(tranquil music) >> Alation was an early pioneer in solving some of the most challenging problems in so-called big data. Founded early last decade, the company's metadata management and data catalog have always been considered leading examples of modern tooling by customers and analysts alike. Governance is one area that customers identified as a requirement to extend their use of Alation's platform. And it became an opportunity for the company to expand its scope and total available market. Alation is doing just that today, announcing new data governance capabilities, and partner integrations that align with the market's direction of supporting federated governance. In other words, a centralized view of policy to accommodate distributed data in this world of an ever expanding data cloud, which we talk about all the time in theCUBE. And with me to discuss these trends and this announcement is Satyen Sangani, who's the CEO and co-founder of Alation. Satyen, welcome back to the CUBE. Good to see you. >> Thank you Dave, It's great to be back. >> Okay, so you heard my open, please tell us about the patterns that you were seeing in the market and what you were hearing from customers that led you in this direction and then we'll get into the announcement. >> Yeah, so I think there are really two patterns, right? I mean, when we started building this notion of a data catalog, as you said a decade ago, there was this idea that metadata management broadly classified was something that belonged in IT, lived in IT and was essentially managed by IT, right? I always liken it to kind of an inventory management system within a warehouse relative to Amazon.com, which has obviously broadly published for the business. And so, with the idea of bringing all of this data directly to the business and allowing people arbitrarily, depending on their role to use the data. You know, you saw one trend, which was just this massive, shift in how much data was available at any given time. I think the other thing that happened was that at the same time, data governance went through a real transitionary phase where there was a lot of demand often spurred by regulations. Whether that's GDPR, CCPA or more recently than that, certainly the Basel accord. And if you think about all of those regulations, people had to get something in a place. Now what we ended up finding out was when we were selling in to add accounts, people would say, well guess what? I've got this data governance thing going on, but nobody's really using it. I built this business glossary, it's been three years. Nothing's been really very effective. And we were never able to get the value and we need to get value because there are so many more people now accessing and using and leveraging the data. And so with that, we started really considering whether or not we needed to build a formal capability in the market. And that's what we're today that we're doing. >> I liked the way you framed that. And if you think back, we were there as you were in the early big day-to-days. And all the talk was about volume, variety and velocity. And those are sort of IT concepts. How do you deal with all these technical challenges? And then the fourth V which you just mentioned was value. And that's where the line of business really comes in. So let's get into the news. What are you announcing today? >> So we're announcing a new application on top of Alation's Catalog platform, which is an Alations data governance application. That application will be released with our 2021.3 release on September 14th. And what's exciting about that is that we are going to now allow customers to discreetly and elegantly and quickly consume a new application to get data governance regimes off the ground and initiatives off the ground, much more quickly than they've ever been able to do. This app is really all about time to value. It's about allowing customers to be able to consume what they need when they need it in order to be able to get successful governance initiatives going. And so that's what we're trying to deliver. >> So maybe you could talk a little bit about how you think about data governance and specifically your data governance approach. And maybe what's different about Alation's solution. >> Yeah, I think there's a couple of things that are different. I think the first thing that's most critically different is that we move beyond this notion of sort of policy declaration into the world of policy application and policy enforcement, right? I think a lot of data governance regimes basically stand up and say, look you know, it's all about people and then process and then technology. And what we need to do is declare who all the governors are and who all the stewards are. And then we're going to get all our policies in the same place and then the business will follow them. And the reality is people don't change their workflows to go off and arbitrarily follow some data governance policy that they don't know exists, or they don't want to actually have to follow up. And so really what you've got to do is make sure that the policy and the knowledge exists as in where the data exists. And that's why it's so critical to build governance into the catalog. And so what we're doing here is we're basically saying, look, you could declare policies with a new policy center inside of Alation. Those policies will get automatically created in some cases by integrating with technologies like Snowflake. But beyond that, what we're also doing is we're saying, look, we're going to move into the world of taking those policies and applying them to the data on an automated basis using ML and AI and basically saying that now it doesn't have to be some massive boil the ocean three-year regime to get very little value in a very limited business loss rate. Rather all of your data sets, all of your terms can be put into a single place on an automated basis. That's constantly being used by people and constantly being updated by the new systems that are coming online. And that's what's exciting about it. >> So I just want to follow up on that. So if I'm hearing you correctly, it's the humans are in the loop, but it's not the only source of policy, right? The machines are assisting. And in some cases managing end-to-end that policy. Is that right? >> You've got it. I think the the biggest challenge with data governance today is that it basically relies a little bit like the Golden Gate Bridge. You know, you start painting it and by the time you're done painting it, you've