>> Welcome back to the Cuban Peterborough's chief research officer of Silicon Angle and general manager of Wicked Bond. We're as part of our continuing coverage of the arse a show. We have a great guest Z scaler amid sin. Ha! Welcome to the Cube. >> Thank you for having me here. It's a pleasure to be here. >> So, um, it what exactly does Z scaler? D'oh >> Z's killer is in the business of providing the entire security stack as a service for large enterprises. We sit in between enterprise users and the Internet and various destinations they want to goto, and we want to make sure that they have a fast, nimble Internet experience without compromising any security. >> So if I can interpret what that means, that means that as Maur companies are trying to serve their employees that Air Mobile or customers who aren't part of their corporate network they're moving more. That communication in the Cloud Z scale is making it possible for them to get the same quality of security on that communication in the cloud is he would get on premise. >> Absolutely. If you look at some of the big business transformations that are happening, work lords for enterprises are moving to the cloud. For example, enterprises are adopting Office 3 65 instead, off traditional exchange based email and on your desktop applications. They might be adopting sales force for CR M Net suite for finance box for storage. So as these workloads are moving to the cloud and employees are becoming more and more mobile, you know they might be at a coffee shop. They might be on an iPad. Um, and they might be anywhere in the world. That begs the basic security question. Where should that enterprise DMC the security stack be sitting back in the day? Enterprises had a hub and spokes model, right? They might have 50 branch offices across the world. A few mobile workers, all of them, came back over private networks to a central hub, and that hub was where racks and racks of security appliances were deployed. Maybe they started off with a firewall. Later on, they added a proxy. You are l filtering some d e l P er down the road. People realized that you need to inspect us to sell. So they added some SSL offload devices. Someone said, Hey, we need to do some sand boxing for behavioral analysis. People started adding sandboxes. And so, over time the D. M. Z got cluttered and complicated and fast forward to Today. Users have become mobile. Workloads have moved to the cloud. So if I'm sitting in a San Francisco office on my laptop trying to do my regular work, my email is in the cloud. My my court applications are sitting in the cloud. Why should I have to vpn back to my headquarters in Cincinnati over a private network, you know, incurring all the Leighton see and the delays just so that I can get inspected by some legacy appliances that are sitting in that DMC, right? So we looked at that network transformation on We started this journey at Ze scale or eight years ago, and we said, Look, if users are going to be mobile and workloads are going to be in the cloud, the entire security stack should be as close as possible to where the users are. In that example, I described, I'm sitting here. I'm going to Salesforce. We're probably going to the same data center in San Francisco. Shouldn't my entire security stag be available right where I am, um, and my administrators should have full visibility, full control from a single pane of glass. I get a fast, nimble user experience. The enterprise doesn't have to compromise in any security, and that's sort of the vision that we have executing towards. >> But it's not just for some of the newer applications or some of the newer were close. We're also seeing businesses acknowledge that the least secure member of their community has an impact on overall security. So the whole concept of even the legacy has to become increasingly a part of this broad story. So if anybody accesses anything from anywhere through the cloud that those other workloads increasing, they're gonna have to come under the scrutiny of a cloud based security option. >> Absolutely. I mean, that's a brilliant point, Peter. >> I >> think of >> it this way. Despite all those security appliances that have been deployed over time, they're still security breach is happening. And why is that? That is because users are the weakest link, right? If I'm a mobile work user, I'm sitting in a branch office. It's just painful for me to go back to those headquarter facilities just for additional scanning so two things happen either I have a painful user experience. What? I bypassed security, right? Um, and more and more of the attacks that we see leverage the user as the weakest link. I send you a phishing email. It looks like it came from HR. It has a excel sheet attached to it to update some information. But, you know, inside is lurking a macro, right? You open it. It is from a squatter domain that looks very similar to the company you work for. You click on it and your machine is infected. And then that leads to further malware being downloaded, data being expatriated out. So the Z scaler solution is very, very simple. Conceptually, we want to sit between users and the destinations they goto all across the world. And we built this network of 100 data centers. Why? Because you cannot travel faster than the speed of light. So if you're in San Francisco, you better go through our San Francisco facility. All your policies will show up here. All the latest and greatest security protections will be available. We serve 5000 large enterprises. So if we discover a new security threat because of an employee from, let's say, a General Electric. Then someone from United Airlines automatically gets protection simply because the cloud is live all the time. You're not waiting for your security boxes to get, you know, the weekly patch updates for new malware indicators and so on. Right, So, um, you get your stack right where you are. It's always up to date. User experience is not compromised. Your security administrators get a global view off things. And one >> of the >> things that that I that we haven't talked about here it is the dramatic cost savings that this sort of network transformation brings for enterprises. To put that in perspective, let's say you're a Fortune 100 organization with 100,000 employees worldwide in that, huh? Been spoke model. You are forcing all those workloads to come toe a few choke points, right? That is coming over. Very expensive. NPLs circuits private circuits from service providers. You're double trombone in traffic, back and forth. You know, you and I are in a branch. We might be on. Ah, Skype session. Ah, Google Hangout