partnered both on moving bits and at automating the movement of the bits as well. >> Interesting. Yeah 'cause moving data around is actually really, really hard and getting that data where you need it to be, when you need it to be there is one of the really intractable problems of the multi-cloud era. So explain a bit more about how it is that you are actually helping customers to do that 'cause everyone's been struggling with this for quite some time. What's the secret? >> So yeah, I can take the first part of that anyway. So you kind of hit it, it is difficult. And I think ubiquity is key. So having a presence where our customers are. So with our fiber-optic network we have over a thousand data centers on our network. So customers that might have had a private cloud solution within a data center that are either in a hybrid model or looking to move holistically into the public cloud, it's kind of like, who are they looking to to help solve for them for their connectivity needs? And that's where Zayo I think is uniquely positioned. Their expectations and being in the public cloud is such that automation, efficiency, things like scalability is also very critical. So that's not just within the cloud environment, it has to extend to on-prem services as well. And that's really where we come in. So we want to maintain that user experience end-to-end for customers where they can log into a portal on our end, configure a connection in real-time and have that turn up, all the way up into their VPC environment with AWS. >> Right. >> Yeah and I think it's fairly complex to tie network services to cloud-based services. And then if you look at enterprise customers that have cloud services today, about 60% of them that have services now have services from more than one cloud service provider. And that's where it gets exponentially more complex and really where automation has a big play. So if you're an enterprise customer of Zayo for example, and you want to have certain types of cloud services from one service provider, maybe AWS and other types of cloud services from a different cloud service provider, you want the ability to move as, in an agile way as possible between service providers and ideally without having people involved in the middle and having it be a very slow and cumbersome process. So software automation really enables the multi-cloud experience for enterprise customers. >> Doing that at scale, as you say, any kind of complex environment or at any kind of scale, it needs to be automated for it to be repeatable and reliable and make sure that it actually works every time. So as a lot of engineering goes into making that work seamlessly, could you give us a bit of a flavor for what it is about the technology that you've created here that actually makes that work nicely and neatly across all these different environments? >> Yeah, so this is where Zayo, as I said, you know, we're an infrastructure provider and we rely on partners like Ciena to deliver some of that automation, at least parts of it. So one of the demos we recently did, we did a proof of concept where a user could log in to our e-commerce platform, it's called Tranzact with Zayo, they can configure a service, a solution end-to-end. So that's the e-commerce, the quote standpoint, and then we have open APIs between that platform and our SDN layer which is powered by Blue Planet with Ciena. And that rides across our infrastructure and so connectivity is configured on the network layer and then open APIs are on the back end with AWS to help provision it into the actual hyperscale environment as well. >> Yeah, so Milos mentioned the open API, so really to be successful at automating multiple platforms like this between multiple service providers, the foundation is open APIs that have to be able to talk to everything in an open way and in a predictable way, especially when things go wrong. So it's one thing to provision when everything's okay but when things start to go wrong you have to be able to adapt the network and adapt the services to things as they go wrong. So we have that built into our platform and fortunately events like this continue to promote openness of APIs. And then on top of Blue Planet, in addition to working with open APIs, we've become very good at creating an open dev-ops environment. So that in a true partnership with Zayo and Ciena, Zayo can go in and actually participate in the journey and actually create the software inside of our scalable infrastructure in order to differentiate themselves from their competitors. >> So what kind of an impact are you having on your customers if you're providing this multi-cloud connectivity or at least giving them confidence, I assume, to make different kinds of decisions, right? Now all of a sudden they have an opportunity to expand an operation or take on something new because you're giving them confidence that you can pull this off. Is that, are you seeing that? >> Yeah, absolutely. So we were recently announced, we were awarded rather, a Direct Connect Network Competency Partnership with AWS and so I think that award isn't necessarily just given out at random, if you will. So us being able to earn the trust of AWS and that being visible to our customers is certainly a value prop in gaining users' trust. That also opens the door for us to springboard in other value-ad solutions for our customers to have more of a turnkey approach. We talk a lot about automation, security, ease of use. That needs to continue to extend. That's a value