got to go back and start painting it again, because it relies upon people. And there's just too much change in the weather and there's too much traffic and there's just too much going on in the world of data. And frankly in today's world, that's not even an apt analogy because often what happens is midway through. You've got to restart painting from the very beginning because everything's changed. And so there's so much change in the IT landscape that the traditional way of doing data governance just doesn't work. >> Got it, so in winning through the press release, three things kind of stood out. I wonder if we could unpack them, there were multi-cloud, governance and security. And then of course the AI or what I like to call machine intelligence in there. And what you call the people centric approach. So I wonder if we could dig in into these and help us understand how they fit together. So thinking about multi-cloud governance, how do you think about that? Why is that so challenging and how are you solving that problem? >> Yeah, well every cloud technology provider has its own set of capabilities and platforms. And often those slight differences are causing differences in how those technologies are adopted. And so some teams optimize for certain capabilities and certain infrastructure over others. And that's true even within businesses. And of course, IT teams are also trying to diversify their IT portfolios. And that's another reason to go multi-cloud. So being able to have a governance capability that spans, certainly all of the good grade called megascalers, but also these new, huge emerging platforms like Snowflake of course and others. Those are really critical capabilities that are important for our customers to be able to get a handle on top of. And so this idea of being cloud agnostic and being able to sort of have a single control plane for all of your policies, for all of your data sets, that's a critical must have in a governance regime today. So that's point number one. >> Okay and then the machine learning piece, the AI, you're obviously injecting that into the application, but maybe tell us what that means both maybe technically and from a business stand point. >> Yeah, so this idea of a data policy, right? Can be sometimes by operational teams, but basically it's a set of rules around how one should and should not be able to use data, right? And so those are great rules. It could be that people who are in one country shouldn't be able to access the data of another country, very simple role, right? But how do you actually enforce that? Like you can declare it, but if there is a end point on a server that allows you to access the data, the policy is effectively moot. And so what you got to go do is make sure that at the point of leverage or at the point of usage, people know what the policy happens to be. And that's where AI come in. You can say let's document all the data sets that happened to be domiciled in Korea or in China. And therefore make sure that those are arbitrarily segregated so that when people want to use that as datasets, they know that the policy exists and they know that it's been applied to that particular dataset. That's somewhere where AI and ML can be super valuable rather than a human being trying to document thousands of databases or tens of thousands of data sets, which is really kind of a (mumbles) exercise. And so, that application of automation is really critical and being able to do governance at the scale that most enterprises have to do it. >> You got it 'cause humans just can't do that at scale. Now what do you mean by people-centric approach? Can you explain that? >> Yeah, often what I find with governance is that there's this notion of kind of there's this heavy notion of how one should deal with the data, right? So often what I find is that there are certain folks who think, oh well, we're going to declare the rules and people are just going to follow them. And if you've ever been well, a parent or in some cases seeing government operate, you realize that that actually isn't how things work. And involve them in how things are run. And if you do that, right? You're going to get a lot more success in how you apply rules and procedures because people will understand that and people know why they exist. And so what we do within this governance regime is we basically say, look, we want to make sure that the people who are using the data, leveraging the data are also the people who are stewarding the data. There shouldn't be a separate role of data steward that is arbitrarily defined off, just because you've been assigned to a job that you never wanted to do. Rather it should be a part of your day job. And it should be something that you do because you really want to do it. And it's a part of your workflow. And so this idea of being people centric is all about how do you engage the analyst, the product managers, the sales operation managers, to document those sales data sets and those product data sets. So that in fact, those people can be the ones who are answering the questions, not somebody off to the side who knows nothing about the data. >> Yeah, I think you've talked in previous CUBE interviews about context and that really fits to this discussion. So these capabilities are part of an application, which is what? it's a module onto your existing platform. And it's sort of it's a single platform, right? I mean, we're not bespoke products. Maybe you can talk about that. >> Yeah, that's exactly right. I mean, it's funny because we've evolved and built a relation with a lot of capability. I mean, interestingly we're launching this data governance application but I would say 60% of our almost 300 customers would say they do a form or a significant part of data governance, leveraging relations. So it's not like we're new to this market. We've been selling in this market for years. What's different though, is that we've talked a lot about the catalog as a platform over the last year. And we think that that's a really important concept because what is a platform? It's a capability that has multiple applications built on top of it, definitionally. And it's also a capability where third party developers can leverage APIs and SDKs to build applications. And thirdly, it has all of the requisite capabilities and content. So that those application developers, whether it's first party from Alation or third party can really build those applications efficiently, elegantly and economically well. And the catalog is a