 Live from San Francisco, it's theCUBE. Covering Google Cloud Next 2018. Brought to you by Google Cloud and its ecosystem partners. Hello everyone, welcome back to theCUBE's exclusive coverage of Google Cloud here in Moscone South in San Francisco. I'm John Furrier, Dave Vellante. Covering all the top stories here and day one of three days of coverage with SiliconANGLE.com, theCUBE.net for all the great content. Our next guest is Suzanne for a director of security, trust and compliance and privacy at Google Cloud. Welcome to theCUBE. Thanks for coming in today. Thank you so much. It's a pleasure to be here today. Don't you love theCUBE? The Google build out here fits the theme. It's beautiful. It is mighty fly. It is awesome. It's so exciting. It feels great. Great to see Google kind of go the next level. The energy, the people and the company I've talked to. We've been following Diane's career since VMware. I knew she was an investor in Cloud of theCUBE. Actually started at the Cloud Air Office when they got their first round of funding. So it really is savvy industry executive. Now two years in the gestation period you can kind of see it. The best of Google being exposed to the world is really kind of a great strategy. Going to have been commenting on that. But one of the things Google has and has had for a long time is they've had a really open culture of openness, open source, but trust. Do no evils, the slogan. And they have all this expertise. Is your job to harness that? Take a minute. What is your job? Are you brokering all this greatness? Are you shepherding it? Are you an influencing product? What's your role? So my role specifically is to ensure that we make Google Cloud the most trusted place for user data. Now trust is a multi-classeted thing. I often say that trust starts with making sure that what you expect, it's what you experience. That's the foundation of it. And so my job is first to start there. Make sure that everything that we do is in line with the customer's expectations. And that's in line with what they experience once they're in the cloud. And that's everything from making sure that we're compliant, that we handle their data responsibly. In line with all the rules and regulations around the world, which vary greatly. You know, all the way through to making sure that we're building exceptional, simple, smart and secure products every single day across our stack. So that's my job and it's to galvanize that. You know, not just in product and not just in customer expectations, but also in the people we hire and the culture we engender. You know, it's interesting. We live in an interesting time right now. And as they say, if you look at the global landscape from politics play to technology, there's a transformation that's happening where security trust, the data, you got GDP are happening in Europe, you got fake news at Facebook, you got users not trusting, where's my data? So you have this cultural dynamic, kind of independent of the mission of the big companies where there's an opportunity to use AI for good. There's an opportunity to have a compliance model that's going to maintain that. How does that affect you guys? I'm sure it does in some way, but this is on the minds of people. Certainly no one wants to be hacked. They want their data to be secure. I want to control my data. I want my data to be leverageable. I want to get utility out of the system because it's something bigger with Google Cloud. It's now part of a bigger system. How do you guys talk about that internally? What are some of the conversations that you guys have around this cultural shift? It's day one of any new product or feature we develop. Those conversations occur. It's part of our process in developing any new product or feature. We have a team, in fact, a large portion of my organization is entirely dedicated to reviewing and scrutinizing every single feature, every single new product we bring to bear. Even if a customer wants to build a new model, our team is responsible for reviewing that and making sure it's in line with the commitments we have to both legal commitments as well as our customers. So it's part of, and it continues, all the way through to the point where I hit the launch button and say, this is okay to go. Nice. So the way you measure trust is the expectations match the experience. Now, when I look at your scope, we run our business on your scope. I mean, Gmail inbox, I personally love inbox. I'm like an inbox ambassador. Fantastic. And thank you. I haven't gotten there. Thank you for developing that product. Google Drive, Docs, Sheets, Accounts. I mean, we run our business on your products. And so I wonder sometimes, are we doing it right? Some of the challenges we have, I think, are onboarding and off-boarding folks. You know, when somebody leaves the company or coming onto the company, you want to give them access to certain Sheets or certain documents and then you sort of forget to take them off. How do you handle that? What's the best practice there? Are you developing tooling around that? Maybe you could talk about that a little bit. So we do it in many, many ways. There certainly are best practices. They are documented out there through a number of tools and papers that we produce. We also have partners that work with our customers that engender those practices. But also then we bake the technology in so that you don't have to think about these things. A good example would be, we released Team Drives last year. Team Drives is a great example of how you manage documentation for the inbound and outbound employees. Used to be that somebody would actually have to think, oh wait, Joe's no longer on this. We need to move them off and all of that. But with a Team Drive, that's handled automatically. Groups is another way. Google Groups is a great way