that AWS holds dear and they expect their partners to have that same approach to the solutions as well. >> So what are you looking for at this show as a signal for where the industry is heading? You mentioned open APIs. We're seeing a lot of conversation about more openness and accepting the idea that there might be other possibilities for deployment other than just one cloud. What else are you expecting to see at this show that will signal where the industry is moving? >> Well of course huge movement to the cloud. Enterprise customers moving more and more to the cloud. You know, if you came here a few years ago things were centered around certain singular applications. And now when you walk around this show floor, pretty much anything under the sun is tied directly into the cloud and some things you never really imagined to be there this quickly. So I think, you know, openness absolutely, but then more and more movement to the cloud and then having the multi-cloud choice, multi-cloud service provider choice for the end customers. >> Yeah, and just to add to that, it's all underpinned by massive workloads as AI, ML, 5G kind of take hold and really are more broadly adopted, that is a lot of data that is moving around. So having that underpinned by a strong network backbone that has high throughput performance, things of that nature, is going to be critical to get data from the cloud to where the eyeballs are, where the users are. >> Do you think enterprises are moving everything truly into the cloud, or are they doing more of a hybrid approach? Where they're having some stuff go to the cloud, some things stay on their own premises, some things actually move out to the edge? Where do you see the enterprises moving? >> Yeah I think it depends on the application. So there's certainly some applications, depending on the type of enterprise, that are best if they're kept inside the four walls of the enterprise, and then they'll go with a hybrid approach. But you know, I think whenever possible the scale and the economics that can be reached if it's truly put into the cloud, you know, definitely pays for itself very quickly. >> Yeah I completely agree with that. I think a hybrid approach is probably going to exist into the future. Now, how that's split 70/30, 80/20, whatever that might be is yet to be determined. But as Kevin mentioned, the scalability in the public cloud ecosystem, and frankly, the immense resources that AWS is putting into some of their products that you can bolt on to kind of vanilla solutions that customers are coming in with, is very difficult to replicate. So I think the scale within the public sphere is going to be quicker, but hybrid will always exist I think. >> Before we cut you loose, what do you want to take away from here? From AWS re:Invent, from the show itself? Go back to Raleigh, head back to Denver, what is it that you take in your hip pocket that you think you can put to practice? >> I think for me it's seeing real time the rate of change that's going on inside of the industry. The thing that we've learned over the past five years or so is that, it's very hard to predict the rate of change that we're living in, right? And we're not even in, for example, a 5G world yet. But we're right on the precipice of it and I think what we're learning and what we're taking away and putting into practice is that the network really has to be as adaptive as possible because it's so hard to predict the amount of change that's coming and when the change is coming. You just know it is coming and you will have to adapt to the change. >> Yeah, and keying off the open APIs, I mean, we're not here to be vendors only. We're not here to be just partners or customers. We want to be all three. And I think the lines that used to divide that I think are now blurring. And the folks that are exhibiting here, including ourselves, I think fall into probably all three categories. And just seeing that ecosystem evolve over time, those lines will continue to blur. >> Well gentlemen, thank you both for taking the time to be here. I know you've got a lot of activity going on this week. Good luck with that, and again, we appreciate the time. >> Thanks so much. >> Thank you. Great to be here. >> Milos and Kevin. Good deal. Back with more here from AWS re:Invent. We are live on The Cube. (futuristic music)

(funk music) (funk music) (funk music) (funk music) >> Hello and welcome to theCUBE studios in Palo Alto, California for another CUBE conversation where we go in-depth with thought leaders driving innovation across the tech industry. I'm your host, Peter Burris. Every enterprise is responding to the opportunities of cloud with significant changes in people, process, how they think about technology, how they're going to align technology overall with their business and with their business strategies. Now those changes are affecting virtually every aspect of business but especially every aspect of technology. Especially security. So what does it mean to envision a world in which significant new classes of services are being provided through cloud mechanisms and modes, but you retain and in fact, even enhance the quality of security that your enterprise can utilize. To have that conversation, we're joined today by a great guest, Amit Sinha is president and CTO at Zscaler. Amit, welcome back to theCUBE. >> Thank you Peter, it's a pleasure to be here. >> So before we get into it, what's new at Zscaler? >> Well, at Zscaler our mission is to make the internet and cloud