00:00welcome to the 1/16 Z podcast I'm
00:02Michael Copeland and we are here at the
00:04octa world headquarters in San Francisco
00:06with ACTA CEO Tom MacKinnon and also
00:09joining us from Atlanta is VG possible
00:11Mannion CEO of pin-drop welcome both of
00:16you guys might not be familiar and
00:17hopefully you are with both pin drop an
00:19octave but you guys are security minded
00:21companies on and you approach things in
00:23in different ways honestly and so this
00:25conversation we want to focus on the
00:27trends you're seeing in security and and
00:29how you guys are addressing them
00:30differently for your customers and a lot
00:33of the focuses on the enterprise so so
00:35let's begin there but so I want to ask
00:38you guys security seems to be on
00:41everyone's mind these days but is it and
00:45have people really found sort of God in
00:48the wake of some really horrible
00:50breaches PJ what do you think about that
00:52all right so you know with a lot of
00:55these breaches I think fundamentally
00:57what comes to the forefront is the fact
01:00that security is a constantly evolving
01:02thing right the perimeter is constantly
01:06changing you had just your datacenter
01:08now you have the entire cloud to worry
01:11about you had individual devices that
01:13were purely used for personal reasons
01:16now they're you know used for everything
01:18other than personal as well and so the
01:21parameter is constantly changing
01:23what is defensible is constantly
01:26changing the attackers themselves are
01:28constantly changing so the fact is that
01:30you know each of these attackers have
01:32such a large area to attack you on and
01:34they've increased the sophistication of
01:36their tools and what's more is they're
01:38collaborating and they've trying to get
01:41through to you through a variety of
01:42channels be it the network be it the
01:44call center they're trying so many
01:47different things because they're
01:48motivated they well-funded and they
01:51clearly have a target to go after so
01:53it's it's a really hard battle and this
01:56is the reason you find a lot of these
01:59breaches happening a lot of you know new
02:01technologies when they get introduced
02:03without security paradigms in place they
02:05immediately break at the basic onslaught
02:08of a fraud stuff one of the things that
02:10we've seen it's the people that are
02:13chief security officers or security
02:14professionals or even CIOs their level
02:17of vigilance in their level of concern
02:19about this over the last 18 months is
02:21pretty consistent what's clearly changed
02:23is the people above them the CEOs the
02:25board they are all about security now
02:28and I think a lot of it is just some of
02:29these high profile vulnerabilities and
02:31attacks in the mainstream media right
02:33you get the CEO Sony's email on the
02:37and all of a sudden every CEO in the
02:39world is going how's my security right
02:41you get the CIO a target that loses his
02:45job all of a sudden every CIO is like
02:47what's going on in my security so the
02:50level of heightened awareness at the
02:51highest levels in the organization is
02:52different in the last year how do you
02:56move the dials in or twist the dials
02:59between kind of like that heightened
03:01sense and an urgency for security and
03:04then running a business and so Todd I
03:06know you know octa you guys go in and
03:08you know your your hope is that you make
03:11it easy for people to be secure but
03:12there's always this kind of tension
03:14between look we got operations here and
03:17you know what security can do yeah how
03:19is that conversation changed if it has
03:20and how do you guys approach that I
03:22think so the along with CEOs and board
03:25members and other people hire people in
03:28the organization wanting to have the
03:29security conversation it's changed for
03:31us that we are talking to people higher
03:33in the organization so business leaders
03:35CIOs board CEOs board members are
03:38bringing us into conversations and deals
03:40more that's happened in the past our
03:42product is really has really two
03:44different value props one is we make it
03:46easy for end-users the other is we make
03:48it more secure so maybe two years ago is
03:50more we're being brought in because it
03:52made it easier and now more often or
03:54being brought in because it makes it
03:55more secure often to from hire people in
03:58the organization yeah what we're also
04:01seeing is a globalization of the fraud
04:04function as these organizations are
04:05growing bigger and bigger you have
04:07multiple lines of business multiple
04:09folks who have you know who weigh in on
04:11the security state of the company and
04:14now we're starting to see the emergence
04:15of pretty solid global organizations
04:18that have pretty significant paws on
04:19deciding what are the tools they use
04:21across these different lines of business
04:23and that's an important thing
04:25if you don't have that you can be
04:27completely secure on one side of things
