 Hi, this is your host, Subil Bhartiya, and welcome to TFR. Let's talk. Today we have with us Yoav Raghav, co-founder and CEO of Centra. Yoav, great to have you on the show. Thank you for having me. Great to be here today. It's my pleasure to host you here today and as you were talking before the recording started that you started the company Israel then you moved to York City. The company was founded in 2021. So I want to just understand the history and history of Centra because security is a crowded space. Security in many ways is seen as a solve problem. It also becomes a sticky. Once we go with the vendor, you stick with that vendor. So I want to understand that what was the pain point that you saw in 2021 that you felt like, hey, you know what, we have to still address that, which led to the creation of this company that you co-founded. Centra is all about an able organization to move faster. We always ourselves how we can help organization to move faster. And when we founded Centra about two years ago, we understood that something is broken when you connect data, cloud, and security. And of course at the end, organization want to grow the business to do more and that's come with data because this day it's all about the data. And the organization, you know, the board and the CEO push them to do more, to do it better, faster, and they need the data to leverage that. So they create more data, they share more data. Of course, they move more data for that business. And with the cloud technology, it's that lets them do it much easier and faster. That's a great place to be. However, security left behind. And what we understood that we live in a data centric world, but we don't have a data centric solution. And we are here to shift the paradigm and to focus on the data so we can help organization to do both to be fast and secure. And this is exactly the place we put out the problem we have and we solve Centra. And as you said that when you look at cloud, you know, we talk about data, cloud seems to be a magical place. That's also the problem is scale or security. So what are the security related issues that you are seeing when organizations, you know, embrace cloud, especially and you're actually right, we live in data centric data driven world. Actually, data is everything. Everything else is like things on top of it, you know, applications can come and go. We can know it, but data is the, I mean, we can use the word real oil, actually, it's much more than that. So I want to understand, you know, what exact challenge that you see there, beta and cloud. As you just say, like we know these days everything about our life, we have a GPS for our pads and we have like, we know about even the delivery we just did. But we know nothing about the data itself. And in the cloud, it's even much more complex. Because again, the cloud led organization to move fast to use the data to leverage that and the best organization to that and grow the business. But they don't have the capability to start with the basic. And this is all about where is my data? Who has access to my data? How can it be compliance? You know, we can talk hours about regulation these days and privacy. And this is specifically the problem that they understand they have and they have to solve. And this is exactly what central do. And how we do it, by the way, and because of the cloud technology, we can do it at scale. So it doesn't matter if it's a big organization or small organization, all of them have so much data. And what we do in a nutshell, we discover every piece of data you have in your cloud at scale, we classify it very accurate. So for the first time, really know what you have inside, sensitive, critical. And on top of that, we add a security context. So again, for the first time, you have a fully automated catalog about every piece of data you have, full visibility to everything. So again, as I said before, you can be fast and secure. Because when you know something, you can protect, you can protect what you don't know about. So after we have that catalog, the next step is to find the risk, to find any policy violation. It doesn't matter if it's privacy, if it's compliance, or if, of course, security, and to help organization to take an action and to remediate it before it becomes an incident. And this is all about central. When we look at security, especially in the context of data, it's not simple. Security is not just about firewall, it's not just about protecting your environment. You mentioned access control can be there, authorization can be there, the whole zero trust security posture policies can be there, protecting yourself from ransomware. I mean, it's a can of worms that we don't even want to open it. In cloud, the scale when we operate, people operate, we don't just talk about one cloud, we talk about multi-cloud. We also talk about hybrid cloud. We still have data centers and they will be staying around for a while. When we talk about data, we also talk about extracting value from the data we put on data lakes, data warehouses. So things becomes very complicated. So when we look at central, is there any specific area that you look at securing or you look at it holistically? Great, great, great question. And you know, I like to use the terms that someone told me about two years ago, data has its own life. And exactly as you mentioned, data moves and, you know, everywhere. And exactly as I said, the holistic solution. So it doesn't matter where data sits and where it's go. And we take care about every piece of data you have, and it doesn't matter where. So for the first time, we connect all the dots together to one place. We connect all the dots between any piece of data to other piece of data. So it doesn't matter if it moves from one cloud to another. If it moves from the created in the data lakes and move after that to kind of a backup in some different or other place, we connect all the dots together to kind of a one graph. You can think about it as like a one graph of all of your data because our vision is to find any piece of data doesn't matter where and to tell you everything about the data. So you can really understand what's going on and take the action to make sure you are in the right position again to move fast because it's all about to be an abler and not a blocker. Of course, the company was created in 2021. If you look at this whole cloud, or actually, we are lucky to be living in this kind of era, a lot of innovation are happening. I mean, we look at Kubernetes, it looks like it was just tomorrow and I was talking to the folks and I was like, hey, it's almost 10 years next 10 years, then CNCF and Kubernetes came to exist 2014. So a lot of time, like not enough time. So the point is that a lot of