natural platform because it contains all of the knowledge of the datasets. And it has all of the people who might be leveraging data in some fundamental way. And so this idea of building this data governance module allows a very specialized audience of people in governance to be able to leverage the full capabilities of the platform, to be able to do their work faster, easier, much more simply and easily than they ever could have. And that's why we're so excited about this launch, because we think it's one example of many applications, whether it's ourselves building it or third parties that could be done so much more elegantly than it previously could have been. Because we have so much knowledge of the data and so much knowledge of how the company operates. >> Irrespective of the underlying cloud platform is what I heard before. >> irrespective of the underlying cloud platform, because the data as you know, lives everywhere. It's going to live in AWS, it's going to live in Snowflake. It's going to live on-premise inside of an Oracle database. That's not going to be changed. It's going to live in Teradata. It's going to live all over the place. And as a consequence of that, we've got to be able to connect to everything and we've got to be able to know everything. >> Okay, so that leads me to another big part of the announcement, which is the partnership and integration with Snowflake. Talk about how that came about. I mean, why snowflake? How should customers think about the future of data management. In the context of this relationship, obviously Snowflake talks about the data cloud. I want to understand that better and where you fit. >> Yeah, so interestingly, this partnership like most great partnerships was born in the field. We at the late part of last year had observed with Snowflake that we were in scores of their biggest accounts. And we found that when you found a really, really large Snowflake engagement, often you were going to be complementing that with a reasonable engagement with Alation. And so seeing that pattern as we were going out and raising our funding route at the beginning of this year, we basically found that Snowflake obviously with their Snowflake Ventures Investment arm realized how strategic having a great answer in the governance market happened to be. Now there are other use cases that we do with Snowflake. We can certainly get into those. But what we realized was that if you had a huge scale, Snowflake engagement, governance was a rate limiter to customers' ability to grow faster. And therefore also Snowflake's ability to grow faster within that account. And so we worked with them to not only develop a partnership but much more critically a roadmap that was really robust. And so we're now starting to deliver on that roadmap and are super excited to share a lot of those capabilities in this release. And so that means that we're automatically ingesting policies and controls from Snowflake into Alation, giving full transparency into both setting and also modifying and understanding those policies for anybody. And so that gives you another control plane through which to be able to manage all of the data inside of your enterprise, irrespective of how many instances of Snowflake you have and irrespective of how many controls you have available to you. >> And again, on which cloud runs on. So I want to follow up with that really interesting because Snowflake's promise of the data cloud, is it essentially abstracts the underlying complexity of the cloud. And I'm trying to understand, okay, how much of this is vision, how much is is real? And it's fine to have a Northstar, but sometimes you get lost in the marketing. And then the other part of the promise, and of course, big value proposition is data sharing. I mean, I think they've nailed that use case, but the challenge when you start sharing data is federated governance. And as well, I think you mentioned Oracle, Teradata that stuff's not all in the cloud, a lot of that stuff on-prem and you guys can deal with that as well. So help us sort of to those circles, if you can. Where do you fit into that equation? >> I think, so look, Snowflake is a magical technology and in the sense that if you look at the data, I mean, it reveals a very, very clear story of the ability to adopt Snowflake very quickly. So any data team with an organization can get up and running with the Snowflake instance with extraordinary speed and capability. Now that means that you could have scores, hundreds of instances of Snowflake within a single institution. And to the extent that you want to be able to govern that data to your point, you've got to have a single control plane through which you can manage all of those various instances. Whether they're combined or merged or completely federated and distinct from each other. Now, the other problem that comes up on governance is also discoverability. If you have all these instances, how do you know what the right hand is doing if the left hand is working independently of it? You need some way to be able to coordinate that effort. And so that idea of discoverability and governance is really the value proposition that Alation brings to the table. And the idea there is that people can then can get up and running much more quickly because, hey, what if I want to spin up a Snowflake instance, but there's somebody else, two teams over those already solved the problem or has the data that I need? Well, then maybe I don't even need to do that anymore. Or maybe I can build on top of that work to be able to get to even better outcome even faster. And so that's the sort of kind of one plus one equals three equation that we're trying to build with them. >> So that makes sense and that leads me to one of my favorite topics with the notion is this burgeoning movement around the concept of a data mesh in it. In other words, the notion that increasingly organizations are going to push to decentralize their data architectures and at the same time support a centralized policy. What do you think about this trend? How do you see Alation fitting in? >> Yeah, maybe in a different CUBE conversation. We can talk a little bit about my sort of stylized history of data, but I've got this basic theory that like everybody started out what sort of this idea of a single source of truth. That was a great term back in the 90s where people were like, look, we just need to build a single source of truth and we can take all of our data and physically land it up in a single place. And when we do