 Live from Boston, Massachusetts, it's theCUBE. Covering AWS Reinforce 2019. Brought to you by Amazon Web Services and its ecosystem partners. Hey, welcome back everyone. It's theCUBE live coverage here in Boston, Massachusetts for AWS Amazon Web Services Reinforce. This is an inaugural conference for security. This is the first event Amazon is dedicating to security. I'm John Furrier, Dave Vellante. Dave reinvents the big show, Reinforce will be the big show for security. 12,000 people and we have Vittorio Varengo, who's the VP of Marketing, Cloud Business Unit, McAfee, formerly of Sky High Networks. Great to see you again on theCUBE. theCUBE alumni. I'm happy to be here. You guys are an institution, so I'm delighted to be here with you guys. Super excited, been big fan of your work for following your work at VMware, Sky High Networks, now McAfee, you've seen the big company go to startup. Real change is going on in cloud. McAfee certainly the expertise in anti-virus and security, been there, check, now cloud comes into the equation with Sky High Networks. Give us the update, what's the, what it's all about? Sky High comes into McAfee, you got a cloud business unit, they leave you alone, you get to do your own thing, but take advantage of the McAfee goodness. Give us the, what's going on, tell us. Well, you know, when you make an acquisition, usually you do it for two reasons. One is, I sit at the table in a new market acquiring the skills of the people, those are the two main reasons. So, McAfee, when they acquired Sky High in January, 2018, they kept the Sky High as a separate business unit to keep the momentum. And if you think about the investment thesis there, is that today, work gets done on endpoints that are attached to the cloud, increasingly. The network now is, it used to be the control point for everything security, but now we run applications on infrastructure we don't own, that traverses network, we don't operate. And so, our strategy is to secure data when work gets done, which is on the device, which that's the McAfee heritage, and then in the cloud, that's where the McAfee, with the Sky High acquisition, what we bring it to the table. And they're not mutually exclusive, they both work together, because one's an endpoint, one's kind of in transit, data and cloud, all that stuff happening. They're two different things, but they work together. Yeah, to me, devices, mobile devices and laptops are the endpoints to the cloud. And so, I think we are, and then on top of it, IT wants complete visibility. And so, McAfee has this great footprint with the device, the cloud, and then EPO, which is our management layer on top of it, that gives you visibility across everything. So, you guys are making mad McAfee with the cloud business, you know, which is Sky High, a big investment at this show. You guys look at reinforces an opportunity. Why are you making such a big investment in reinforce this show, this community? What's the big move? Well, if you look at what the enterprise data is, increasingly, it's in the cloud. So, we recently ran a report of the live system. So, we have around a thousand customers using our cloud solutions. So, we know exactly what data is. And around 35% is in SAS. Now, Office 365, Boss, Dropbox. 25% is in structured application like Salesforce, ServiceNow. And 24% is in IIS and PAS. And that's the area that is growing the most. And so, in the past, if you look at the evolution of cloud security, there have been a lot of different point solution to solve these different problems. We're trying to bring it all together. So, we have a single point for visibility and control of your data in the cloud. So, IIS and PAS is where data is growing the fastest. And the show like this is the perfect opportunity for us. I got to put the hard question onto you right now because this is what everyone's been asking us. CISOs and CIOs, the people who are running or managing or trying to figure out the security equation. We love our vendors giving us alerts. We don't need more alerts. We don't need more, well, we need more visibility. We need more alerts. We need our suppliers to help us fix the problems. That's the big focus of this show. We're hearing a lot of that. And a lot of help, my people be better. So, not just tell me what the problem is, fix it. Yeah. What's your view on that? Absolutely. So, once you get visibility and you set your policies, our system enforces those policies in real time. And so, it doesn't require human intervention for the most part. Plus, there is another aspect. If you look at the number of incident that happens in the cloud, there are one order of magnitude higher than on-prem. So, what we do, we bring the users into the picture as a solution. So, let me give you an example. So, it said that you use the cloud to collaborate, right? And that makes us productive. We found that 85%, 87% of people that go to the cloud find business acceleration in their business. And so, why? Because people can collaborate freely. But sometimes collaborating, they share a document that contains confidential information. So, when we detect that, instead of, we let IT know, but instead of asking IT to fix it, we inform the user. And we say, hey, Mr. User, did you know that you just shared a document that contains credit card information, healthcare information? And we show them what it is, so they can fix it. In most cases, people don't do it maliciously, like they're just trying to get their job done. And so, we make the user be part of the solution instead of just creating the problem. Why are incident rates so much higher in the cloud, Victoria? Because just the number of people, by definition, the moment you start to put your data in the cloud to collaborate, you collaborate with many more people, right? And so, that's why the number of incident is so much higher, because your stuff is all out there. And the number of people that have access to your data is much larger. So, when you think of risk, you think of the probability of an event and then the impact of that event. So, we just heard that the probability goes up when you're collaborating in the cloud. Do you have any data on the impact in terms of specific to the cloud? Is the cloud doing a better job than, say, on-prem? Is it more higher impact? Is it not, there's not enough high-value data in the cloud yet, more data's on-prem? Do you have any sort of sense as to... First of all, based on our actual use of the cloud, we know that confidential data is in the cloud. And we also know that, over time, 50% of confidential data or confidential documents in the cloud gets shared in the process. Here's the good news is that we believe that with the proper tools, like Envision Cloud and the proper Cosby platform in place, the cloud can be more secure than on-prem. And this is why. First, these cloud providers, AWS and others, they put more resources in security that any on-prem company ever could. But then you still have the shared responsibility model. There's a part of the security puzzle that the end user is in charge of. And if you put in place a Cosby platform, we love for people to use ours, but any Cosby platform, I think eventually