a secure place for businesses and as I engage with our global 2000 customers and prospects, they are going through some of the digital transformation challenges that you just alluded to. Specifically for security, what is happening is that they had a lot of applications that were sitting in a data center or in their headquarters and that center of gravity is now moving to the cloud. They probably adopt their Office 365, and Box, and Salesforce, and these applications have moved out. Now in addition, the users are everywhere. They're accessing those services, not just from offices but also from their mobile devices and home. So if your users have left the building, and your applications are no longer sitting in your data center, that begs that question: Where should the security stack be? You know, it cannot be your legacy security appliances that sat in your DMZ and your IT closets. So that's the challenge that we see out there, and Zscaler is helping these large global organizations transform their security and network for a more mobile and a cloud-first world. >> Distributed world? So let me make sure I got this right. So basically, cause I think I totally agree with you >> Right. >> Just to test it, that many regarded the cloud as a centralization strategy. >> Correct. >> What we really see happening, is we're seeing enterprises more distribute their data, more distribute their processing, but they have not updated how they think about security so the presumption is, "yeah we're going to put more processing data out closer to the action but we're going to backhaul a whole bunch back to our security model," and what I hear you saying is no, you need to push those security services out to where the data is, out to where the process, out to where the user is. Have I got that right? >> You have nailed it, right. Think of it this way, if I'm a large global 2000 organization, I might have thousands of branches. All of those branches, traditionally, have used a hub-and-spoke network model. I might have a branch here in Palo Alto but my headquarters is in New York. So now I have an MPLS circuit connecting this branch to New York. If my Exchange server and applications and SAP systems are all there, then that hub-and-spoke model made sense. I am in this office >> Right. >> I connect to those applications and all my security stack is also there. But fast forward to today, all of those applications are moving and they're not just in one cloud. You know, you might have adopted Salesforce.com for CRM, you might have adopted Workday, you might have adopted Office 365. So these are SaaS services. Now if I'm sitting here in Palo Alto, and if I have to access my email, it makes absolutely no sense for me to VPN back to New York only to exit to the internet right there. What users want is a fast, nimble user experience without security coming in the way. What organizations want is no compromise in their security stack. So what you really need is a security stack that follows the user wherever they are. >> And the data. >> And the data, so my data...you know Microsoft has a front-door service here in Redwood City and if if you are a user here and trying to access that, I should be able to go straight with my entire security stack right next to it. That's what Gartner is calling SASE these days. >> Well, let's get into that in a second. It almost sounds as though what you're suggesting is that the enterprise needs to look at security as a SaaS service itself. >> 100 percent. If your users are everywhere and if your applications are in the cloud, your security better be delivered as a consistent "as-a-service," right next to where the users are and hopefully co-located in the same data center as where the applications are present so the only way to have a pervasive security model is to have it delivered in the cloud, which is what Zscaler has been doing from day one. >> Now, a little spoiler alert for everybody, Zscaler's been talking about this for 10-plus years. >> Right. >> So where are we today in the market place starting to recognize and acknowledge this transformation in the basic security architecture and platform that we're going through? >> I'm very excited to see that the market is really adopting what Zscaler has been talking about for over a decade. In fact, recently, Gartner released a paper titled "SASE," it stands for Secure Access Service Edge and there are, I believe, four principal tenets of SASE. The first one, of course, is that compute and security services have to be right at the edge. And we talked about that. It makes sense. >> For where the service is being delivered. >> You can't backhaul traffic to your data center or you can't backhaul traffic to Google's central data center somewhere. You need to have compute capabilities with things like SSL Interception and all the security services running right at the edge, connecting users to applications in the shortest path, right? So that's sort of principle number one of SASE. The second principle that Gartner talks about, which again you know, has been fundamental to Zscaler's DNA, is to keep your devices and your branch offices light. Don't shove too much complexity from a security perspective on the user devices and your branches. Keep it simple. >> Or the people running those user devices >> Absolutely >> in the branches >> Yeah, so you know, keep your branch offices like a light router, that forwards traffic to the cloud, where the heavy-lifting is done. >> Right. >> The third principle they