that, it's going to all be clean, available and perfect. And we'll get back to the garden of Eden, right? And I think that idea has always been sort of this elusive thing that nobody's ever been able to really accomplish, right? Because in any data environment, what you're going to find is that if people use data, they create more data, right? And so in that world, you know, like that notion of centralization is always going to be fighting this idea of data sprawl. And so this concept of data mesh I think is, you know, there's formal technical definitions. But I'll stick with maybe a very informal one, which is the one that you offered. Which is just sort of this decentralized mode of architecture. You can't have decentralization if nobody knows how to access those different data points, 'cause otherwise they'll just have copies and sprawl and rework. And so you need a catalog and you need centralized policies so that people know what's available to them. And people have some way of being able to get conformed data. Like if you've got data spread out all over the place, how do you know which is the right master? How do you know what's the right customer record? How do you know what's your right chart of accounts? You've got to have services that exist in order to be able to find that stuff and to be able to leverage them consistently. And so, to me the data mesh is really a continuation of this idea, which the catalog really enabled. Which is if you can build a single source of reference, not a single source of truth, but a single place where people can find and discover the data, then you can govern a single plane and you can build consistent architectural rules so that different services can exist in a decentralized way without having to sort of bear all the costs of centralization. And I think that's a super exciting trend 'cause it gives power back to people who want to use the data more quickly and efficiently. >> And I think as we were talking about before, it's not about just the IT technical aspects, hey, it works. It's about putting power in the hands of the lines of business. And a big part of the data mesh conversation is around building data products and putting context or putting data in the hands of the people who have the context. And so it seems to me that Alation, okay, so you could have a catalog that is of the line of businesses catalog, but then there's an Uber catalog that sort of rolls up. So you've got full visibility. It seems that you've fit perfectly into that data mesh. And whether it's a data hub, a data warehouse, data lake, I mean, you don't care. I mean, that's just another node that you can help manage. >> That's exactly right. I mean, it's funny because we all look at these market scapes where people see these vendor landscapes of 500 or 800 different data and AI and ML and data architecture vendors. And often I get asked, well, why doesn't somebody come along and like consolidate all this stuff? And the reality is that tools are a reflection of how people think. And when people have different problems and different sets of experiences, they're going to want to use the best tool in order to be able to solve their problem. And so the nice thing about having a mesh architecture is you can use whatever tool you want. You just have to expose your data in a consistent way. And if you have a catalog, you can be able to have different teams using different infrastructure, different tools, different fundamental methods of building the software. But as long as they're exposing it in a consistent way, it doesn't matter. You don't necessarily need to care how it's built. You just need to know that you've got good data available to you. And that's exactly what a catalog does. >> Well, at least your catalog. I think the data mesh, it should be tools that are agnostic. And I think there are certain tools that are, I think you guys started with that principle. Not every data catalog is going to enable that, but I think that is the trend Satyen. And I think you guys have always fit into that. It's just that I think you were ahead of the time. Hey, we'll give you the last word. Give us the closing thoughts and bring us home. >> Well, I mean that's exactly right. Like, not all the catalogs are created equal and certainly not all governance is created equal. And I think most people say these words and think that are simple to get into. And then it's a death by a thousand cuts. I was literally on the phone with a chief data officer yesterday of a major distributor. And they basically said, look, like we've got sprawl everywhere. We've got data everywhere. We've got it in every type of system. And so having that sophistication turned into something that's actually easy to use is a super hard problem. And it's the one that we're focused on every single day that we wake up and every single night when we go to sleep. And so, that's kind of what we do. And we're here to make governance easy, to make data discovery easy. Those are the things that we hold our hats on. And we're super excited to put this release out 'cause we think it's going to make customers so much more capable of building on top of the problems that they've already solved. And that's what we're here to do. >> Good stuff, Satyen. Thanks so much, congratulations on the announcement and great to see you again. >> You too, Dave. Great talking. >> All right, thanks for watching this CUBE conversation. This is Dave Vellante, we'll see you next time. (tranquil music)

(upbeat music) >> Live from San Francisco. It's theCUBE covering RSA Conference 2019, brought to you by Forescout. >> Hey welcome back everybody. Jeff Frick here with theCUBE. We're at RSA North America at the newly opened and finally finished Moscone Center. We're here in the Forescout booth, excited to be here. And we've got our next guest who's been coming to this show for a long, long time. He's Dan Burns, the CEO of Optiv. Dan, great to see you. >> Great to see you too, Jeff. Appreciate you having me on the show. >> So you said this is your 23rd RSA. >> Yeah, somewhere right around there. It's got to be and I don't think I've missed any in between. I've missed some Black Hats in there now and again but RSA is just one of those that that I feel like you got to go to. >> Right, right, so obviously the landscape has changed dramatically so we won't go all the way back 23 years. But in the last couple of years as things have really accelerated with the internet and IoT and OT and all these connected devices, autonomous