 From San Francisco, it's theCUBE. Covering Sumo Logic Illuminate 2018. Now, here's Jeff Frick. Welcome back everybody. Jeff Frick here with theCUBE. We're at Sumo Logic Illuminate with the San Francisco Hyatt Regency by the airport. 600 people, three times bigger than last year. They got one of the coolest things I've ever seen. They got like the silent disco in the expo area. Everyone's listening to their session. They all got headphones on. Tons of people. You can't hear a thing. Pretty innovative. I've never seen anything like that. We're excited to have our next guest, John Vizneski. He's the director of information security and data protection officer for the Pokemon company. John, great to see you. Yeah, having to be here. And there's free coffee, which is why I showed up. There's free coffee. Absolutely. And they're not taking it away. And they're not taking it away. You can tell a good conference from a bad conference. The bad ones wheel it out and take it away and the good ones just leave it out all day. I like so much free coffee. At some point, I'll probably have a heart attack halfway through and you'll have to resuscitate me. So I apologize in advance. Don't do that. So tell us a little bit about what you do. Everyone knows Pokemon, right? It's a great brand, great global brand. Absolutely. What are some of the projects you're working on behind the scenes that most people probably aren't thinking about and they think about Pokemon? Yeah, well, absolutely. I think this day and age, the first thing people think about when they think about our brand is Pokemon Go, right? And with that sort of explosion of user base, what comes with that is this giant lake of data, right? And so my job, primarily my team's job is to protect our customers, right? One of our core values is child safety. So we take security and privacy very seriously. And so what we're working on right now is trying to figure out how do we wrap our arms around that data and as a security team, how do we enable the business to move as fast as they want to move while keeping that data secure? We have a whole lot of awesome products that are coming up in the next two years and while most security teams have a hard time keeping pace with that sort of thing, I like to think that we're sort of on the cutting edge of leveraging our security tools like Sumo Logic to operationalize our security team and make sure we're a business enabler, not just a return on investment. So what's the Pokemon Go explosive growth? Had you seen anything like that? Was that kind of a seminal moment in terms of what you guys had to manage on the back end? I mean, the numbers are giant. I saw something 750 million users, most of whom are a lot of whom are kids. So you got the whole kid factor under 18. I mean, that was quite a phenomenon. You know, I don't think anyone ever plans for 750 million downloads. And when it happens, the scalability issues that come with that are phenomenal. You know, one of the advantages we have as an organization is that we take child online privacy protection very seriously. So we're really well postured from a policy perspective to understand as we scale, you know, what are the controls we need to put in place to ensure that our customers are kept safe. But all the policy in the world doesn't make up for the fact that you still need a lot of horsepower to accommodate all that and make sure that people can go to gyms and all those sorts of things. And so it's been an interesting ride in that respect. So where is it deployed? You guys on the cloud-based infrastructure, do you have on-prem kind of what your backend look like? Absolutely. So we're AWS customers, so our customer-facing platforms are almost entirely in AWS. So you could scale to the 750. You sure can. You sure can. The meter goes up, though. The meter does go up. For sure. I mean, and so one of the things that that's presented to us is, you know, how do we think about security and how do we think about DevOps and how do we join those two things together to make sure that as we scale, we're scaling in a way that is smart, right? You can't just keep throwing instances at things because eventually you break your own cost curve. So how are we building smarter, not bigger, and not harder? That makes sense. So what are some of the unique challenges because of the kids that are involved in your marketplace that you guys have to do that? Maybe someone, we had a guest on the other day who was involved in bedding, right? Just by rule, hopefully there's no kids on the bedding application. But what are some of the special things you guys have to think about when you're dealing with miners? Yeah, absolutely. So there's the Child Online Privacy Protection Act which kind of governs how we're supposed to be handling data for children that are under 13 and then that gap in between 13 and 18. And so when we start thinking about user controls, particularly in this new environment with GDPR and some of the privacy standards that are coming out in the United States, as we're building applications or as we're building out the platform, design decisions need to be taken into account as far as what kind of a user is what age and how are we telling that people are telling that truthfully and how do we give them right to their data or how do we give parents rights to their children's data in a way that's scalable, easy to understand and really takes privacy to the forefront of us as a brand. Right, I'm wondering if you can share some of the stories of some of the trickier things that you guys had to work through that kind of give you an advantage because you've had to think the whole parent, the whole parent-child relationship adds a completely different layer to just what is a user and what is a user ID. Yeah, I think one of the fascinating stories is with GDPR, it's kind of enabled us to really think through a lot of these tricky use cases, right? So the Child Online Privacy Protection Act says that there's certain rules for children that are under 13. Well, so for GDPR, you're able to make a subject access request for your own personal data. Well, at what point does a parent not have access to their child's data? Is it at 13, is it at 18? And so thinking through those particular problem sets that as one of our customers ages up because we'd like them to be lifelong customers, how does their account change and how does their relationship with their parent account change along that journey? So you have an interesting title because you're in information security and data protection. So you've got both this explosion of data that's coming in every day that you do have to protect and make sure you got to keep on top of your AWS