 Live from Las Vegas, it's theCUBE! Covering AWS re-invent 2019. Brought to you by Amazon Web Services and Intel, along with its ecosystem partners. Oh, welcome inside, live here at the Sands, as we continue our coverage for AWS re-invent 2019 on theCUBE. Day three, always an exciting time, I think, to get a summary of what's happened here. Dave Vellante, John Walls. We're joined by a couple of gentlemen from Immuta. Steven Tau, who's the co-founder and CTO. Steve, good to see you. Yeah, thanks for having me. And Rob Lancaster, who is the GM of Cloud at Immuta. Rob, thanks for joining us as well. Thank you. Have a good day. First off, let's talk about Immuta a little bit. You're all about governance, right? Trying to make it simple, easy, taking out the complexity, but for those at home who might not be too familiar with your company, tell us a little bit about you. Yeah, so the company started out, our roots are in the US intelligence community, so we had been dealing with access and control issues for data for years, and we said to ourselves, hey, this product has to be useful for non-IC customers. This problem has to exist. And with the advent of all these privacy regulations, like CCPA, GDPR, and of course, HIPAA's been around for a long time, really our goal was to bring a product to the market that makes it easy to govern access to data in a way that you don't have to be technical to do it. You don't have to understand how to write SQL statements. You don't have to be a system administrator. We really bring together three personas, the users that want to get access to the data, legal and compliance, they need to understand how the rules are being enforced or even enforce them themselves. And then of course the data owners and the DBAs who need to expose the data. So usually those three personas that are at odds with one another, we bring them together in our platform and allow them to work together in a way that's compliant and also accelerates their data analytics. Can we talk a little bit about why this is such a problem? Because it is a big problem. I mean, especially today and in the cloud, and we'll get into that. But you've got data lakes or whatever you want, data oceans now, you've got data coming in, all types of data. Might be internal transaction data, might be stuff from your data warehouse, and then organizations say, well, I want some other data. I want to bring in maybe some social data. So certain data, everybody can have access to. Certain data not everybody can have access to. And it's not necessarily just a security problem. There are edicts of my organization that need to be enforced. So first of all, is that sort of the problem that you're solving? And maybe you can double click on that a little bit. Yeah, sure, so the market has evolved and is evolving allude to data lakes. I mean, I think you can point to the immersion of Hadoop as a distributed infrastructure, as kind of the original data lakes or the most recent data lakes, where you can store all your data and run analytics on all your data. And now with the advent of the emergence of cloud, you've effectively got very low, if not zero cost storage and the ability to throw an unlimited amount of compute at the data that kind of in conjunction with heightened awareness for consumer data privacy and risk associated with data has created a market for data governance beyond kind of the coarse grain access controls that people have been using on their databases for decades now. Yeah, I mean, Hadoop really got it all started. You're right. And despite all its problems, it had some real epiphany like technical innovations, but one of the things that it didn't worry about at the time was governance. So whose responsibility is this? Is it the CISO that is essentially trying to build out a new cloud stack to provide security, privacy, governance? And what does that stack look like? Good. Yeah, so it depends. So it's actually pretty interesting that different organizations tackle this different ways. So we have CISOs that maintain this and other organizations. We've got the legal and compliance teams that want to do this, but maybe don't have the technical chops. So it's kind of, and the CISO doesn't necessarily know all the privacy rules that need to be enforced. So it's kind of moving into this world where security is about keeping the bad guys out and black or white access. Like you either can see the data or you won't. But with privacy controls, it gets into this gray area where there's a lot of technical complexity and there's a lot of legal complexity. So the organizations struggle with this because you've got to play in that gray area where it's not just like I said, black and white. The analogy we use is security is like a light switch. You're either in or you're out. With privacy controls, you need to anonymize the data. You need to do privacy by design. It's like a dimmer switch where you want to play in that gray area and allow some utility out of the data, but also protect privacy at different levels of whatever you're doing analytically. So this can be challenging for an organization to wrestle with because it's not as, I would argue it's not as black and white as it is with security. So your question is, in many cases, it's the business that's running really fast and that is building these data lakes because they want to get value out of their data. And the CISO or the compliance or risk officers are the ones that are telling them to slow down. So our product, as Steve said, caters to both parties. It checks the boxes for risk, but it also enables the business to get utility out of their data lake. It's a very complicated situation because you've got this corpus of data that's organic and constantly changing. And you have, you mentioned GDPR, you've got California now. Every state's going to have its own regulations. So you've got to be able to sort of adjudicate that. And can you talk about, I mean, obviously I've interviewed Matt, Carol, we covered you guys, so I know a little bit about you, but can you talk about your tech in terms of its ability? You've got a capability to do really granular level understanding and governance policies. Can you describe that a little bit? Yeah, sure. So when we talk about privacy controls, these are things like way beyond just table level access. So instead of saying, hey, you have access to this table or not, or even you have access to this column or not, you've got to go deeper than that. You've got to be able to make rows disappear based on what people are doing. So for example, we have financial institution customers that are using us for all their trading data. And only some traders can see some trade desks. And we manage all that dynamically. We're not making anonymized copies of data. Everything happens at query time. And depending on what compute you're using, that all works differently. But then at the column level, we're able to do these anonymization techniques. Like we could make numeric data less specific. We could use techniques like K-anonymization that allows analysts to analyze the data but ensures that small groups that exist in that data won't reveal someone's true identity. And we have techniques like differential privacy, which provides mathematical guarantees of privacy. So for example, one of our manufacturing customers set aside, these are the four analytical use cases that we're using our data for. And under GDPR, we want different levels