 From around the globe, it's theCUBE. Presenting FutureCloud, one event, a world of opportunities. Proud to you by Cisco. We're here with Vjoy Pandey, a VP of emerging tech and incubations at Cisco. Vjoy, good to see you, welcome. Good to see you as well. Thank you Dave, and pleasure to be here. So in 2020, we kind of had to redefine the notion of agility when it came to digital business. Or you know, organizations, they had to rethink their concept of agility and business resilience. What are you seeing in terms of how companies are thinking about their operations in this sort of new abnormal context? Yeah, I think that's a great question. I think what we're seeing is that pretty much the application is the center of the universe. And if you think about it, the application is actually driving brand recognition and the brand experience and the brand value. So the example I like to give is, think about a banking app, pre-COVID, that did everything that you would expect it to do. But if you wanted to withdraw cash from your bank, you would actually have to go to the ATM and punch in some numbers and then look at your screen and go through a process and then finally withdraw cash. Think about what that would do in a post pandemic era where people are trying to go contactless. And so in a situation like this, the digitization efforts that all of these companies are going through and the modernization and the automation is what is driving brand recognition, brand trust and brand experience. Yeah, so I was going to ask you when I heard you say that, I was going to say, well, hasn't it always been about the application, but it's different now, isn't it? So I wanted you to talk more about how the application experience is changing. Yes, as a result of this new digital mandate, but how should organizations think about optimizing those experiences in this new world? Absolutely, and I think, yes, it's always been about the application, but it's becoming the center of the universe right now because all interactions with customers and consumers and even businesses are happening through that application. So if the application is unreliable or if the application is not available, is untrusted, insecure, there's a problem. There's a problem with the brand, with the company and the trust that consumers and customers have with our company. So if you think about an application developer, the weight he or she is carrying on their shoulders is tremendous because you're thinking about rolling features quickly to be competitive. That's the only way to be competitive in this world. You need to think about availability and resiliency like you pointed out and the experience. You need to think about security and trust. Am I, as a customer, a consumer, willing to put my data in that application? So velocity, availability, security and trust and all of that depends on the developer. So the experience, the security, the trust, the feature velocity is what is driving the brand experience now. So are those two tensions, let's say agility and trust, zero trust used to be a buzzword now. It's a mandate, but are those two vectors counterposed? Can they be merged into one and not affect each other? Does the question make sense, right? Security usually handcuffs my speed, but how do you address that? Yeah, that's a good question. I think if you think about it today, that's the way things are. And if you think about this developer, all they want to do is run fast because they want to build those features out and they're going to pick and choose the APIs and services that matter to them and build out their app. And they want the complexities of the infrastructure and security and trust to be handled by somebody else. It's not that they don't care about it, but they want that abstraction so that it's handled by somebody else. And typically within an organization we've seen in the past, where there's friction between NetOps, SecOps, ITOps and the cloud platform teams and the developer on one side. And these frictions and these meetings and toil actually take a toll on the developer. And that's why companies and apps and developers are not as agile as they would like to be. So I think, but it doesn't have to be that way. So I think if there was something that would allow a developer to pick and choose, discover the APIs that they would like to use, connect those APIs in a very simple manner and then be able to scale them out and be able to secure them. And in fact, not just secure them during the runtime when it's deployed, but right off the bat when they fire up that IDE and start developing the application, wouldn't that be nice? And as you do that, there is a smooth transition between that discovery, connectivity and ease of consumption and security with the ITOps, NetOps, SecOps teams and CSOS to ensure that they're not doing something that their organization won't allow them to do in a very seamless manner. I want to come back and talk about security, but I want to add another complexity before we do that. So for a lot of organizations, I mean the public cloud became a staple of keeping the lights on during the pandemic, but it brings new complexities and differences in terms of latency, security, which I want to come back to, deployment models, et cetera. So what are the some of the specific networking challenges that you've seen with the cloud native architectures? How are you addressing those? Yeah, in fact, if you think about cloud to me, that is a different way of saying a distributed system. And if you think about a distributed system, what is at the center of that distributed system is the network. So my favorite comment here is that the network is the runtime for all distributed systems and modern applications. And that is true because if you think about where things are today, like you said, there's cloud assets that a developer might use. In the banking example that I gave earlier, I mean, if you want to build a contactless app so that you get verified, a customer gets verified on the app, they walk over to the ATM and they withdraw cash without touching that ATM. In that kind of an example, you're touching the mobile iOS, let's say iOS APIs, you're touching cloud APIs