the cloud will become more secure than on-prem ever was. Yeah, so that's shared responsibility. He's talking about endpoints, data, apps. User access, right? And then, well, you start from SaaS, your responsibility is really device security and user access. So if an end user logs in with their credential and starts stealing your data, AWS or Microsoft, they're not going to be responsible. So you have to take care of that. When you're going to pass, your responsibility goes deeper because now you're running your own applications there. So you have to make sure that the applications, the infrastructure that the application runs on is properly configured and the data going in and out of the application and the container are secured. And then you're going to IIS, that your responsibility goes even deeper. But these are problems now that can be solved, that are well understood and can be solved by leveraging the underlying platform and then building your own infrastructure, your security solutions on top of it. But Terri, I talk about the most important story that should be told in technology, security industry today, or that media should tell and not being told, what is the most important story for customers to know about and or the media should be covering more of? You're putting me on the spot. Well, I think that the thing that I'm most excited right now in IT is DevOps. Think about every technology transition for the last 25 years was driven by one set of people, developers. And so over the years, developers had all these roadblocks. Oh, I need a server. Oh, now I need the security clearance. Now I need compliance clearance. And so we always got in the way of them until they figured out a new platform, a new way to be more agile. And I think right now in the cloud with DevOps is the ultimate expression of that. So I think it's very exciting. And I think as security vendors, instead of, this is my pet peeve with security is you have to scare people into buying your stuff. I hate that, right? You know, if you don't buy this, you're going to get fired. You're going to get bridged all through. But, but the reason why people go to the cloud is business agility. The ability to unleash the developers to build new differentiating applications. And so to me, a better way to selling security and build a security solution is to cater to that need and build security that is transparent to the users and now transparent to the developers. And also what you're really saying there is you want to increase the speed of security that is lagging behind the agility of DevOps. Yeah, in fact. Make it faster so it's in line with the developer. In fact, today we just announced the shift left, right, so instead of like making it easier to deploy an application and put security on top of it, how about we look at due to the development process and trying to identify flaws that may end up into a non-secure runtime environment. And so that goes along the lines of like, let's forget about security that doesn't create friction. Let's put build security in the code itself. Shift left by that, you mean security as code as some people would talk about. You, now, last time we talked to you in the cube, you were an engineer. Yeah. Now you're in marketing. What happened? Well, first of all, I'm still an engineer. Oh, yeah. I can still write code, maybe not production. Yeah, it does. So what happened was, you know, I never planned my career. I always look for smart people and where smart people kind of aggregate. There's some good stuff to do. And when I was at, when I left VMware, I joined MobileIron. And the only spot that was open was CMO. And so once I got the job, I had to learn it. Yeah, I'll take it. But I... Well, you're a builder. I mean, Amazon loves engineering mindset. Then you've got a builder mindset. How are you going to build out your cloud division because you have some big tailwinds, big demand for security products to be sold in a new way and consumed with services. So good opportunities for you. What's your strategy? What are you going to do? Our strategy is to keep growing this business. Right now, the cloud, as you would expect, is the fastest growing business at McAfee. And so from my perspective, within the cloud business unit, we're trying to inject energy and division for cloud. And that's what I think McAfee needs from us. So obviously you're a fan of agile scrum. I mean, modern development techniques. Are you bringing that to marketing in any way? Yeah, absolutely. So when I made the transition to marketing, I realized that whenever you have an environment where you have to ship something, in engineering, it's shipping software. In marketing, it's shipping a new webpage or a new campaign, a new video or something. And whereas there is a lot of unknown and marketing moves fast, scrum and agile is the perfect solution for it. So basically what I do, I take the priority from the company. We make these plans like a year out, right? Who knows what's going to happen in a year or hour. So you take these goals, and then break them down in two weeks interval. And every two weeks, here are the priorities, the map to those. And then every two weeks, you look, have you moved the needle? I just talked to some people at AWS. You know what they told me? Maybe it's confidential information, hopefully not. They told me, two weeks, it's too long. We do it weekly. So sometimes, when somebody new comes to my team and they see this mechanism, because we're always on the treadmill, they go, this guy is insane, and they may have a point. But then you look at the companies that are changing the world, and guess what, they're doing it weekly. Yeah, but it's like an athlete. Once you get on that cadence, you're in shape and you get the team rolling because success is a great motivator. And you have that kind of success when you're agile and you can respond faster. Yeah, because look, our counterpart is sales, right? And if you engage with sales, you talk to sales, everything is an emergency that was needed yesterday. And that's okay, they're bringing the money so we like them. But with agile, what these two weeks sprained, what allows me and my team to do is to say, hey, what you're asking for, is it more important than these things that we're shipping, in average, a week from now? And be asked this typically now, or can you wait two weeks? And then I can take the whole team and focus them on whatever is the latest emergency. Yeah, and do your best work. You're bringing the best of cloud ethos into marketing. And then again, look, if we do believe that engineers make the work around, I truly believe that, in Silicon Valley, engineers change the world and make the work around. Let's take some of those best practices and apply them to other part of the organization. Why not? I'm sorry, great to chat with you, love your vision. Thanks for coming on theCUBE and sharing. Thank you for the opportunity. Insights, great insights here. We're driving all the data here inside theCUBE for Reinforced Amazon Web Services. First, security conference, it's inaugural. We're excited to be here. Two days of live coverage. Stay with us for more after this short break.