things happen in just like one or two years. Since the company is really doing so I cannot talk about the whole evolution of cloud or data over time. But what I do want to understand is that since 2021, what kind of either new use cases or new technologies that have emerged. So either you look at them as, hey, we have to protect this new use case or suddenly a new technology is cropped up. I mean, generative AI is a good example, LLMs is a good example, where you're like, you know what, these new technologies now we can actually leverage them. So can you like talk about the kind of new things from these two different lenses? Yeah, first of all, always there are chains and you can see more and more technology everywhere. Of course, you talked about the generative AI or AI in general. And this is the some things that we're dealing these days. But what I really like is data is unlimited. Data is something that is grow very fast as the data itself, but also a lot of tools, technology capabilities that help organization to do more from the business side. So first of all, we see the immigration to the cloud, something that we can see more and more. And specifically traditional large enterprises that in the past, they lived only on prem. We see more and more move to the cloud. Secondly, we see more and more, as I said before, multi-cloud. At the beginning, it was one cloud. Now we see it everywhere. On top of that, we see more and more services on top of the data that give organization much more capabilities. However, it's much more complex. And the last service you mentioned is about the AI because organization tried to leverage every piece of capabilities they can again to bring something to their customers. So this is what we see from the technological point of view. By the way, the other side is the regulations and privacy. This is a trend we started to see in the last few years. GDPR I think was one of the first during 2018, if I remember well. But since then, we see it more and more everywhere in the world, specifically here in the US. And this is something that organization need to handle and to take care from one hand the technology and to move fast from the other hand, the compliance and regulation, the privacy they need to give the clients. So by the way, CENTRA is exactly in the middle point that solve both of them together because we let organization to create move and use those technological capabilities, specifically AI, with the way to keep it private and to be compliance and with a lot of security as part of the process. And specifically, we see more and more. And that's a great point about the AI because organization, you know, like the CEOs and the board push them to use it more and to use that technology like as a daily basis. However, organization, it's very hard for the organization to do it. They don't know a lot about that. They don't know about the risks. It's very hard for them to control the data that they push in to those models. I heard some kind of a term from one of the partners, I was part of it, is garbage in, garbage out. You want to reduce and prevent from those situations. And with that use case, CENTRA helped a lot to the customers again to control the data and to make sure that only the right data is moving on. You mentioned GDPR recently, you know, especially in the European Union, they started talking about CRS Cyber Resiliency Act, you know, there. And Europe is a place, I mean, I used to live there, where they do care a lot about protecting people's privacy, their data. So it doesn't fall in the wrong hands. They want their sovereignty. How do you look at some of these laws? And as you already touched upon that, but if you can, from technical perspective, where sometimes when companies operate across different geographical regions, it does become challenging for them to ensure right data is staying at the right place, you know, Asia, India, China, Japan, of course, Europe, and then you move to North America. So talk about, you know, how you folks help. I mean, as I said, you did touch upon that, but I just want to have a just a specific discussion on that, but it's data classification to kind of ensure that data sovereignty. So this is exactly part of the basic questions and the basic capability we have, and it's getting more and more important these days. So what we do, our core capabilities, I think, and today, there is a lack of capability, those capabilities in the organization is to find, first of all, any piece of data. So you have 100% coverage. And we put a lot of efforts at scale to bring that combined with a very accurate classification that you can understand the data itself. And when we talk about GDPR or CCPA or some other acts, it's about the PII, the PHI and the PCI and everything. So when you have those basic core capabilities, and you add the, as I said before, you can connect the dots, like kind of a data graph that you understand every piece of data about, and I like to call it the data about the data, you know, about the position, you know, about the region, you bought about the environment. Then we have kind of very easy way to tell you that someone touch data from a different place or someone move data to a wrong place. And this is part of the solution. And again, because of the cloud technology and because the core capabilities I talked before, we can do it like out of the box. You just need to check which compliance, it doesn't matter if you are in India, you are in the US or in Europe. And then out of the box, you get a full solutions that give you any problem or any violation you have with that. Again, it's about the location and the access mostly. When you look at Genetic AI LLMs, of course, we have been talking a lot about them this year. Talk about their actual maturity in not just, you know, chat GPT kind of use cases, but actual use cases where you are talking about something that people trust in production, how you are leveraging LLMs. And then we can offer that we can talk about if you can also share some use cases where companies are already benefiting from centros, you know, integration of LLM technologies. Two different branches for LLM or Generative AI and so on. One of them is that help us to do better. And the other one is we help organization to deal with that problem. So for the first one, we use LLM as part of our technology, our infrastructure, and it's part of the accurate classification we have. So LLM led us to do it at scale, much faster and most important, much more accurate. So we can bring more and more capabilities to that area. So as an example, something that was a little bit harder or much harder before we use LLM is about document level classification. This is something that with LLM we can do much better