cars. From a threat perspective and from where you sit in the captain's seat, what are you seeing? What are your, kind of your impressions? How are you helping people navigate this? >> Yeah I appreciate that question, Jeff. So it has changed dramatically. There's no doubt about it. So I got into security in 1996. And that was a long time ago so it's really in the infancy of security. And back in '96 when I remember really studying what security was, and by the way back then it was called information security. Now it's cyber security. But it was really straightforward and simple. There were probably two or three threats and vulnerabilities out there right? Some of the early on one so that's one part of the equation. The second part there were probably two or three regulations and standards out there. No more than that. And then when you went over to kind of the third part of the triad and you talk about vendors and technology there were maybe five or six right? You have McAfee, you have Check Point and you had some of the early, early stage companies that were really addressing kind of simplistic things, right? >> Right. >> Firewalling, URL filtering and things like that. And now you fast-forward to today and it's night and day, so much different. So today when we talk about threats and vulnerabilities there are hundreds of millions, if not billions, of threats and vulnerabilities. Number one, big problem. Number two, regulations standards. There's hundreds of them globally. And number three when you look at our great technology partners here and I think there's probably about 3,500 technology partners here on the floor today. Night and day >> Right. >> Nigh and day from '96 to 2019. And that's created a lot of issues, right? A lot of issues which I'm happy to talk about. >> Yeah, complexity and but you've been a great quote of one of the other things I saw doing the research for this interview. You talked about rationalization >> Yeah. >> and how does a CSO rationalize the world in which you just described because they can't hire their way out of it. They can't buy their way out of it. And at some point you're going to have to make trade-off decisions 'cause you can't use all the company's resources just for security. At the same time, you don't want to be in the cover of the Wall Street Journal tomorrow because you have a big breach that you just discovered. >> Yeah >> How do you help >> it's a balancing act >> How do you help them figure this, navigate these choppy waters? >> Yeah so we think Optiv is in a prime space to do that and place to do that. No doubt about it. So let's talk about the complexity that's out there. Now you look at the landscape. You look at the 25, 35 hundred different technology companies out there today. And when we talk to a typical client and we ask a question. How many vendors, how many OEMs do you have to deal with on an annual basis and the response, of course, depending on the size of the organization but let's just take your average small, mid-sized, enterprise client, the response is somewhere between 75 and 90 partners. And then of course we've got shot on our face. >> Just on the security side? >> Just on the security >> That's not counting all their CRM and all their >> That's not IT, that's not anything. That is just to solve >> 75? >> and build their own security programs. And the next response we get from them is we can't do it, we just can't do it. We spend about 90% of our time acting as if I'm the CSO right now, 90 plus percent of our time working with all of these wonderful, great technologies and partners just to establish those relationships and make sure we're going the right things by them and then by us. And so given this complexity in the marketplace, everything that's going on, it's just a prime scenario for what we call ourselves is a global cyber security solutions integrator, right? Being able to, for a lack of a better term, be the gatekeeper for our clients and help them navigate this complexity that's out there in the space. And so the value that we bring, I talk about it in terms of an equation, right? We're all mathematical in nature, typically people in cyber and so when I think about cyber, I think about equations. And the first equation I think abut is a very simplistic one. It's people, it's process and technology. And you need equal focus on all three of those parts of the equation to truly balance things in a matter where you're building a very effective security program. And historically CSOs have really leaned towards the technology side of that equation. >> Right. And now what we're seeing is a balance like we've got to worry about people, right? We've got to find people with that intelligence and knowledge and know-how and wherewithal, right? And we've got to find companies that have that process expertise, the processes, a means to an end. How do I get to a certain outcome? And so what we bring is the people process and technology. All sides of the equation with the ability in masses to help clients plan, build and run their entire security program or parts of it. >> So how, how is it changed with a couple things like cloud computing. >> Yeah. >> So now I'm sure the bad guys use the cloud just like the good guys use the cloud. So the type of scale and resources that they can bring to bear are significantly higher. Just the pure quantity of and variability using AI and machine learning and as we saw in the election really kind of simple Facebook targeting methods that most marketers use, that work at REI to get you to buy a sleeping bag if you looked at tents on your last way in. So how is the role of AI and machine learning now going to impact this balance? And then of course the other thing is all we see is so many open security jobs. You just can't hire enough people. They're just not there. So that's a whole kind of different level of pressure on the CSO. >> Yeah definitely no doubt about it. And there are few companies that can truly build that have enough budget to address cyber on their own. And those today are typically the large financial right? They're typically given massive budgets. >> Right. >> They have massive teams and they're able to minimize the partnerships and really handle a lot of their own stuff internally and go out for special things. But you look at the typical company, small, mid, even some of the large enterprise companies. No, they can't find the resources. They can't get the budget. They can't address everything. And to your point around digital