 Live from Barcelona, Spain, it's theCUBE. Covering Cisco Live 2018. Brought to you by Cisco, Veeam, and theCUBE's ecosystem partners. Hello everyone, welcome back to theCUBE's live coverage here in Barcelona, Spain for Cisco Live 2018. In Europe, I'm John Furrier, the co-founder of SiliconANGLE, co-host of theCUBE with my co-host partner, Stu Miniman, this week, analyst at wikibond.com, also co-host at many shows across the industry. Our next two guests, talking about data, data privacy, is Michelle Denady, who's the Vice President Chief Privacy Officer at Cisco, and Robert Waitman, who has worked for her, got a smashing new data report to share with you about some of the surveys and customers and impact of privacy in business. Michelle, Robert, thanks for joining us. Thank you. Thanks for having us. Michelle, good to see you again. You were on our front page at SiliconANGLE.com as a feature story this week, of your interview you had on the ground with theCUBE team. Welcome back. You can't get rid of me. Well, we love having you on because it's really important because not only is GDPR, which we reported on for our last interview, but the role of data, data-driven organizations. You hear that at every C-suite from security to user experience and everything in between down the data center. You're measuring everything. Certainly Cisco measuring data center and everything else. But this really nuanced thing here about impact to businesses, because now users are in control of their data and you're seeing things like cryptocurrency and immutable blockchain on one end. And then just what are the rights of the users and the consumers in context to digital business? This is one of the most cutting-edge social and technical issues. I mean, GDPR is a nightmare in and of itself, just to figure out where the hell the data is. Never mind. Some people's nightmares, other people's dreams. It's good for users, but it's not good for database administrators. It's good for the tech industry. What is the current challenges right now? From your perspective, what are you seeing as the core top three issues around data and data privacy impacting business? Well, I think you actually put your finger right in the heart of it. It is coming together of human rights, human needs, policy law, meets technology, capability, and functionality. So I think understanding that the data is the common currency across all of these systems, whether you're talking about human rights and ownership, whether you're talking about legal rights and management, that data currency goes across. Educating people and making them understand that currency is absolutely critical to surviving this next new era. And as always, I tell my kids advice, do you want to get into something cutting-edge, get into data science, meets societal, political science, and social science, as that's coming together. And Steve Jobs had that liberal arts meets technology kind of intersection. What are some of the brightest minds in the industry that are in your area working on? I mean, how are they attacking this? They're looking at it from a big picture. Are they diving deep into it? What are the best minds doing in this area? Well, so I have a deep bias, and of course I hired some of the best minds here, right? I think the pragmatic mind, I'll put it that way, rather than judging anybody's thing. If you're writing really pretty policies, it's like brava to you. But what I really like to see is looking at what is a data inventory? Starting to look at data as a supply chain issue. And the reason I love supply chain and management and measurement is we know how to do it. So we're applying these common business schemas and strategies to this newer functionality of data as a piece of currency that changes and is contextual over time. So the pragmatic thinking, I'll put it that way, is to really look at privacy engineering as a first, a business use case, requirements gathering exercise, and then figuring out how does it work in an architecture? What's your industry? What kind of data do you have? And then you can figure out what are those granular features and requirements, and then the rest of your supply chain pulls through. So when you take kind of that management approach, it sounds a little plotting, but it's actually very exciting. There's a lot of innovation that must happen here. One of the things that we cover on SiliconANGLE, certainly on our research side, is nailing that exact point. How do you instrument the data? So, which talks about some of the confluence things that you just mentioned. But then as business start to look at how they value themselves. So we really haven't seen any cutting edge data on this. Love to get your perspective on how data is impacting the valuation of a business. Because valuation techniques have been mostly financial, because you can measure it. But now that you have data as currency, as you mentioned, how are companies looking at the valuation of their enterprise? So I brought along a little friend today, because we really believe that, and so the mantra in my working group within Cisco is values to value. So figuring out the instrumentation of the gear. You know, I have a lot of support to do that within Cisco. We do engineering pretty good. But then figuring out, we actually went out to some academics. We looked at