(soft click) >> Hey, welcome back everybody Jeff Frick here with theCUBE. We're at Data Privacy Day 2018 here at downtown San Francisco, the LinkedIn headquarters, gracious enough to hose this event. Bigger than last year, last year we were here for the first time at Twitter. And really the momentum continues to grow 'cause there's some big regulations coming down the pike that are really going to be into place. And have significant financial penalties, if you don't get your act together. So, we're excited to have the new Russell Schrader, the Executive Director of the National Cyber Security Alliance Organization behind this event. Russ, great to see you. >> Thank you very much for coming today, it was a great event. >> Absolutely, so, you've been on the job, this job, you said like less than two weeks. >> It's true. >> What do you think? I mean then they throw you right into the big event. >> Well, I've known the organization, I've known the event. But the staff really has done an outstanding job. They made it so easy for me, everything that they've done has just been terrific. They lined up fantastic speakers, they picked cutting edge topics, they put together a really well paced program, and it was just a terrific day for all of us to get in, really have some good discussions. >> You're off to a great start. (chuckles) >> Thank you. (both laugh) >> So you said you're familiar with your orginazation. You know, why are you here? Why did you take advantage of this opportunity? What do you kind of see as the role of this organization? And where do you see the opportunities to really make some significant impact going forward? >> Sure, the National Cyber Security Alliance is a who's who in the organization. People who really care about cyber security. Who see it as part of their social obligation. And it was a wonderful group that I'd worked with before. When I was at Visa and I see now, coming in as Executive Director, to really take it to the next level. We really are pushing, I think, on four separate areas that I think there's a lot of opportunity for it. Doing more cooperate work. Serving more consumers, more consumer education, more consumer awareness. I think working with educating staffers on the hill and in regulatory agencies in D.C. on changes and technological changes. And the cutting edge stuff. But in also, I think working academia, sort of getting involved and getting some of the scholarly, the cutting edge, the new ideas. And just preparing for what's going to happen in the next few years. >> Right, that's interesting 'cause you guys are National Cyber Security, security is often used as a reason to have less privacy. Right? It's often the excuse that the government, big brother, would used to say, you know, "We need to know what you're up to, we've got red light cameras all over the place to make sure you're not running red lights." So, it's an interesting relationship between privacy, security, and then what we're hearing more and more, really, a better linchpin to drive all this, which is, identity. So I wonder if you can share your kind of perspective on kind of the security versus privacy. Kind of trade off and debate. Or am I completely off base and they really need to run in parallel? >> Well, they do intersect a whole lot. People have talked about them being two sides of the same coin. Another speaker today said that security is a science but privacy is an art. As part of it is, you know, security is, the keeping the data in one place, the same way in as when you put it out. Sort of an integrity piece. You know, it isn't being misused, it's not being manipulated in a way and it's just not being changed. So that's a security piece. The privacy piece is people choosing what is used with that data. You know, is it to help me with an app? Is it to give me more information? Is it to give me games to play and things like that? So and that leads into a lot of different advantages in the web and on the internet. Now, identity since you put in a trifecta of big terms. >> Everything's got to be in threes, right? >> And there's three reasons for that. I think that, you know, the identity part is part of who are you. Now on the internet you can be a lot of people, right? The old cartoon was, you know, on the internet no one knows you're a dog. Well, on the internet, you can be a dog, you can be, you know, the person who you are at school, you can be the person who you are among your friends, you can be the person who you are at work. And those different selves, those different identities, are the internet of me. And we just need to make sure that you are curating your identities and sharing the information that you feel comfortable with. And that making sure that those are reaching the right people and not the wrong people. >> Right. So, there's an interesting kind of conundrum, we cover a lot of big data shows. And, you know, and there is kind of a fiduciary moral and now legal responsibility as you're collecting this data to drive some algorithm, some application that you know what you're using it for. And it's a good use of that. And you have a implicit agreement with the people providing you the data. But one the interesting things that comes up is then there's this thing where you've got that data and there's an application down the road that was not part of the original agreement. That no one even had an idea whatever happened. How does that fit in? Because as more and more of this data's getting stored. And there's actually a lot of value that can be unlocked, applying it in different ways, different applications. But, that wasn't the explicit reason that I gave it to you. >> Right, right. And that's really tricky because people have to be really vigilant. There is that education piece. That is the personal responsible piece to do business with companies and with apps that you feel comfortable with. But, you still have to trust but verify. And you do want to look into your phone, look into your PC, look into your other device. And figure out where things have changed, where things are moving. That's one of the great things about being in the Bay area today is innovation. But innovation, you just want to make sure that you are participating in it and you're in the part of innovation that's best for you. >> Okay, so, you mentioned academe, which is great, we do a lot of stuff at Stanford, we do a lot of stuff at MIT. So, as you look at kind of the academic opportunities. Kind of, where is some of the cutting edge research? Where are some of the academe focus areas that are helping advance the science of proxy? >> Well, you named two of the most forward thinking ones right there. So, I'll add to that just because we're talking about Stanford, we have to talk about Berkeley. >> Jeff: Yes. >> Right and Berkeley does have the whole group in privacy and law. On the east coast, in addition to MIT, you see George Washington is doing some things. George Mason is doing some things. And so you want to reach out to different areas. Cornell is doing things as well. So, we want to be able to figure out, where are the best ideas coming from? There are conferences already there. And maybe we can convene some papers, convene some people. And source out and give a little bit of more push and publish to people who otherwise wouldn't be getting the kind of publicity and encourage the kind of research. In privacy and in cyber security. Because there is the business and the consumer educational component. Not just, you know, the tech component to the academic work. >> So, before I let you go, last question. Where do you see is the biggest opportunity? Where's the biggest, either gap that needs to be filled, you know, kind of positive that's filling in negative, or an untapped positive that we've just barely scraped the surface of? >> Well, I think it's all about the consumer, to a large extent, to large one. You've got to figure out, how do you make your life easier. Right? Go back to the iPad introduction, nobody knew that they needed an iPad until they realized they couldn't live without it. You look at what's happened with mobile, right? Now, the idea of having a wallet, is on your phone. So, while I'm waiting in line at the grocery store, I'm checking my messages, I'm texting back and forth. And I just point my phone and I pay. Those kinds of areas are the kind of innovations that are consumer facing, that I think are really terrific. There's a lot of business work as well being done. But you have to figure out where that's going to go and I think the consumer just has a fantastic opportunity. >> Alright, well good opportunity, look forward to catching up a year from now and seeing how much progress you make. >> I think we had such a great program this year, I can't wait til next year, thank you. >> He's Russ Schrader, he's the Executive Director. I'm Jeff Frick, you're watching theCUBE, we're at Data Privacy Day 2018 in San Francisco. Thanks for watching, we'll catch you next time. (soft electronic music)

(soft upbeat music) (crowd chattering) >> Over the past 18 to 24 months, chief information security officers have dramatically changed their priorities. They had to, to support the remote work trend. So things like endpoint security, cloud security, and in particular identity and access management became top of mind. And a whole shift occurred. And we're going to talk about that today. Hi everybody, this is Dave Vellante and you're watching theCUBE. We're here at AWS re:Invent 2021. Katie Curtin-Mestre is here. She's the vice president of marketing at CyberArk and Bar Lavie senior product manager at Cloud Identity and Security. Bar, sorry for botching your name, but folks welcome to theCUBE, great to see you. >> Glad to be here. >> Great to hear. >> So Katie, upfront I talked about some of those trends. It's been a hugely dramatic shift away from this kind of traditional approaches to cyber. What are some of the trends that CyberArk has seen? >> Well, Bar is going to take the first part of this. >> Great, just go on. (Bar laughing) >> Yeah, so one trait that we are seeing is that cloud migration projects accelerate as organization turbocharged digital transformation. Is they're a looking to take advantage off the agility and operational efficiency of the cloud providers. Some of the concerns that I can think about one of those is the reducing the potential loss of data that is caused due to the excessive access to resources. And the other one is provision secure and scalable access to resources. And the third one would be implementing least privilege for all type of identity whether if it's a human identity or non-human identity. >> And on that end Dave, we recently commissioned a survey with the Cloud Security Alliance. We co-sponsored a survey and found that 94% of respondents said that securing human permissions was a top security challenge and machine identities weren't far behind at 77%. Another challenge that we're hearing from our customers is the need to secure the secrets used by applications. So we're really excited by today's news from AWS. They announced some new capabilities with a code guru called Secret Detector that helps to find unsecured secrets in applications. And the other concern that we're hearing from our customers is the need to monitor and audit the activity of all of their cloud identities. This is really important to help their security operation teams with their investigations and also to meet audit and compliance requirements. >> So the definition of identity is now more encompassing and includes like you say machines, right? It's not just people anymore. Of course we've seen, you know, phishing has always been problematic. It's escalated daily, right? We get phished. I mean, are we going to see the day where we finally get rid of passwords? Is that even possible? But maybe we could talk a little bit about sort of identity, how identity is evolving, this notion of zero trust. Zero trust used to be a Password. So, maybe Bar you could talk a little bit about what you're seeing in terms of identity access management. Maybe privileged access management are those things coming together? How does CyberArk think about those things? >> You going to take this one Katie >> Well, what CyberArk sees is we definitely see a trend where access management and privileged access management are coming together. Security teams are struggling too many security tools and they're really looking to standardize on a small handful of vendors and get more bank for their buck from their security investment. So we're definitely seeing that trends of unified platforms across access and privileged access management to secure any identity, whether human or machine from kind of like your standard workforce identity, to those who have highly privileged access. >> I don't know if you've ever, ever seen that chart. I think Optiv puts it out. It's consultancy. And it's this eye chart. It's a taxonomy of all the different security I have published at a number of times. it's mind boggling. So CSOs, SecOps teams they have to manage all this complexity, all these different tools and you ask CSOs what's your biggest challenge? They'll tell you lack of skills. We just can't find people. We can't train them fast enough. So what's CyberArk working on? What are some of the key initiatives that you guys are focused on that people should know about? >> Well, one of the things that we're working on is actually, and we see a greater adoption of it is something that was actually started as an initiative within our innovation lab. It's a CyberArk Clouding Titles Manager, which help to detect and remediate excessive