 From around the globe, it's theCUBE with digital coverage of Postgres Vision 2021, brought to you by EDB. Well, good day, everybody. John Wall is here on theCUBE. We continue our coverage here at Postgres Vision 2021, talking today with Andy Harris, who is the Chief Technology Officer at Osirium, a leader in the privileged access management space. And Andy, good day to you. Thanks for joining us here on theCUBE. Good morning to you and good afternoon. Yes. That's right. Joining us from overseas or in England, we're on this side of the big pond, but nonetheless, we're joined by the power of Zoom. So again, thanks for the time. Andy, for those who aren't familiar or watching about Osirium, share a little bit about your various service levels of what you provide, the kind of solutions you provide and how you've achieved the great success in this space. Okay, I know these things are mildly boring, so I'll just put a little slide up now, which is the minimum I think I can get away with, which is that we're all about managing privilege. So that's privilege at the end point, privilege access management, and privilege process automation. So wherever a sysadmin has to do something on a machine that needs privilege, we like to be involved. Obviously, we like to be able to delegate it all the way down to the business functions with privilege process automation. And with the EDB or the BDR part of that functionality in EDB, that really fits into our privilege access management. So what I'll do, just to take you away from our products, I'll just quickly show you a slide of the architecture, which is as simple as we have these nodes, if you like, running EDB BDR, and they can perform logins to a target device using privileged credentials, which we control and we make them really long up to about 128 characters. So Andy, if you would, I think you would put together a little show and tell you a demonstration for how, when these systems are perhaps under siege, if you will, that there are ways in which obviously you've developed a counter this and to be able to continue secure communications, which in the privileged access world, as you know, is paramount. Yes, indeed. So I'll show you another slide, which gives you a kind of an overview of everything that's going on. In the, you're going to see a little demonstration of two nodes here that have the BDR technology on, and they can make these logins and we have these characters, Bob and Allison. I've just noticed that our marketing department have changed Alice to Allison. It should really be Alice because you get Bob Alice Carol Day, which are the standard encryption users. And what we're going to do is we're going to demonstrate that you can have breaks in the network. So I'm just showing the network break slide. I'm showing the second network break slide. And then we have this function that we've built, which we're going to demonstrate for you today, which is called evil beatings. And what it does is whilst there is a partition in the network, we are going to refresh many thousands of times the credentials on the target device. And then we're going to heal the break in the network and then prove that everything is still working. So right now I'm going to zoom over to my live connection, terminal connections of the machine and I'm going to run this command here, which is opython EB3. And I'm going to put 100 cycles in it, which is going to do around about 10,000 password refreshes. Okay, and I'm then going to go over to Chrome and I should have a system here waiting for me. And in this system, you'll see that I've got the device demo and I've got this command line SSH. And if I click on this, I've got a live connection to this machine. Even whilst I have a huge number of queued up, and I will just show you the queued up connections through the admin interface, this system is working extremely hard at the moment. And in fact, if I show you this slide here, you can see that I have all of these queued credential resets and that is giving our system an awful lot of grief. Yet I can go back to the device connection and it is all here, let's do a top. Why not? And as you can see, it is all working perfectly. And if I was a user of EDB, I think that's to be one of the demonstrations I'd be interested in because it's one of the first things that we did. When we dropped that functionality into our products, we wanted to know how well it would work under extreme conditions because you don't think of extreme conditions as normal working, but whenever you have 10 nodes in different countries, there will always be a network break somewhere and someone will always need to be refreshing passwords, a ridiculous rate of knots. So, Andy, let's talk about this just kind of the notion that you're providing here this about accountability and visibility, auditability, all these insights that you're providing through this kind of demonstration you've given us, how critical is that today, especially when we know there are so many possible intrusions and so many opportunities with legacy systems and new apps and all this? I mean, talking about those three pillars, if you will, the importance of that and what we just saw in terms of providing that peace of mind that everybody wants in their systems. That's a cracking question. I'm going to answer that question. Legacy systems, that's a really good question. If you are, we have NHS, which is our national health service and we have hospitals and you have hospitals, every country has hospitals and the equipment that they use like the MRI scanners, the electron microscope, some of the blood analysis machines, the systems in those cost multiple brilliance of dollars, or should we use euros, dollars, pounds and the operating systems that run in those systems, the lifetime of that piece of equipment is much, much longer than the lifetime of an operating system. So we glibly throw around this idea of legacy systems and to a hospital, that's a system that's a mere five years old and it's got to be delivering for another 15 years. But in reality, all of this stuff gets, acquires vulnerabilities because our adversaries, the people that want to do organizations, bad things, ransomware and all the rest of it, they are spending all their time learning about the vulnerabilities of old systems. So the beauty of what we do is being able to