to manage access to information and the like. And then we have tools like IRM that allow you to sort of manage copying and forwarding information. And there's some more announcements coming tomorrow that'll let you also handle some of these things but I can't talk about them quite yet. So stay tuned. Can you talk about how you go to market with those? Cause every now and then I'll get a phone call or an email from somebody at Google trying to either introduce me to something, maybe sell something but it's kind of intermittent. What's the go to market to inform people? We're obviously a small company. You know, we heard today we want to help small, large startups, big companies, governments. How do you guys go to market? We do it in lots of different ways. We certainly leverage our communication channels online heavily. And we've been ramping up. I mean, our investment in marketing and cloud and getting all of these things. I mean, you can see it right here at Next. This is a huge example of how we're trying to get the word out. You know, writ large across all of our verticals across all of our customer sets because I think that is information management. And so that you understand, hey, I have these great tools to bear. That's super important for us to get right and we're continuing to evolve it. One of the things I always admire about Google from day one, the mission has always been speed. Load the pages faster. Find what you're looking for. Yeah. Organize the information. With security and trust now, we were talking before we came on camera. Obviously cloud is an opportunity. AI is an opportunity as Diane Greene Securities is the number one worry. Dave's asked this question every year, going back to since 2012. Is security a do-over with the cloud? You guys have such great experience with SaaS and cloud. Is it an opportunity for customers going cloud native to do security over? Your thoughts? Well, I'll think about this. I'll answer this in two ways. So for us at Google, it's not a do-over. It's been part of our DNA from day one because we were born in the cloud. So from the moment we started to think about how we designed a data center to how we designed a server to how we retired disks. This was mentioned in the keynote. That's been part of our DNA from day one. So for us, we don't believe it's a do-over. We actually believe we're ahead of Darwin in terms of security, well ahead of it. And we'll put our words behind it that we do believe Barnum, we are the most secure cloud out there. And certainly customers using G Suite, use G Suite, Chromebooks, security keys. We mentioned that at the keynote this morning as well. Zero account hijackings. No one else can make that claim and we're proud to do it. For customers however, I think many customers are realizing patch Tuesdays and heterogeneous operating systems and tons of different platforms with customers that are storing information on their hard drives or their thumb drives. And it's a nightmare for many customers who have been operating on premise for many years. I think they're waking up to realize, wait a minute, you're going to take care of that. You're going to take care of it. One operating system all managed from the cloud, one place, my documents are going to sit there. Oh my gosh, I can sleep again if I move to the cloud. And that's really part of the, part of the security. So you want to make it a service. Just a follow up on that. So that was Chromebook, G Suite and two-factor authentication. What do you call the Titan security? Yes, Titan security keys. And the two-factor authentication comes from what? Is it a dongle? It's actually hardware based. So if you think about people, two factors is not a new term. Two factors been around for a long time. A lot of people would have these tokens that would generate a numeric key and you'd look at that and you plug it in. Well that's fishable actually. That key gets transmitted when you actually authenticate. And that can be picked up. Exposed, yeah. Exposed. With hardware, it's all based on the hardware. There's no key that's exchanged. It's all authenticated to your device and that makes it un-fishable. You don't think about it? Yeah, yeah, exactly. So let's talk about compliance for a second. That's part of your job. Obviously we see this year was kind of the earthquake, the tectonic plates of GDPR. Yes. And certainly Google's experience a little fine in the EU of some other areas of your business. Obviously data is a regional thing. In Germany we know what's going on there. So as a customer it goes global. You could be in the US. There's now policies that need to be kind of implemented. Is that where software is going to help? How are you guys talking to your customers and what's the solution that you guys see for compliance and making it seamless? Because it's a real hassle. You got to start thinking some sites and some companies aren't deploying their solution. Their website has been stripped down because they couldn't comply with the GDPR regulation which gives the users the ability to essentially tell you to forget me and all kinds of other things. I don't want to get into it. But the point is that this puts the pressure on companies. Like literally overnight where it was a policy and people in the database world know that data sprawls are huge problems. People don't even know where the data is. What database is that on? This is a huge kind of issue. How do you guys talk about that? Well first I'll say that compliance is always a shared responsibility between ourselves and our customers. However, those customers who have worked with us and have been going cloud-native with us have found that the journey to be much, much less friction-full I will say. Or I'd say it's more friction-less because we're the team that's really had to implement the technical