permissions to cloud resources for any type of identity. I mentioned before the both human and non-human. Which are the something that you were looking to to secure. Another solution that we see a great adoption is our circuit ranger which helps organization to re remove the necessity of having a hard-coded credentials within application. It can be either traditional applications for their own premise or even cloud native applications. And peg this also into your CI CD pipeline. And we are actually innovating in these type of area with AWS as well. So this is one of the great things that we were doing. Also we're investing on a new solution for just-in-time access for cloud VMs and cloud consoles. And all of these solutions that I've mentioned and more to that are part of our identity security platform which came to provide you with the suite of solution to apply least privilege and secure access to any type of resource from any device for any type of identity. >> So is that best practice? I mean, if you had to, you know, advise a customer on best practice in identity, how should they think about that? Where should they start? >> Well, on the best practices front we recently published an ebook with AWS. And it's focused on the shared responsibility model and foundational best practices for securing cloud access. And it's all part of an initiative that CyberArk has, which is our identity security blueprint. Which guides customers on how best to move forward with their identity security initiatives. >> So where do they start? First of all how do they get that is it a security website or? >> It's available on our website and we detailed some of the steps that that customers can take. For example, one of the steps that we recommend to our customers is to limit the use of the root account and also to very much lock down the root account to use federated identities whenever possible. And Bar already alluded to some of the other best practices that we recommend. Such as removing hard-coded credentials from secrets. Another best practice that we really recommend to our customers is to have a consistent set of controls across their entire estate. Both from on-premises to the cloud. And this really helps to reduce complexity by having a unified and consistent set of security controls. And in fact one of our customers who is one of the world's largest convenience chains. They're using CyberArk to secure the credentials both for their on-premise servers and their AWS EC2 instances. And they're also using us as well to secure the credentials used by applications in the CI CD pipeline. So getting to those consistent controls is another best practice we highly recommend. >> So, consistent identity across your state, whether it's on-prem or in the cloud. And then also you've referenced CI CD a couple of times. So it's it's developer friendly? Are you're designing security in as opposed to a bolt on after the fact? And then you mentioned root accounts access. Is that where privilege access management comes in? Are we going to treat everybody as privileged access? Or how do you deal with machines? You mentioned hard-coded? Like some machines are hard-coded. Like I would imagine a lot of these internet cameras are exposures. How do you deal with all that? I mean, do you just have to cycle through and modernize your fleet of machines? Are there ways in which CyberArk can help sort of anticipate that or defend against that? >> Well, CyberArk can help on, on multiple fronts. Of course you need to secure the root account but that's just only one example of needing to secure a privilege access. And one thing that customers need to understand is that now going forward, any identity can have privilege access at any point in time, because at any point and time, you yourself could have access to a highly sensitive system or have access to highly sensitive data. So with CyberArk we help our customers understand which of their applications and infrastructure have the most sensitive data and then work with them to secure the access to that data whether that access be a human access or machine or programmatic access. >> So what are the customer implications of all this? I mean pre pandemic, you know, this whole zero trust thing with password. Now it's like fundamental premise. You don't trust to verify. What are the customer implications as we enter this new era ransomware through the roof, the adversaries are well funded highly capable. They're living off the land, they're island hopping. They're, doing self forming malware. It's a new world, right? So what are the customer implications? What should they be thinking about? You know, they don't have unlimited budget. So what's the advice? >> Well, eventually at the end of the day, there are all kinds of best practices of how to applies security. I think that both AWS have their own best practices and CyberArk has also our own best practices calling the blueprint which help organization to focus on to crown jewel on the most important stuff. And then going deeper and lower within each and every initiative. And on each and every level, try to investigate what you're trying to protect and what kind of security mechanisms can be applied in order to protect both access and maintaining that no one whether if it's internal or external attacker can gain access to it. >> Yup, I think the other implication for customers and you already alluded to it is really to continue to move forward with their zero trust initiatives. I think that that is a foundational going forward. Now that remote work is kind of the defacto norm and we can no longer rely on the traditional network perimeter. And so in this new environment securing your identities is the new perimeter. So that's an important implication for customers. And then another one that I would mention is that security teams need to work more closely with their dev and dev ops counterparts to bacon security earlier. It really can't be that security is brought in after the fact. Security very much needs to shift left and be included in the very early stages of application development before an application comes to production. >> I mean, I think it's that last point but all good points. The last point was a huge theme at CubeCon this year. That notion of shift left developers, you've mentioned the CI CD pipeline several times. I mean I think that is, you know, especially when you think about machines and the edge and IoT. I used to say all the time, you know that you used to put a moat around the castle, build a wall, protect the queen. Well, the queen has left the castle. But now with the pandemic, we've seen the effects of that. And as I say, the adversaries are seeing huge opportunities. Well-funded super sophisticated. It's like it makes Stuxnet look like a kindergarten. I know that was still >> That's scary. still pretty sophisticated. But I mean, look at what we saw with the government hack and solar winds, you know huge huge. But if we can talk to CSOs about that, they're like, you know, that's, we have to move fast. But they don't have unlimited budget, right? Cybersecurity is their number one initiative in terms of priorities. But then they have all these other things to fund. They have to fund a forced march to digital transformation, machine learning and AI, they're migrating to the cloud. They're driving automation. They're modernizing their application portfolio. So, security is still number one, isn't it? So it's a good business that you're in. >> Yes, and we really want to work with our CSOs so they can get the most investment out of what they're putting into CyberArk and the rest of their strategic security vendors. Because as you mentioned there's a talent shortage. So anything that we can do as vendors to make it easier for them to use our products and get more value from our solutions, is something that's really important. >> And automation is part of the answer but it's not the only answer, right? You got to follow the NIST framework and follow these best practices and keep fighting the fight. Guys. Thanks so much for coming on theCUBE. It was great to have you. I'd love to have you back. >> Thanks for having us. >> Thank you for having us. >> All right. Our pleasure. All right, this is Dave Vellante for theCUBE. You're watching our coverage of AWS re:Invent 2021. (gentle upbeat music)

(upbeat music) >> Hello, welcome to theCUBE studios of Palo Alto California for RSA conference keynote coverage and conference coverage. I'm Sean for your host of theCUBE. We're breaking down the keynote of RSA day one kickoff. We had Mark Nunnikhoven, who's the distinguished cloud strategist at Lacework. Mark former cube alumni and expert and security has been on many times before, Mark great to see you. Thanks for coming on and helping me break down RSA conference 2021 virtual this year. Thanks for joining. >> Happy to be here. Thanks for having me John. >> You know, one of the things Mark about these security conferences is that interesting, RSA was the last conference we actually did interviews physically face to face and then the pandemic went down and it was a huge shutdown. So we're still virtual coming back to real life. So and they're virtual this year, so kind of a turn of events, but that was kind of the theme this year in the keynote. Changing the game on security, the script has been flipped, connectivity everywhere, security from day one being reinvented. Some people were holding onto the old way some people trying to get on there, on the future wave. Clearly you got the laggards and you've got the innovators all trying to kind of, you know, find their position. This has been obvious in this keynote. What's your take? >> Yeah and that was exactly it. They use that situation of being that last physical security conference, somewhat to their advantage to weave this theme of resiliency. And it's a message that we heard throughout the keynote. It's a message we're going to hear throughout the week. There's a number of talks that are tying back to this and it really hits at the core of what security aims to do. And I think aims is really the right word for it because we're not quite there yet. But it's about making sure that our technology is flexible that it expands and adapts to the situations because as we all know this year, you know basically upended everything we assumed about how our businesses were running, how our communities and society was running and we've all had to adapt. And that's what we saw at the keynote today was they acknowledged that and then woven into the message to drive that home for security providers. >> Yeah and to me one of the most notable backdrops to the entire thing was the fact that the RSA continues to operate from the sell out when Dell sold them for alright $2 billion to a consortium, private privately private equity company, Symphony Technology Group. So there they're operating now on their own. They're out in the wild, as you said, cybersecurity threats are ever increasing, the surface area has changed with cloud native. Basically RSA is a 3000 person startup basically now. So they've got secure ID, the old token business we all have anyone's had those IDs you know it's pretty solid, but now they've got to kind of put this event back together and mobile world Congress is right around the corner. They're going to try to actually have a physical event. So you have this pandemic problem of trying to get the word out and it's weird. It's kind of, I found it. It's hard to get your hands around all the news. >> It is. And it's, you know, we're definitely missing that element. You know, we've seen that throughout the year people have tried to adapt these events into a virtual format. We're missing those elements of those sorts of happenstance run-ins I know we've run into each other at a number of events just sort of in the hall, you get to catch up, but you know as part of those interactions, they're not just social but you also get a little more insight into the conference. Hey, you know, did you catch this great talk or are you going to go catch this thing later? And we're definitely missing that. And I don't think anyone's really nailed this virtual format yet. It's very difficult to wrap your head around like you said, I saw a tweet online from one InfoSec analyst today. It was pointed out, you know, there were 17 talks happening at the same time, which you know, in a physical thing you'd pick one and go to it in a virtual there's that temptation to kind of click across the channels. So even if you know what's going on it's hard to focus in these events. >> Yeah the one conference has got a really good I think virtual platform is Docker con, they have 48 panels, a lot of great stuff there. So that's one of more watching closest coming up on May 27. Check that one out. Let's get into this, let's get into the analysis. I really want to get your thoughts on this because you know, I thought the keynote was very upbeat. Clearly the realities are presenting it. Chuck Robbins, the CEO of Cisco there and you had a bunch of industry legends in there. So let's start with, let's start with what you thought of Rowan's keynote and then we'll jump into what Chuck Robbins was saying. >> Sure yeah. And I thought, Rohit, you know, at first I questioned cause he brought up and he said, I'm going to talk about tigers, airplanes and sewing machines. And you know, as a speaker myself, I said, okay, this is either really going to work out well or it's not going to work out at all. Unfortunately, you know, Rohit head is a professional he's a great speaker and it worked out. And so he tied these three examples. So it was tiger