take those old legacy systems and put a zero trust safety shell around them and then use extremely long credentials, which can't be cracked. And then we make sure that those credentials don't go anywhere near any workstations. But what they do do is they're inside that EDB database encrypted with a master encryption key and they make that jump just inside the zero trust boundary. So that Bob and Alice outside can get administration connections inside for them to work. So what we're doing is providing safety for those legacy systems. We are also providing an environment for old apps to run in as well. So we have something called a map server, which I didn't think you'd ask us that question. I'd have to find you some slides or presentations, which we won't do. We have a map server, which is effectively a very protected window server and you can put your old applications on them and you can let them age gracefully and carry on running.net 3.5 and all those old things. And we can map your connection into that old application and then map those connections out. But in terms of the other aspects of it is that hospitals stay open 24 hours a day, banks run 24 hours a day and they need to be managed from anywhere. And we're in a global pandemic, people are working from home. That means that people are working from laptops and all sorts of things that haven't been provisioned by central IT and can all have all sorts of threats and problems to them. And being able to access at any time is really important. And because we are changing the credentials on these machines on a regular basis, you cannot lose one. And it's absolutely critical. You cannot go around losing, you know, Windows Active Directory domain credentials. It just can't be done. And if you have a situation where you've just updated a password and you've had a failure, one of those 10 nodes has the correct set of credentials. And when the system heals, you have to work out which one of the 10 it is and the one that did it last must be the one that updates all the other 10 nodes. And I think the important thing is as a Syriam we have the responsibility for doing the updates and we have the responsibility for tracking all those things. But we hand the responsibility of making sure that all the other 10 nodes are up to date. We just drop it into bi-directional replication and it just happens. And you've seen it happen. I mean, maybe just for the fun of it, I will go back to that demonstration Chrome. And you can see we're still connected to that machine. That's all still running fine, but we could go off to our management thing, refresh it and you see that everything there is successful. I can go to a second machine and I can make a second connection to that device. Yet in the meantime, that password has been changed. Oh, I mean, I wouldn't like to tell you how many times it's been changed. Oh, I need to be on a slightly different device. I was gonna do a reveal password for you. Oh, I'll make another connection. But the passwords will be typically, do a top on that just to create some more load. But the passwords will typically be, I'll come back to me, they'll typically be 128 characters long. And if I could, I mean, because I think you're really showing this very complex set of challenges that you have these days, right? In terms of providing access to multiple devices across multiple networking challenges. When you talk to your prospective clients about kind of how this security perimeters changed, right? It's very different now than it was four or five years ago. What are the key points that you want them to take away from your discussion about how they have to think about security and access, especially in this day and age, when we've even seen here in the States, right? Some very serious intrusions that I think certainly get everybody's attention. That's a great question, again. There are, the way that I would answer that question would definitely depend on the continent that I was talking to. But my favorite answer will be a European answer. So I'll give you a European answer. One of the things that you're doing when you come along and provide privilege access management to a traditional IT team is you're taking away the sysadmins right now before privilege access. They will know the passwords. They will be keeping the passwords in a password vault or something like this. So they own the passwords. They own the credentials. And when you come along with a product like privilege access management, you're taking over management of those credentials and you're protecting those systems from a whole wide range of threats. And one of those threats is from the system administrators themselves and they understand that. So what I would say is an interesting question because I'm thinking, I've got two ways of answering. I can answer as if I'm talking to management or as if I'm talking to the people who are actually going to use the product. And I feel more aligned with the, I feel more aligned with the actual users. Yeah, I think we'll focus on that and I'll let you know we just have a moment or two left. So if you could maybe boil it down for me a little bit. Okay, so boiling it down, I would say, now look here sysadmins, it's really important that you get your job done but you need to understand that those privileged accounts that you're using on those systems are absolute gold dust if they get into the hands of your adversaries and you need protection to keep them away from those adversaries. But we trust you and we are going to get you the access to your machines as fast as possible. So we're a little bit like a nightclub bouncer but we're like the Heineken of nightclub bouncers. When you arrive, we know it's you and we're going to get you to your favorite machine logged on as the main admin as fast as possible. And while you're there, we're going to take a session recording of you and just keep you safe and on the right side. All right, so I'm going to enjoy my night in the nightclub. Now I can sleep easy tonight knowing that Andy Harris and Osirium are on the case. Thanks Andy. Andy Harris speaking with us, the Chief Technology Officer from Osirium as part of our Postgres Vision 2021 coverage here on theCUBE. From the CUBE studios in Palo Alto in Boston, connecting with thought leaders all around the world, this is a CUBE conversation.