where the backend might sit, you're touching on-prem APIs, maybe it's an Oracle database or a mainframe, even where transactional data exists. You're touching branch APIs where the ATM actually exists and then needs to be consistency when you withdraw cash and you're carrying all of this and in fact, there might be customer data sitting in Salesforce somewhere. So it's cloud APIs, it's on-prem, it's branch, it's SaaS, it's mobile and you need to bring all of these things together and over time, you'll see more and more of these APIs coming from various SaaS providers. So it's not just cloud providers, but SaaS providers that the developer has to use. And so this complexity is very, very real and this complexity is across the wide open internet. So the application is built across this wide open internet. So the problems of discoverability, the problems of being able to simply connect these APIs and manage the data flow across these APIs, the problems of consistency of policy and consumption because all of these APIs have their own nuances and what they mean, what the arguments mean and what the API actually means. How do you make it consistent and easy for the developer? That is the networking problem. And that is the problem of building out this network, making traffic engineering easy, making policy easy, making scale out, scale down easy. All of that are networking problems. And so we are solving those problems at Cisco. Yeah, the internet is a new private network, but it's not always so private. So I want to come back to security. You know, I often say that the security model of building a moat, you dig the moat, you get the hardened castle, that's just outdated now. The queen is left her castle, I always say, and it's dangerous out there. And the point is, and you touched on this, it's a huge decentralized system and with distributed apps and data, that notion of perimeter security, it's just no longer valid. So I wonder if you could talk more about how you're thinking about this problem and you definitely addressed some of that in your earlier comments, but what are you specifically doing to address this and how do you see it evolving? Yeah, I mean, that's a very important point. I mean, I think if you think about again, the wide open internet being the runtime for all modern applications, what is perimeter security in this new world? I mean, it's, to me, it boils down to securing an API because again, going with that running example of this contactless cash withdrawal feature for a bank, the API, wherever it sits, on-prem, branch, SaaS, cloud, iOS, Android, doesn't matter. That API is your new security perimeter and the data object that it's trying to access is also the new security perimeter. So if you can secure API to API communication and API to data object communication, you should be good. So that is the new frontier, but guess what? Software is buggy. Everybody's software, I'm not saying Cisco software, everybody's software is buggy. Software is buggy, humans are not reliable and so things mature, things change, things evolve over time, so there needs to be defense in depth. So you need to secure at the API layer, add the data object layer, but you also need to secure at every layer below it so that you have good defense in depth if any layer in between is not working out properly. So for us, that means ensuring API to API communication, not just during runtime, when the app has been deployed and is running, but during deployment and also during the development lifecycle. So as soon as the developer launches an IDE, they should be able to figure out that this API is security use is reputable, it is compliant to my organization's needs because it is hosted, let's say from Germany and my organization wants APIs to be used only if they're being hosted out of Germany. So compliance needs and security needs and reputation, is it available all the time? Is it secure? And being able to provide that feedback all the time between the security teams and the developer teams in a very seamless real-time manner is again, that's something that we're trying to solve through some of the services that we're trying to produce in services called. Yeah, I mean, that layered approach that you're talking about is critical because every layer has some vulnerability and so you've got to protect that with some depth. In terms of thinking about security, how should we think about where Cisco's primary value add is? I mean, there's parts of the interview, you guys have great security business, it's a growing business. Is it your intention to add value across the entire value chain? I mean, obviously you can't do everything, so you've got to partner, but how should we think about Cisco's role? You know, over the next, I'm thinking longer term, over the next decade. Yeah, I mean, I think so we do come in with good strength from the runtime side of the house. So if you think about the security aspects that we have in play today, there's a significant set of assets that we have around user security, around with Duo and Passwordless, we have significant assets in runtime security. I mean, the entire portfolio that Cisco brings to the table is around runtime security, the secure X aspects around posture and policy that we bring to the table. And as you see Cisco evolve over time, you will see us shifting left. I mean, I know it's an overused term, but that is where security is moving towards. And so that is where API security and data security are moving towards. So learning what we have during runtime, because again, runtime is where you learn what's available. And that's where you can apply all of the ML and AI models to figure out what works, what doesn't. Taking those learnings, taking those catalogs, taking that reputation database and moving it into the deployment and development life cycle and making sure that that's part of that entire dev to deploy to runtime chain is what you will see Cisco do over time. That's fantastic, phenomenal perspectives. Vijay, thanks for coming on theCUBE. Great to have you and look forward to having you again. Absolutely, thank you, pleasure to be here. All right, this is Dave Vellante for theCUBE. Thank you for watching.