king for Netflix, at World War II, analyzing airplane damage and a great organization in India that pivoted from sewing into creating masks and other supplies for the pandemic. He wove those three examples through with resiliency and showed adaptation. And I thought it was really really well done first of all. But as a cloud guy, I was really excited as well that that first example was Netflix. And he was referencing a chaos monkey, which is a chaos engineering tool, which I don't think a lot of security people are exposed to. So we use it very often in cloud building where essentially this tool will purposely blow up things in your environment. So it will down services. It will cut your communications off because the idea is you need to figure out how to react to these things before they happen for real. And so getting keynote time for a tool like that a very modern cloud tool, I thought was absolutely fantastic. Even if that's, you know, not so well known or not a secret in the cloud world anymore, it's very commonly understood, but getting a security audience exposure to that was great. And so you know, Rohit is a pro and it was a good kickoff and yeah, very upbeat, a lot of high energy which was great for virtual keynote. Cause sometimes that's what's really missing is that energy. >> Yeah, we like Rohit too. He's got some, he's got charisma. He also has his hand on the pulse. I think the chaos monkey point you're making is as a great call out because it's been around the DevOps community. But what that really shows I think and puts an exclamation point around this industry right now is that DevSecOps is here and it's never going away and cloud native and certainly the pandemic has shown that cloud scale speed data and now distributed computing with the edge, 5G has been mentioned, as you said, this is a real deal. So this is DevOps. This is infrastructure as code and security is being reinvented in it. This is a killer theme and it's kind of a wake-up call. What's your reaction to that? what's your take? >> Yeah, it absolutely is a wake-up call and it actually blended really well into a Rohit second point, which was around using data. And I think, you know, having these messages put out to the, you know, what is the security conference for the year always, is really important because the rest of the business has moved forward and security teams have been a little hesitant there, we're a little behind the times compared to the rest of the business who are taking advantage of these cloud services, taking advantage of data being everywhere. So for security professionals to realize like hey there are tools that can make us better at our jobs and make us, you know, keep or help us keep pace with the business is absolutely critical because like you said, as much as you know I always cringe when I hear the term DevSecOps, it's important because security needs to be there. The reason I cringe is because I think security should be built into everything. But the challenge we have is that security teams are still a lot of us are still stuck in the past to sort of put our arms around something. And you know, if it's in that box, I'm good with it. And that just doesn't work in the cloud. We have better tools, we have better data. And that was really Rohit's key message was those tools and that data can help you be resilient, can help your organization be resilient and whether that's the situation like a pandemic or a major cyber attack, you need to be flexible. You need to be able to bounce back. >> You know, when we actually have infrastructure as code and no one ever talks about DevOps or DevSecOps you know, we've, it's over, it's in the right place, but I want to get your thoughts and seeing if you heard anything about automation because one of the things that you bring up about not liking the word DevSecOps is really around, having this new team formation, how people are organizing their developers and their operations teams. And it really is becoming programmable and that's kind of the word, but automation scales it. So that's been a big theme this year. What are you hearing? What did you hear on the keynote? Any signs of reality around automation, machine learning you mentioned data, did they dig into automation? >> Automation was on the periphery. So a lot of what they're talking about only works with automation. So, you know, the Netflix shout out for chaos monkey absolutely as an automated tool to take advantage of this data, you absolutely need to be automated but the keynote mainly focused on sort of the connectivity and the differences in how we view an organization over the last year versus moving forward. And I think that was actually a bit of a miss because as you rightfully point out, John, you need automation. The thing that baffles me as a builder, as a security guy, is that cyber criminals have been automated for years. That's how they scale. That's how they make their money. Yet we still primarily defend manually. And I don't know if you've ever tried to beat, you know the robots that are everything or really complicated video games. We don't tend to win well when we're fighting automation. So security absolutely needs to step up. The good news is looking at the agenda for the week, taking in some talks today, while it was a bit of a miss and the keynote, there is a good theme of automation throughout some of the deeper dive sessions. So it is a topic that people are aware of and moving forward. But again, I always want to see us move fast. >> Was there a reason Chuck Robbins headlines or is that simply because there are a big 800 pound gorilla in the networking space? You know, why Cisco? Are they relevant security? Is that signaling that networking is more important? As of 5G at the edge, but is Cisco the player? >> Obviously Cisco has a massive business and they are a huge player in the security industry but I think they're also representative of, you know and this was definitely Chuck's message. They were representative of this idea that security needs to be built in at every layer. So even though, you know I live on primarily the cloud technologies dealing with organizations that are built in the cloud, there is, you know, the reality of that we are all connected through a multitude of networks. And we've seen that with work from home which is a huge theme this year at the conference and the improvements in mobility with 5G and other connectivity areas like Edge and WiFi six. So having a big network player and security player like Cisco in the keynote I think is important just because their message was not just about inclusion and diversity for skills which was a theme we saw repeated in the keynote actually but it was about building security in from the start to the finish throughout. And I think that's a really important message. We can't just pick one place and say this is where we're going to build security. It needs to be built throughout all of our systems. >> If you were a Cicso listening today what was your take on that? Were you impressed? Were you blown away? Did you fall out of your chair or was it just right down the middle? >> I mean, you might fall out of your chair just cause you're sitting in it for so long taken in a virtual event. And I mean, I know that's the big downside of virtual is that your step counter is way down compared to where it should be for these conferences but there was nothing revolutionary in the opening parts of the keynote. It was just, you know sort of beating the drum that has been talked about, has been simmering in the background from sort of the more progressive side of security. So if you've been focusing on primarily traditional techniques and the on-premise world, then perhaps this was a little a bit of an eye-opener and something where you go, wow, there's, you know there's something else out here and we can move things forward. For people who are, you know, more cloud native or more into that automation space, that data space this is really just sort of a head nodding going, yeap, I agree with this. This makes sense. This is where we all should be at this point. But as we know, you know there's a very long tail insecurity and insecurity organizations. So to have that message, you know repeated from a large stage like the keynote I think was very important. >> Well you know, we're going to be, theCUBE will be onsite and virtual with our virtual platform for Amazon web services reinforced coming up in Houston. So that's going to be interesting to see and you compare contrast like an AWS reinforce which is kind of the I there I think they had the first conference two years ago so it's kind of a new conference. And then you got the old kind of RSA conference. The question I have for you, is it a just a position of almost two conferences, right? You got the cloud native AWS, which is really about, oh shared responsibility, et cetera, et cetera a lot more action happening there. And you got this conference here seem come the old school legacy players. So I want to get your thoughts on that. And I want to get your take on just just the cryptographers panel, because, you know, as I'm not saying this as a state-of-the-art that the old guys saying get off my lawn, you know crypto, we're the crypto purists, they were trashing NFTs which as you know, is all the rage. So I, and Ron rivers who wrote new co-create RSA public key technology, which is isn't everything these days. Is this a sign of just get off my lawn? Or is it a sign of the times trashing the NFTs? What's your take? >> Yeah, well, so let's tackle the NFTs then we'll do the contrast between the two conferences. But I thought the NFT, you know Ron and Addie both had really interesting ways of explaining what an NFT was, because that's most of the discussion around the NFT is exactly what are we buying or what are we investing in? And so I think it was Addie who said, you know it was basically you have a tulip then you could have a picture of a tulip and then you could have something explaining the picture of the tulip and that's what an NFT is. So I think, you know, but at the same time he recognized the value of potential for artists. So I think there was some definitely, you know get off my lawn, but also sort of the the cryptographer panels is always sort of very pragmatic, very evidence-based as shown today when they actually were talking about a paper by Schnorr who debates, whether RSA or if he has new math that he thinks can debunk RSA or at least break the algorithm. And so they had a very logical and intelligent discussion about that. But the cryptographers panel in contrast to the rest of the keynote, it's not about the hype. It's not about what's going on in the industry. It's really is truly a cryptographers panel talking about the math, talking about the fundamental underpinnings of our security things as a big nerd, I'm a huge fan but a lot of people watch that and just kind of go, okay now's a great time to grab a snack and maybe move those legs a little bit. But if you're interested in the more technical deeper dive side, it's definitely worth taking in. >> Super fascinating and I think, you know, it's funny, they said it's not even a picture of a tulip it's s pointer to a picture of a tulip. Which is technically it. >> That was it. >> It's interesting how, again, this is all fun. NFTs are, I mean, you can't help, but get an Amber by decentralization. And that, that wave is coming. It's very interesting how you got a decentralization wave coming, yet a lot of people want to hang on to the centralized view. Okay, this is an architectural conflict. Is there a balance in your mind as a techie, we look at security, certainly as the perimeter is gone that's not even debate anymore, but as we have much more of a distributed computing environment, is there a need for some sensuality and or is it going to be all decentralized in your opinion? >> Yeah that's actually a really interesting question. It's a great set up to connect both of these points of sort of the cryptographers panel and that contrast between newer conferences and RSA because the cryptographers panel brought up the fact that you can't have resilient systems unless you're going for a distributed systems, unless you're spreading things out because otherwise you're creating a central point of failure, even if it's at hyper-scale which is not resilient by definition. So that was a very interesting and very valid point. I think the reality is it's a combination of the two is that we want resilient systems that are distributed that scale up independently of other factors. You know, so if you're sitting in the cloud you're going multi-region or maybe even multicloud, you know you want this distributed area just for that as Verner from AWS calls it, you know, the reduced blast radius. So if something breaks, not everything does but then the challenge from a security and from an operational point of view, is you need that central visibility. And I think this is where automation, where machine learning and really viewing security as a data problem, comes into play. If you have the systems distributed but you can provide visibility centrally which is something we can achieve with modern cloud technologies, you kind of hit that sweet spot. You've got resilient underpinnings in your systems but you as a team can actually understand what's going on because that was a, yet another point from Carmela and from Ross on the cryptographers panel when it comes to AI and machine learning, we're at the point where we don't really understand a lot of what's going on in the algorithm we kind of understand the output and the input. So