04:29and then the fraudsters will find that
04:31weakest link right and so the
04:33fundamental thing is since these guys
04:35are expanding their scope what we're
04:38finding is once we convince one line of
04:41business to use the solution often
04:43within the next six months we're finding
04:46that the entire enterprise buys an
04:48enterprise-wide license which is which
04:50all goes well for security companies as
04:52well as the security posture for these
04:54companies let's talk about that then how
04:57you convince lines of business or an
04:58entire company to take on this you know
05:01what some people will view as an extra
05:03kind of step or hurl or burden I mean
05:05how do you or maybe that's not the right
05:06way you don't have to convince them at
05:08all anymore but once you do convince
05:10them how do you make that behavior
05:12change or that shift so you know people
05:14do what they're supposed to do and that
05:16the at the end of the day the security
05:19works how it's supposed to work I think
05:21it's an uphill battle to try to get
05:23especially in the modern era of IT to
05:26try to get users to do something that is
05:28inconvenient or out-of-band I think that
05:31and what we see in our customer base and
05:33the prospect base that companies and IT
05:35departments try to do that are not very
05:38so the key is to find solutions that are
05:40make it easier and make it more secure
05:43right and it's not always it's not you
05:45you have to look for the right solution
05:47and you have to put some good design
05:49thinking into it a lot of times but I
05:51think it's just with all the options
05:52people have and all the devices they can
05:54use outside of their corporate endorsed
05:56framework and all the applications I
05:57think trying to put a step in there and
06:00just send a nice well-written email out
06:02to say use it because it's better for
06:03you it's just a losing battle so you
06:05have to figure out a way to make it
06:07easier like a simple example is a simple
06:10example is maybe you you have a it's
06:13it's more secure and maybe require
06:15stronger authentication but the
06:17information resource you get to when you
06:18go into an application is better so it's
06:20somehow better than the alternative you
06:22would have if you did your own consumer
06:24application off to the side so good IT
06:27departments and good companies I think
06:28are figuring how to wait and make the
06:30services attractive and more secure so
06:33if you follow this hygiene if you follow
06:34these protocols you get access to the
06:36like the full burrito intial
06:39however you want to say it yeah and it's
06:41a good enchilada taste good some crappy
06:43Mexican food that you're gonna feel bad
06:45after you eat it right yeah it's a good
06:52point right making security oftentimes
06:56before if you had something secure that
06:58was more secure it was a pain to get in
07:00right like that so making security more
07:03usable is is really really important and
07:06we see this too right in our case what
07:08we do is we protect call centers and the
07:11voice Channel from fraud the current
07:13state of the art is asking you a whole
07:15bunch of questions so you call into a
07:17bank and they ask you what your mother's
07:19maiden name what's your date of birth
07:20that takes a long while if you have a
07:22technology that can substitute for that
07:24and very quickly identify that it's
07:26really you on the other end you've just
07:29saved the customer a whole bunch of time
07:30you've saved the organization a whole
07:33bunch of time and you've made the entire
07:34experience wonderful so there's that one
07:37part right security paradigms that are
07:39more usable the second part of it is
07:41actually training and and doing this at
07:43a grassroots level right like when you
07:45get an engineer to code something right
07:48right now one of the key criteria is how
07:50how big of a scale of a system have you
07:53coded up right how performant is it how
07:55scalable most people when they talk
07:57about okay when we put the solution it
07:59shouldn't break as soon as we have
08:00hundred thousand users hitting the site
08:02right it's it's a it's ingrained in
08:04everybody's mind that you need
08:05performance scalable code what we need
08:08to do is add to that you need
08:10performance scalable and secure code
08:11right and that needs to happen at a
08:13grassroots level either to training or
08:16through you know getting individuals who
08:18are more security minded well let's get
08:21into your sort of philosophies about
08:22usability and ease of use and because
08:24you guys you know you go after different
08:26markets but and you approach things in
08:27different ways the v-j pin drop is is
08:29like you say voice recognition and I
08:31want you to describe kind of where that
08:32goes more broadly and then octa you know
08:35you guys have a sort of two-factor
08:37single sign-on view of the world but so
08:40talk to me about about how you guys
08:43approach design and usability and kind
08:45of where you would like to see it go as