what other people in the marketplace, as you say, not a lot of metrics about how to, instead of saying how much have we lost, how do we know that there's progress? And so Robert Whitman joined my team about two years ago. I stole him from the worlds of economy, and finance, and business preparation. And he said, I don't know anything about privacy and data. He does now. But I said, I don't really want you for that. I want to start to build a model that we can share with the world on how to value data, and how to look at the upside as well as the downside. So Robert, I got to ask you. So one of the things we've been riffing on on theCUBE recently is, with the role of decentralized applications, and this kind of applies to network theory, because Cisco has been a successful network company, the role of the chief economic officer, a term that we made up, because you're starting to see economics, certainly with token economics, with cryptocurrency, that's all the rage right now, so Facebook just recently banned all ads for any initial coin offerings. But that is a trend that's happening, right? So you're starting to see the role of an economist in business. And so with data devaluation, this seems to be a new trend. Your thoughts and reaction to that? Well, data is not on the balance sheet, so we don't typically value it and manage it the way we manage all of our other assets. But data, especially when it's well curated, which is one of the things that privacy enables to that, unlocks a lot of value. So that's kind of the focus of our research, is to say, look, GDPR and other things can require you to do certain things, but by having data that's well curated, you can unlock value for the organization. And there are a lot of different ways to do that, whether it's operational, or whether it's revenue upside that you can get from, better understanding and curation of your data. Before we get into the report, I just want to ask you one follow-up question. Do you see a day where there's going to be a fiscal and monetary data policy? Yes. Yeah. Yes and yes? Absolutely. And you know, this was predicted. This is my favorite quote. And I say it every way, and I'll say it again today. Grace Hopper in 1965, that one day, information will be on the corporate balance sheet because it's more valuable than the hardware that processes it. That day is now. We have enough granularity in the system to actually have big data and analytics. We have enough compute power. The day is now to understand and now we have to figure out what's that report look like and how do we write on that trend? Do you think that's a strategic imperative for CEOs of companies to actually get the data on the balance sheet? If so, how? I'm going to say that here first. The ones who get it on first and the ones who win, now they won't get it on the balance sheet at first because as Robert pointed out, you cannot under our current accounting rules. However, just like we took brand and we turned it into an asset and we value that asset, it's not allowed on many balance sheets. It's definitely something to invest in or divest in and to curate and measure. So I could go on for a long time about this. We'd love to do a whole segment on this. Cutting edge, data, concepts and currency. Stu wants to get a question and go ahead, Stu. Robert, the keynote yesterday, it was security is one of those headwinds. Preventing companies from innovators going to slow them down. You've got some good data on privacy and I want to share where's the mindset of the customers? We've been asking, is GDPR just going to slow things to a grinding halt in IT? We think there's some opportunity there, but what's the data telling you? What are you hearing from customers? Well, I think the world that we're in in the background is that customers are asking more questions about data and data privacy. So before they buy a product or service, they want to know who has access to my data. What's it being used for? Is it going to be deleted? How long has it kept? All of those questions are contemplated by GDPR, but it's a broader issue of general having privacy controls around data. So in seeing that environment, we were wondering as a team, as to what extent can we measure how much business may be slowed down by those kinds of questions. And so the study that we released last week quantified that for the first time. And what we learned is that 65% of companies globally, and this is based on a survey of 3,000 corporations around the world, double blind, so we don't know who they are, 65% of them said that they are in fact experiencing sales delays due to data privacy issues. And remarkably, the average delay is 7.8 weeks. That's almost two months on average across all of these companies having a delay due to customers asking the right questions about where their data is. We find that remarkable, and again, adding to the idea that organizations who invest and do a better job on this can manage that to a greater degree. Just to clarification here, this is the Bureau of the Privacy Maturity benchmark study. Correct. And you can check it out on Robert's Twitter handle, which is Robert Waitman, his full name, no space, Robert Waitman, W-A-I-T-M-A-N. So that pinned on your top tweet. Impact the business. More costs, more value. Again, unlocking the value, we totally agree with you