 from Las Vegas, it's theCUBE, covering AWS re-invent 2018. Brought to you by Amazon Web Services, Intel, and their ecosystem partners. Well, good morning, welcome back to us, or good afternoon for that matter. If you're watching out on the East Coast, good to have you here on theCUBE as we continue our coverage here in Las Vegas where the Sands Expo called D to be exact, one of seven sites that are hosting the AWS re-invent. John Walls here with Justin Moran. We're now joined by Anker Shaw, who is the Vice President of Products of Public Cloud Security of Palo Alto Networks, and Anker, good to see you this morning. Thanks for being with us. And Richard Weiss, who is the Cloud Security Engineer or a Cloud Security Engineer at Robert Half. Good morning to you, Richard. Good morning. Well, first off, let's tell us about Robert Half. So you're a recruiting firm in a partnership with Palo Alto, but filling a few more blanks for folks at home who might not know exactly what you do. Sure, we're a staffing and recruiting firm. We have offices worldwide. We have roughly 15,000 full-time employees. We also have many, many temporary employees, and of course we do recruiting. Many people I've met here at the conference, in fact, got their first job or one job in the past through Robert Half. And we also have- That makes you a really popular guy when the show closes. And we also have a productivity, our prestigious consulting arm. Okay, so now about your partnership, about how did you find Palo Alto or how did Palo Alto find you? And talk about maybe that relationship, how it's developed, and where it stands today. What are they doing for you? Sure, well, we found Palo Alto about two years ago. We're about seven years into our cloud journey, but it became very clear at the point in time that we needed to get a better handle on how we were managing and securing it. We were doing all the right things, but we didn't have the visibility we needed. So we brought in evidence to do that. Also, compliance is very important to us, and the tools allowed us to ensure that we were conforming to all of the compliance standards that we needed to. Okay, so maybe, RJ, you can get us in here. Explain how did this partnership get started? Yeah, yeah, so, you know, Robert Huff is kind of prototypical customer for us at Palo Alto Networks. Customers moving to cloud, AWS is obviously one of the biggest clouds, so a lot of customers are migrating, a lot of they're shutting out their data centers and moving the workloads and applications to the cloud. But as they move to the cloud, they want to make sure that they have the visibility and the security controls to make sure that they're not in the news. So that's how the partnership started. A lot of customers, just like Robert Huff, starts with, I'd like to get a visibility into what's happening in my cloud environment. Detect advanced data breaches, like crypto-jacking, stolen access keys, things of that nature. So that's how we kind of started this partnership. We've been kind of helping them kind of move more and more applications and more and more workloads in their AWS environments. And it's been a really amazing partnership. We've gotten some amazing feedback from them that has helped mature the product over the years. What's one of the more surprising things that you've noticed as part of this journey? What's something that you didn't realize that this was going to be a benefit to this partnership? And then once you actually had Palo Alto come in there, it's like, oh, wow, this is amazing. Well, there were a couple of things. First off, their RQL, the Red Lock Query Language, is very powerful and flexible and lets us take our compliance and security to the next level. But it's really impressed when we first started talking to Red Lock even before we had purchased the product. We saw some opportunities for product improvements, suggested them, and before we purchased it within a couple of weeks, they were there. Wow, that's pretty fast development cycles. I mean, that's what we're here for is rapid innovation. They're trying to change things at the speed of cloud. So how do you do that safely and securely? Maybe you can tell us, how does Palo Alto help do this rapid innovation but still keep everything really secure? Yeah, so our DNA is obviously network security is where the company started. Over the last, over a year now, the company has doubled down on public cloud security and a lot of emphasis on sort of securing customers cloud environment, helping a lot of customers migrate their applications into the cloud. And from a security standpoint, we look at it from different angles. One is kind of the basic configuration management aspects, making sure that customers don't leave open S3 buckets, permissive security groups, things of that nature. But above and beyond that, we also perform network analytics. So things like crypto jacking, data exfiltration attempts, the platform is able to detect those kinds of advanced threads. Privileged activity monitoring and anomaly detection is another thing we do. And last but not the least, host monitoring and host security aspects, that's something we do really, really well in the cloud as well. So when you combine all of that stuff, gives customers 360 visibility as well as security for all things in the cloud. I'm sorry, Richard, how hard is your job these days? And I mean that with all due respect, but we've talked a lot about complexity. We've talked a lot about speed. We've talked a lot about versatility and high demand and all these things. Corner office is making demands on you, right? I mean, how tough is it to be in your shoes? If it was easy, it wouldn't be fun. So I've