and give the customers the opportunity not only to understand what they have in their unstructured data, as an example entities and so on, they can understand what is a document talk about. So for now on, you have a full list about base leaps, legal documents, and so on out of the box. This is something that we leverage LLM as part of the solution. And the clients and the customers get better results, very accurate. On the other hand, the second branch is about how we help them to make sure that their LLMs, their models, the way they use AI is safety. So and this is something that we didn't talk at the beginning like two years ago, but these days very popular and most every customer asks us about it is how can they do again use that technology that it's very immature, also very new for them, but they want to use it in a very safety and protected way. And what we do, we can ensure that they have a full control about any piece of data they use for those models, because part of the problem is that when you put your data inside, you can lose control and you can find it in a very different places without to be again secure and compliance. So we help them and make sure and this is a very specific use case that data or sensitive data or critical data don't get in to those models as an example. So they have a secure environment for AI. This is a very specific and very new and we like that use case a lot. When you talk about LLMs and Genitive AI to your customers, do you hear some apprehensions for them? Because most of the companies that I talk to which are leveraging some of these technologies, they'd say that yes, the technology is maturing, but we cannot fully blindly trust it. We still need human intervention, of course, depending on case by case basis. What are your thoughts and what are the thoughts or feedbacks of your customers? I totally agree that it's not mature enough as a process wise to put it in a production and to move forward. However, organization needs to do it because this is part of life with new technology. So they try to put it in their basic data flows. They try to use it more and more. And of course, when they put it there, they don't want to work too much and without time consuming. So they want to do it in a very automatic way. With that perspective, they lost control many times. And they have kind of a fight or debate internally how to do it. And this is the place they need some guards, some help to make sure they don't do mistakes. And one of the biggest mistakes is about the data. And that's at the place where we help them and let them the capability and the trust they can move with that even though it's not mature enough sometimes or even though they don't know exactly how to manage everything. One more thing that I want to talk to you about which is kind of important when we talk about data cloud security is that yes, these technologies are there. But technology is the easy part. People is the challenging part especially in terms of security. I don't want to go into the whole social engineering how employees can be tricked into compromising their systems. I am not talking about misconfiguring all that. I'm talking about organizations embracing a culture where it's not limited to just shift left or DevSecOps. It is seen as a cultural thing within organizations when developer is writing their first line of code. Of course, the lines are blurring and operator is pushing those things and they are working on the new versions. So this whole culture of looking at security from different perspective, how important do you think culture is which actually helps getting most of these tools and how much you see that cultural shift is actually happening. So always vulnerability is about people. We can talk about vulnerabilities for applications and infrastructure but vulnerability is about people. People create the vulnerability and also people have the vulnerability. So I totally agree that culture it's always should be there and we talk and we need to teach the people more and more. However it's kind of a conflict. If you want to move faster, if you want to push harder, so you do mistakes and this is part of the culture. What I believe is that technology can help an organization should leverage is to take the technology and specific data security or security in general is to help them to move faster and to understand the mistakes and to let the people hopefully to solve the mistakes by themselves and with that to learn more and more. And this is the reason that we combined two different approaches. One of them is the preposition. You should try to do everything to make sure that all of the data or infrastructure, it doesn't matter, should be in the right position always in a very, very efficient way and almost automatic way. On the other hand, you need to be proactive and to find processes or vulnerabilities on demand in real time and to make sure you catch them and help them very fast. And when you combine those together with the culture that it's getting better and better and people as part of the process, then I think you can be in the right position between the move fast and push it to be safe and secure. And this is the reason, by the way, I always say fast and secure. You don't want and you can't be in one of the sites. You need to combine and to take the balance all the time and you need to take the culture and the technology and all together to be in the right position. If we look at Centra, there are a lot of folks who have been around for decades, you know, traditional security players who are moving into the cloud space. And then there are a lot of, you know, companies who evolve and emerge like Centra in the cloud net time. Where do you see yourself positions when you look at some of these and convince what value are you bringing to the customers? Why should they choose you? So, when we talk about the cloud, there are four layers that I believe you should solve to be in the right place. Infrastructure, identities, application and data. And Centra put, we put ourselves in the data layer and we put ourselves as a leader in that area because of two things, the approach and the technology. And when you combine together, we are the best solution in the market that can give you the capability to control the data, to connect all the dots, all the dots together to a one place that you can really manage it, understand it, and move fast as you can for your business. Yoav, thank you so much for taking time out today and not only talk about Centra, but also the whole evolution of data, cloud, security. Thanks for all those great insights and I would love to chat with you folks again. Thank you. Thank you very much for hosting me and it was great and hopefully to meet you soon.