by the way. How and at what cost? Well, that cost of sales delay translates into many things that affect a company's bottom line. You might miss quarterly or annual forecast because you're not making revenue. It could be that you lose sales. Once you delay a sale, you're more likely to lose a sale. So every company would be in a different situation as to how much impact it has on their product portfolio and to what degree they're seeing these delays. But what we did find is that privacy and investments in privacy maturity can help manage it. So those organizations that are immature from a privacy standpoint are seeing the longest delays on average 16.8 weeks of the most immature. And for the companies that are privacy mature, according to the standard model, only 3.4 weeks. So think about the difference. 16.8 or 3.4, by having investments in privacy, again, we show that correlation and it makes sense because companies can manage their data better. We've been also riffing on the notion how security was handled in the early days with perimeter based security. And now it's no perimeter, it's wild west. Security is a great example. Of all the vendors, no one has more than 4% market share. It's a disaster. And we know that everyone's working on it. Privacy is the same way. It's almost like we got a coverage, a check box, compliance, we have a privacy statement, we handle the data. It's more reactive, more protection oriented, not proactive. So the question is what should companies be doing to be more proactive in driving privacy oriented investments, which now we seem to translate to more of a business impact, certainly evaluation and capability, thoughts. Well, I would start by saying that what we're trying to put out there is the idea that it's not just about compliance. So this is about both business value on the revenue or cost side, as well as the ethical standards that we're trying to set. So we should be doing these privacy controls because it's the right thing to do, regardless of the GDPR environment that we're in currently. So that's kind of the overall mission. Again, it's much longer term than just a GDPR timetable, but it's trying to get companies to do the right things, to protect the data, and also because it's good for their businesses. That's the right. Any anecdotal data on investment thesis, orientation posture from CEOs, what is the investment climate? Are they putting money into it? Or are they just kind of holding the line right now? I'm trying to figure things out. What are the thoughts? That's a billion dollar question. Yeah, and it's a billion dollar question actually, which is an important one. I think where we are seeing investment, and when we talk about privacy maturity, you can come at it from a number of different vectors. So privacy engineering to Cisco is critical. We sell IT things and we depend upon data as an asset. So you would expect us to do heavy investments in raising our security baseline. We've done it, having specific training for developers. We've done it. And my team actually does not live in legal. I have a wonderful legal support team. I live in operations. So one of the investments you can make is to operationalize your working so you understand which of your business requirements are data sensitive and adding them on. The other piece of the study that is correlated, and again, no causality yet, but we're correlating the number and the mix and the complexity of your vendor set with the trend and reporting of actual harm after a breach. Right, so we looked at that privacy maturity also compared to companies who had been breached and how much they reported that they had lost on this. And so interestingly, again, the privacy immature companies, many more of them had lost and the metric here we used was over half a million dollars due to data breaches. So 74% of those immature versus only 39% of the mature guys. Now, why is that? We can speculate that those who are protecting their data only keeping the data that they need for their business purposes, deleting it when they're done with it and having the right knowledge and inventory of where they are, are doing a better job of protecting that critical data asset. So it makes sense, but we need to learn more about what really is behind and causing that. It's so interesting because there's a relationship with security only because that's where the people react to what happens if there's a breach or some security thing, but they're also separate and decoupled in their own way because, and it's interesting that you mentioned about your organization and that's, I think that is really notable and I think that's something that I'd like to just double click on. Most companies viewed security in the early days as a metaphor of security and organizational design. It's part of IT. Now it reports to the C-suite. Yes. You're getting at a different angle, which is if you think about privacy and data as a separate group, not being subservient and say legal or an administration function, it's more central to the C-suite. Absolutely. You're recommending that companies think differently. Absolutely. Can you explain why? Well, so I think, and again, it varies company to company. So I would love to say, you know, I'm a legal person by training. I ran away from home from legal a long time ago, but so I'm a business