of privacy associated to those use cases. So they could do that all with immutable. So they could say, when I'm doing this, I want these columns to be anonymized to this level and these rows to disappear. But if I'm doing something maybe more critical, which our consumers have consented to, there's less privacy controls. And that all happens dynamically. So the analysts can actually switch contacts of what they're doing and get a different view of the data and all that is audited. So we understand why someone's doing what they're doing and when they're running queries, we can associate those queries to purpose. We've talked about customers, of course, and they're adapting right to a new world. How are you adapting? I mean, what are you learning about in terms of policy regulation and governance when having, and you said you came out of the intelligence community, high bar there, right? So what have you done to evolve as a company and what are you, as the headlights basically for these folks, what are you seeing changed that is going to require a lot of shift on the other side? Yeah, so I don't know if you have thoughts. I mean, it's a great question, but there's really two parts to it. There's what are we doing, but what is the market doing as well, right? So if you think about when we got started even a year ago, people understood the technology, they thought it was cool, but maybe a little niche for government or financial services or maybe healthcare because there's well understood regulation, these vertical regulation. Even over the past year with kind of this increasing or heightened awareness for consumer data privacy, not just driven by CCPA and GDPR, but kind of this called the Facebook effect, right? Cambridge Analytica has created this awareness within the general population for what are these organizations actually doing with my data before it was okay because you give your data to Google and you get a better search result and you're okay with that. But now they may be using your data for their own profit in different ways. So this has created this rising tides effect for the overall market. And we talk a lot about organizations using something like Immuter to protect their highly sensitive data. I like to think of it as their most valuable data, which may be highly sensitive, but it also could be the crown jewels trading data for a bank for example. So it's become about extracting value and operational benefit from data, whereas the risk offices are trying to lock it down in many cases. So there's definitely a big problem and people are becoming more aware of it. I want to talk about where you guys fit into this whole cloud ecosystem. There's a sea change now as a sort of, there's new cloud coming into play. It's not just about infrastructure anymore. And I'll give you some examples. You got all these data lakes, maybe you got Redshift running, Snowflakes another one. You've now got this data exchange where you can bring in data right in the cloud, bring in all kinds of different types of data. You're bringing in some ML and AI and it's really again a complicated situation. So I see you guys as fitting in there and in real need, but can you describe where you fit in the ecosystem, what your relationship is with AWS? How do I engage with you? Yeah, absolutely. So core part of our value is that we are heterogeneous in terms of the environment that we support. We support a hybrid estate. So the architecture of the product is fully microservices based. So we can run on-prem as well as on cloud, on any cloud. We support effectively any popular database system or an analytical tool. So think of us as a data abstraction layer across a hybrid environment. So we're here because AWS is obviously the big boy in the market. They have market share. This is a strategic relationship for us. We're working very deeply with AWS field teams, particularly around some of their verticals, the verticals that align to our business. And at the end of the day, we're trying to define a category. It's a similar category that we've had for decades, but with all the changes that they're happening in data and regulation and infrastructure, what we're trying to do is raise the level of awareness for the fact that Immuta has actually solved the problem that many of these risk officers are struggling with today. Yeah, and from diving a little on the technical side of that answer is that we are, think of us as the way to enforce policy in the cloud. We consider ourselves a cloud-first software vendor, and you don't necessarily want one point solution in Redshift or another point solution on your on-premise cloud-air instance, whatever it may be where you're using your data and running analytics, you need to abstract the policies out into a consistent layer and then have them be enforced across whatever you're using. So you might be using cloud-air today and then you switch to Databricks tomorrow. That shouldn't be a hard change from you from a policy perspective. You just repoint Immuta at Databricks and all your policies are still working like they used to. So it gives you this flexibility now to use all these different services that AWS provides because as was stated in the keynote on Tuesday, there's no one database solves all. You're always going to be using a heterogeneous set of compute to do your job in analytics. So you need a consistent way to enforce policies across all of that. That's a great point. I mean, I don't know if you saw the Vanguard guy today in the keynote. He basically said we ripped down our, we tore down our big data infrastructure, moved it to the cloud, spun up EMR. I mean, there's a perfect example of, you got to bring your governance with you. You can't have to rebuild that whole stack. Are you in the marketplace yet? Yes. You are, great, awesome. Yeah, we launched a managed version of Immuta over the summer on AWS Marketplace. We'll be launching a second one shortly and it's really, the offering that we have out there is really geared toward, for lack of a better term, democratizing data governance. It's actually free up to the fifth user. So any organization can deploy Immuta in under 30 minutes through Marketplace and start protecting their data. That's great. We had Dave McCann on yesterday, he runs the Marketplace. He was telling us there's now private offers for every Marketplace, so ISV. So that's what I'm, last question I have is, how do you see this all shaping, playing out? You got GDPR, you got, maybe you talked about California regulations. There's the technology component. Any predictions you guys want to share? What's your telescope say? All data will be regulated data, eventually. So if you're not thinking about that now, you need to. So at least that's our theory, obviously. So we think it's critical that you're doing that from day one instead of day 365 in your migration strategy. And if you're not thinking about that, it's going to potentially bite you in the end. Yeah, you're right. I mean, Web 2.0 was the wild, wild West. There was no privacy, there was no regulation. GDPR started to get people focused on that. And it's now, a whole new world. Good deal. Gentlemen, thank you. Appreciate the time and best of luck. I know you said it had the big launch this summer, but good things are ahead, no doubt. For sure, thank you. Appreciate your time. Back with more coverage here on theCUBE. You're watching NWS Re-Invent 2019. We are live and we're in Las Vegas.