been working in cloud about as long as Robert Haff has about seven years. And moving into the security role, it's been an incredibly interesting challenge. Yes, it's hard. I do stay up at night on occasion, worrying about that I check this, that I check that. I'm fortunate that our management has a really good understanding of the importance of security and of cloud. And I've gotten a lot of support in my role there. So in that respect, it hasn't been too hard. And where is it then security in terms of a deployment? Are you thinking about, so you think about function, right? What are we going to get done here? But is it a close second? Is it a tie? Is it, because especially in your business, you have a lot of personal information with which you're working that you've got to protect. Absolutely, so people trust us with their data. We have personal information for many, many people, and we take very seriously our responsibility to manage and protect that. One of the things that we've done with Palo Alto's tools is ensuring that we're compliant with all of the various standards like ISO 27001. And compliance is kind of like brushing your teeth, right? Everybody needs to do it. And somebody doesn't want to be friends with somebody who doesn't brush their teeth. So we ensure that we brush our teeth using tools like Palo Alto's, we can demonstrate to people that we're brushing our teeth. Right. With the innovation of RedLock now, we're able to take that to the next level. So we're not only brushing our teeth now, but we're also grooming our hair and... You're technologically flossing as well, I'm sure. We are, we are. So Ankur, I think that makes you the dentist of cloud security. So you've got people brushing their teeth, they're flossing. What comes next? What should they be looking at? Yes, should they be going beyond just me hygiene factors and is there something that they can do that's more than just brushing their teeth? Yeah, yeah, so I touched upon some of those areas. So I think it all starts with the basic hygiene that we've talked about it, right? Like you got to do it, that's the kind of the fundamental. But the next gen attacks are not going to be very simple, right, like because the cloud fundamentally increases the attack factor, right? So the malicious actor, they're smarter, right? So like I mentioned, things like cryptojacking, stolen access keys, a lot of the next gen breaches are going to happen in the cloud. So customers have to constantly understand the kind of AWS services that they're adopting, understand the security implications, make sure they have the security guardrails. And like I mentioned that once they understand that, look at it more holistically, both from sort of the basic hygiene perspective as well as from network security, user activity as well as host monitoring perspective. Once they covered all of that stuff, you know, hopefully they'll have good teeth forever. Strong cloud teeth, I don't think that's a good phrase I wouldn't have thought I'd say until today. You know we hear a lot about the cat and mouse game in security, right? You're trying to stay once ahead of bad actors who are spending a lot of time and a lot of resources, a lot of energy to stay a step ahead of you. So in today's world, I mean, how do you really win that battle? How do you predict where the next wrong turn is going to come, if you will, or where that invasion is going to try to occur and prevent that? Or are you in a prophylactic state all the time where it's about seeing where that action's going and then trying to stop it once you've learned of it? See what I mean? It's a conundrum that I think you find yourself in. Yeah. You know, I think the 90% of the problems that happen where bad actors get hold of your sensitive data is because of common silly mistakes. So making sure that there is a user training across the board, not just security teams. Now DevOps teams have to be part of the equation as well. They need to be trained and coach on understanding the security implications of their day-to-day operations. Once you train the users, you'll find that a lot of these problems will go away because most of these actors are using simple techniques to get into the customer's cloud environment because those mistakes are being made. So start with the user training. Obviously you need third-party tooling and technologies like Palo Alto Networks to make sure that you have that security guardrails all the time. Beyond that, you just have to hire a lot of smart people like Richard just to ensure that you're ahead of the game thinking two steps in advance. But it's about lock in the door, yeah. Yeah, yeah. And I want to touch on a couple of the things that Ankar said. He talked about building security into DevOps. So there's this concept we call shifting left where you're trying to build security more upfront into the development and deployment process before you even get into the wild and that's something Palo Alto is helping us with. The other thing is we cannot hire enough people to keep up with the pace at which we're scaling our cloud environments. So we need tooling and automation like RedLock in order to ensure that we can get visibility and control on this vast set of resources with just a small number of people. Yeah. So necessity driving invention in that case, right? Yes. You need it. Gentlemen, thanks for the time. We appreciate the conversation. I feel like I need to go brush your thoughts. Yeah, thanks for having us. Thanks for having us. Watch this all the time. But thank you both. Thank you for having us. Thank you for having us. Thanks for having us. Back before from AWS re-invent, you're watching theCUBE here in Las Vegas.