transformation and what's going on in the world there. And that's probably what continues to support 3,500 technology companies out here. >> Right. >> Right? It's the continuous change >> Right. >> That we see in the industry every single day and of course cloud is one of the most recent transformations and obviously a real one which opens up other threat factors and other scenarios that create new vulnerabilities, and new threats and so that the problem just keeps getting bigger exponentially >> So you come in for another 20 years? Is that what you're saying? (laughing) >> How you're, come for another 20 years. I think though eventually, Jeff, I can remember I kind of poke fun at this a little bit. I can remember I think it was Palo Alto, there was a first company that said, hey we're a platform company. And I think that started happening whatever, it was roughly seven years ago. We're a platform company. And I can remember so many people kind of pooh-poohing that. Right, you're not a, nobody's a platform company. Fair enough, fair enough back then. But I'm going to say, fast-forward to today and that's what it's going to happen, have to happen in this industry, Jeff. >> Right, right. >> Eventually we will have to have some large platform companies that can address multiple things within a client's environment, right? And then there will always be the need to to fill gaps with some of the other great new emerging technologies out there so maybe we won't have 3,500 vendors in ten years. Maybe it's 2,000 so there will be consolidation. There will be the platform play >> Right. >> that happens. >> But then you have the addition of public cloud, right? So now a lot of, a lot of infrastructures, they've got some stuff in public cloud. They still have some stuff on their data center, right? So this is kind of hybrid world. Then you add the IoT thing and the OT connectivity back to the IT which is relatively new. So now if you've got this whole other threat factors that you never had to deal with before at all. It's the machines down on the factory floor. You had been pumping out widgets for a long time that are suddenly connected the infrastructure. So the environment that you're trying to apply security to is really evolving at a crazy pace. >> That is, it's a great industry to be in. (Jeff laughs) Every day I wake up, pitch myself I think all our guys do. >> Right. >> What's amazing, I don't see that slowing down, right? So I think that's why some of that balance continues to be there in the future. One of the things that we're seeing in our industry is companies really trying to take this inside-out approach as opposed to this outside-in approach. And I'll tell you the difference. The outside-in approach is it's all of this chaos, right? It's all the chaos that's behind us and we see it right here. It's everybody telling you what you need >> Right. >> and you build it, you building a security program around what's being fed to you externally as opposed to really taking a step back looking at your organization understanding what your company's initiatives and priorities are, right? And your own company's vision, mission and strategy. And I tell people all the time, I don't care if they're part of our company or any company, first thing you should do is understand the vision and the mission and the strategy of the organization you work for. And so that's part of the inside-out approach. Understanding what your company is trying to accomplish and is a security practitioner really wrapping your arms in your mind around that and supporting those initiatives and aligning your security initiatives to the business initiatives >> Right. >> And then doing it through a risk management type of program and feeding that risk management dashboard and information directly to the board >> Right. >> So. >> So I'm curious how the how you approach the kind of the changes now we have state-sponsored attackers. And how, what they're trying to get and why they're trying to get it has maybe changed and the value equation on your assets, that clearly some assets are super valuable and for some information and some things that are kind of classical but now we're seeing different motivations, political motivations, other types of motivations. So they're probably attacking different repositories of data that you maybe didn't think carry that type of value. Are you seeing >> Yeah. >> kind of a change in that both in the way the attacks are executed and what they're trying to get and the value they're trying to extract then just kind of a classic commercial ransomware or I'm just going to grab some money out of your account. >> Yeah I think, I think you are right. And it kind of goes back to the earlier part of the conversation, the number of devices that the attackers can attack are almost infinite right? >> Right. And especially with the edge right? With IoT it's created this thing we call the edge. Devices on street lights. Devices on meters. Devices here, devices there. >> Right, right. >> So the number of devices they can go for is ever increasing, right? which continues to support the need >> Right. and the cause that we all are a part of. And in the ways they're going to do that is going to change as well. There's no question about it. Yeah, so we've seen different ways of doing it. Yes there's no question about it. Back to the state-sponsored it's kind of stuff the way I look at cyber and probably one of my biggest personal concerns is I think about us, people and family right? We all have family is that cyber and ultimately cyber warfare has created this levity, or equalness in terms of countries, right? Where a country like the U.S. or Russia or somebody with massive resources around physical weapons are now no longer necessarily as powerful as they were. So brevity it's just created this field, leveling playing field. So countries like North Korea, countries like Afghanistan and others have a new opportunity to create a pretty bad situation. >> Right, right. And we haven't seen cyber warfare quote and unquote yet. We would call it something a little because they haven't really used it as a mass weapon of destruction but the threat of that being there >> Right. is creating a more of a even playing field. >> Right. >> And that's one of my biggest concerns like what's the next step there. >> Right, and the other thing is really the financial implications. If you don't do it right, it's beyond being embarrassed on the Wall Street Journal. But right GDPR regulations went into place