 from Las Vegas, it's theCUBE, covering QALIS Security Conference 2019. Welcome to you by QALIS. Hey, welcome back everybody, Jeff Frick here with theCUBE. We're in Las Vegas at the Bellagio at the QALIS Security Conference. It's the 19th year they've been doing this. It's our first year here and we're excited to be here and it's great to have a veteran who's been in this space for so long to give a little bit more of a historical perspective as to what happened in the past and where we are now and what can we look forward to in the future. So coming right off as keynote is Philippe Corteau, the Chairman and CEO of QALIS. Phillip, great to see you. Thank you, same for me. Absolutely, so you touched on so many great topics in your conversation about kind of the shifts of modern computing from the mainframe to the mini. We've heard it over and over and over, but the key message was really about architecture. If you don't have the right architecture, you can't have the right solution. So how has the evolution of architects, of architectures impacted your ability to deliver security solutions for your clients? So now that's a very good question and in fact, you know what happened is that we started in 1999 with a vision that we could use exactly like Salesforce.com, these nascent internet technologies and apply that to security. And Mark Benioff applied that to essentially changing the way CRM was essentially used and deployed in enterprises and with a fantastic success as we know. So for us, I can say today that 19 years later, the vision was right. It took us significantly longer because the security people were not really warm at the idea of suddenly having the data in their view, which was in place that they could not control. And the IT people, they didn't really like and they told the fact that suddenly they were not in control anymore of the infrastructure. So we had a lot of resistance. However, we always, I always believe, absolutely believe that the cloud will be the cloud architecture to go back. A lot of people make the confusion and that was part of the confusion that for people it was a cloud that kind of magical things someplace you don't know where. And when I was trying to explain and I've been saying that so many times that when you need to look at the cloud like an architecture which distributes the computing power far more efficiently that the previous one, which was client server, which was distributing the computing power far better than of course the main frames and many computers. And so if you look at their architecture, so the main frame were essentially big data centers in four knocks like settings, private lines of communication to a damn terminal. And of course security was not really an issue then because it's security was built in by the IBM's and company. Same thing with the mini computer which then was instead of just providing the computing power to the very large company who could afford it, now suddenly the mini computer through the advance in semi-conductor technology could reduce the footprint and then now bring the computing power to the labs and to the departments. And that was then the new era of the digital equipment, the prime, the data general, et cetera. And then client server came in. So what client server did, again, if you look at the architecture, different architecture, now suddenly servers, the LAN, or the internal network and the PC. And that was now allowing to distribute the computing power to the people in the company. And so but then you needed to, so nobody paid attention to security because then you were inside of the enterprise, so inside the walls of the castle, if you prefer. So nobody paid attention to that and it was more complex because now you have multiple actors instead of having one IBM or one digital equipment, et cetera, suddenly you have the people manufacturing the servers, the software, the database, the PCs, and on and on. So suddenly there was the complexity increased significantly. But nobody paid attention to security because it was not needed until suddenly we realized that viruses could come in through the front door, being installed, and now suddenly you were absolutely, absolutely compromised. And of course that's the era of the antivirus which came in. And then because of the need to communicate more and more, now suddenly you could not stay only in your castle, you needed to go and communicate to your customers, to your suppliers, et cetera, et cetera. And now you were starting to up and up your castle to the world. And hello, so now suddenly the bad guy could come in and start to steal your information and that was the new era of the far world. Now you make sure that those who come in, but of course that was a little bit naive because there was so many other doors and windows that people could come in, create tunnels and create these and all of that to enter into your castle because the data was becoming more and more rich and more and more important, so more value. So whatever there is value, of course, the bad guys are coming in to try to steal it. And that was that new era of a, we need to pay attention to security. The problem has been is because you have so many different actors. There was nothing really central there. Now you suddenly had more and more solutions and now absolutely like 800 vendors bolting on security. And bolting on anything is short lived at the end of the day because you put more and more weight. And then you also increase the complexity and all these different solutions, they need to talk together. So you have a better context, but they were not designed to talk together. So now you need to put other system where