 from our studios in the heart of Silicon Valley, Palo Alto, California, this is a CUBE Conversation. Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in our Palo Alto studios having a CUBE Conversation, but for a little bit something different, instead of having our guests here locally in Palo Alto, we've got him all the way across the country, across the pond, all the way over to Holland and he's in the Utrecht and we're happy to welcome Eric Klein, he is the infrastructure architect for Friesland Campina. Eric, thanks for joining us today. Thank you for having me. Absolutely, so before we get started, a little background on Friesland Campina for people that aren't familiar with the company. Friesland Campina is a cooperative company owned by farmers predominantly in the Netherlands, Belgium and Germany. It's an international company. We have about 34 countries with, we have either sales offices or plans in there, we are one of the biggest dairy companies in the world and love to be there. It's a very good company to work for. It's amazing, I was doing a little research. I mean, the scale is amazing. You guys operate in 100 countries, export tea, you've got offices in 34 countries. I think it said 23,000 plus employees. It's quite a big operation. So big operation doing about 10 billion liters of kilograms of milk a year. Great, so it's a dairy. We're here talking about digital transformation. It's always fascinating to me, kind of the reach of digital transformation in everybody's company. Everyone says everyone's really a software company, you know, kind of built around a different product or service. So what were some of the challenges that you were looking towards in 2018, 2019 in terms of digital transformation in this mature industry of dairy? The challenges that we having is that we have to make sure that everything is safe. The products are safe, but also the data is safe. But also that we have a lot of things moved to the cloud and also that the performance of this applications moved to the cloud is to the end user satisfaction as well. So you're not looking only at transferring data safely from the cloud into our offices into our production environments. Also protecting our production environments for everything that's going bad on the internet, but also having to make sure that the applications are performing to the liking of the end users, so to speak, to our customer and our consumers. And was the objective to build new applications in the cloud or was it more kind of lift and shift some of your older applications in the cloud? Because those are two very different challenges. Yeah, it's a lift and shift of our older applications. For example, we're now in the middle of moving our SAP environment to the cloud. At least the development tests and user acceptance environments are moved to the cloud. The other ones remain still within a traditional data center environment. And we have moved all of our Office 365, so that's Skype for Business, SharePoint, but all the other applications to the cloud as well. And there we have in the whole digital transformation the challenges that really comes back to the end user. Those are huge applications, SAP and Office 365. Those are not insignificant applications at all. So what were some of the challenges? I'm sure we have a lot of your peers watching this. What are some of the tips and tricks that you can share with them? Big challenges that you had to overcome, things you thought about, maybe some things that you didn't think about in that transformation? If you look at the SAP landscape, it's the sheer amount of interfaces between the different components of SAP. That was something that made us decide not to move SAP to the cloud, not the production environment and the acceptance environment. That was a too big of an impact that would take too long to do and we don't have that time. If you're looking at Office 365, the fact that Microsoft is very averse in having anything in the middle, that brought us some real challenges. And we did that already in 2004, 2015, and we had our fair share of all fun and games. So what was different about it than today? I mean, obviously the cloud has moved quite a bit. The fact that C-scaler now does the updating on all the changes within the Microsoft environment. So you don't have to do it yourself. You don't have to constantly monitor the RSS feeds from Microsoft, do all the changes yourself. Now it's all done by C-scaler. All the SSL bypass, the authentication bypass has been set correctly. So when that came on board, that made our life a lot easier. The first part of the migration that we did in Europe, especially in the bigger locations like Amersfoort, which has our headquarters, we really had our challenges to keep the end user satisfied. So just again, kind of the scale of the end users. You mentioned that a couple of times. Is this in support of all the 23,000 people that are employed at Friesland Campina? Is it a subset or is it remote workers? How are you kind of allocating this effort? It is indeed all users, except for the factory workers. We don't allow people that work in production to direct access to the internet. So those people are not as much excluded, but they have special PCs where they work on. So you're looking currently at about 15,000 people that are working with Office 365 directly on a day-to-day basis within Friesland Campina. So the other thing you've talked about repeatedly is not only satisfaction with the users who are interfacing with the systems, but security. So what were some of the security considerations that you considered? How did you kind of bake security into your process? And as we hear all the time as we go to different shows, including security shows, it's not a bolt-on anymore. You have to be thinking security throughout the whole pipeline of the process. So how did you think about it? How did you attack it? How did you solve some of those problems? We started thinking about it already in 2012. We had at that time within Friesland Campina a program specifically driven out of the OT environment, so the operational technology, so the production IT, so to speak. And they come up with an architecture based on the ISA 9599 norm. And we took that on board as IT and continued to work on that. So from 2014, we already had on our plans the architecture to separate the various layer of the ISA 9599 framework into security zones. And we're constantly building