08:47things progress the best example
08:50so another video your example of
08:53call-center not being asked for your
08:54mother's maiden name 50 times is great
08:56another good example that's right in
08:58front of all of us is the fingerprint
08:59reader on the iPhone
09:00I mean they've turned on pass codes and
09:03more people are have their phones lock
09:04now than ever before because they made
09:07it easier right you didn't have to type
09:08in that code and now they have a
09:09fingerprint reader I think that's a good
09:11inspiration and we take inspiration from
09:12things like that where it's like hey how
09:14can we make this easier for the end-user
09:16while at the same time making it more
09:17secure the other the other we think
09:21about that that trade-off or that the
09:23design challenge that goes behind making
09:25something more secure and more usable a
09:27lot of times it comes down to
09:29alternatives or competition and what's
09:31happening in the marketplace Apple being
09:34a good example with the fingerprint
09:35reader is that there's inspiration and
09:38competition where there never was before
09:39usually be it used to be that you would
09:41have a crappy Windows application
09:44running on the client and that was what
09:46you used and it come hell or high water
09:48now that you had now you have
09:49alternatives for other kind of
09:51applications the applications your
09:53companies provided have to up their game
09:54make it more usable same thing for
09:56security every website that does
09:58security well every website that has a
10:00good design your your company systems
10:02have to match that because there's a
10:04alternative and there's inspiration and
10:06that's we try to take inspiration from
10:07all the companies that are setting these
10:11yeah you guys use voice and like you
10:14said you secure call centers um what are
10:16you able to do with voice that perhaps
10:19we weren't even thinking about five
10:21years ago all right so you know even
10:24before you know talking a little bit
10:26about what we do it's just you know
10:28what's happening in the world right like
10:29as the world is moving forward the kinds
10:32of interfaces people are using is
10:34changing pretty rapidly so you know
10:36traditionally I mean you can you can see
10:38this at a place like CES where you know
10:41you have the Smart Watch smart belt
10:42smart ring smart everything right and
10:44the reason the smart is that they're
10:46able to understand what you're saying
10:48they don't depend on existing interfaces
10:50like the keyboard right imagine a Google
10:52glass device outfitted with a keyboard
10:54that you had to type into that would be
10:55a horrible future to be a part of right
10:57instead you speak to the device and it
10:59immediately determines what you want to
11:02so as these interfaces changes there is
11:06to define that security from the ground
11:08up and this is a little bit of what
11:10we've spending our time on right which
11:12is we're trying to make sure that when
11:14we see these voice interactions or these
11:17voice devices we can add a layer of
11:19security trust and identity to that in
11:22order to make sure that that transaction
11:24is indeed coming from who it's you know
11:26who it's coming from and so we look at a
11:27variety of things right we look at your
11:29voice we look at the device that you're
11:31coming from and you know the fingerprint
11:33that's inbuilt into it through a variety
11:37we look at things that your voice is
11:38doing emotion duress urgency there's a
11:41whole bunch of these things but
11:43ultimately all of that goes towards the
11:45fact that we can do all of this in the
11:46background and ultimately leave the
11:49customer a great experience you back
11:52into your Smart TV say I want to pay my
11:54AT&T bill there's a bunch of companies
11:56that are going to figure out you know
11:58what you said and what to interpret it
12:00our role in that is to decide that it is
12:03indeed coming from you because it might
12:05not be an AT&T bill that you're paying
12:07it might be you trying to turn off your
12:09burglar alarm right right you want to
12:11know is that is that Michael saying on
12:14that burglar alarm off or is it you know
12:16the fraudsters just broken through your
12:18window right right right
12:19or even it sounds to me like you're
12:21heading in the direction or I'm at home
12:23and and there's something bad person
12:25standing next to me saying tell the
12:27burglar alarm to turn off yep and you
12:29might be able to sense that I mean that
12:31is that is way out in the future right I
12:33mean ultimately a goal is to provide
12:36that layer of security trust and
12:37identity we want to be that platform
12:39that does that so as these new exciting
12:42interfaces come out right Amazon rolled
12:45out eco Facebook bought with dirty AI to
12:47- you know integrate all its messaging
12:49with voice Google has Google now on its
12:52nest thermostat as these interfaces
12:54emerge we think there's a great