they could communicate that information. So you complicate and complicate and complicate the solution. And that's the problem of today. So now cloud computing comes in. And again, if you look at the architecture of cloud computing, it's again data centers which now today have become thanks to the technology having infinite almost computing power and storage capabilities. And like the previous data centers are much more fractured because you just want scale and they become essentially a little bit easier to secure. And by the way, it's your fewer vendors now doing that. And then of course the access can be controlled better. And then of course the second component is not the land and the one, it's now the internet. And the internet of course is the way of communication. It's extremely cheap and it brings you in every place on the planet and soon in Mars. Why not? So now the issue today is that still the internet needs to be secure. And today, how are you going to secure the internet? Which is very important thing today. Because you see today that you can spoof your email, you can spoof your website, you can attack the DNS, spoof the DNS, there's a lot of things that the bad guys still do. And in fact themselves they leverage the internet of course to access everywhere. So they take advantage of it. So now this is obviously, I created the trustworthy movement many years ago to try to really address that. Unfortunately, what is was too small and it was not really our place. Today there's all the Google, the Facebook, the big guys which in fact their business depend on the internet now need to do that. And I applaud or they've been criticized very much. So Google was the first one to essentially have a big initiative was trying to push SSL which everybody understand is secure, encryption if you prefer, and to everybody. So they did a fantastic job, they really push it. So now today SSL is becoming like, okay, SSL you want to have SSL on your communication but that's not enough. And now they are pushing and some people criticize them and I absolutely applaud them to say we need to change the internet protocols which were created at a time when security, you were transferring information from universities and so forth. These were the heydays of everything was fine, there's no bad guys, the hippie days if you like of the internet, everybody was free, everybody was up and fantastic, okay. And now of course today this protocol needs to be upgraded which is a lot of work but today I really believe that if you put Google, Amazon, Facebook all together and they can fix this into that protocol so we could forget about the spoofing and we forgot about all this phishing and all this thing but this is their responsibility. So and then you have now on the other side you have now very intelligent devices from very simple sensors and to sophisticated devices, the phone et cetera and more and more and more devices interconnected and for people to understand what is going so this is the new environment and what we always believe is that if you adapt an architecture which is exactly which fits which is similar then we could instead of bolting security we can now certainly build security in a bolting security on, we could build security in and we have been very proud of the work that we have done with Microsoft which we announced in fact relatively recently very recently that in fact our agent technologies now is bundled in Microsoft so we have built security with Microsoft in so from a security perspective today if you go to the Microsoft Azure Security Center you click on a link and now you have the view of your entire Azure environment courtesy of a quality agent you click on a second link and now you have the view of your signal compliance posture courtesy of the same quality agent and then you click on the third link where there's nothing to do with quality it's all Microsoft you create your playbook and you remediate so security in this environment has become click, click, click nothing to install, nothing to update and the only thing you bring are your policies saying I don't want to have this kind of machine exposed on the internet I want this, this is what I want and you can continuously audit essentially in real time so as you can see totally different than putting boxes and boxes and so many things and then having for you to so very big game changer so the analogy that I want to that I give to people it's so people understand that paradigm shift it's already happening in the way we secure our homes you put sensors everywhere you have cameras, you have proximity detection essentially when somebody tries to enter your home all that data is continuously pumped up into an incident response system and then from your phone again across the internet you can change the temperature of your rooms you can see the person who knocks on the door you can see its face you can open the door, close the door the garage door, you can do all of that remotely and automatically and then if there's a burglar then in your house you try to break in immediately the incident response system called the cops or the far more sure difficult fire and that's the new paradigm so security has to follow that paradigm and then you have interesting enough the problem today that we see with all the current security systems incident response systems they have a lot of false positive false positive and false negative are the enemy really of security because if you have false positive you cannot automate the response because then you're going to try to respond to something that is not true so you could create a lot of damage and the example I give you that today if you