 from theCUBE Studios in Palo Alto in Boston. It's theCUBE, covering IBM Think, brought to you by IBM. Hello everybody, this is Dave Vellante of theCUBE and you're watching our wall-to-wall coverage of the IBM Think Digital Experience. And Justin Youngblood is here, he's the Vice President of IBM Security. Justin, good to see you again, thanks for coming on. Hey Dave, good to be here, thank you. So look, let's get right into it. I mean, we're here remote. I wish we were face-to-face in Moscone, but things have changed dramatically. There's a massive shift to work from home. And that's, obviously COVID-19 has heightened the need for security, but let's start with some of the things that you're seeing, how you're responding to secure those remote workers. And let's get into some of the trends that you're seeing in the security space. Yeah, absolutely, some major trends. And there is a big response around COVID-19 right now. And first of all, what we tell all of our employees, our clients, our partners, the entire ecosystem is number one priority, stay safe and healthy, of course. Even at IBM right now, we have over 95% of IBMers who are working from home. We've seen that trend across our clients and partners as well. And basically three themes keep popping up as it relates to security and COVID-19. The first is clients are asking us to help them secure their remote workforce. We have a number of tools, technologies, and services to help them do that. The second is detecting and responding to accelerating threats. Amidst COVID-19, the threat actors are more active than ever. They're driving some targeted attacks and phishing campaigns and our clients are asking us for help on that front. And then the third is virtually extending security teams and operations. And we've got a set of services, managed services and remote employees who can actually work with our clients and help them with their security operation centers and anything they need from a security program. Yeah, I mean, when you talk to CISOs, they'll tell you, look, our biggest problem is a lack of talent. And we have all these fragmented tools. And then now you throw COVID-19 at them and you say, okay, now overnight, blank and secure the remote workforce. So talk a little bit about this notion of platforms. I've said often, the security marketplace is very fragmented. That accentuates the skills issue because you've got to learn all these different tools and this is integration issues. Talk about platforms and how that might help solve this problem. Absolutely, security platforms are on the rise. Do you see a lot of security platforms being announced by vendors today? The problem statements are very clear. As enterprises have moved along on their journey to cloud and digital transformation, they now have workloads, applications, data, users spread across multiple cloud environments. Every enterprise is using multiple clouds today. So the problem statements become very clear for security. Security leaders have too many security tools. They have too much data and they don't have enough people, right? So too many security tools that lack interoperability. The average enterprise has anywhere from 50 to 80 different security point products that don't talk to each other. So trying to solve a security problem to pinpoint an issue actually takes looking at multiple screens. Too much data that comes without insights, trying to stitch together all of this disparate data across a fragmented security landscape is very complex and it allows threats to be missed and then not enough people. The shortage in cybersecurity is well documented over 2 million unfilled jobs today and that number continues to grow. So enter security platforms that are on the value proposition of cleaning up this mess. In November last year, we announced the cloud pack for security. That's IBM security platform and it has some attributes that are powerful, compelling, we're seeing a lot of traction with clients. Well, you mentioned two things that really caught my attention, the detection and the response because you know, you're going to get infiltrated. Everybody gets infiltrated and you've seen the stats. It takes whatever, 250, 300 days before you can even detect it and then response is critical. So talk about the cloud pack for security. There are other platforms out there. What makes yours different? Yeah, basically traditional security is broken. We have a vision of modern security. It centers on the cloud pack for security. We set out two years ago with the concept of a next generation platform. It's a security control plane that works across hybrid multi-cloud environments. It connects all your security data and tools with a common platform that includes IBM and security tools and cloud platforms. So whether you're using a SIM like Q-Radar or Splunk, endpoint detection systems like Carbon Black or CrowdStrike and any of the IBM, any of the cloud platforms, including IBM, AWS or Azure, it connects all of those and brings the insights together. We worked with over 50 enterprises and service providers to help us co-create this solution. And the attributes are it's multi-cloud capable. Cloud pack for security is multi-cloud capable. It can bring all the insights together from across the hybrid multi-cloud environment. It's open, it's built and based on open standards and open technologies. It's simple and it's composable in the