 Hey everyone, welcome back to theCUBE. Lisa Martin with Dave Vellante, we're live in Vegas. This is Snowflake Summit 22, their fourth annual event. A lot of people here, a lot of news, a lot to unpack so far, and this is only day one. We've got two guests here with us to talk about cybersecurity, a very important topic. Please welcome Omar Singer, the head of cybersecurity strategy at Snowflake, and Julie Chikolo, VP of security at Guild Education, welcome. Thank you. One of our favorite topics. Yeah, one of the things like, you know this much and you have so much more to learn now, so here we go. Cyber security is not, to say it's boring, not boring is an understatement. Omar, I want to start with you. So much news coming out today. Talk to us about what's new with cybersecurity workload is Snowflake's flywheel of innovation just seems to be getting bigger and faster. Yeah, yeah, well I'll tell you, it's been a long road to get to where we are today. My initial role at Snowflake was to lead security engineering. So I've actually been using Snowflake as the home for security data, basically from day one. And we saw that it worked, it worked really well, and we started hearing from customers that they were dealing with some of the same challenges that we faced as an internal security team, and we decided as Snowflake that we want to bring the benefits of the data cloud to cybersecurity teams at all of our customers, and that's what the workload is all about. Talk to us about the voice of the customer. Obviously, we saw a lot of customers, stories heard, you're a customer, we're going to be talking about Guild Education in a minute, but the voice of the customer in terms of being influential, obviously you were an internal customer, drinking that champagne, thought this tastes really good, this is better than Placo, but how is the voice of the customer influential in terms of the cybersecurity workload as we've seen the threat landscape change so much in the last two years alone? Sure, sure, and you know, security, it's a really hard problem. We like to think of it as a data problem, and when you start thinking about it that way, Snowflake is very relevant for it, but many security teams don't yet think about their challenge as a data challenge, and so they're struggling with a very fragmented data landscape. The facts are all over the place, and they're not able to ask the kind of questions that they need to understand, where are my risks? How are the bad guys going to try to get into my network? And they can't reflect that to leadership to everybody that really cares about cybersecurity. This is a board level concern today and without the unified data and without the analytics, they really can't do any of that, and yeah, representing the customer is a big part of what I do, and we have great customers like Julie, who's been kind of with us on this journey, she's a part of the movement. I mean, Julie, what has it been like for you? Oh, it's been game changer for Guild for sure. When we first started, one I didn't know this was a concept, so when I first started talking to Omer and Snowflake, I had just heard through the grapevine that you could do like this was a thing, you could use the data, you could get everything you needed in one place, and it's been game changing for my team. We were in many different security tools, they were all isolated, siloed, and we're now able to move everything into one area, and we're getting close to the one pane of glass, which I just heard was a mythical concept for security. For a long time, yeah. For a long time, and so it's just been amazing, and it's brought us closer to our data ops team, so I'm here this week with somebody from data ops actually to help us out. So can you describe that further? I'm amazed and skeptical. I'm imagining the Optiv chart that says eight million security tools on there. Are you actually able, describe how you're able to consolidate your tooling. So one of the biggest problems, we were facing initially was our SIM, the security incident and event management tool, could not take anything from our DevSecOps tools, and so any security that we had in a developer pipeline was really isolated to that tool, and we could never get it into a SIM, SIMs just aren't meant, they're not built to handle that, they're built to handle really old school networks and data center traffic, and everything I have is in the cloud, and so everything was isolated, so with Snowflake what we do is we work with our data ops team, we can move things from our scanning tools for the developer pipelines into Snowflake, we can use then correlate different things such as from eight year ADP, like if you have somebody pushing code to production, who's out on vacation, you can actually do that correlation with Snowflake, that was never available before, these are things we could never do before and we're able to just do correlations, you could not get into, you cannot get into a SIM. Why couldn't I just throw those into any old, run of the mill cloud data warehouse? Well, you know, it's not just the scale, it's the complexity of the data, I think Snowflake, how we have the schema on read and then all of the kind of things that make Snowflake really good for other departments, turns out it works really well for security, and it's the ecosystem