leave your dog in your house and if you don't have the ability the dog will bark, will move and then the sensors will say intruder alert so that becomes a false positive so how do you eliminate that? By having more context you can eliminate automatically again these false positives like now you take a fingerprint of your dog and of its voice and now the camera and the sensors and the voice can pick up and say oh this is my dog so then of course you eliminate that false alert now if another dog managed to enter your home through a window which was open or whatever for so long you will know a window was open but you cannot necessarily fix it and the dog opens then you will know it's not your dog so that's what security is evolving so it's a huge sea of change which is happening because of all that internet and today companies today have to leverage this new cloud technology which are coming it is so much new technology what people understand is where is that technology coming from? How come suddenly we have dockers, kubernetes all these solutions today which are available at almost no cost because it's all open source so what happened is that which is unlike the enterprise software which were more the Oracle et cetera the manufacturer of that software today is in fact the cloud public cloud vendors the Amazon, the Google the Facebook, the Microsoft which suddenly needed to have to develop new technology so they could scale at the size of the planet and then very shrewdly realized that if I give that technology for me I'm essentially going to imprison that technology it's not going to evolve and then I need other technologies that I'm not developing so they realized that they totally changed that open source movement which in the early days of open source was more controlled by people who had more purity if you prefer no commercial interest it was all for the good of civilization and humankind and they say their licensing model was very complex so they simplified all of that and then now suddenly you had all this technology coming at you extremely fast and we have leveraged that technology which was not existing in the early days when Salesforce.com started where the Linux, the lamp protocol was called Linux, Apache, MySQL and PHP a little bit limiting but now certainly all this technology like Elasticsearch was coming we indexed today in our backend 3 trillion data points on Elasticsearch clusters and we returned information in 100 milliseconds and then under the Kafka bus which is again something at open source we vehicle now to the 5 million messages a day and on and on and on so the world is changing and of course if that's what it's called now the digital transformation so now enterprises to be essentially agile to reach out to their customers better and more they need to embrace the cloud as well do retool their entire IT infrastructure and essentially it's a huge sea of change and that's what we see even the market of security just to finish now evolving in a totally different ways than the way it has been which in the past the market of security was essentially the market for the enterprise and I'm bringing you my bold you know my bold tone solutions that you have to go and install and make work and then you add the antivirus essentially for all the consumers and so forth so today what we see is a marketplace which is fragmenting in four different segments which is one is the large enterprise which are going to essentially consolidate the stack move into the transformation leveraging absolutely DevOps which isn't becoming the new buyer and of course so that they could improve you know their IT to reach out to more customers and more effectively then the cloud providers as I mentioned earlier which are building security in so now if you use them you don't have to worry about infrastructure about how many servers you need how many days it's all done for you and same thing about security the third market is going to be an emergence of a new generation of managed security service providers which are going to take to all these companies we don't have enough resources okay don't worry I'm going to help you you know do all that digital transformation and help you build the security and then there's a totally new market of all these devices including the phone etc which connects and that you essentially want to all these IoT and IoT devices that are all now connected which of course presents security risk so you need to also secure them but you also need to be able to also not only check their health to make sure that okay because you cannot send people anymore so you need to automate same thing on security if you find that that phone is compromised you need to make to be able to make immediate decisions about should I kill that phone destroy everything in it should I now don't let that phone connect anymore to my network what should I do should I by the way detected that they've downloaded the application which are not allowed because what we see is more and more companies now are giving tablets to their users and in doing so now today's the company property so they could say okay you use these tablets and you're not allowed to do this so you could check all of that and then automatically remote but that again requires a full visibility on what you have and that's why just to finish we make a big decision about a few three months ago that we have we build the ability for any company on the planet to automatically build their entire global ITC inventory which nobody knows what they have in that old networking environment you don't know what connects to have the view of the known and the unknown totally free of charge