sense that it has the ability to integrate with IBM and third party technologies and add more capabilities over time. What we see from other security platforms in the industry is they basically approach the problem saying, Mr. Customer, bring all your data to our cloud, we'll run the analytics on it and then provide you the insights. What's different with cloud pack for security is we take the analytics to the data. Customers don't need to move their data from all the disparate sources where it exists. We take the analytics to the data and bring those insights back to a common console for the security leaders and security analysts to take action on. Well, you're preaching to the choir now because well, first of all, you've got the integration matrix and you've got the resources obviously. I mean, you mentioned a couple of really prominent and some hot products right now. And this is the challenge, right? Best of breed versus fully integrated suite. And what you're saying, if I understand it correctly is we're not asking you to make that trade-off. If you want to use some tool, go for it. We're going to integrate with that and give you the control. And then the second piece is bringing that analytics capability to the data. Because that's the other thing. You really don't want to move your data, the Einstein, right? Move as much data as you have to, but no more, right? Absolutely, this is a team sport. Security is a team sport and that's where open technologies are so important. The ability with an open API to integrate with any IBM or third-party technology. This is not a rip and replace strategy. Clients can't afford to do that. They want to work within their existing security tools, but they need a common platform to bring it all together. So we talk about the ability to gain complete insights across your hybrid multi-cloud environment. The ability to act faster with a set of playbooks and automation that basically run security runbooks once an incident is detected to automatically go about the fix. And then third is the ability to run anywhere. Cloudpack for security, like all of the IBM Cloudpacks is built on Kubernetes and Red Hat OpenShift so it can be deployed on-premise or on the public cloud of the customers choosing. Complete choice and flexibility in that deployment. I mean, another key point you just made is automation and you talked earlier about that skills gap and the unfilled jobs. Automation is really the way, certainly a way and probably the most important way to close that gap. I want to ask you about open because you think about security and networks and open is almost antithetical to secure, I want close. But you mean open in a different context. I wonder if you could talk about that and maybe break down the key aspects of open as you defined it. We've seen open technologies, open standards, open source be adopted across technology domains. Think of operating systems and Linux. Think of application development. Think of the management domain and Kubernetes which now has a community of over 4,000 developers behind it. It's more than any single vendor could put behind it. So open technologies really provide a force multiplier for any industry. Security has been a laggard in adopting open standards and open source code. So last year, 2019, October timeframe, IBM partnered with McAfee and dozens of other vendors and launching the open cybersecurity alliance focused on open standards that promote interoperability across security tools, focused on open source code which we've adopted into and underpin the IBM's cloud pack for security, focused on threat intelligence and analytics and ultimately sharing best practices. And let me talk about run books. This really comes down to the automated playbooks that customers need to run in response to a security threat or incident. That's become really important. Automating actions to help security operations teams be more productive. So all of those capabilities in total sum up what we're talking about with open technology for security and it underpins our IBM cloud pack for security solution. Well, I've always felt that open was part of the answer and like you said, the industry was slowly to adopt. Adversary is highly capable. He, she, they're very well funded. Do you think our industry is ready for this open approach? We're absolutely ready for the open approach. We see customers responding extremely positively to the cloud pack for security and the fact that it is built on open technologies. Many enterprises come to us and say they want that future proofing of their investments. They want to know that what they purchase will interoperate with their existing environments without a rip and replace. And the only way to get there is through open standards and open technology. So it's already being well received and we're going to see it grow just like it has in the other technology domains, operating systems, application development, management, et cetera. Now's the time for security. Well, Justin, you're operating in one of the most important aspects of the IT value chain. Thank you for keeping us safe. Stay safe down there in Austin and thanks for coming to the queue. Thank you, Dave. Good to be here. Take care. And thank you for watching everybody. You're watching theCUBE's coverage of IBM Think 2020, IBM's digital production. Keep it right there. We're right back, right after this short break.