 Hi, I'm Peter Burris and welcome to another CUBE Conversation from our wonderful studios in beautiful Palo Alto, California. Once again, we got a great topic today and we're going to be talking a little bit about the role that security's playing in multi-cloud. Now to have that conversation, we've got Harry Christian here with us. Harry is the Senior Director of Product Management for security at NewHush Networks, which is a division of Nokia. Harry, welcome to theCUBE. I'm glad to be here, thank you. So here's why this is so important, Harry. A lot of people for years have been talking about how data is going to move to the cloud. Well, there's certainly going to be some of that. Increasingly, people are recognizing that the more important strategy, or the better strategy, think about how we're moving the cloud services to the data, which means we're going to have multi-cloud. And as we think about moving data around, making data more of a primary citizen within the business, and certainly within the networking world, it means that we have to think differently about the role that networking plays in that multi-cloud, specifically around security. Talk to us a little bit about, first, NewHush Networks, who you are, and then let's get into this question of, what does it mean for networking, security in this multi-cloud world? Absolutely, and it's a great question. Thanks, Peter. So first of all, NewHush Networks, we are a business unit within Nokia, and we are sort of the SDN arm. You will software-defined networking and security for both data center, branch, and of course, without saying in the multi-cloud era, we provide solutions that both secure as well as connect these, and end-to-end multiple environments across these disparate networks, both from a branch perspective, as well as from a data center and cloud perspective. So these are all the locations where activity is going to happen, therefore data has to be there, but they still have to be in a connected way. So talk to us about this challenge of networking in a multi-cloud world, because it's not all one way. It's going to be all, it's going to be a very, very complex arrangement of resources that have to be bought together with performance, flexibility, and security. What does that require? Yes, that's a great question. So we have a lot of customers, we talk about our enterprise customers who have gone down this multi-cloud path because they have workloads, and as you said, workloads and data, and based upon the application, they are making choices for particular clouds. Some of them may be more analytics oriented, they chose a particular cloud environment for that workload, so they have workloads invariably across multiple clouds. In addition to that, they have a large set of those assets and key assets and data that are residing in their private data center as well, and they are looking at how they can provide better connectivity to these cloud applications from their branch. So as you rightly put, the problem is how do you do that on the heterogeneous environments? And today, a lot of the solutions are siloed. What you find is you have multi-cloud networking and security solutions, but they don't really tackle the problem of connecting these branches, or SD-WAN, that SD-WAN vendors focus on, but they really don't address these cloud challenges. So really, there are these silos that we find in the enterprise. We also see vendors going in and offering solutions that are focused on particular environments, maybe containers, for example, or maybe specific types of virtual machines. But really, from an enterprise perspective, their assets and data are everywhere, and they are in different forms. So what Nuot set out to do from the very beginning was to provide a platform that really connects these, regardless of where these workloads reside. And these workloads can be heterogeneous, really, whether it is containers, whether it's virtual machines, whether it is bare metal, whether it is on-prem or in the public cloud. And really, that's really been our core focus. And we have had a lot of success working with service providers on the SD-WAN. And we just announced SD-WAN 2.0, which is really about more than connectivity, providing IT services over these IP networks, whether it is about visibility, analytics, security. So again, our platform-based approach lends well with not only addressing the SD-WAN use cases, we also have presence with large customers, large enterprises, as well as cloud service providers using our platform for private cloud offering as well as public cloud offering. So if we kind of think about the problem statement, we're talking about a world that is increasingly dependent from a digital business standpoint on the role that data is going to play, increasingly thinking about how that data interacts with each other and how we secure that data because that's the basis for making it private with a lot of new workloads on the horizon and a lot of new resources that could be running those workloads, whether it's virtual machines or containers or anything that might come along in the future. And the networking has to be flexible enough that it can handle those new classes of workloads, those new notions of data and data security, and the new resources, many of them software that are coming on to create these applications. Have I got that right? Absolutely. So your networking has to be flexible enough and your security model has to be fundamentally different. What I mean by that is we have a perimeter-centric approach earlier which is sufficient if you have all the workloads in one location, you know the workloads in this. So perimeter-centric is sufficient if the device is the first citizen of the network, right? Absolutely. So keep going, I'm sorry. Absolutely, no. So with workloads as they are moved around and especially in a cloud environment or in a very dynamic environment such as in container environment, these are spun up and down. The architecture needs to be more tied to the workloads and data, the security needs to be tied to the workload and we call that the workload-centric security model. And again, fundamental to this is the notion of as Forrester talked about zero trust, which is again about not assuming any trust just because your workload is in a particular location and you cannot allow certain users to just access that workload because by virtue of it being in a particular location as an example, right? So really it should be tied to the workloads and if the workloads are moved around the policy should move with the workload. And again, fundamental to this is again a change in the architecture where the policy is enforced closer to the workload, the policy is independent of where the workload resides and the policy should govern not only a particular environment or a set of environments such as multi-cloud but access from anywhere to that workload. By that I mean a user can come in from a branch and we want to make sure that that branch user is only able to access that workload regardless of where the workload resides, right? So today if you look at it, the solutions are very siloed in the sense that you have micro segmentation, implementation in a particular environment but they really don't tie in the policy end to end. They don't do end to end segmentation from the branch to the data center and that's really where we focus on is providing this end to end approach to securing workloads and data regardless of where the workloads are coming. I would say for example, if your workloads and data are moved to Mars, your policy should be able to move with the workload and secure it, right? It's really location independent. But it's the policy, but fundamentally it's that security capability has to move