talk about is to deliver modern security, you need to have a proxy-based architecture and essentially what a proxy architecture allows you to do is to look at content, right? Gone are the days where you could just say, stop a website called "evil.com" and allow a website "good.com," right? It's not like that anymore. You have to look at content, you know. You might get malware from a Google Drive link. You can't block Google now, right? So looking at SSL-encrypted content is needed and firewalls just can't do it. You have to have a proxy architecture that can decrypt SSL connections, look at content, provide malware services, provide policy-based access control services, et cetera and that's kind of the third principle. And finally what Gartner talks about is SASE has to be cloud-native, it has to be, sort of, born and bred in the cloud, a true multitenant, cloud-first architecture. You can't take, sort of, legacy security appliances and shove it in third-party infrastructure like AWS and GCP and deliver a cloud service and the example I use often is, just because you had a great blu-ray player or a DVD player in your home theater, you can't take 100,000 of these and shove it into AWS and become a Netflix. You really need to build that service from the ground up. You know, in a multitenant fashion and that's what we have done for security as a service through the cloud. >> So we are now, the market seems to be kind of converging on some of the principles that Zscaler's been talking about for quite some time. >> Right. >> When we think about 2020, how do you anticipate enterprises are going to respond as a consequence of this convergence in acknowledging that the value proposition and the need are starting to come together? >> Absolutely, I think we see the momentum picking up in the market, we have lots of conversations with CIO's who are going through this digital transformation journey, you know transformation is hard. There's immune response in big organizations >> Sure. >> To change. Not much has changed from a security and network architecture perspective in the last two decades. But we're seeing more and more of that. In fact, over 400 of global 2000 organizations are 100 percent deployed on Zscaler. And so that momentum is picking up and we see a lot of traction with other prospects who are beginning to see the light, as we say it. >> Well as you start to imagine the relationship between security and data, between security and data, one of the things that I find interesting is many respects to cloud, especially as it becomes more distributed, is becoming better acknowledged almost as a network of services. >> Right. >> As opposed to AWS as a data center here and that makes it a cloud data center. >> Right. >> It really is this network of services, which can happen from a lot of different places, big cloud service providers, your own enterprise, partners providing services to you. How does the relationship between Zscaler and kind of an openness >> Hm-mm. >> Going to come together? Hm-mm. >> So that you can provide services from a foreign enterprise to the enterprise's partners, customers, and others that the enterprise needs to work with. >> That's a great question, Peter and I think one of the most important things I tell our customers and prospects is that if you look at a cloud-delivered security architecture, it better embrace some of the SASE principles. One of the first things we did when we built the Zscaler platform was to distribute it across 150 data centers. And why did we do that? We did that because when a user is going to destinations, they need to be able to access any destination. The destination could be on Azure, could be on AWS, could be Salesforce, so by definition, it has to be carrier-neutral, it has to be cloud-neutral. I can't build a service that is designed for all internet traffic in a GCP or AWS, right. So how did we do that? We went and looked at one of the world's best co-location facilities that provide maximum connectivity options in any given region. So in North America, we might be in an Equinix facility and we might use tier one ISPs like GTT and Zayo that provide excellent connectivity to our customers and the destinations they want to visit. When you go to China, there's no GCP there, right so we work with China Unicom and China Telecom. When we are in India, we might work with an Airtel or a Sify, when we are in Australia, we might be working with Telstra. So we work with, you know, world class tier one ISPs in best data centers that provide maximum connectivity options. We invested heavily in internet exchange connectivity. Why? Because once you come to Zscaler, you've solved the physics problem by building the data center close to you, the next thing is, you want quickly go to your application. You don't want security to be in the way >> Right. >> Of application access. So with internet exchange connectivity, we are peered in a settlement-free way or BGP with Microsoft, with Akamai, with Apple, with Yahoo, right. So we can quickly get you to the content while delivering the full security stack, right? So we had to really take no shortcuts, back to your point of the world is very diverse and you cannot operate in a walled garden of one provider anymore and if you really build a cloud platform that is embracing some of the SASE principles we talked about, you have to do it the hard way. By building this one data center at a time. >> Well, you don't want your servicers to fall down because you didn't put the