across on premise and on cloud containers web obligations OT and IoT devices to come so now that's the cornerstone of security so with that totally free so and then of course we have all these additional solutions and we'll be the very scalable up and platform where we can take data in pass our data as well so we really need to be and want to be good citizen here because security at the end of the day it's almost like we used to say like the doctors you have to have that kind of hypocrite oath that you cannot do no harm so if you keep if you try to take the data that you have keep it with you that's absolutely not right because it's the data of your customers so and you have to make sure that it's there so you have to be a good guardian of that data but you have to make sure that the customer can absolutely take that data and do whatever he wants with it whatever he needs to do so that's the kind of a totally new philosophy and finally today there's a new ash culture change which is happening now in the companies is that security has become front and centers is becoming now because of GDPR as a huge financial could have a huge financial impact on a company a data breach can have a huge financial impact security has become a board level more and more so security is changing and now it's almost like companies if they want to be successful in the future they need to embrace a culture of security and now what I used to say and that was the conclusion of my talk is that now today IT, DevOps, security, compliance, people need to unite not anymore the silos I do that this is my turf, my servers you do that, you do these everybody in the company can work I have to work together toward that goal and the vendors need to also start to inter-operate as well and working with our customers so it's a totally new mindset which is happening but the stakes are big and that's what I'm very confident that we have now entered that finally we thought, I thought it would have happened 10 years ago quite frankly and but now today it's really happening Right, so you've touched on a lot Yes, absolutely so and I can speak for another two hours if you like Yeah, we could go for two hours but I want to unpack a couple of things we've had James Hamilton on used to be at AWS CTO, super smart guy and it was at one of his talks where it really was kind of a splash of water in the face when he talked about the amount of resources Amazon could deploy to just networking or the amount of PhD power he could put on any little tiny sub-segment of their infrastructure platform where you just realize that you just can't compete you cannot put those kind of resources as an individual company in any bucket so the inevitability of the cloud model is just, it's the only way to leverage those resources but because of that how has that helped you guys change your market how nice is it for you to be able to leverage infrastructure partners like Azure both for go-to-market as well as feature sets and also, because the other piece they didn't talk about is the integration of all these things now they all work together most apps are a collection of APIs that's also changed so when you look at the cloud provider GCP as well how does that help you deliver value to your customers? Yeah, but the cloud, they don't do everything today what is interesting is that the clouds would start to specialize themselves more and more so for example, if you look at Amazon the core value of Amazon since the beginning has been elastic computing now today if you look at Microsoft they leverage their position and they really have come up with a more enterprise-friendly solution and now Google is trying to find also their way today and so then you have Adibaba, etc so these are the public cloud but life is not uniform like it's by nature diverse life wants to live, wants to find better ways we see that that's why we have so many different species and adjust and adapt so you have also the other phenomena of companies also building their own cloud as well so the world is entering into a more hybrid cloud and the technology is evolving very fast as well and again I was telling you all these open source software there is a bigger phenomena at play which I used to say that people don't really understand that much but it's so obvious is if you look at the printing press that's another example that I'll give the printing press essentially allowed as we all know to distribute the gospel which has some advantage of creating more morality, etc but then what people don't know for the most part is distributed the treaties of the Arabs and technology the scientific treaties because the Arabs which were very thriving civilization at the time had collected all the information from India from many other places and from China, etc and essentially at the time or Europe was pretty in the dark age they really came up and now suddenly that scientific knowledge was distributed and that was in fact the seeds of the industrial revolution which then Europe got caught and used that and creating all these different technologies so that confidence of the steam engine of electricity and all of that created the industrial revolution seeded by now today what is happening is that the internet is the new printing press which now is distributing the knowledge but not to a few millions of people to billions of people so the rate today of advancing technologies accelerating and it's very difficult I was mentioning today we know today that we're going to get some quantum computing which are going to totally change things of course we don't know exactly how and you have also it's clear that today we could use genetic the if you