session. All our traffic goes to H Q. Goes to the cloud comeback comes back to h. Q comes back to you, there's this is too much back and forth, and you're paying for those expensive circuits and getting a poor user experience. Wouldn't it be great if you and I could go straight to the Internet? And that can only be enabled if we can provide that pervasive security stack wherever you are? And for that, we built this network of 100 data centers worldwide. Always live, always up to date you. You get routed to the closest the scaler facility. All your policy show up. They're automatically and you get the latest and greatest protection. >> So it seems as though you end up with three basic benefits. One is you get the cost benefit of being able to, uh, have being able to leverage a broader network of talent, skills and resources You reduce. Your risk is not the least of which is that the cost and the challenges configuring a whole bunch of appliances has not gotten any easier over the last. No, it hasn't cheaters. And so not only do you have user error, but you also Administrator Erin, absolutely benign, but nonetheless it's there, and then finally and this is what I want to talk about. Increasingly, the clot is acknowledged as the way that companies are going to improve their portfolio through digital assets. Absolutely. Which means new opportunities, new competition, new ways of improving customer experience. But security has become the function of no within a lot of organizations. Absolutely. So How does how does AE scaler facilitate the introduction of new business capabilities that can attack these opportunities in a much more timely way by reducing doesn't reduce some of those some of those traditional security constraints. >> Absolutely right, and we call it the Department of No right. We've talked to most people in the industry. They view their I t folks there, security forces, the department of Know Why? Because there's this big push from users to adopt newer, nimble, faster cloud based ah solutions that that improved productivity. But often I t comes in the way. No, If you look at what Izzy's killer is doing, it's trying to transform the adoption of these Cloud service. Is that do improve business productivity? In fact, there is no debate now because there are many, many industries that ever doubt adopted a cloud first strategy. Well, that means is, as they think of the network and their security, they want to make sure that cloud is front and center. Words E scaler does is it enables that cloud for a strategy without any security compromise. I'll give you some specific examples. Eight out of 10 c I ose that we talk to our thinking about office 3 65 or they have already deployed it right. One of the first challenge is that happens when you try to adopt office. 3 65 is that your legacy network and security infrastructure starts to come crumble. Very simple things happen. You have your laptop. Suddenly, that laptop has many, many persistent SSL connections to the clothes. Because exchange is moved to the cloudy directory, service is are moving to the cloud. If you have a small branch office with 2000 users, each of them having 30 40 persistent connections to the cloud will your edge firewall chokes. Why? Because it cannot maintain so many active ports at the same time, we talked about the double trombone ing of traffic back and forth. If you try to not go direct to the Internet but force everyone to go through a couple of hubs. So you pay for all the excessive band with your traditional network infrastructure, and your security infrastructure might need a forklift upgrades. So a cloud transformation project quickly becomes a network in a security transformation project. And this is where you nosy scaler helps tremendously because we were born and bred in the cloud. Many of these traditional limitations that you have with appliance based security or networking, you know, in the traditional sense don't exist for the scaler, right? We can enable your branch officers to go directly to the cloud. In fact, we've started doing some very clever things. For example, we peer with Microsoft in about 20 sites worldwide. So what that means is, when you come to the scaler for security, there's a very high likelihood that Microsoft has a presence in the same data center. We might be one or two or three millisecond hops away because we're in the same equinox facility in New York or San Jose. And so not only are you getting your full security stack where you are, you're getting the superfast peered connections to the end Cloud service is that you want to goto. You don't have to work. Worry about you know your edge Firewalls not keeping up. You don't have to worry about a massive 30 40% increase in back hole costs because you were now shipping all this extra traffic to those couple of hubs. And more importantly, you know, you've adopted these transformative technologies on your users don't have to complain about how slow they are because you know, most of the millennials hitting the workforce. I used to a very fast, nimble experience on their mobile phones with consumer APS. And then they come into the enterprise and they quickly realize that, well, this is all cumbersome and old and legacy stuff >> in me s. So let's talk a little bit about Let's talk a bit about this notion of security being everywhere and increasingly is removed to a digital business or digital orientation. With digital assets being the basis for the value proposition, which is certainly happening on a broad scale right now, it means it's security going back to the idea of security being department. No security has to move from an orientation of limiting access to appropriately sharing. Security becomes the basis for defining the digital brand. So talk to us a little bit about how the how you look out, how you see the world, that you think security's gonna be playing in ultimately defining this notion of digital brand digital perimeters from a not a iittie standpoint. But from a business value standpoint, >> absolutely. I would love to talk about that. So Izzy's killer Our cloud today sees about 30,000,000,000 transactions a day from about 5000 enterprises. So we have a very, very good pulse on what is happening in large enterprises, from from a cloud at perspective or just what users are doing on the Internet. So here are some of the things that we see. Number one. We see that about 50 60% of the threats are coming inside SSL, so it's very important to inspect SSL. The second thing that we observe is without visibility. It is very different, very difficult for your security guys to come up with a Chris policy, right? If