again, it tied back to that resiliency. So I think that key is distributed systems are great but you need that central visibility and you only get there through viewing things as a data problem, heavy automation and modern tooling. >> Great great insight, Mark. Great, great call out there. And great point tied in there. Let me ask you a question on your take on the keynote in the conference in general as first day gets going. Do you see this evolving from the classic enterprise kind of buyer supplier relationship to much more of a CSO driven or CXO driven? I need to start building about my teams. I got to start hiring developers, not so much in operation side. I mean, I see InfoSec is these industries are not going away. People are still buying tools and stacking up the tool shed but there's been a big trend towards platforms and shifting left from a developer CICB pipeline standpoint which speaks to scale on the cloud native side and that distributed side. So is this conference hitting that Mark, or you still think there are more hardware and service systems people? What's the makeup? What's the take? >> I think we're definitely starting to a shift. So a great example of that is the CSA. The Cloud Security Alliance always runs a day one or day zero summit at RSA. And this year it was a CSO executive summit. And whereas in previous years it's been practitioners. So that is a good sign I think, that's a positive sign to start to look at a long ignored area of security, which is how do we train the next generation of security professionals. We've always taken this traditional view. We've, you know, people go through the standard you get your CISSP, you hold onto it forever. You know, you do your time on the firewall, you go through the standard thing but I think we really need to adjust and look for people with that automation capability, with development, with better business skills and definitely better communication skills, because really as we integrate as we leave our sort of protected little cave of security, we need to be better business people and better team players. >> Well Mark, I really appreciate you coming on here. A cube alumni and a trusted resource and verified, trusted contributor. Thank you for coming on and sharing your thoughts on the RSA conference and breaking down the keynote analysis, the RSA conference. Thanks for coming on. >> Thank you. >> Well, what we got you here to take a minute to plug what you're doing at Lacework, what you're excited about. What's going on over there? >> Sure, I appreciate that. So I just joined Lacework, I'm a weekend. So I'm drinking from the fire hose of knowledge and what I've found so far, fantastic platform, fantastic teams. It's got me wrapped up and excited again because we're approaching, you know security from the data point of view. We're really, we're born in the cloud, built for the cloud and we're trying to help teams really gather context. And the thing that appealed to me about that was that it's not just targeting the security team. It's targeting builders, it's targeting the business, it's giving them that visibility into what's going on so that they can make informed decision. And for me, that's really what security is all about. >> Well, I appreciate you coming on. Thanks so much for sharing. >> Thank you. >> Okay CUBE coverage of RSA conference here with Lacework, I'm John Furrier. Thanks for watching. (upbeat music)

from the cube studios in palo alto in boston connecting with thought leaders all around the world this is a cube conversation hey welcome back everybody jeff frick here with the cube coming to you from our palo alto studios with a cube conversation with a great influencer we haven't had him on for a while last had him on uh in may i think of 2019 mid 2019. we're excited to welcome back to the program he's kevin l jackson he is the ceo of gc globalnet kevin great to see you today hey how you doing jeff thanks for having me it's uh it's been a while but i really enjoyed it yeah i really enjoy being on thecube well thank you for uh for coming back so we've got you on to talk about citrix we had you last on we had you on a citrix synergy this year obviously covet hit all the all the events have gone virtual and digital and citrix made an interesting move they decided to kind of break their thing into three buckets kind of around the main topics that people are interested in in their world and that's cloud so they had a citrix cloud summit they had a citrix workplace summit and now they just had their last one of the three which is the citrix security summit uh just wrapped up so before we jump into that i just want to get your take how are you doing how you getting through the kind of covid madness from you know the light switch moment that we experienced in march april 2. you know now we're like seven eight months into this and it's not going to end anytime soon well you know it's it was kind of different for me because um i've been working from home and remotely since i guess 2014 being a consultant and with all my different clients i was doing a lot more traveling um but with respect to doing meetings and being on collaborative systems all day long it's sort of like uh old hat and i say welcome to my world but i find that you know society is really changing the things that you thought were necessary in business you know being physically at meetings and shaking hands that's all like you know although we don't do that anymore yeah i used to joke right when we started this year that we finally got to 2020 the year that we know everything right with the benefit of hindsight but it turned out to be the year that we actually find out that we don't know anything and everything that we thought we knew in fact is not necessarily what we thought and um we got thrown into this we got thrown into this thing and you know thankfully for you and for me we're in you know we're in the tech space we can we can go to digital we're not in the hotel business or the hospitality business or you know so many businesses that are still suffering uh greatly but we were able to make the move in i.t and and citrix is a big piece of that in terms of enabling people to support remote work they've always been in remote work but this really changed the game a lot and i think as you said before we turned on the cameras accelerated you know this digital transformation way faster than anybody planned on oh oh yeah absolutely and another one of the areas that was particularly um accelerated they sort of put the rockets on is security which i'm really happy about because of the rapid increase in the number of remote workers i mean historically companies had most of their workforce in their own buildings on on their own property and there was a small percentage that would remote work remotely right but it's completely flipped now and it flipped within a period of a week or a week and a half and many of these companies were really scrambling to make you know their entire workforce be able to communicate collaborate and just get access to information uh remotely right right well david talked about it in the security keynote you know that you know as you said when this light switch moment hit in mid-march you had to get everybody uh secure and take care of your people and get them set up but you know he talked a little bit about you know maybe there were some shortcuts taken um and now that we've been into this thing in a prolonged duration and again it's going to be going on for a while longer uh that there's really an opportunity to to make sure that you put all the proper uh systems in place and make sure that you're protecting people you're protecting the assets and you're protecting you know the jewels of the company which today are data right and data in all the systems that people are working with every single day yeah yeah absolutely they had to rapidly rethink all of the work models and this uh accelerated digital transformation and the adoption of cloud and it was just this this huge demand for remote work but it was also important to uh keep to think about the user experience the employee experience i mean they were learning new things learning new technologies trying to figure out how to how to do new things and that at the beginning of this uh trend this transition people were thinking that hey you know after a few months we'll be okay but now and it's starting to sink in that this stuff is here to stay so you have to understand that work is not a place and i think actually david said that right it's really you have to look at how the worker is delivering and contributing to the mission of the organization to the business model and you have to be able to measure the workers level of output and their accomplishment and be able to do this remotely so back to office is is not going to happen in reality so the employee experience through this digital environment this digital work space it's critical yeah i think one of the quotes he had whether i think was either this one or one of the prior ones is like back to work is not back to normal right we're not going to go back to the way that it was before but it's interesting you touched on employee experience and that's a big piece of the conversation right how do we measure output versus you know just time punching the clock how do we give people that that experience that they've come to expect with the way they interact in technology in their personal lives but there's an interesting you know kind of conflict and i think you've talked about it before between employee experience and security because those two kind of inherently are going to be always in conflict because the employee's going to want more access to more things easier to use and yet you've got to keep security baked in throughout the stack whether it's access to the systems whether it's the individual and and so there's always this built-in kind of tension between those two objectives well the tension is because of history security has always been sort of a a second thought an afterthought uh you know you said due to work oh security we'll catch up to it when we need to but now because of the importance of data and the inherently global connectivity that we have the the need for security has is paramount so in order to attract that in order to address that the existing infrastructures had this where we just bolted security on to the existing infrastructures uh this is when they when the data centers and we said well as long as it's in our data center we can control it but then we with this covet thing we'll just burst out of any data center we have to rely on cloud so this this concept of just bolting on security just doesn't work because you no longer own or control the security right so you have to look at the entire platform and have a holistic security approach and it has to go from being infrastructure-centric to data centric because that's the only way you're going to provide security to your data to those remote employees right right and there's a very significant shift we hear all the time we've got rsa uh all the time to talk about security and that's this concept of zero trust and and the idea that rather than as you said kind of the old school you put a a wall and a moat around the things that you're trying to protect right you kind of start from the perspective of i don't trust anybody i don't trust where they're coming from i don't trust their device i don't trust that they have access to those applications and i don't trust that they have access to that data and then you basically enable that on a kind of a need to know basis across all those different factors at kind of the least the least amount that they need to get their job done it's a really different kind of approach to thinking about security right and but it's a standardized approach i mean before present time you would customize security to the individual or 2d organization or component of the organization because you know you knew where they were and you would you would say well they won't accept this so we'll do that so everything was sort of piecemeal now that work is not a location you have to be much more standardized much more focused and being able to track and secure that data requires things like digital rights management and and secure browsers and some of the work that citrix has done with google has really been amazing they they looked at it from a different point of view they said okay where people are always working through the cloud in different locations from from anywhere but they all work through their browser so you know we could and i think this was something that the vice president at google said uh sunil potty i believe uh vice president of google cloud they said well we can capitalize on that interface without affecting the experience and he was talking about chrome so so citrix and and google have worked together to drive sort of an agent-less experience to order to enhance security so instead of making everything location specific or organizational specific they set a standard and they support this intent-driven security model yeah it's interesting sunil's a really sharp guy we've had him on thecube a ton of times uh over the years but there's another really interesting take on security and i want to get your your feedback on it and that's kind of this coopetation right and silicon valley is very famous for you know coopetation you might be competing tooth and nail with the company across the street at the same time you got an opportunity to partner you might share apis you know it's a really interesting thing and one of the the items that came