last year. It's now the California data privacy law that's coming into place. >> Yeah. >> People are calling it kind of the GDPR of California. And that may take more of a national footprint as time moves on. It's weird on one hand we're kind of desensitized 'cause there's so many data breaches right? You can't keep track. We don't actually flip past that page on the wall. >> I can't keep track. But on the other hand there is this kind of this renewed, kind of consumer protection of my data that's now being codified into law with significant penalties. So I wonder how that plays into your kind of risk portfolio strategy of deciding how much to invest. How much you need to put into this effort because if you get in trouble, it's expensive. >> Yeah it is. So can be and it will be and it will get even more expensive. And we're still waiting for the lawmakers to levy some pretty heavy fines. We've seen a few but I think there's going to be more and I think you do have to pay more attention to regulations and compliance. But I think it is a balancing act. Back to our inside-out approach that I was talking about. A lot of companies when PCI came out, as you know, Jeff, a lot of companies were guiding their security program by PCI specifically >> Right. >> and only, and that's a very outside-in approach, right? That's not really accounting for the assets that you were talking about earlier. Not all of them. >> Right. >> Some of them. And so I think that's a great point, right? As a CSO, the first thing you've got to understand is what are your assets? What are you trying to protect? >> Right. And our friends here at Forescout do a great job of giving you the visualization of your network, understanding what your assets are. And then I think the next step is placing a dollar value on that. And not many people do that, right. They're, oh here's my assets. >> You're paying >> This one's kind of important >> This one's kind of important. But to get buy-in from the rest of your organization, you need to force the conversation with your counterparts, with your CFO, with your CMO, with anyone who's a partial owner of those assets >> Right. and make them put a dollar amount on. How much do you think that the data on the server is worth? How much do you think the data on this server, how much do you think, and inventory that is part of the asset inventory. And then I think you've got a much better argument as it relates to getting budget and getting buy-in. >> Right. >> Getting buy-in. And I see it a lot where CSOs tend to be, most tend to be a little bit introverted right? >> Right. >> They'd rather hang out there on the second floor and be there with their team. Take a look at the latest threats. Take a look at what's going on, with their (coughs) logs and their data and trying to solve really critical problems. But my recommendations to CSOs is man, build tight relationships across the entire organization and get out there, be out there, be visible. Get buy-in. Do lunch and learns on why cyber is so critical and how our employees can help us on this journey. >> Right, right. Dan you trip into a whole other category that we'll have to leave for next time which is, what is the value of that data 'cause I think that's changed quite a bit over the last little while. But thanks for taking a few minutes >> Absolutely, Jeff. and hopefully have a good 23rd RSA. >> Thank you very much. >> All right. >> I appreciate it. >> He's Dan, I'm Jeff. You're watching theCUBE. We're at RSA in North America at Moscone at the Forescout booth. Thanks for watching. See you next time. (upbeat music)

>> Announcer: Live from Las Vegas, Nevada, it's theCUBE, covering Knowledge15. Brought to you by ServiceNow. (electronic music) >> We're on, welcome to theCUBE special presentation, here live at the ServiceNow Know15, it's theCUBE. It's our flagship program, we go out to the events and as you can see from the noise, I'm John Furrier with SiliconANGLE co-host Dave Vellante of WikiBon.org And our special guest, John Cleese, distinguished Professor at Cornell, we just learned, no-one knows that. But apparently that's true. Writer, comedian, thought-leader, I got told that. >> And a Doctor. I'm a Doctor, Doctor of Laws. >> Doctor. >> And, what else am I? I was offered a Peerage but I turned it down because I had to be in England during the winter and go and vote in the House of Lords, so I said no to that. And I also turned down a CBE, but I would love to have an OBE. But not an Order of the British Empire, I'd like to have an Out of Body Experience. (laughs) >> But you're not a thought leader anymore, you're a futurist, that's the new trend. The futurist is the buzzword. >> No, I'm not. I'm very much living in the past. I don't like the future. And I don't think much of the present. (laughs) >> Well you're here speaking at the CIO Decisions. What do you think of all the CIOs and all the geeks here at ServiceNow? What's your? >> Well I like geeks because they all like Monty Python. (laughs) You know? I'm about, three-quarters of the speeches I do are to software people, and I usually tease them. You know, I ask em how many Star Trek episodes they can name, whether they've got a tee-shirt with Moore's Equation on it, and all this kind of, whether they wear a black backpack to formal occasions. So I got a whole lot of geek jokes. But they all like Python, cos they're extremely smart, and as you know, people who like Python are astonishingly smart. (laughs) >> So how to you tell smart people from people who aren't smart? How about people who are not smart? >> Well as you've said, you like Monty Python. >> I love Monty Python. (imitates extreme gibberish) >> You think, he doesn't like it. Doesn't get the jokes. >> So you've talked to a lot of software people. In Vegas? Do you like Vegas? Enjoy Vegas? >> Vegas? >> Las Vegas. (laughs) You see a show while you're out here? >> I can't get over this place. (laughs) Why people spend a lot of money to come here, so that they can lose what money they still have left. I really don't get it. Do they come here, because they think that the casino owners are so rich because they won a lot of money gambling at other people's casinos? (laughs) The only good thing about it is the food. >> Did you bring your wife with you? >> Which one? (laughs) No I didn't. She wasn't feeling well, said she's going to join me in New York, cos I'm going onto New York. And this weekend we are at the Tribeca Film Festival, Robert De Niro's, and we are having a Monty Python