 From theCUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation. Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in our Palo Alto studio today and we're kind of taking advantage of this opportunity to reach out to the community as we're going through this COVID crisis to talk to leaders, get their tips and tricks and advice as, you know, everyone is going through this thing together. It's really a unique situation that everybody has a COVID story. Where were you in March of 2020? So we're excited to have our next guest. He's Corey Williams. He's the VP of Strategy and Marketing for Adaptive. Corey, great to see you. Hey, great to see you. Thanks for having me, Jeff. Absolutely. I'm just thinking the last time that we saw was late February, I think it was February 25th at the RSA conference. 40,000 people, I think it was the last big show that I attended for sure and kind of snuck in before everything got shut down. It's just amazing, you know, kind of how quick this light switch moment happened to really force first everybody home and then, you know, kind of all these collateral impacts of that in terms of digital transformation. Yeah, it is amazing. I remember that RSA show very well, shaking dozens of people's hands, eating from a buffet, sitting in a crowded room. It's amazing how quickly things have transformed and how our mindset about just about everything but especially what we do for a living and how we interact with each other had just changed overnight. Yeah, it's fascinating too because when the stay at home order started to come out, you know, nobody really had time to plan. And, you know, and I would argue, even if you had, I don't know, six months to plan, nine months to plan, a year to plan for kind of this cutover, it would still have been a difficult situation. So just to be, you know, kind of thrown in and it's already said go, here we are. Real unique challenge for people but also for the infrastructure providers, also for the technology providers and the space that you operate in, which is security, very different challenge and it wasn't a, you know, we're going to plan and get everybody's VPNs all hooked up and configured and tested. It's like, don't come to the office tomorrow. Yeah, and it literally happened that quickly. It wasn't a matter of being able to plan this like a normal transition, but it was literally today, we're working in the office tomorrow, please don't come in and we'll let you know when it's going to change. Right. And I think it really did catch a lot of companies off guard even those that were used to supporting a remote workforce in at least in part. Yeah, because it's just, you know, it's interesting people been talking about new way to work and work from home and this for a very long time, but you know, this was an incredible forcing function. So let's talk about, you know, kind of what you do for the people that aren't familiar with adaptive, give us kind of the quick, the quick overview. Sure, adaptive is what's called an identity and access management company. What we do is we make it easier for end users to get access to all their applications and for organizations to provide that access in a more secure manner. As you know, all these cloud applications and devices that we need to have access to are typically just secured by a password and they all have different passwords and those passwords often get reused and shared among different employees and it creates a big problem for not only for the security of the company, but even for the IT help desk who's got to support account lockouts and password resets. And so adaptive is one of the leaders in this space. As you talk about the password reset and I didn't even think really kind of from the IT support side, if you don't have a teenager, hopefully close by in the room, you know, that creates all kinds of challenges, but it's real and the password situation was bad before. Now, as you said, we've got all kinds of internal applications. You've got all types of access control to your entire stuff. You have all your cloud applications. A lot of times you said passwords are stored in queues or they're stored in caches or they're stored in your Chrome barrels. You guys have written extensively about passwords and getting kind of past passwords to better ways to authenticate people. I wonder if you can actually you've written quite a bit recently on blog posts. Talk about your kind of strategy and how you help customers kind of rethink access. Yeah, there's sort of two main strategies that I've been writing about and then our company's been talking to our customers about. The first one we call Next Gen Access, which is essentially a combination or layers of technology like single sign-on, multi-factor authentication, provisioning and analytics provide some user behavior and risk. All of that is intended to provide a more secure experience where we can put additional factors besides just a password in front of the user but only do it when the risk is high so that we can preserve the user experience. And so that we call a Next Gen Access approach. But ultimately, the reason you want to do that is to arrive at a zero trust state of mind. That sort of approach allows you to say that, hey, I've verified every user that is on my network. I know the device they're using is something that I trust and is in good shape and I've limited their access to just what they need in order to do their job. Now, do you find that most people in this situation are still accessing via VPN or some secure network or is most of it kind of