 Hey everyone, welcome back to theCUBE's coverage live from Caesars Palace of CrowdStrike's Falcon 23. Lisa Martin here with Dave Vellante. You can hear the buzz probably behind us. About 4,000 or so folks here. This is the seventh annual Falcon. This is our second time covering it. We're going to be talking with Madhu Balaji next. Senior Global Partner Architect, World Wide Public Sector at AWS. We're going to be talking about Zero Trust Architecture and AWS. Great to have you on the program. And thank you for joining us. Thanks for having me. Give us that definition from AWS' mindset. How does it define the concept of Zero Trust in the context of cloud security? And why is that so important for all organizations using AWS services? Sure, so at AWS we believe in innovating for our customers and we want to do a lot of undifferentiated heavy lifting for our customers so that they can focus on their innovation, right? So similar thing on security aspect. And when our customers come in and ask like how their security patterns right now align with Zero Trust because Zero Trust is the key buzzword right now. So at AWS we have a definition for that. Like it's basically a conceptual security principle and associated set of mechanism where we want to secure the digital assets and not relying just on the network perimeter. So that's the key area of Zero Trust like say for example if I want to say it in normal terms like say when you go to airport security you have perimeter security wherein you are checked just for who you are and all that. And then when you go in at every point like when you want to board a plane or when you want to go shop something you're checked again. So that's very similar to what Zero Trust is and this is something what I read in an article which is really great example to define Zero Trust. And also like security being our core one of the key principles on our AWS platform we focus heavily on security and also we rely on Zero. It was interesting, it was reinforced two years ago. I was sitting in a breakout session it was like an analyst session and it's interesting you said it's kind of the buzzword because it was a real big buzzword it didn't have any meaning. And the technical architects at AWS at the time like we didn't jump into the whole Zero Trust buzz but we kind of have to now. So here's our perspective and I thought they did a really good job of describing it you know as you did in very simple terms just now they went deep and so it was quite useful. My question is related to public sector. The CIA deal was a seminal moment within AWS's history it was a milestone because everybody was like wow the cloud you know is it really secure? And the CIA you know with the Gov cloud. So your bar is very high in public sector and I would imagine the same is true now for Zero Trust. What is the narrative like with Zero Trust in public sector now? Is it a higher bar? Is it more intense than it is in the commercial world or is the commercial world kind of caught up? I would say like we don't the security itself we cannot differentiate between commercial and public sector. But at the same time for public sector there are specific security checks you need to add additional security. So the base platform is the same across commercial and public sector and then for public sectors we add more checks and also the way we see it is it is all defined by the guiding principles on Zero Trust what we have defined. So we don't want to just rely on like it is not a binary choice of being identity focused or identity centric or network centric and that applies to public sector as well wherein you want to bring in both together and then see it as a holistic implementation and especially for public sector you mentioned CIA so we have different levels or regions where they are hosted and which is outside of regular commercial implementation. So that way even the entry point itself is at a very high level having a higher bar which will eliminate a lot of incoming threats or anything like that. So actually yeah. Talk about some of the challenges that customers are facing whether they're in public sector or commercial in terms of adopting Zero Trust and how is AWS helping them especially as they might be multi-region hybrid cloud. How are you helping them overcome those challenges? So the main thing is what we want to explain to customers is Zero Trust is not and goal in the sense it's not kind of tool or product which you just buy and implement. It's like a journey. Like you need to implement those core principles and then implement step by step. So in that regard for our customers like being very security focused protecting against internal and external trust. So that is very important and also securing your endpoints by default is key to success across commercial and public sector. Well and I think when you look at these frameworks like a NIST framework or Zero Trust architecture fits into that, the hard part that customers that I talked to have is okay I get it but how do I operationalize it? And so things like verified access help customers operationalize. Can you explain that? Sure, that's a good point. So when we talk to our customers what we ask is what is their outcome, right? What are they looking for? And then we work backwards from there and that's our whole focus. We want to understand customer problem and work backwards. So in terms of verified access so this is a new service which was announced in preview during last re-invent and we went GA in I think April or May this year. So this basically eliminate the need of using VPN for like say if you're an employee you want to access your internal applications you need to have your own laptop which is like completely frozen and then you need to connect to VPN so there's so many hazards like you have to get through even just to connect, right? And this verified access is basically built on Zero Trust principle wherein it will minimize all the need of like going through the hoop. And also what it does is it simplifies the user experience and also operations. Like when you want to get access to your internal application like say you want to check your payroll, paycheck, right? So for that first you need to if you're outside your office and I've worked with financial services company for 15 years and I know like if you are given a laptop you cannot access browser you cannot access these applications but now after COVID everybody wants to access from anywhere, right? So what this enables is it is free to access your application but you need to have few key elements in your network access, right? Like say we identify, we check your identity and we want to check your device posture and then we give you access to your internal application which is hosted within our VPC. It is not public but it is provided through our verified access so that's at a very high level the gist of that. What are some of the best practices that you've seen implemented across public sector and commercial for customers approaching zero trust security and doing it well? Yeah, so first thing is minimum access to any user, right? Like you need to get access if you need access to specific application only