retrospective, for really smart people. >> What's been the weirdest thing that has happened to you, in the tech community here in ServiceNow. Any highlights? >> Not this visit, but the last visit when I arrived at the hotel, I can't think which one it was, Venetian I think, and the guy at the counter recognized me and said, are you listening? >> John F: Yes, I'm Tweeting away. >> No you're not. I tweet. >> I'm Tweeting away. >> He's kind of rude that way. >> What are you on your fucking keyboard for? I'm telling you a joke. (laughs) >> Tweeting away. >> Welcome to the future. >> Do you have a Twitter handle? >> Now, shall I start it again? (laughs) I was coming here to Las Vegas, right, I was staying at the Venetian hotel. Got any phone calls you need to answer or anything? >> Hold on, let me check. (laughs) >> I arrived there at reception and the guy said to me, "Mr Cleese, I really like your shows Monty Python, Fawlty Towers and all of that. Could I have your autograph?" So I said, sure, I write him an autograph. Then he says, could I have your credit card for extra expenses, and I gave it to him, and he said, "I'm sorry to ask you this, but do you have any identification?" (laughs) It's true. >> So are you Tweeting, and live-streaming? >> John C: Am I what? >> Tweeting, using your Twitter account? >> Am I, Am I? Can we get a handkerchief. >> Do you have a Facebook page? >> Facebook? I've heard of Facebook. That's for people who aren't important enough to get in the gossip columns and newspapers, right? (laughs) >> So we have some Facebook questions from the crowd. Do you mind if we ask you some of those? Somebody wants to know, what the air speed velocity is of an unladen swallow? >> Oh, I used to know this. I used to know this, in 1971 I could have answered that. Pass. (laughs) >> Dave: You're lucky. >> Are you back with us again? >> I'm back, I'm just going through the questions. So the question on my Facebook page is, what about this Cornell study about the double curse of incompetence? >> The double what? >> John F: Curse of incompetence. >> The double what you say? >> Dave: Curse. Double curse. >> Of incompetence. I don't know. >> Good question. >> Oh, now I know what you're talking about. There's a great guy there, a Professor called David Dunning, and he's one of the most amusing and entertaining guys I've ever met. And he's spent his career studying how good people are at knowing how good they are at things. What he calls Self Assessment. And what he's discovered, which I absolutely love, is that in order to know how good you are at something, it requires almost exactly the abilities that it does to be good at that thing in the first place. So if you're absolutely no good at something, you lack exactly the abilities that you need to know that you're no fucking good at it. And that explains the planet, better than anything else that I've ever come across. Is that there's a whole lot of people out there, who have no idea what they're doing, but they have absolutely no idea that they have no idea what they're doing. And those are the ones with the confidence and stupidity, who finish up in power. That's why the planet doesn't work. (laughs) >> So, honestly they don't know about Monty Python. >> They're not smart enough. >> What do you mean they don't know about Monty Python? This is a very smart man, David Dunning. (laughs) He's very smart, he's also shown, oh it doesn't matter. >> What did you talk about, the CIOs, when you out talking to the CIOs- >> John C: C-I-Os? >> John F: The Chief Information Officers. >> Geeks, well, what was interesting was that they were quite receptive to what I was saying, which is so counter-cultural. You see, I think we're living in the nadir of our civilization. I think as you wake up in the morning, that sound you can hear is our civilization cracking. And it's because of technology, because nobody talks to anyone anymore. They all go in restaurants and then they do this. I mean, we all know this, I'm not making a clever observation, but it's insanity, you know? When my daughter was 16, she would get together with all her friends but instead of talking to each other they'd be emailing or texting everyone who wasn't there yet. Do you see what I mean? They never actually- >> Texting selfies. What do they do when they get together? Just continue to talk to each other on their phones? >> It's completely vacuous, vacuous civilization. With the celebrity culture at the heart of its rottenness. >> Hollywood. >> So what effect do you think that has on the human brain, creativity, thinks like that? >> Well people are on technological devices all the time. They think now that the kids have less good social skills. And the point about human beings is we've always been good at technology, you know? In the 13th century when we were in the Holy Land, slaughtering Muslims, we were still able to build beautiful cathedrals. You see what I mean? So we can build things, and put men on the Moon. The only thing is we can't get on well together. So, which is more important? The answer is getting on well together, so we're now giving kids all the things that stop them from acquiring social skills. It's beyond mad, but people are after money, and so they will always do things, and always come up with excuses why what they're doing is actually good for the world, when it's all about that. >> What about the Hollywood situation. You mentioned in your speech about, when you were creative, when you were younger, and the process you went through, what's the state in your mind, of the Hollywood culture. I mean, they do a movie about Korea, and then Sony gets hacked. >> It's all a bit crazy, but I wrote two film scripts about ten years ago cos I thought to myself, can I make a living writing film scripts. And I did an adaptation of a children's book by Roald Dahl, called 'The Twits.', and I wrote something for Jeffrey Katzenberg about cavemen as an animation- who are you talking to? >> John F: He's saying we only have one minute. >> That's Greg Stewart. >> Oh okay. I can't be bothered to go on talking for one minute. (laughs) Though I have so many fascinating things to say, that I'm afraid (speaking off mic) >> Thanks, thanks for that. >> Thanks Greg, you're fired. (laughs) Greg's fired. >> The guy's going to lose their job if you walk off the set. >> John C: Good. >> Good, >> you're fired. (mic thumps on the desk) (laughs) >> Thank you very much. (laughs) You don't see that everyday. >> Okay, that's an out. That's a wrap. Say goodbye. (upbeat music)