with the workload. Because that's really what the customer, that's really what the enterprise wants. They want the security capability where the policy and some of the other resources that you're talking about are what provide that capability. Absolutely. And John Kinderwag is a very, very smart guy, ex-forrester guy who came up with this notion of zero trust, great ex-colleague. So if we think about it, we've got this problem statement that increasing the world's becoming digital and now we have to make the workload and the data of the first citizen, that's going to require a new architectural approach, new types of technologies, new ausges at the vanguard of providing that approach. Let's get into some of the examples. How are customers using this today to improve their security and avoid problems of the past? Absolutely. So we have customers who are using this and I'll give you some examples of it, right? And a lot of the customers when they look at us, they really see the architecture as a key advantage, being able to provide end-to-end security across heterogeneous environments. And I'll give you some example. They typically have a starting point, right? I mean, I'll give you an example of one of the large financial customers we are working with. They are looking at securing workloads in public cloud and this is a container environment, running OpenShift and Kubernetes. And they want to be able to secure the workloads. One of the key requirements in the public cloud is that, and this goes hand in hand with zero trust notion, is that they don't want to actually trust the public cloud vendor. And regardless of who the vendor is, so they want to encrypt all the traffic between workloads in the public cloud, not only segmentation and getting full visibility into it, but also providing encryption. And so for them, you know, what Nuage offers is the ability to do exactly that. We can secure these container workloads in the public cloud. We can encrypt the communications between the workloads. We brought in the same encryption mechanism that we had in our SD-WAN into this public cloud to solve this use case. And not only that, we can also securely connect those public cloud workloads to their on-prem legacy data center. For certain applications, they need to connect back into the data center. And so we have a consistent policy model with security, segmentation, visibility, and encryption. And that's a great example from a public cloud and the multi-cloud example. The other example is in a traditional data center. Oftentimes, and this is again a large enterprise who is currently deploying this micro-segmentation technology and for them, you know, they don't have sufficient east-west protection within the data center. And so where Nuage comes in is ability to be able to provide security. There is, again, tied to the workload. And their environment is very heterogeneous. They not only have ESXi, they have a lot of bare metal. They have some KVM deployments. So they are looking for a common way to provide security for the workloads, regardless of what virtual machine type it is or what form factor the workload is. And it doesn't diminish the characteristics of those resources that they use because they provide certain advantages to using those resources. Absolutely, absolutely. I mean, a lot of the key workloads and data that they have, some of them are in bare metal, running in bare metal, right? So it's a lot important for them to be able to secure those workloads and do that in a way consistently because you have containers that may be communicating with an infrastructure service which is running on a bare metal, for example. So how do you do that in a unified way? And that's really where we come in is providing the single policy, unified policy and visibility in the heterogeneous environment. So that's an example of a micro segmentation, a traditional data center. Another great example, and we have lots of service providers who are offering this is our SDVAN service where we provide secure connectivity, but more than connectivity, but also providing visibility and analytics. So they can look at all the communication from the branch, not only to other branch locations, but also to workloads in the cloud. SAS is a great use case, local internet breakout to these cloud applications. So we provide security there. And again, we have service providers who are offering this as a service. I mean, we have announced several of them, BT Tellers and several service providers that are offering our SDVAN service. And just a couple of days back, we announced the SDVAN 2.0 where we are providing security, providing visibility, enabling value-added services beyond just connectivity in an SDVAN environment. So those are some of the use cases beyond a single siloed environment by encompassing public cloud on from data center, but also more importantly, connecting workloads from branch to data center as well. So the last thing I want to do is I want to ask you one quick question about the relationship between, or the evolving relationship between security, models, architectures, SOCs, and networking architectures, models, and NOCs. And many people saying that they should be separated. We tend to think that that's a bad idea. But talk to us a little bit about how the evolution of security and networking comes together, especially as we think about both of them starting with analytics, understanding, having a discovery and remediation pallet so that the networking telemetry is informing security, the security telemetry is informing networking, and you get a reasonable, high quality response no matter where you are in the organization. Absolutely, and you spot on. I mean, essentially networking and security combined will give much better value in terms of use cases, protection, but also detection and response. And Gartner has been preaching this in adaptive security architecture, which is really around, you know, using, you know, having a prediction model, which is baselining based upon telemetry, based upon other sources of intelligence that you get, and using that to drive protection. And just because your workload's a protector or micro segmented doesn't mean that attacks would not go through. You know, it's not a matter of when you are, you know, whether an attack happens or not, but it's really when you are attacked. Well, we've discovered that bad guys are patient. Absolutely, and they'll continue to find new ways to attack it. And so it's not just about prevention, but also using the intelligence sources of data in the network to be able to detect and then take an action. Really, this has been referred by Gartner and other, and in the industry as sort of adaptive security architecture, which really requires a mindset change from sort of this incident response to a continuous response model, right? And we think that software- Driven by analytics. Exactly, and analytics is really the core of this because analytics helps drive policies, but also helps detect new types of attacks. So really, network has a very key role to play here because network is the source of truth. You see a lot of these attacks that are manifested in the network, and we can use this data, we can use MindThisData to be able to better prevent but also detect and respond quickly to these attacks. And again, the change in mindset from sort of an incident response mindset to continuous response mindset all built upon this rich analytics that your network provides. Hari Krishnan, Nuage Networks, talking about the relationship between security, networking and multi-cloud. Thanks very much for being on theCUBE. Oh, thank you. And once again, this has been a CUBE Conversation. I'm Peter Burris. Thank you very much for listening. Until next time.