bill. At the same time, you got to bake the security in throughout the whole gamut. So what are some of the things you're thinking about as you kind of plan for the future, other big rollouts like Pokemon Go, that will make sure you're in a position to keep the data, mind the data, but not break the bank. Well, I mean, I think the first is this understanding that I think the future of information security is security and privacy, right? I think more and more people that are in my position are also going to be looked at in their organizations to make really due diligent efforts at understanding what kind of data are we taking in? Why are we taking in? What's the business justification? How long do we keep it? And really starting to think through and catalog that so that when our customers ask us the question, you know, what kind of data do you have on me and why are you keeping it for so long? We have a realistic answer so that when a parent goes to let their child download one of our applications, they know that they're downloading a safe space for their child to enjoy our brain. Right. Was GDPR for you guys just, oh, we've been there already. You know, we've been dealing with 13-year-olds and kids and all these other kind of regulations or was that any type of a kind of a game changer in the way you architect for, is it more kind of compliance and regulation? And I guess the thing to always crack up is the turnoff, right? Like, if things are in a cloud by rule, they're nowhere, they're everywhere, right? That great movie that came out years ago. Well, I mean, I think, you know, we had a head start because we were already focused on child safety and protecting our data. But I think with a lot of companies, you know, you're still, there's so many policies you need to put in place and there are so many, you know, new ways you need to think about how that data is harvested and where it's going to live and visibility in all of your systems into that data. You know, honestly, I think we were more 80% policy and 20% technical implementation because we kind of had that head start. But 80% policy is still a whole lot of policy. But the way we think about it is GDPR wasn't aligned in the sand, GDPR is just a new way of living. And that needs to be our privacy standard for our entire customer base, not just our European Union customers. Because at the end of the day, it doesn't matter if you live in Berlin or you live in Nebraska. You want to make sure that your data is safe and your child's data is safe and you have that ownership. And I think at the Pokemon Company, we take that pride and ownership and letting our customers own their own data very seriously. At the end of the day, privacy is just as much of a product as one of our new applications. Interesting way to think about it. So we're at SumoLogic Illuminate. Tell us a little bit about your relationship with SumoLogic. Why did you choose to go with them? Give us a little background there. Absolutely. You know, I think the day in age where a vendor-customer relationship is about the customer presenting their budget and then saying, give me stuff, is over, right? So just as much as I want to make sure that we are in business with vendors that have a vested interest in seeing us be successful, I think vendors now have a vested interest in making sure that they're doing business with customers that have that same in mind. So that means that my team needs to show up on time. My team needs to be prepared for meetings and all those sorts of things. And to that end, Sumo has been phenomenal, right? Everything from their engineers to their sales teams to their executive staff. You really get the feeling that they are concerned with making sure that you're going to be successful as an organization. And that's why they're foundational to what we're going to be doing moving forward. You know, I'm just curious from your perspective as a buyer, since you use the word vendor, buyer relationship, you know, it's so interesting how the world has changed. Back in the old days, right? There was asynchronous information, the vendors had all the information and you had limited source of information. Now, you've got probably more sources of information and types of information than you can deal with them. By the time you actually talk to a vendor, you probably have a pretty good idea of what they have and why it's going to be a fit. I'm just curious from your perspective. On the other hand, you have just a flood, to see a tsunami of new things happening all the time. New technologies, IOTs coming, 5G, how do you kind of sort it out and kind of know what you're going to say? How do you figure out who you want to work with tomorrow? Right, well, so because we're so invested in the cloud, you know, a big thing for us is ensuring that the companies that we do business with either are very much already doing cloud services or they have a plan in the very near future. What a lot of people don't realize is that a lot of these companies, they've been doing business for quite some time on-prem and they might not have had a lot of customers yet that have been really progressive and moved all of their business into the cloud. And so the trick is finding the companies that have sort of that robust idea of, you know, customers are all going to be in the cloud someday. So what are they doing right now to ensure that I'm going to be successful three years from now? And understanding our problems in terms of scale and all those sorts of things. So Sumo's been phenomenal in that respect. Well, I think such an underrated piece of a subscription-based economy is it forces you to have an ongoing relationship. It forces you to deliver value each and every month because you didn't just take the down payment with a maintenance fee. You know, you're engaged and you want to grow that business together. Yeah, and I think transparency is key in that, right? So they need to understand what our roadmap looks like just as much as I want to understand what their roadmap looks like. All right, I think there's this tendency to try to keep everything secret because we are security professionals, but at the end of the day, that's a losing battle. Right, right, all right, John. Well, thanks for taking a few minutes. I was going to ask if you can share any secrets, but you probably can't share any secrets with us. There's a lot of neat stuff coming on the horizon, absolutely. Very good, and all packaged in small yellow furry bodies. For sure, for sure. All right, John, well, thanks again. Appreciate it. Yeah, it was a pleasure, thanks. All right, he's John. I'm Jeff, you're watching theCUBE where it's Sumo Logic Illuminate 2018. Thanks for watching.