person, but it's valuable to have lawyers. We're nice people. We can be funny sometimes. But typically in most companies, it is like Bob, Joe, Sally and legal. Now, what kind of an innovation posture are you taking? The other part is, you know, in our lawyers defenses, there is such a plethora and complexity of the laws that they have to be determinative and say, this is just enough and this is the gray area. Innovators don't think like that. I don't want my innovators to think like that. I want to do the experimentation. So in addition to the work we do in-house with our economic guru, we actually partner with universities to do financial studies to say where you're having potential breaches at every layer of a network. What's the quanta? The other side is I have a seat at the table with all our engineering teams and our business development teams. So that makes a huge difference. I totally agree. Robert, I want to ask you a question back to my theory that we'll have a CEO, chief economist officer as a standard role in the major corporate, in a similar way, not just calling the strategy guy. So an economist kind of like, hey, strategy, whatever. This is really becoming a decentralized world, global impact, whether it's GDPR or other compliance. Economic impact is a really critical thing. What is your view and advice for companies to think about the role of a person and or group to be like an economist center? Like a CTO is really important, but also to VP of engineering. So CTO, VP of engineering, chief economist officer and group, how do you look at that world and how do you envision it unfolding? I think one element that most companies don't have today is someone who really thinks about data and the economic value of it today and what it means. Again, because it's not on the balance sheet, it's not treated the same way, but it's one of our most important assets. And so having someone who at least focuses on what is the value and importance of this data to my organization and all the ways to do, whether it's my value in driving my ongoing operations, whether it's allowing me to cut costs, whether it's unlocking value that my organization could uncover by inventorying and developing that. So I think that economic value piece of data is something that we're going to see more of and because data is being recognized as such an important asset, I think there will be some progress in that. I think, Michelle, you made a great point on supply chain. We've been seeing the same trend. Blockchain has been a great example where not so much Bitcoin and Ethereum and crypto, blockchain as a technology has been impacting supply chain. That's a data-driven trend. It's exclusively a data-driven trend. I mean, what you're talking about is indelible off, right? And so there's always a place for authentication. Sometimes you just want a watermark, sometimes you want a dossier. That, I mean, that's the whole mystique of blockchain is gorgeous, but the reality is it's a wonderful tool if you want to authenticate something in the clear. And so just like we were talking about PKI in the old days, now if you apply that to data, so what you're calling a chief economic officer, I would call a chief data officer. So again, economics, ledger, hyper ledger, blockchain. We looking at maybe the world is going to circumvent the existing standards with disruption, with like a blockchain, a crypto centralized or does that come together? I mean, it's a collision course. No one knows the answer. Observation? Well, there may be some opportunities to do that, but I'm sure that we'll try to find the right ways to have the controls around it as well. So not to subvert the system, but to do it in the way that makes sense to protect the values that we all are trying to hold onto in terms of individual values, as well as having the right monitoring and systems around it. Cisco disrupted the entire network protocol stack in the 80s by unlocking value. And again, value is the key driver of making change, not just for the sake of subverting. I love that you're saying that because disruption has always bothered me. That's like me grabbing your chair and watching you fall down and going, oh, look, I have a softer chair. I'd rather like have a more reductionist point of view and say, what is essential value? And let's clear out the gunk that's getting in your way. Value is the North Star for all new changes. It is, and I think it's madly innovative and will it change businesses radically? Yes, if we want to call that disruption, we can, but I think it's actually enablement of what we wanted in the first place, but don't have yet. Well, people know me, I'm very bullish on crypto and blockchain as a unlocking value and changing paradigms and offering a new, reimagining industries that are just not moving fast enough to capture the value. Thanks so much, guys, for coming on. I know we slotted you in because super important conversation here at Cisco Live and on the industry. Love to have more time. Maybe we do a follow-up with you guys and then great to see you again. Yeah, you too. I'm talking data, privacy, investment, balancing, valuing data on the balance sheet. A lot of radical, progressive, cool value opportunities for the industry out there and enterprises. This is theCUBE live coverage in Barcelona more after this short break.