on that one. We're refining it, we're improving it. Another question on security really in kind of the network architecture. Did you have to redo anything within your network architecture to make this move to the cloud possible? How did you address the network? It was a completely redesigned. It was a complete redesign. In the previous to that, we just had IT and we had one or two firewalls on site that connects to a certain part of OT and that was it. And now we have an architecture where we can integrate all different flavors of OT. There's no need for OT to have their own internet connections for maintenance, for support, et cetera. But it's all integrated and secure. And the reason for that is that you can't, in this day and age, have an island structure. Everything needs to be integrated. Everything needs to talk to each other, et cetera. So Eric, this interview sponsored by Zscaler, you're a customer of theirs. I'm just curious if you can talk a little bit about how their offering enabled you to do stuff that maybe you couldn't do before. How did you get involved with them? How are they working with them throughout this project? And how has that really been an enabler for your move to the cloud? In 2013, 2014, it was a request from the business, a very strong drive from the business to have local internet breakouts, specifically to get localized contact, driven out of the, how do you say it? Marketing departments. And then we looked at, okay, how can we enable that without creating firewalls on every location we having, making it very expensive, et cetera. And at that time, our provider Verizon came up, let's do a cloud security with Verizon, with a Zscaler and do a proof of concept and build on that one. So that worked, that that gave more granularity, gave the people in the countries that needed localized content, got the localized content, speedy up the application for those specific countries. So no hairpinning from Tokyo, Japan, back to Singapore, back to websites in Japan. So that helps a lot. But like I said, it was early days, so we had our challenges in getting that working, getting it secure, getting the traffic corrected to the correct Zscaler node, et cetera. So we did make from the initial setup of this network a number of iterations to come to where we are today. So it's not a one decision and then it works. Now it is a decision, see what it works, which challenges you're getting, and then take it to the next level. If we do the same thing with Zscaler as they're offering today, it will be a lot quicker. We will have a number of those challenges that we had at that time we will not have today. So as you look forward, what's kind of next? As you mentioned, this isn't a one-stop shop. This is an ongoing process. What are kind of your next priorities over the next six months or so as you guys continue on this journey? To another data center, so not to the cloud, but to a different data center. So that's a big, really big program. The other thing we're looking at is how can we improve remote access, preferred extra management as part. We also look at the CPA product of Zscaler. We're doing a proof of concept probably in the second half of this year. So, but on the other side, this year, 2019 for Frisian Compina is a, how do you say that in proper English? Stop and look back and see what's really important, what we need to go forward. So it's not going crazy on all different kind of project. It is, okay, what will actually contribute to the profitability of Frisian Compina going forward. I think that's a really great close. I know it's late in the Utrecht. I appreciate you taking some time out of your evening. And I was going to ask you the last question, what advice would you have for your peers for other practitioners that are looking at this? And either in the process or planning out their journey, but I think you hit on a big one right there. It's just really focus on the things that matter. Focus on the things that really make a difference and just don't start doing science experiments all over the place because you can or it's fun or it's interesting. Well, what my worries are for the future and what not keeps me awake at night, but that's too much to say is the bad that going around in this world is getting stronger. They have more resources than we as a company has to defend of us against. And the good challenge would be is identifying what is your traffic that is good flowing in your network? Because if you're knowing what is good, everything that's not defined as being good can be immediately defined as being bad. In that case, you will have a better position in preventing yourself against everything that's going wrong, like WannaCry. If you know that WannaCry is using a well-known port to use all over the place with the infusion computer. But if you then see that same port being used to communicate between servers that never communicated before or to workstages to serve it that never communicated before, then you can say, okay, stop that one immediately because that's not good. And the moment our biggest challenge is identifying what is the traffic that's good within our network. Well, that's a great tip. That's great. You know what the positives are and if it doesn't make the green list then shut her down and find out what's going on. Correct. All right. Well, Eric. And the reason why we identified WannaCry is that somebody, for some reason, identified, hey, this server never talked to that device. Why? Yeah. And because with IoT, you have to do that, right? You get all, because everything's IP connected, right? Whether it's the Shades and the HVAC system all the way down to all your manufacturing processes, distribution processes, IT systems. Correct, correct. Our big advantage was that the callback to the commander control service was already blocked by C-scaler. So it didn't hurt us that much. Yeah. Well, good. We got to keep the cows safe, keep the mills safe, and the- Yeah, absolutely. Would you say the 10 billion gallons of milk that you guys kick out of here or something like that? Yeah. It's amazing. It's amazing. All right, Eric. Well, thanks for sharing your story. Good luck on your future transformations and good luck next week. Thanks for stopping by. Thank you very much. All right. All right. He's Eric. I'm Jeff. You're watching theCUBE. We're going to prowl out the studios and new track tall. And thanks for watching. We'll see you next time.