public internet access and you're relying really on the applications and the access and the protocols and the two factor to make sure people can only get what they're supposed to get? Yeah, I think you kind of bring up a good point. The vast majority of businesses are what I refer to as hybrid enterprises. They still have on-premise applications. They still have their own applications that they build but they also are in the process of adopting cloud applications like Office 365 and all of the different kind of productivity apps that are very popular. And so most companies are stuck in this situation where they can't simply be a completely virtual company overnight, they still have to provide access to on-premise systems and applications in order to do their business. And so many of them just had the option of saying, okay, here's VPN access for everyone. But as we know, VPN access is a very blunt instrument. First of all, it has to be able to scale to a lot of users. Second of all, it gives you access to the whole network from a remote location, both of which are situations that are difficult, especially when you have to turn it on overnight. You're right. So you and one of the articles that I saw in getting ready for this had some really specific and straightforward advice to people to help them enable their remote workers. I wonder if you could go through some of those key points with us. Sure. I think, you know, when you think about remote access or having a remote workforce, you think about a few different things. One is being able to provide them easy kind of friction-free discovery of their applications and providing access. So having something like a portal of all the applications that you're supposed to have access to, whether they're on-premise or in the cloud and have one-click access to those, protected in a way that is common to all those applications using something like a second factor of authentication. That provides some of the immediate convenience of getting people up and productive, even if they're outside the network at home. The second thing we think about is, how do we give access to those on-premise applications? You can use VPN. It's quick. I can tell you that our customers are telling us two things. One is they didn't prepare for that much capacity. So their VPN connections don't scale. So they're having to ration the use of it, which limits the productivity. But also they haven't necessarily rolled out multi-factor authentication to all of these users who don't typically use VPN. And so they are forced with either having to dial down the security level or to scramble and try to find a way to secure that access. So in my writings, we've been talking about providing alternatives to a VPN, something like an application gateway, which can give you access to just the apps you need without having to have full network access. And having those apps just be published through the gateway. So there's really some kind of creative ways to restructure the access beyond just simply having better access, more secure access. And as you said, VPN with multi-factor, because in fact, you might not be able to implement those things just in the timely manner in which you have, as we said, this was a light switch moment. Yeah. Yeah, I think definitely it's something to think about in these emergency light switch moments, what is the easiest way? And there's three parties involved, right? You've got the security folks who are concerned about maintaining a level of continuity with the access to their data. But you also have the end user and they have to do their job. It has to be easy enough for them to be able to do without having to have a lot of special training. And let's not forget the IT help desk either. They're getting overwhelmed with requests for about basic technology use and about getting access to the basic resources. The last thing you want to do is pile on a whole bunch of new lockouts and barriers that have been put in front of users that can overwhelm them. So you kind of have to think about all three parties when you're developing a solution for a remote workforce. Right. And I presume the bad guys are not taking holiday. You know, seeing this opportunity is again, we're constantly talking about this increasing attack surface. It just got a whole lot bigger for the bad guys. It certainly did. I mean, if you think about the attack surface, it used to be that if they could get past your network barrier, then they were in. And so it was very concentrated around securing the network. As you start adopting more mobile and cloud applications, now your attack surface becomes all the resources that are out in the cloud. Now when you take all of your workers and disperse them to home, each one of their own systems and networks becomes an extension of that attack surface. And so anything you can do to narrow and lessen the attack surface by making sure you have good user verification, device validation and other layers of intelligence to help you monitor that access, it reduces the scope to everyone on earth, from any device on earth to just the people that you trust and have identified. And that's what we talked to our customers about is putting these layers in that can balance that security, but also provide a more friction-free user experience. And that's the real trick. Right. So I'm just curious to get you to take Yubit in the business for a long time on kind of the state of passwords. Is this just something we're stuck with forever? Do you see in the not too distant future or medium future passwords