too, nobody else has this ecosystem approach, you know, you heard on the keynote today that Snowflake is disrupting the software application, development, right, all that kind of focus, the tool consolidation doesn't need to mean that you only have one tool, you can actually have the best of breed, choose the tool you want, as long as the data is consolidated, you're not building more silos, and that's what our partners are doing, they're separating the application from the data, they're bringing the work to the data, and that's what you hear here, so Julia's team can still choose to use a variety of tools that get the job done, but all those tools are working off of the single source of truth, and that is unique to what Snowflake can enable. So we are a mess, we should have asked you about guild education, explain your organization. Oh, what does guild do? So we're a late stage startup, we manage education as a benefit for large companies, so we house data from very large organizations with their workforce and help students, help their workforce go back to school. Okay, so unpacking some of the things you said, schema on read, but not necessarily no schema on write, it's a little different, right, because you're ingesting, and then you're determining the schema on read. That's right. Okay, so that makes it simple and fast, presumably, to get data in, and then you figure it out. Bringing work to data, can we just double click on that a little bit, because when I think about that, we've heard terms like over the years, bring compute to the data, that's what Hadoop was supposed to do, and it didn't, everything was shifted. So what do you mean by that? What actually does that mean? Yeah, so if you think about the traditional SaaS solution, the vendor needed to invest in a data center and to have a data platform that would be scalable and robust because their service dependent on it, and they couldn't trust that the customer would have that kind of data platform on the customer side. What Snowflake's data cloud has done has democratized the data platform. So now you have startups to Fortune 500s, the vendors, the customers, they're all uneven footing when it comes to the data platform. So now the vendors can say, bring your own Snowflake, why not? And they can focus on building the best application to solve the real challenges that security teams have, but by the way, not only cybersecurity, we see this in, for example, the customer data space as well. So we're seeing more and more kind of SaaS industries seeing this approach and the applications. We're going to come you out to the data platform of choice for the practitioner. Julie, can we talk about some of the outcomes that Guild Education has achieved so far by working with this solution in terms of, we look at the threat landscape and how it's changed so much the last couple of years and how it's a matter of if, or sorry, when, not if I get to hit with an attack. What are some of the key outcomes that a Snowflake partnership in technology has enabled you to achieve? So the biggest one, again, it's around the DevSecOps program where you see so many attacks these days happening in the code base. So you really have to be careful with your pipeline where the code's getting moved through, who has access, who can move code into production. And these are so, like if you're using GitHub or like we're using a scanning tool called Sneak, they're separate, like they're completely separate. The only way that we can see who's moving code into production or if there was a vulnerability or somebody turned off the security tool is to move these logs, this data, into Snowflake. And our engineering teams were already using Snowflake, so that made it, that was an easy transition for us. I didn't have to go out and convince another team to support us somewhere else, but a great example where we're seeing great savings, not only in people time, but for security, we were having problems with the security, or the engineers were turning off our secure code scanner. And we didn't find out until a little bit later. Uh-oh, yeah. So found out, my team, we had a team, we spent about 160 hours going through a thousand pull requests manually. And I said, no, no more, go find the, go figure out where this data exists. We put it into Snowflake and we can create an automatic ping to the security team saying, hey, they turned off the scanner, go check and see why did the scanner get turned off? So it's an immediate response from my team, instead of finding out two months later. And this just isn't something you can do right now, you can't set it up. So makes it so easy, ping goes to Slack, we can go immediately to the engineering team and say, why did you turn, did you turn this off? Why did you turn it off, get an exception in? So one, it helps with compliance, so we're not messing up our SOC2 audit. And then two, from a security perspective, we are able to trust but verify, which is a big part of the DevSecOps landscape where they need code to move into production, they need a scan to run in under five minutes. My team can't be there to scan, you know, like 10 times a day or 100 times a day. So we have to automate all of that and then just get information as it comes in. Is it accurate to say that you're not like shutting off your tools, you're just