controls around GDPR. And I want to emphasize GDPR is incredibly important legislation. We believe it's very important. Two years ago we launched an initiative to be sure we were compliant on time. We're proud to say that we were among the first to announce that compliance in the cloud. And we're really happy. Our customers have been happy. And our relationships, we take on a large responsibility for maintaining the relationships with the legislators and the regulators around the world. Many companies can't scale to do that. And by going with Google you know you've got a tight and good relationship, a company that is focused on maintaining good relationships worldwide on that front. And it's been important. So two years before GDPR went into effect, that's much better. Most companies were two months before the fines went into effect. Yes, no, it was roughly about two years. I think it wasn't quite exactly two years between the time it was announced but it was close to that. But it's not just a technology problem too. This makes it so hard. It's a lot of people in a lot of process. Absolutely, yes. It's shared responsibility, as you said just now. Yes, and the fact that the data's all in one place of the cloud, again, makes a huge, huge difference with your posture and your compliance posture for GDPR. Susan, you've been at Google for over a decade. What's motivating you? What's exciting you these days? Obviously, the cloud market's pretty hot, so that's kind of a nice wave to be on. What's the culture like at Google now? What's the DNA? What's the intern? Because Google Cloud's got a spring to their step. We can obviously feel it. You can see the results. But it's just the beginning of this new wave. What's exciting you and what's the DNA of Google Cloud? Well, sit in our echo this morning and I'm so happy to hear it. I'm at Google because of the mission. I'm here to manage the world's information, make it universally accessible and useful and secure. I will add the and secure to my mission. I came because that was so exciting to me. I had, you know, as a kid, I'd never gotten encyclopedias because my father was like, they're going to be out of date, you know, instantly. Data quality, number one, he was smart. Data sizes. Yes, he was, he was. And when, you know, Google started to evolve, I was so excited. I'm like, oh my gosh, just look at what's happening to information management in the world. And that's why I'm here and I'm surrounded by other fellow citizens who are so excited about that, but also excited about the challenge of keeping information secure. So that's what excites me. And, you know, to work around so many great data scientists and software engineers and, you know, site reliability engineers and customers. I mean, like Google is about engineering at its core, but we hate such, it takes such a human approach to working with our customers, understanding how important their information, their productivity in the cloud is, their security in the cloud is, and that's what excites me every single day. Final question for you. Talk about what you're working on. What's your guiding principles for your organization? Where are you guys hiring? Obviously you mentioned earlier, which I love, the expectation is the experience should match. That's a great, great quote. I think that's important. But I would argue that to add to that complexity is that expectations that are coming are not yet known. You're seeing things like blockchain, for instance, kind of hit a lot of exciting areas around security, decentralization, decentralized applications, token economics. So you're seeing a world starting to get a little bit different where those expectations are not yet seen. So you got to kind of get out front on that. How are you guys managing that? How are you hiring? What's the vision? Sure, sure, sure. So, you know, there's sort of three pillars that Prabhakar Raghavan talked about this morning, simple, smart, and secure. Those are kind of our guiding principles for everything we do in, for example, G Suite. You know, how we're thinking about the future, well, we're very, very lucky that we're always getting low latency signals about what's happening in the world right now. And we talk about spam and phishing protection and things like that, and we get billions of signals every single day about malicious information or, you know, malware, ransomware, those sorts of things. So we have a very low latency view into what's happening at the next minute, right, around the world in that respect. And that gives us a competitive edge in terms of really thinking about what's the next thing that's going to happen. We certainly know that machine learning, whether it's smart compose and smart reply, or it's actually based on security and anomaly detection. What's an anomaly to one company? It's not necessarily an anomaly to another. Depends on what business you're in and the like. So investing in machine learning and understanding, right, how to be that security guardian for our customers in an automated fashion, so that people don't have to worry about security, right, that we've taken care of it for them. That's, you know, the holy grail and that's what we're investing in right now. Thanks so much for coming on theCUBE. We really appreciate it. We were just talking about before we came on, Dave and I, about four weeks went live, that if security and some of these complexities can be just services under the wire, like electricity, all QA before we even turn the lights on of computing, that's kind of the goal. So we're super early. Yes, yes, absolutely. Great, director of security trust compliance and privacy at Google Clouds theCUBE. Live coverage, stay with us. This is day one of three days of wall-to-wall coverage. I'm John Furrier, Dave Vellante. We'll be right back. Thank you.