out of the citrix show was this new thing called the workspace security alliance because what's interesting in security that even if we're competitors if you're suddenly getting a new type of threat where you're getting a new type of attack and there's a new you know kind of profile actually the industry likes to share that information to help other people in the security business as kind of you know us versus the bad guys even if we're you know competing for purchase orders we're competing you know kind of face-to-face so they announced this security alliance which is pretty interesting to basically bring in partners to support uh coopetition around the zero trust framework uh yeah absolutely this is happening across just about every industry though you're going away from uh point-to-point relationships to where you're operating and working within an ecosystem and in security just this week it's been highlighted by the uh the trick trick bot um activity this uh persistent uh malware that i guess this week is attacking um health care uh facilities the actual the u.s department of homeland security put out an alert now and this is a threat to the entire ecosystem so everyone has to work together to protect everyone's data and that improves that that is the way forward and that's really the only way to be successful so uh we have to go from this point-to-point mindset to understanding that we're all in the same boat together and in this uh alliance the workspace security alliance is an indication that citrix gets it right everyone has workers everyone's workers are remote okay and everyone has to protect their own data so why don't we work together to do that yeah that's great that's interesting i had not heard of that alert but what we are hearing a lot of um in in a lot of the interviews that we're doing is kind of a resurfacing of kind of old techniques uh that the bad guys are using to to try to get remote workers because they're not necessarily surrounded with as much security or have as much baked in in their home setup as they have in the office and apparently you know ransomware is really on the rise and the sophistication of the ransom where folks is very high and that they try to go after your backup and all in you know your replication stuff before they actually hit you up for the uh for the want for the money so it's it's there's absolutely that's right yeah go ahead i'm sorry i was just saying that's indicative of the shift that most of your workers are no longer in your facilities than now and at home where companies never really put a lot of investment into protecting that channel that data channel they didn't think they needed to right right one of the other interesting things that came up uh at the citrix event was the use of uh artificial intelligence and machine learning to basically have a dynamic environment where you're adjusting you know kind of the access levels based on the behavior of the individual so what apps are they accessing what you know are they moving stuff around are they downloading stuff and to actually kind of keep a monitor if you will to look for anomalies and behavior so even if someone is trusted to do a particular type of thing if suddenly they're you know kind of out of band for a while then you know you can flag alerts to say hey what's going on is that this person did their job change you know why are they doing things that they don't normally do maybe there's a reason maybe there isn't a reason maybe it's not them so you know i think there's so many great applications for applied machine learning and artificial intelligence and these are the types of applications where you're going to see the huge benefits come from this type of technology oh yeah absolutely i mean the citrix analytics for security is really a um security service right um that monitors the activities of of people on the internet and it this machine learning gives you or gives the service this insight no one company can monitor the entire internet and you can go anywhere on the internet so bob working together leveraging this external service you can actually have automated remediation of your users you can put this specific user security risk score so um companies and organizations can be assured that they are within their risk tolerance right right and of course the other thing you've been in the business for a while that we're seeing that we're just kind of on the cusp of right is 5g and iot so a lot more connected devices a lot more data a lot more data moving at machine speed which is really what 5g is all about it's not necessarily for having a better phone call right so we're just going to see you know kind of again this this growth in terms of attack surfaces this growth in terms of the quantity of data and the growth in terms of the the the rate of change that that data is coming in and and the scale and the speed with the old uh you know velocity and and variety and volume uh the old big data memes so again the other thing go ahead the other thing it's not just data when you have 5g the virtual machines themselves are going to be traveling over this network so it's a whole new paradigm yeah yeah so the uh once again to have you know kind of a platform approach to make sure you're applying intelligence to keep an eye on all these things from zero trust uh uh kind of baseline position right pretty damn important yeah absolutely with with edge computing the internet of things this whole infrastructure based data centric approach where you can focus on how the individual is interacting with the network is important and and uh another real important component of that is the um software-defined wide area network because people work from everywhere and you have to monitor what they're doing right right yeah it's really worked from anywhere not necessarily work from home anymore i just want to you know again you've been doing this for a while get your feedback on on the fact that this is so much of a human problem and so much of a human opportunity versus just pure technology i think it's really easy to kind of get wrapped up in the technology but i think you said before digital transformation is a cultural issue it's not a technology issue and getting people to change the way they work and to change the way they work with each other and to change what they're measuring um as you said kobe kind of accelerated that whole thing but this has always been more of a cultural challenge in a technology challenge yeah the technology in a relative sense of you is kind of easy right but it's the expectations of humans is what they're used to is what they have been told in the past is the right thing no longer is right so you have to teach you have to learn you have to accept change and not just change but rapid change and accelerated change and people just don't like change they're uncomfortable in change so another aspect of this culture is learning to be adaptable and to accept change because it's going to come whether you want it or not faster than you think as well for sure you're right well that's great so kevin i'll give i give you the final word as as you think about how things have changed and again i think i think the significant thing is that we went from you know kind of this light switch moment where it was you know emergency and and quick get everything squared away but now we're in this we're in kind of this new normal it's going to be going for a while we'll get back to some some version of a hybrid uh solution at some point and you and i will be seeing each other at trade shows at some point in time in the in the future but it's not going to go back the way that it was and people can't wait and hope that it goes back the way that it was and really need to get behind this kind of hybrid if you will work environment and helping people you know be more productive with the tools they need it always gets back to giving the right people the right information at the right time to do what they need to do so just kind of get your perspective as we you know kind of get to the end of 2020 we're going to turn the page here rapidly on 2021 and we're going to start 2021 in kind of the same place we are today well to be honest we've talked about a lot of these things but the answer to all of them is agility agility agility is the key to success this is like not locking into a single cloud you're going to have multiple clouds not locking into a single application you have multiple applications not assuming that you're always going to be working from home or working through a certain browser you have to be agile to adapt to rapid change and the organizations that recognize that and uh teach their workers teach their entire ecosystem to operate together in a rapidly changing world with agility will be successful that's a great that's a great way to leave it i saw beth comstack the former vice chair at ge give a keynote one time and one of her great lines was get comfortable with being uncomfortable and i think you nailed it right this is about agility it's about change it's we've seen it in devops where you embrace change you don't try to avoid it you know you take that really at the top level and try to architect to be successful in that environment as opposed to sticking your head in the sand and praying it doesn't absolutely all right well kevin so great to catch up i'm i'm sorry it's been as long as it's been but hopefully it'll be uh shorter uh before the next time we get to see each other yes fine thank you very much i really enjoyed it absolutely all right he's kevin l jackson i'm jeff frick you're watching thecube from our palo alto studios keep conversation we'll see you next time you

[Music] from the cube studios in Palo Alto in Boston it's the cube covering the IBM thing brought to you by IBM hello everybody this is state velocity of the cube and you're watching our wall-to-wall coverage of the IBM think digital experience at Justin Youngblood is here he's the vice president of IBM security Justin good to see you again thanks for coming on hey Dave good to be here thank you so look let's get right into it I mean we're here remote I wish we were you know for face-to-face and in Moscow II but things have changed dramatically there's a massive shift to work from home that's you know obviously kovat 19 has tightened the need for security but let's start with some of the things that you're seeing how you're responding the to secure those remote workers and let's get into some of the trends that you're seeing in the security space yeah absolutely some major trends and there is a big response around Cove at night 19 right now and and first of all you know what we tell all of our employees our clients our partners the entire ecosystem is number one priority stay safe and healthy of course even at IBM right now we have over 95% of IBM erse who are working from home we've seen that trend across our clients and partners as well and basically three themes keep popping up as it relates to security in Kovan 19 the first is clients are asking us to help them secure their remote workforce we have a number of tools technologies and services to help them do that the second is detecting and responding to accelerating threats amidst Cova 19 the threat actors are more active than ever they're driving some targeted attacks and phishing campaigns and our clients are asking us for help on that front and then the third is virtually extending security teams and operations and we've got a set of services managed services and and remote employees who can actually work with our clients and help them with their security operation centers and anything they need from a security program yeah I mean when you talk to CISOs they'll tell you look we you know our biggest problem is a lack of talent and we have all these fragmented tools and then now you throw kovat 19 at them and it's okay now overnight blank and secure the remote workforce so talk a little bit about this notion of platforms I've said often the security marketplace is very fragmented that accentuates the skills issue is you got to learn all these different tools and this is integration issues talk about platforms and how that might help solve this problem absolutely security platforms are on the rise do you see a lot of security platforms being announced by vendors today the problem statements are very clear oh as enterprises have moved along on their journey to cloud and digital transformation they now have workloads applications data users spread across multiple cloud environments every enterprise is using multiple clouds today so the problem statements become very clear for security security leaders have too many security tools they have too much data and they don't have enough people right so too many security tools that lack interoperability the average Enterprise has anywhere from 50 to 80 different security point products that don't talk to each other but trying to solve a security problem to pinpoint an issue actually takes looking at multiple screens too much data that comes without insights trying to stitch together all of this disparate data across a fragmented security landscape is very complex and it allows threats to be missed and then not enough people the shortage in cybersecurity is well documented over 2 million unfilled jobs today and that number continues to grow so enter security platforms that are that are on the value proposition of cleaning up this mess in November last year we announced the cloud pack for security that's IBM security platform and it has some some attributes that are powerful compelling we're seeing a lot of traction with