look at DNA which saw so much information in so little place that we could have significantly more you know memory capabilities at the lower cost so we have embarked into absolutely a new world where things are changing I've got a little girl which is 12 years old and fundamentally that new generation special of girls not boys because the boys are still on you know at that age they are very studious they absorb so much information via YouTube via things like a security stream they are so knowledgeable and when you look back at history 2,000 years plus ago in Greece you had 95 plus percent of the population slaves so a few percent could start to think now today it's totally changed and the amount of information they can they learn and it's absolutely amazing and you know she I would tell you a little story which has nothing to do with computing but it's about the knowledge of she came to me the few few weeks ago and she said oh daddy I would like to make my mother more productive okay so I said oh that's her name is Evia which is the which is the the island in Greece where Jews wedded here up and she said Evia so that's a good idea so how are you gonna do it I mean her answer I was floored that is very simple just like with for me I'm going to ask her to go to YouTube and get to learn what she needs to learn exactly and she learns she draws very well she learns how to draw in YouTube and it's not a gifted she's a nice very nice little girl and very small but all her friends are like that so we're entering in a world which things are changing very very fast so the key is adaptation, education and democratization and democratization you're talking about democratization giving more people access to more data and the tools to do something about it and then kind of this whole DevOps way of thinking which is you know continuous improvement not big bang that's a very good point that you make because that's exactly today the new buyer today in security and in IT is becoming the DevOps shipper because what what are these people they are engineers which suddenly create good code and then they want to of course ship their code and then all these old silos all you need to do these oh no we need to put the new server we don't have the capacity etc how long is it going to take three months or four months and then we need and you're cool so finally they find a way through again you know all the need for scale which was coming from the Google from the Facebook and so forth open by the way we can shortcut all of that and we can create and we can learn how to ship our code guess what are they doing today they're learning how to secure all of that so again is that ability to really learn and move and today one of the problem that you alluded to is that which Amazon was saying is that they are picked there they have taken a lot of the talent resources in the US today because of course and they pay them extremely well of course attract that talent and of course there's now people say in security there's not enough people and even in IT but guess what we realized that few years ago in 2007 we make a big decision we say we're never going to be able to attract the right people in the Silicon Valley and we decided to go to India and we have now 750 people and Jack Welch used to say we want to India for the cost and discover the talent we want to India for the talent and we discover the cost and there's a huge pool of talent so it's like hey life wants to continue to live and now today all these tools to learn are there look at the Khan Academy which today if you want to learn nuclear physics you can do that through your phone so that ability to learn is there so I think we need to and that more and more people are coming so I'm a very optimistic in a way because I think the more we improve our technologies and look at the progress we're making genetics and so everywhere and that confidence of technology is really creating a new world you know there's a lot of conversations about a dystopian future and a utopian future with all these technologies and the machines and you know what Hollywood has shown us with AI you're very utopian side very optimistic on that equation what gives you what gives you you know kind of that positive feeling in security which traditionally a lot of people would say is just whack-a-mole and we're always trying to chase the bad guys more generally speaking if you I'm I'm a topian in in a way but on the other end you need to realize that unfortunately when you have technological changes and so forth it's also great factors and when you look at the history of humanity the same technological advancement allowed some countries to take to try to take advantage of others so it's not that the world is everything fine and everything peaceful in fact Richard Clarke was really in their keynote was saying that hey you know that there is a sinister side to all the internet and so forth but that's the human evolution so I believe that we are getting long term it's going to so in the meantime there's a lot of changes and humans don't adapt well to changes and so that's in a way the big challenge where but I think over time we can create a culture of change and that will really help and I also believe that probably at some point in time we will re-engineer the human race all right we'll leave it there because that's going to launch a whole other couple of hours I believe congratulations on the event and a great job on your keynote thanks for taking a few minutes with us all right he's will leave I'm Jeff you're watching theCUBE where the quality security conference at the Bellagio Las Vegas thanks for watching we'll see you next time