going away? I mean, we've got biometric stuff now. You can touch your phone, it can read your iris, but those things can be spoofed as well. Where do you see kind of the passwords evolving and what's going to take its place? You know, it's a little bit like the clothes in the back of my closet. You can never quite get rid of everything. And I think passwords will always be with us in some form because they're baked into technology that's been around forever. As a side note, you've probably heard about these IRS checks going out. And there being problems in some states because these stimulus checks are dependent on systems that were built 50 years ago. And so technology kind of lives forever in some form. So we can't necessarily get rid of passwords. But there are two things we can do. One is we can never depend on passwords alone to secure access. We can layer on multi-factor authentication and artificial intelligence to determine risk level and put an additional set of factors in front of a user. But we can also develop new applications and technologies with more of what is being known as a passwordless experience, which is sort of an ideal thing. And we have some experience with modern technology like facial recognition on our iPhone or a fingerprint on our PC. Those types of experiences can be built in. And before COVID happened, I'd say that one of the big trends of 2020 was this idea of passwordless access. And we have actually recently announced some of our own password capabilities, but it was a hot trend and topic. And I think we'll continue to be because not only is it a more secure experience, but it's also much easier for end users. And because they would prefer to have a one-click access rather than having to remember a complex string that they have to change every 90 days. I was going to say, do you think it's an accelerant or in terms of having this alternative access method or is it a pullback because people are hunkering down but it sounds on those two attributes that it's a better user experience than more secure. That seems pretty straightforward. Yes, I think definitely in the medium and long term, this will accelerate the trend. In the short term, yes. Everything is being focused on just enabling those remote users. There was actually a recent survey done by Mayfield with their collection of CISOs and CTOs asking them what the top priorities were in the short term. And of course, the number one priority for IT leaders is enabling that remote workforce. But number two in the short term is actually security, enabling users to work from home productively but making sure that security is keeping track. So I don't think they've lost sight even in the short term, although I think they're focused on very tactical goals related to scaling out these solutions and supporting their end users. In the medium term and in the long term, this is going to have lasting effects. We know that the remote workforce trend was accelerated and there's no turning back. Companies are going to be more remote, they're going to be more comfortable with remote models. And so having better, stronger, better experiences and stronger authentication experiences will be part of how we do things going forward. Well, Corey, it's everywhere we go. Security has to get baked into everything so it's no longer a bolt in as you all know. And so it's not surprising that that's right in there with supporting those remote people because they got access to the keys to the kingdom. You just can't let that get out there. So I'll give you the final word. Once we come out of COVID and in terms of looking directly at what that's driving in terms of priorities, what are some of the other priorities that you hope to get back to once we kind of get through this period? Well, I mean, I think clearly we're seeing the effect on certain industries like travel and hospitality and others, we certainly in retail, we certainly hope that those businesses are able to come back strong. So those are some of the things we're looking forward to. But we know a lot of our customers are really wanting to not just respond to the current activities that are happening, but they want to build their businesses. They want to build better user experiences. They want to put out new digital experiences. We know from the survey as well from Mayfield that an increasing acceleration towards adopting cloud and towards the digital transformation of user and business processes is going to be key. And so that's where we see the future is not just in providing security to prevent the bad guy, but to enable these new digital experiences and to accelerate these trends like move the cloud. Identity and access management is fundamental to all of those efforts. And we see that as being a very positive thing. And hopefully this will end up serving as a catalyst to spur an acceleration of those adoption. Well, I think there's no doubt about it. I mean, we're not going to go back and the longer this thing goes on, the more new habits are formed and people aren't just going to want to go back to the old way. So I think there's no doubt about it. And I really appreciate you sharing your insights. Again, Corey has written a ton of stuff. There's blogs all over the place do a quick search on Corey. Williams with an E and you'll find some of his blog posts. And thanks for taking a few minutes with us here today, Corey. You bet. Thank you, Jeff. All right. He's Corey. I'm Jeff. You're watching theCUBE. We're in our Palo Alto studios. Stay safe out there and we'll see you next time. Thanks for watching.