client well you mentioned two things that really caught my attention the detection and the response because you know you're gonna get infiltrated everybody gets infiltrated and you know you've seen the stats it takes you know whatever 250 300 days before you can even detect it and then and then responses is critical so so talk about the cloud pack for security you know there are other platforms out there what makes yours different yeah are basically traditional security is broken we have a vision of modern security at centers on the cloud pack for security we set out two years ago with the concept of a next-generation platform it's a security control plane that works across hybrid multi cloud environments it connects all your security data and tools with a common platform that includes IBM and security tools and cloud platforms so whether you're using a sim like Q radar or Splunk endpoint detection systems like carbon black or CrowdStrike and any of the IBM any of the cloud platforms including IBM AWS or Azure it connects all of those and brings the insights together we work with over 50 enterprises and service providers help us co-create this solution and the attributes are its multi cloud capable but for security is multi cloud capable it can bring all the insights together from across these hybrid multi cloud environment it's open it's built and based on open standards and open technologies it's simple and it's composable in the sense that it has the ability to integrate with IBM and third-party technologies and add more capabilities over time what we see from other security platforms in the industry is they they basically approached the problem saying mr. customer bring all your data to our cloud will run the analytics on it and then provide you the insights what's different with cloud pack for security is we take the analytics to the data customers don't need to move their data from all the disparate sources where it exists we take the analytics to the data and bring those insights back to a common console or the or the security leaders and security analysts to take action on why you preaching to the choir now because well first of all you've got the the integration matrix and you've got the resources obviously I mean you mentioned a couple of really prominent and you know some hot products right now and this is the challenge right best to breathe versus fully integrated suite and what you're saying if I understand it correctly is we're not asking you to make that trade-off if you want to use you know of some tool go for it we're gonna integrate with that and give you the control and then the second piece is bringing that analytics capability to the data cuz that's the other thing you really don't want to move your data you the Einstein written move as much data as you have to but no more right absolutely this is a this is a team sport security is a team sport and that's where open technologies are so important the ability with an open API to integrate with any IBM or third-party technology this is not a rip and replace strategy clients can't afford to do that they want to work within their existing security tools but they need a common platform for bring it all together so we talked about the ability to gain complete insights across your hybrid multi cloud environment the ability to act faster with a set of playbooks and automation that basically runs security run books once a once an incident is detected to automatically go about about the fix and then third is the ability to run anywhere cloud pack for security like all of the IBM cloud packs is built on kubernetes and Red Hat openshift so it can be deployed on-premise or on the public cloud of the customers choosing complete choice and flexibility in that deployment I mean another key point you just made is automation and you talked earlier about that skills gap and the unfilled jobs automation is really the way certainly a way and probably a the most important way to close that gap I want to ask you about open could you think about you know security and networks and you know opens almost antithetical to secure I want close but you mean open in a different context and what if we could talk about that and maybe break down the key aspects of open as you defined it we've seen open technologies open standards open source be adopted across technology domains think of operating systems and Linux think of application development think of the management domain and kubernetes which now has a community of over 4,000 developers behind it it's more than any single vendor could put behind it so it's so open technologies really provide a force multiplier for any any industry security has been a laggard in adopting open standards and open source code so last year 2019 October time frame IBM partnered with McAfee and dozens of other vendors and launching the open Cyber Security Alliance focused on open standards that promote interoperability across security tools focused on open source code which we've adopted into an underpin the cloud pack I beams cloth pack for security focused on threat intelligence and analytics and ultimately sharing best practices and let me talk about run books this really comes down to the automated play books that customers need to run in response to a security threat or incident that's become really important automating actions to help security operations teams be more productive so all of those capabilities in total sum up what we're talking about with open technology for security and it underpins our IBM cloud pack for security solution well I've always felt that Open was part of the answer and like you said the industry was slowly to adopt adversary is highly capable he-she they're very well-funded do you think our industry is ready for this open approach we're absolutely ready for the open approach we see customers responding extremely positively to the cloud pack for security and the fact that it is built on open technologies many enterprises come to us and say they want that future proofing of their investments they want to know that what they purchased will interoperate with their existing environments without a rip rip and replace and the only way to get there is through open standards and open technology so it's it's already being well received and we're gonna see it grow just like it has any other technology domains operating systems application development management etc now is the time for security while Justin you're operating in one of the most important aspects of the IT value chain thank you for keeping us safe stay safe down there in Austin and thanks for coming on the queue thank you Dave good to be here take care and thank you for watching everybody watching the cubes coverage of IBM sync 2020 ibm's digital production keep it right there we're right back right after this short break [Music] you

>> Announcer: Live from Chicago, Illinois, it's theCUBE! Covering VeeamON 2018. Brought to you by Veeam. >> Welcome back to Day Two of VeeamON 2018 in Chicago. My name is Dave Vellante, and I'm here with Stu Miniman. You're watching theCUBE, the leader in live tech coverage. Dante Orsini is here. He's the Senior Vice President of Biz Dev at iland. CUBE alum. Good friend of theCUBE. Great to see you again. >> Great to see ya. >> Thanks for coming on. >> Yeah, thanks for having me. >> What's happening with iland these days, in the world of cloud service providers? >> Well Dave, it's been insane for us. Obviously Veeam's a huge partner of ours. We've been working together for what, seven years now I think. And it's just amazing to see the growth of this company. Right? We've integrated Veeam -- our relationship. We started off basically providing managed backup many, many moons ago. But six years ago we started to build our own platform, on top of Veeam, on top of Cisco, on top of HPE. Customers really wanted to see more control. They wanted greater levels of security. They really wanted a true enterprise cloud. To do that we had to enhance the VMware stack. We had chose to take Veeam and integrate them via their API. Today if somebody deploys anything in the world with iland, it's automatically backed up by Veeam. If you fast forward a bit, as you see what Veeam's done to innovate with cloud and multi cloud, they've really helped build our business. >> Dante, if you go and look back before the whole cloud wave, the typical service provider. They would have one of everything. You'd walk down the aisles and there'd be whatever it was. An EMC box. A digital box. Whatever it was. Did virtualization change that? Were you able to consolidate? Create a platform. Create a simpler environment to manage. Or is there still a lot of bespoke infrastructure lying around? >> Yeah, that's a great question. For us, I'd love to tell you we hit it right the first time twelve years ago. But no. Just like you said. There's all sorts of different technologies right? But I think what we've done is we quickly standardized. We leverage Cisco UCS from a compute perspective. We leverage some of their storage platforms for the things that we do with Veeam Cloud Connect Backup. We actually help them drive the validation of that product before it came to market. We operate at scale with them. Same thing with Veeam. We're their the largest cloud provider in the world right now. As far as leveraging Veeam technologies. In addition to that on the storage front, we also because of the demands of the environment, we really want to deliver a secure cloud service. Encryption is table stakes, and has been for years. HPE Nimble plays a critical role for us there. That's really our stack. Cisco from a network and a compute perspective, VMware with the hypervisor, and HPE from a storage perspective. >> It's sounds like you've taken some very cost effective platforms. Nimble, Veeam, etc. And then architected an enterprise class solution. You guys are adding value around that as an integrator and obviously a service provider. >> Yup, correct. And I think the market is demanding more and more from a cloud provider. People want true transparency. They want control over the infrastructure. For us it's like, how can we develop an API? So we can make this platform extensible. And then still work with the customers that are struggling with the promise of cloud. And Stu, you see this all the time, right? >> Yeah, and Dante, one of the things we're discussing here is it's a very hybrid world. As Veeam said, customers are doing lots of SAAS. They're using service providers. They have their own data centers. They're using a few public clouds. One of the things I've been watching real closely is companies like iland and the other cloud service providers Amazon and Microsoft aren't the enemy anymore. It's, well we actually have to partner with them on some services. We do some things locally. Maybe give us your viewpoint on how that's changed in the last couple of years. >> Yeah, great question. I would tell you that we're not quite there yet, Stu. From my perspective. You guys know, we're known best for providing disaster recovery as a service. That's where we've made a name in the space. But the irony is we've really focused on building this cloud infrastructure. So an I as platform. And ironically that's the majority of our revenue. When we look at public, clearly it is a hybrid world. Where we spend a lot of time, is investing in how can we highly automate the integration? Because we know that people are going to have workloads everywhere. The idea is, think about it from a recovery perspective. If I'm protecting your traditional workloads. And you've got a dev team that's using various different services that are proprietary to a public cloud, that stuff's got to talk to each other in a true resiliency capacity. We wanted to make sure that people could actually highly automate and orchestrate a failover to us, a test to us. But also integrate the connectivity portion of that. Right? Making sure that all these things can talk together is important. You understand as well as I do, as these cloud architectures change, become more modern, and they're more service driven. The traditional, I'm going to move from point A to point B is no longer in play. It's how can I have more diversity amongst my vendor base? If I'm using containers. You've got a globally distributed architecture. If I can deploy some of that with iland, and some of that maybe using Kubernetes, that gives me diversity for recovery. >> Dante, you've hit one of the key things we've been as an industry struggling with. That pace of change is just so rapid. How do you internally deal with that pace of change? As to I architected something today, and tomorrow there's something new. Tell us what you're hearing from your customers as to how they make their decisions and sort through this constantly changing Rubrik? >> Well it's definitely insane. We see all sorts of various different use cases, depending on the industry. And that pressure to innovate at the speed of light is, really people struggle with it. I think from our perspective, there's a couple things that we're doing. One, we actually wrote our own assessment application. We call it iland Catalyst. This was really designed to help both our customers as well as our partners. Cause we go to market through a lot of partners as well, to help streamline this pre-sales process for a customer. Again, we focus squarely on the VMware infrastructure stack. Being able to pull an inventory of what somebody has in their environment. And then go through and select resource pools and VM's, for whatever the purpose. Whether they're looking to work and shift workloads. Or