partnerships in place >and hardend them Correct. >> As much as you've hardened some of the other traffic. So as we think about kind of, where this goes, what do you envision Zscaler's, kind of big customer story is going to be in 2020 and beyond? Obviously, the service is going to be everywhere, change the way you think about security, but how, for example, is the relationship between the definition of the edge and the definition of the secure service going to co-evolve? Are people going to think about the edge differently as they start to think more in terms of a secure edge or where the data resides and the secure data, what do you think? >> Let's start off with five years and go back, right? >> We're going forward. >> Work our way back. Well, five years from now, hopefully everyone is on a 5G phone, you know, with blazing-fast internet connections, on devices that you love, your applications are everywhere, so now think of it from an IT perspective. You know, my span of control is becoming thinner and thinner, right? my users are on devices that I barely control. My network is the internet that I really don't control. My applications have moved to the cloud or either hosted in third-party infrastructure or run as a SaaS application, which I really don't control. Now, in this world, how do I provide security? How do I provide user experience? Imagine if you are the CIO and your job is to make all of this work, where will you start, right? So those are some of the big problems that we are helping our customers with. So this-- >> Let me as you a question 'cause here's where I was going with the question. I would start with, if I can't control all these things, I'm going to apply my notion of security >> Hm-mm. >> And say I am going to control that which is within >> Right. >> my security boundaries, not at a perimeter level, not at a device level, but at a service level. >> Absolutely and that's really the crux of the Zscaler platform service. We build this Zero Trust architecture. Our goal is to allow users to quickly come to Zscaler and Zscaler becomes the policy engine that is securely connecting them to all the cloud services that they want to go to. Now in addition, we also allow the same users to connect to internal applications that might have required a traditional VPN. Now think of it this way, Peter. When you connect to Google today, do you VPN to Google's network? To access Gmail? No. Why should you have to VPN to access an internal application? I mean, you get a link on your mobile phone, you click on it and it didn't work because it required a separate form of network access. So with Zscaler Internet Access and Zscaler Private Access, we are delivering a beautiful service that works across 150 data centers. Users connect to the service and the service becomes a policy engine that is securely connecting you to the destinations that you want. Now, in addition, you asked about what's going to happen in a couple of years. The same service can be extended for partners. I'm a business, I have hundreds of partners who want to connect to me. Why should I allow legacy VPN access or private circuits that expose me? I don't even know who's on the other end of the line, right? They come onto my network and you hear about the Target breaches because some HVAC contract that had unrestricted access, you hear about the Airbus breach because another contract that had access. So how do we build a true Zero Trust cloud platform that is securely allowing users, whether it's your employees, to connect to named applications that they should, or your partners that need access to certain applications, without putting them on the network. We're decoupling application access from network access. And there's one final important linchpin in this whole thing. Remember we talked about how powerless organizations >> Right. >> feel in this distributed model? Now imagine, your job is to also ensure that people are having a good user experience. How will you do that, right? What Zscaler is trying to do now is, we've been very successful in providing the secure and policy-based connectivity and our customers are asking us, hey, you're sitting in between all of this, you have visibility into what's happening on the user's device. Clearly you're sitting in the middle in the cloud and you see what's happening on the left-hand side, what's happening on the right-hand side. You know, you have the cloud effect, you can see there's a problem going on with Microsoft's network in the China region, right? Correlate all of that information and give me proactive intelligence around user experience and that's what we launched recently at Zenith Live. We call it Zscaler Digital Experience, >> Hmm. >> So overall the goal of the platform is to securely connect users and entities to named applications with Zero Trust principles. We never want security and user experience to be orthogonal requirements that has traditionally been the case. And we want to provide great user experience and visibility to our customers who've started adopting this platform. >> That's a great story. It's a great story. So, once again, I want to thank you very much for coming in and that's Amit Sinha, who is the president and CTO at Zscaler, focusing a lot on the R&D types of things that Zscaler's doing. Thanks again for being on theCUBE. >> It's my pleasure, Peter. Always enjoy talking to you. >> And thanks for joining us for another CUBE conversation. I'm Peter Burris, see you next time. (funk music) (funk music)