taking advantage of them and compressing the time to get value out of them? Or are you actually reducing the tool sets? No, we don't, well, no, our goal wasn't to reduce the tool sets. I mean, we did actually get rid of the SIM we were using. So we were partnering with one of Snowflake's partners. Yeah, but you still have a SIM. We still have it. It's just minimized what goes to the SIM because most of what I care about isn't actually going to a SIM. It's all the other pieces that are in a cloud because we use all, like, we're 100% in the cloud. I don't have servers, I don't have firewalls, we don't have routes, routers or switches. So all the things I care about live in a cloud somewhere and I want that information. And so a lot of times, especially when it comes to the engineering tools, they were already sending the information to Snowflake or they're also interested and so we're partnering, like, we're doubling up on the use of the data. Okay, and you couldn't get that out of your SIM or maybe you're asking your SIM to do too much or it just didn't deliver. Oh, these SIMs are built on search engines. Yeah, they don't, they can't do it. They kind of knew what you were looking for and you say, hey, where did I see this, where did I see that? Very different from data analytics and the kinds of questions that security teams really want to ask. These are emergent properties, you need context, you need SQL, you need Python. That's how you ask the questions that security teams really want to ask. The legacy SIMs, they don't let you ask that kind of question, they weren't built with that in mind and they're so expensive that by moving off of them to this approach, you kind of pay for all these other solutions that then you can bring on. That seems to make the, what you just said there was brilliant. It seems to make the customer conversation quite easy if they're saying, well, why should I replace my SIM? It's doing just fine. You just nailed that with what you said there or so. Yeah, and we're seeing that happen extensively and I'm excited that we have customers here at Summit talking about their experience, moving off of a legacy SIM where the security team was off to the side away from the rest of the company to a unified approach, the SIM and the other security solutions working on top of the snowflake and a collaboration between security and the data team. So what does your security ecosystem look like? You've got SIM partners, do you have identity access partners, endpoint partners? Absolutely, compliance automation is a big one. We hear about companies really struggling to meet all the compliance requirements. Well, if all the data is already centralized, then I can kind of prove to my auditors and not just once a quarter, but once a day, I can make sure that all the environment is in compliance with whatever standard I have. So we see a lot of that. Cloud security is another big one because there's just 10 times more things happening in the cloud environment than in the data center. Everything is so heavily instrumented and so we see cloud security solutions as significant as well and the identity space, the list goes on and on. We do see the future being the entire security program that uses connected applications with a single source of truth in the company's snowflake. And would you say centralized? It's logically centralized, right? I mean, it's virtually centralized, right? It's not shoved into one container, right? Well, that's the beauty of the data cloud, right? Everybody that's on the data cloud is able to collaborate and so whether it's in the same account or table or database, that's really besides the point because all of the platform investments that snowflake is making on cross region, cross cloud collaboration means that once it's in snowflake, then it is unified and can be used together. But I think people misunderstand that sometimes and Benoit made this point as a Christian about the global nature of snowflake and it's globally distributed, but it's logically a data cloud. Yeah, I like to call it one big database in the sky. You know, that's how I explain the security teams that are kind of new to the concept. But it's not, it could be a lot of little databases but having the same framework, the same governance structure, the same security. Right, I think that's how it's achieved is what you're describing. You know, I think from the outcome, what the security team needs to know is that when there's some breach hitting the headline and they need to go to their leadership and say, I can assure you we were not affected, they can be confident in that answer because they have access to the data wherever it is in the world, they have access to ask you the questions they need to ask. And that confidence is critical these days as that threat landscape just continues to change. Thank you both so much for joining us, talking about from cybersecurity perspective, some of the things that are new at Snowflake, what you guys are doing at Guild Education and how you're really transforming the organization with the data cloud. We appreciate your insights. Thank you for having us. Thank you. For our guests and Dave Vellante, I'm Lisa Martin. You're watching theCUBE live from Las Vegas on the show floor of Snowflake Summit 22. We'll be right back with our next guest.