whether they're looking to protect them from a backup or DR perspective, we're able to mitigate all the challenges associated with that. To your point. As people are looking at cloud, it's like okay. Is this cloud thing real? And how's it apply to my business? What can I really do with this? And by the way, I got to deal with my budget also. What's this stuff cost? We've got some really smart people. But you can't scale our smartest people globally. We wanted to really drive that into an application. It's really helped get people to outcomes much quicker. So do it right first. >> Dante, if you reverse back a few years ago, VMware was calling Amazon a book seller. Amazon was calling guys like VMware the old guard. The old way. They kissed and hugged last year. You must've loved that first of all. Because it was like, great, VMware specialist. We'll just drive truck through that opportunity, because we get service provision, cloud, VMware stack, boom. Now fast forward. They've got this little kumbaya thing going on. How do you now differentiate from that? >> Yeah, that's a great question. First of all, VMware, obviously a very strategic partner. I think they've got a long road ahead of them. On some of the things that they're doing. I think the promise of where they're going is great. But I still think there's a lot of folks that struggle with the idea. Think about co-mingling my traditional workloads. And then trying to integrate cloud native services on top of it. I think it's a tall order. We'll see where it goes. We're keeping a close eye on it. But in the interim for us, we continue to see folks that are saying, look I want to get out of the data center business. I've built my data center on VMware. I need to have much greater levels of control and visibility. And you need to make this easy on me. From that perspective, we've been able to do really, really well. We work with a lot of service providers that are looking for that level of a consultative approach. But also want to realize the benefits of a cloud. The point being is, I want a great cloud but it needs to be enterprise class. And I also need to know that I might need help architecting that migration. >> Well that's the key, right? You're not going to get that from an Amazon. They're not going to come into your shop. They're not going to hold your hand through it. They're not going to help you build the architecture route. And help you manage it on an ongoing basis. >> Dante, it's May 2018, so I'd be remiss if I didn't ask about GDPR. >> Hey Stu, I love you man! This is great. You guys know we operate globally, and have for over a decade. GDPR we were way out in front of this. I'm not sure if you follow, The BSI just came out with a new standard. 10012, I believe. I think our Compliance and DPO Officer would be pretty proud of me for remembering that one. >> Dave: I'm proud of ya. >> It's tailor made for GDPR. We've been pre-certified, one of four companies that did it. We do a ton in the security side and the compliance side. And I know they go hand in hand. We went through a global audit last year. On the back of some of the ISO work we do with the CSA, the Cloud Security Alliance. And actually came out with a gold star certification. Sounds juvenile, right? A gold star, woo hoo! But it's a big deal. Only iland and Microsoft have actually achieved that level of certification. Yeah. On the compliance side we're way out in front of GDPR. We're doing a lot from a thought leadership perspective in educating both the partners and the marketplace. I think it's going to see what happens with Brexit also. I think you'll see the rest of the world kind of find their way to their own type of regulation. >> What do all those acronyms mean for your customers in terms of GDPR compliance? How does that turn into value for them, and make their life easier? Can you explain? >> I think right now the whole market's been in my opinion has been ill prepared for this. You see a lot of people scrambling. Being able to identify what data is going to fall under that regulation. How you treat the data. How you're able to account for the data. And also destroy the data. And validate that. Is frankly I see some of the biggest sweeping change in marketing. I see marketing people really scrambling. Because they have to make sure that they double-opt in. Cause the fines for breaching this are unbelievable. I think you're going to see the regulators make an example out of certain people. >> No doubt. >> Quickly. >> There's going to be some examples. They're going to go after the guys with deep pockets first. But the fines are... What are the fines? Four, is it 10% of the turnover? No, 4% of turnover. >> 4% of your previous year's turnover. >> Which is insane. >> Yep, yep. >> That's going to hurt. >> Or something like 20 million pounds, something like that. >> Which ever is greater. >> Which ever is greater. Yes! Yes, exactly. Yup. >> It's pretty onerous. Dante, VeeamON 2018, we'll give you closing thoughts. >> Fantastic event, right. Just super appreciative for our relationship with Veeam. They've been behind us. They've been behind this whole cloud provider community. I mean guys, you know this. Raat Mere and team had the ability to go take this stuff to a public cloud many moons ago. They chose to enable a managed cloud provider market first. We are very grateful for that. >> Awesome. Hey thanks so much for coming on theCUBE. Great to see you. >> My pleasure. >> As always. >> Yup, go Yankees! >> Oh whoa, time out. >> Go Yankees. >> While we're on the topic. Listen, you can't beat the Red Sox in April. Okay, you know that, right? >> Yeah, here we go. >> So it's going to be interesting to see. I mean I have predicted the Yankees take the east, and they go to the World Series. But you got to be excited as a Yankees fan. >> Could be a good year. >> I've always liked Brian Cashman. I think he's one of the best GM's in the business. Watch his moves at the trading deadline. He's going to beef up the bullpen. I hope the Sox can hang tough with him because anything can happen. >> It's true, anything can happen. >> Hey, great to see ya. >> Great to see you guys, thank you. >> Go Sox. >> Dig it. >> Keep it right there everybody. We'll be back with our next guest right after this short break.

(upbeat music) >> Hey, welcome back, everybody. Jeff Frick here with The Cube. We're at the RSA Convention in downtown San Francisco. 40,000 people talking security, trying to keep you safe. Keep your car safe, your nest safe, microwave safe, refrigerator safe. >> Everything safe. >> Oh my gosh. Jason Porter, VP, Security Solutions from AT&T, welcome. >> Very good, thanks for having me, Jeff. >> So what are your impressions of the show? This is a crazy event. >> It is crazy, I mean look at all the people. It's the crowds, it's a lot of fun. The best part is just walking the hallways, getting to connect with friends and network and really create new solutions to help our customers. >> It seems to be a reoccurring theme. Everybody sees everybody who's involved in this space is here today. >> Absolutely, yeah, for the next couple of days it's just all in all the time. >> AT&T, obviously, big network, you guys are carrying all this crazy IP traffic that's got good stuff and bad stuff, a lot of fast-moving parts, a ton more data flying through the system. What's kind of your step-back view of what's going on and how are you guys addressing new challenges with 5G and IoT and an ever-increasing amount of data-flow through the network? >> Absolutely, so you're right, at AT&T, we see a ton of traffic. We see 130 petabytes of traffic everyday across our network, so our threat-platform, we pull in five billion threat events every 10 minutes. So-- >> Wait, one more time. Five billion with a B? >> Five billion events every 10 minutes. >> Every 10 minutes. >> So, that's what our big data platform is analyzing with our data scientists and our math, so, lots of volume and activity going on. We have 200 million inpoints, all feeding that threat-platform as well. What are we seeing? We're seeing threats continuing to to grow. Obviously, everybody here at this show knows it, but give you some concrete examples, we've seen a 4,000% increase in IoT vulnerability scanning. IoT is something as a community, as a group here, we definitely need to go solve and that's why we launched our IoT Security Alliance last week. We formed an alliance with some big names out there, like Palo Alto Networks and IBM and Trustonic and others that really, we all have a passion in going out and solving IoT security. It's the number one barrier or concern for adopting IoT. >> You touched on all kinds of stuff there. >> A whole ton of stuff, sorry. >> Let's go to the big data. >> Yeah. >> What's interesting about big data and I always tell kids, right? Every coin has two sides. >> Absolutely. >> The bad part is you've got that much more data to sort through, but the good news is you can use a lot of those same tools. Obviously, it's not a guy sitting with a pager waiting for a red light to go off. >> That's right. >> Analyzing that. How has the big data tools helped you guys to be able to see the threats faster, to react to them faster? >> Yeah. >> To really be more proactive? >> That's a great point, so cyber security is a zero percent unemployment field, right? >> People, you can't get enough people to come work in Cyber security who have the right talent. We had to really evolve. A few years ago, we had to make a big shift that we were not going to just put platforms and people watching screens, looking for blinking red lights, right? We made the shift to a big data threat platform that's basically doing the work of identifying the threats without the people, so we're able to analyze at machine-speed instead of people-speed, which allows us to, as I said, get through many more events. >> Right. >> Much more quickly and allows us to eliminate false-positives and keep our people working really at that, looking at those new threats, those things that we want the people analyzing. >> Right, so the next thing you talked about is IoT. >> Yep. >> My favorite part of Iot is autonomous vehicles just cause I live in Palo Alto. >> Absolutely. >> We see the Google Cars and they're coming soon, right? >> Absolutely. >> But, now you're talking about moving in a 3,000 pound vehicle. >> Yeah. >> Potentially, somebody takes control, so security's so important for IoT. The good news for you guys, 5G's got to be a big part of it. >> Absolutely. >> Not necessarily just for security, but enablement, so you guys are right the heart of IoT. >> Yeah, we are, we have one of the largest IoT deployments in the world. We have the most connected devices and so, what we see is really a need for a layered approach to security. You mentioned 5G, 5G's certainly a part of getting capacity to that, but when you moved to IoT with connected cars and things, you move beyond data harm to physical harm for people and so we've got to be able to up our game and so a layered approach, securing that device, us putting malware detection, but even threat and monitoring what's going on between the hardware and the operating system and the user and then segmenting, say, in a car, telematics from infotainment right? You want to really segment the telematics so that the controls of driving and stopping that car are separate from the infotainment, the internet traffic, the video watching for my kids. >> Right, Spotify, or whatever, right, right right. >> Absolutely and so we do that through SMS, private SMS user groups, private APNs, VPNs, those kinds of things and then of course, you want to build that castle around your data. Your control unit that's managing that car. Make sure you do full UTM threat capabilities. Throw everything you can at that. We've even got some specialized solutions that we've built with some three-letter agencies to really monitor that control point. >> Right, then the last thing you touched on is really partnership. >> Okay. >> And coopetition. >> Yep. >> And sharing which has to be done at a scale that it wasn't before-- >> Absolutely. >> To keep up with the bad guys because apparently, they're sharing all their stuff amongst each other all the time. >> Yeah, absolutely. >> And here we are, 40,000 people, it's an eco-system. How is that evolving in terms of kind of the way that you share data that maybe you wouldn't have wanted to share before for the benefit of the whole? >> Yeah, so, our threat platform, we built it with that in mind with sharing, so it's all, it's surrounded by an API layer, so that we can actually extract data for our customers. Our customers can give us their date. It's interesting, I thought they would want to pull data, but our biggest customers said, no, you know what? We want your data scientists and your math looking at our environment too, so they wanted to push data, but speaking about alliances overall, it's got to be a community as you said. And our IoT Security Alliance is a great example of that. We've got some big suppliers in there, like Palo Alto, but we also have IBM. IBM and AT&T are two of the largest manage-security companies in the planet, so you would think competition, but we came together in this situation because we feel like IoT's one of those things we got to get right as a community. >> Right, right, all right, Jason. I'll give you the last words. >> Okay. >> 2017, we're just getting started, what are kind of your priorities for this year, what will we be talking about a year from now at RSA 2018? >> You're going to continue to hear more about attack types, different attack types, the expanding threats surface of IoT but I think you're going to continue to hear more about our critical infrastructure being targeted. You saw with the dying attack, you're starting to take out major pieces that are impacting people's lives and so you think about power grids and moving into some more critical infrastructure, I think that's going to be more and more the flavor of the day as you continue to progress through the year. >> All right, well hopefully you get good night's sleep. We want you working hard, we're all rooting for ya. >> Absolutely, we're all working on it >> All right, he's Jason Porter from AT&T. I'm Jeff Frick with The Cube. You're watching The Cube from RSA Conference San Francisco. Thanks for watching. (melodic music) (soothing beat)

>> Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in downtown San Francisco at the Twitter headquarters for Data Privacy Day. An interesting collection of people coming together here at Twitter to talk about privacy, the implications of privacy... And I can't help but think back to the classic Scott McNeely quote right, "Privacy is dead, get over it", and that was in 1999. Oh how the world has changed, most significantly obviously mobile phones with the release of the iPhone in 2007. So we're excited to really kind of have the spearhead of this event, Michael Kaiser. He's the executive director of the National Cyber Security Alliance in from Washington D.C.. Michael, great to see you. >> Thanks for having us in. >> For the folks that aren't here, what is kind of the agenda today? What's kind of the purpose, the mission? Why are we having this day? >> Well Data Privacy Day actually comes to us from Europe, from the EU which created privacy as a human right back in 1981. We've been doing it here in the United States since around 2008. NCSA took over the effort in 2011. The goal here really is just help educate people, people and businesses as well, about the importance of respecting privacy, the importance of safeguarding information, people's personal data. And then really hopefully with an end goal of building a lot more trust in the ecosystem around the handling of personal data which is so vital to the way the internet works right now. >> Right, and it seems like obviously companies figured out the value of this data long before individuals did and there's a trade for service. You use Google Maps, you use a lot of these services but does the value exchange necessarily, is it equal? Is it at the right level? And that seems to be kind of the theme of some of these privacy conversations. You're giving up a lot more value than you're getting back in exchange for some of these services. >> Yeah, and we actually have a very simple way that we talk about that. We like to say that personal information is like money and that you should value it and protect it. And so, trying to encourage people and educate people to understand that their personal information does have value and there is an exchange that's going on. They should make sure that those transactions are ones that they're comfortable in terms of giving their information and what they get back. >> Right, which sounds great Michael but then you know you get the EULA, you know you sign up for these things and they don't really give you the option. You can kind of read it but who reads it? Who goes through? You check the box and you move on. And or you get this announcement, we changed our policy, we changed our policy, we changed our policy. So, I don't know if realistic is the right word but how do people kind of navigate that? Because, let's face it my friends told me about Uber, I want to get an UBER. I download UBER. I'm stuck in a rainy corner in D.C. and I hit go and here comes the car. I don't really dig into the meat. Is there an option? I mean there's not really, I opt for privacy one, two, three and I'm opting out of five, six, seven. >> Yeah, I think we're seeing a little bit more granular controls for people on some of these things now but I think that's what we'd advocate for more. When we talk to consumers they tell us mostly that they want to have better clarity about what's being collected about them, better clarity about how that information's being used, or if it's, how it's being shared. Equally importantly, if there are controls where are they, how easy are they to use, and making them more prominent so people can engage in sort of making the services tailored to their own sort of privacy profile. I think we'd like to see more of that for sure, more companies being a little more forthcoming. Yeah you have the big privacy policy that's a long complicated legal document but there may be other way to create interfaces with your customers that make some of the key pieces more apparent. >> And do you see a trend where, because you mentioned in some of the notes that we prepared that privacy is good for business and potentially is a competitive differentiator. Are you starting to see where people are surfacing privacy more brightly so that they can potentially gain the customer, gain respect of the customer, the business of the customer over potentially a rival that's got that buried down? Is that really a competitive lever that you see? >> Well I think you see some extremes. So you see some companies that say we don't collect any information about you at all so that's part of, out there, and I think they're marketing to people who have extreme concerns about this. But I also think we're seeing again some places where there are more higher profile ability to control some of this data right. Even in you know places like the mobile setting where sometimes you'll just get a little warning saying oh this is about to use your location, is that okay, or your location is turned off you need to turn it back on in order to use this particular app. And I think those kinds of interfaces with the user of the technology are really important going forward. We don't want people overwhelmed like every time you turn on your phone you're going to have to answer 17 things in order to get to do x, y, and z but making people more aware of how the apps are using the information they collect about you I think is actually good for business. I think actually sometimes consumers get confused because they'll see a whole list of permissions that need to be provided and they don't understand how those permissions apply to what the app or service is really going to do. >> Right, right. >> Yeah, that's an interesting one. I was at a, we were at Grace Hopper in October and one of the keynote speakers was talking about how mobile data has really changed this thing right because once you're on your mobile phone it uses all the capabilities that are native in the phone in terms of geolocation, accelerometer, etc. All these things that a lot of people probably didn't know were different on the mobile Facebook app than were on the desktop Facebook app. Let's face it, most this stuff is mobile these days, certainly with the younger kids. As you said, and that's an interesting tack, why do you need access to my context? Why do you need access to my pictures? Why do you need access to my location? And then the piece that I'm curious to get your opinion, will some of the value come back to the consumer in terms of I'm not just selling your stuff, I'm not monetizing it via ads, I'm going to give some of that back to you? >> Yeah, I think there's a couple things there. One quick point on the other issue there, without naming names I was looking at an app and it said it had to have access to my phone, and I'm like why would this app need access to my phone? And then I realized later well it needs access to my phone because if the phone rings it needs to turn itself off so I can answer the phone. But that wasn't apparent right? And so I think it can be confusing to people like maybe it's innocuous in some ways. Some ways it might not be but in that case it was like okay yeah because if the phone rings I'd rather answer my phone than be looking at the app. >> Right, can I read it or can I just see it. You know the degree of the access too is very confusing. >> Yeah and I think in terms of the other issues that you're raising here about how the value exchange on data, I think the internet of things is really going to play a big role in this because it's really... You know in the current world it's about you know data, delivering ads, those kinds of things, making the experience more customized. But in IoT where you're talking about wearables or fitness or those kinds of things, or thermostats in your home, your data really drives that. So in order for those devices to really work well they have to have data about you. And that's where I think customers will really have to give great thought to. You know is that a good value proposition, right? I mean, do I want to share my data about when I come and leave every day just so my thermostat you know can turn on and off. And I think those are you know can be conscience decisions about when you're implementing that kind of technology. >> Right, so there's another interesting tack I'd love to get your opinion on. You know we see Flo from the Progressive commercials advertising to stick the USB in your cigarette lighter and we'll give you cheaper rates because now we know if you stop at stop signs or not. What's funny to me is that phone already knows whether you stop at stop signs or not and it already knows that you take 18 trips to 7-Eleven on a Saturday afternoon and you're sitting on your couch the balance of the time. As that information that's there somehow gets exposed and potentially runs into say healthcare mandated requirement from the company that you must wear Fitbits so now we know you're spending too much time at the 7-Eleven and on your couch and how that impacts your health insurance and stuff. And that's going to crash right into HIPAA. It just seems like there's this huge kind of collision coming from you know I can provide better service to people at the good end of the scale, and say aggregated risk models, but then what happens to the poor people at the other end? >> Well, I think that's why you have to have opt in, right? I think you can't make these things mandatory necessarily. And I think people have to be extremely aware of when their data is being collected and how it's being used. And so, you know the example of like the car insurance, I mean they can only, really should only be able to access that data about where you're going if you sign up to do that right? And if they want to say to you, hey Michael we might give you a better rate if we can track your, you know driving habits for a couple of weeks then that should be my choice right to give that data. Maybe my rates might be impacted if I don't but I can make that choice myself and should be allowed to make that choice myself. >> So it's funny, the opt in and opt out, so right now from your point of view what do you see in terms of the percentage of kind of opt in opt out on these privacy issues? Where is it and where should it be? >> Well I would like to see some more granular controls for the consumer in general right. I would like to see... And I said a little bit earlier a lot more transparency and ease of access to what's being collected about you and what's being used. You know outside of the formal legal process, obviously you know companies have to follow the law. They have to comply. They have to be, you know write these long EULAs or privacy policies in order to really reflect what they're doing. But they should be talking to their customers and understanding what's the most important thing that you want to know about my service before you sign up for it. And help people understand that and navigate their way through it. And I think in a lot of cases consumers will click yeah let's do it but they should do that really knowingly. If opting in is you're opting in it should be done with true consent right. >> Okay, so before I let you go just share some best practices, tips and tricks, you know kind of at least the top level what people should be thinking about, what they should be doing. >> Yeah, so we really, you know in this kind of space we look at a couple things. One, personal informations like money value and protect it. That really means being thoughtful about what information you share, when you share it, who you share it with. Own your online presence, this is really important. Consumers have an active role in how they interact with the internet. Use the settings that are there right. Use the safety and security or privacy and security settings that are in the services that you have. And then, actually a lot of this is behavioral. What you share is really important yourself so share with care right. I mean be thoughtful about the kinds of information that you put out there about yourself. Be thoughtful about the kind of information that you put about your friends and family. Realize that every single one of us in this digital world is entrusted with personal information about people much more than we used to be in the past. We have that responsibility to safeguard what other people give to us and that should be the common goal around the internet. >> I think we have to have you at the bullying and harassment convention down the road. Great insight Michael and really appreciate it. Have a great day today. I'm sure there's going to be a lot of terrific content that comes out. And for people to get more information go to the National Cyber Security Alliance. Thanks for stopping by. >> Thank you for having us. >> Absolutely. He's Michael Kaiser. I'm Jeff Frick. You're watching theCUBE, thanks for watching.