then you get access or else there's no access to you. So that's the best practice like that's step one for anybody and then you like say for example we spoke about the verified access, right? So in that, if you want to get access in traditional network you have to talk to your network team and then your application team and then your IT admin but with verified access they will have one single pin of glass to look at your whole flow and then if you need access a specific access into an application and then within that application if you need a fine grain access everything can be set up within verified access so that's I think one of the guiding principles for zero trust and that's what we have implemented with verified access and that we recommend as best practice across our public sector and commercial. So giving folks that centralized visibility That's correct. and making it a lot simpler. Exactly. It sounds like. It will make user experience simple and also operations like say when they want to evaluate something or when they want to check so all the logs are in central place you can detect and then we have observability patterns wherein you can implement tools to detect anomalies or any intrusion so you can get to the problem and basically you detect and prevent quickly so the time is money, right? So it's short of the time to detect and prevent it that's where the whole thing is. Yep. So I think AWS has done a very good job of figuring out partnerships. I mean there are some partners where you have overlap with competing products but even in the case of for instance like a Snowflake a great partnership and it works. The customer wants to use Snowflake AWS is great, no problem. We'll sell EC2 and you know the storage and one of the things I've observed is in security there's a lot of white space for partners so CrowdStrike, Octus here, Zscalers another one you guys partner with them. How do you work with security partners specifically from a standpoint of integration, roadmap what level of integration, like where are those levels? Is it just go to market? Is it engineering? I think you can describe that. That's a great question and in fact we are working with our partner so basically we went through if you look at the Gardner report and if you pick the top identity provider if you pick top network provider and the device production, end point production and the cloud. So you'd see this exact same names Octus, Zscalers, CrowdStrike and AWS. So we are partnering together and for us like all three are great partners top ISV partners and I support them on public sector but I have my colleagues who support on commercial as well so what we have done is we are working together in terms of implementing the whole zero trust principles and architecture wherein identity is covered by Octa and then device production and end point production from CrowdStrike and then the network security is provided by Zscaler and then the whole cloud encryption is taken care by AWS. So we are trying to get together build a use case based approach and we help our customers get to their zero trust journey helping their zero trust journey and innovate faster. So is that the clue things like taking advantage of nitro enclaves and integrating it at that level so any other sort of prerequisites that a customer has you may take care of those up front is that sort of the level of integration? Yeah, definitely and that's absolutely right and like I say especially in public sector encryption end-to-end is very important like say in traditional architecture you would see your encryption in transit ends like say load balancer level right and then it doesn't go further but with nitro you mentioned you can go up to the instance level we can enter it end-to-end and since we have great partnership with these like CrowdStrike obviously and then Zscaler and Octa and getting together these components is great win for our customers wherein they can like even in yesterday's keynote the main key discussion point was consolidation right so bringing these partners together and providing one single pane of glass for our clients, our customers to work on is a great opportunity. And with Gen AI this becomes even more important right because the developers we've talked to have been actually very impressed specifically the AWS developers with your ability to encrypt end-to-end not only data at rest but data in motion but also to fence off the LLM vendor from that data, they can't have access to the customer data. That's correct. That's critical for privacy. Yeah, no, and that's core in our AI implementation Gen AI implementation like at AWS probably you'd agree with me security is one of the key pillars and key focus for us because that's how the cloud was built public cloud whenever we started everybody is like oh it's public cloud safe right and that exists even today and to your point on AML it's really even further step ahead because when you get into LLM model and if it is like if you're feeding in data there are so many concerns from customers that oh will LLM learn my data and will anyone else be able to access it? So we have checks and implementations set up such a way that the customer data resides in customer account itself, perimeter itself and even we don't have access to that only customer will have access to that and they can provision that the way they want so that's really important. Very important. What's your favorite customer story? A crowd-strike AWS maybe Zscaler Octa story that you helped really tremendously consolidate and give them so much more value but also really giving them helping them on that zero trust journey. What customer story comes to mind? Sure, so especially on public sector we like we are doing a use case and it's kind of a POC model wherein we want to use the exact same zero trust principles at edge, right? Like say if anybody, there are so many digitization IoT devices and similarly our snowball devices. So what we have done is we have integrated AWS snowball with Octa Zscaler crowd-strike and when user comes in and access like a disconnected system like snowball they would be even still protected end to end. So that's like great use case and we will have more expansion on that in coming months. Maybe we'll hear something at re-invent. I don't know. What's next for the AWS crowd-strike partnership and your joint customers? So for us the core is we obsess over customer success. That's in our blood, in our DNA, exactly. And we always work towards that and our job is never done so I believe it's still day one and we continue doing it forever. Yep, it's still day one. Madhu, thank you so much for joining David and me on the program. No problem, thank you very much. Really how you're defining zero trust architecturally, what you're doing, how you're helping customers in some of those best practices. We appreciate you walking through that journey with us. No, it's great. Thanks for coming on. It's my pleasure. Thank you very much. Our pleasure to have you. Good to have you. Our guest I'm for Dave Vellante. I'm Lisa Martin. You're watching theCUBE live from crowd-strike Falcon 23. We'll be back after a short break so we'll see you soon.