you cannot see what is happening inside an SSL connection, how are you going to have a date? A leakage policy, right? Maybe your policy is no P I information should leak out. No source code should leak out. How can you make sure that an engineer is not dropping something in this folder, which is sinking to Google Drive or drop box in an in an SSL tano, Right. How do you prioritize mission Critical business applications like office 3 65 over streaming media, Right. So for step two, crafting good policy is 100% real time visibility. And that's what happens when you adopt the Siskel a network. You can see what any user is doing anywhere in the world within seconds. And once you have that kind of visibility, you can start formulating policies, both security and otherwise that strike a good balance between business productivity that you want to achieve without compromising security. >> That's the policy's been 10 more net. You can also end that decisions. >> Yes, right. So, for example, you can you can have a more relaxed social media policy, right? You can say Well, you know, everyone is allowed access, but they can. Maybe streaming media is restricted to one hour a day. You know, after hours, or you can say, I want to adopt um, storage applications in the clothes here are some sanctioned APS These other raps were not going to allow right. You can do policies by users, by locations by departments, right? And once you have the visibility, you can. You can be very, very precise and say, Well, boxes, my sanction story, Jap other APS are not allowed right and hear other things that a particular group of users can do on box. Or they cannot do because we were seeing every transaction between the user on going to the destination and as a result, begin, you know, we can enable the enterprise administrator to come up with very, very specific policies that are tailored for that. >> You said something really interesting. I'm gonna ask you one more question, but I'm gonna make a common here. And that common is that the power of digital technology is that it can be configured and copied and changed, and it's very mutable. It's very plastic, but at the end of the day it has to be precise, and I've never heard anybody talk about the idea of precise and security, and I think it's a very, very powerful concept. But what are what's What's the scale are talking about in our say this year. >> Well, we're going to talk about a bunch of very interesting things. First, we'll talk about the scale of private access. This is a new offering on the scale of platform. We believe that VP ends have become irrelevant because of all the discussions we just had, um, Enterprises are treating their Internet as though it was the Internet, right? You know, sort of a zero trust model. They're moving the crown jewel applications to either private cloud offerings are, you know, sort of restricting that in a very micro segmented way. And the question is, how do you access those applications? Right? And the sea skill immortal is very straightforward. You have a pervasive cloud users authenticate to the cloud and based on policies, we can allow them to go to the Internet to sites that have been sanctioned and allowed. We make sure nothing good is leaking out. Nothing bad is coming in, and that same cloud model can be leveraged for private access to crown jewel applications that traditionally would have required a full blown vpn right. And the difference between a VPN and the skill of private access is VP ends basically give you full network access keys to the kingdom, right? Whether it's a contractor with, it's an employee just so that you could access, you know, Internet application. You allow full network access, and we're just gonna getting rid of that whole notion. That's one thing we're gonna stroke ISS lots of cloud white analytics, As I mentioned, you know, we process 30,000,000,000 transactions a day. To put that in perspective, Salesforce reports about four and 1 30,000,000,000 4 1/2 to 5,000,000,000 transactions. They're about three and 1/2 1,000,000,000 Google searches done daily, right? So it is truly a tin Internet scale. We're blocking over 100,000,000 threats every day for, ah, for all our enterprise user. So we have a very good pulse on you know what's what's an average enterprise user doing? And you're going to see some interesting cloud? Wait, Analytics. Just where we talk about a one of the top prevalent Claude APs, what are the top threats? You know, by vertical buy by geography, ese? And then, you know, we as a platform has emerged. We started off as a as a sort of a proxy in the cloud, and we've added sand boxing capabilities. Firewall capabilities, you know, in our overall vision, as I said, is to be that entire security stack that sits in your inbound and outbound gateway in that DMC as a pure service. So everything from firewall at layer three to a proxy at Layer seven, everything from inline navy scanning right to full sand. Boxing everything from DLP to cloud application control. Right? And all of that is possible because, you know, we have this very scalable architecture that allows you to to do sort of single scan multiple action right in that appliance model that I describe. What ends up happening is that you have many bumps in the wire. One of the examples we use is if you wanted to build a utility company, you don't start off with small portable generators and stack them in a warehouse, right? That's inefficient. It requires individual maintenance. It doesn't scale properly. Imagine if you build a turbine and ah, and then started your utility company. You can scale better. You can do things that traditional appliance vendors cannot think about. So we build this scalable, elastic security platform, and on that platform it's very easy for us to add. You know, here's a firewall. Here's a sandbox. And what does it mean for end users? You know, you don't need to deploy new boxes. You just go and say, I want to add sand boxing capabilities or I want to add private access or I want to add DLP. And it is as simple as enabling askew, which is what a cloud service offering should be. >> Right. So we're >> hardly know software. >> So we're talking about we're talking about lower cost, less likelihood of human error, which improves the quality, security, greater plasticity and ultimately, better experience, especially for your non employees. Absolutely. All right, so we are closing up this particular moment I want Thank you very much for coming down to our Pallotta studio is part of our coverage on Peter Boris. And we've been talking to the scanner amidst, huh? Thank you very much. And back to Dio Cube.