12:56opportunity to essentially change the
12:59security battlefield by setting the
13:01right you know paradigms in place Todd
13:04how do you guys think about that
13:05expanding kind of world of things and
13:09and data to secure does it shoot it all
13:12again kind of fall under one one single
13:16sign-on kind of paradigm or or how do
13:18think about octa octa is about building
13:22a system of record or a graph that
13:25connects together a logical connection
13:27of people applications devices and
13:31organizations and the idea is that once
13:33you have that system of record then you
13:36can put the right policy on top of that
13:39group of connections based on the right
13:41context so for example if you are
13:44logging into one application that's just
13:46a an application that doesn't have very
13:48much sensitive information you can do it
13:51from the road from a public Wi-Fi but if
13:53you're logging into a financial
13:54application a more sensitive application
13:56for work you must have strong
13:58authentication you can only do it from
13:59certain networks that's an example of
14:01context and policy but you can only do
14:03that in a centralized feasible manner if
14:07you have this system that that that octa
14:09is that actually has all those
14:11connections and knows which applications
14:13are sensitive which users can get to
14:14what your applications which devices so
14:16that's what it's about so if you expand
14:18that out to not just phones and tablets
14:20and computers but if you expand that out
14:22to any you know the nest the nest
14:24thermostats or any kind of device that
14:26might exist on the Internet of Things
14:28our point of view on that is that those
14:30are all important but they all relate
14:31back to a user some way it could be for
14:34example in the enterprise it could be
14:35assets it could be you know yeah these
14:3710 steam shovels which don't exist
14:39anymore but my point maybe it's a museum
14:42of steam shovels yeah but it for us is
14:46all about it's a it's getting back to
14:47the person and ultimately it's gonna go
14:50back to a person the person is going to
14:51want to consume the data or understand
14:54where that asset is and that's why we
14:57think that having that logical map all
14:59the way back to the person is very
15:00valuable speaking of people it seems
15:03that most of the sort of high profile
15:06hacks that we've been reading about and
15:08talking about of late at the end of the
15:10day there was a person who or people who
15:12didn't do what they were supposed to do
15:13there was all these warning signals and
15:15they were ignored how do you help make
15:20people better at security and you know
15:22and you know maybe it's removing them
15:24from the equation which seems like a
15:26tough thing but how do you approach that
15:28alright so I think you know given them
15:32massiveness of organizations and and the
15:35scale at which these organizations are
15:37go growing right I mean we see slack
15:39which has so many millions of users now
15:42and you know has done that in the last
15:4424 months so as these organizations are
15:46growing you know distributed
15:49geographically have a variety of
15:50networks I think you're always going to
15:53have people slipping up you're always
15:56gonna have networks breach so I think
15:59right the one thing that see source as
16:02well as security folks within that
16:03organization have to figure out is what
16:05is it of importance that they're
16:07defending and make sure that you know
16:10once someone gets on a network they
16:12don't have access to the entire kingdom
16:14right so I mean it's it's I mean if you
16:16look at octa right after does Network
16:18authentication to a certain level and we
16:20do authentication on the call center if
16:22you cheat I mean like we keep getting
16:24worried about ok breaches into the
16:27network right someone got access to our
16:29network but look at the call center
16:30right in order to get access to the call
16:32center all the fraudster needs to do is
16:34pick up the phone and speak to a call
16:36center agent right that tells you how
16:38easy it is you should look at the
16:39network exactly like that it's that
16:42getting access to the network or getting
16:44access to a person within an
16:45organization is really really simple for
16:48a motivated fraudster once you make that
16:50assumption you then start deciding
16:52within the system how do you protect the
16:55keys to the kingdom right yeah I think
16:57it's similarly to what Vijay was saying
17:00I think that you you have to be able to
17:03define the parlance in the security
17:06industry is least privileged right so
17:08you give you you make sure you give
17:10every person lease privilege possible so
17:12no one has a bunch of privileges they
17:15don't need so if they get compromised
17:16they can't be used to take advantage of
17:18a problem with leased privileges is hard
17:19to do it's much simpler to say you know
17:21why we have this firewall we have this
17:23perimeter or anything inside that it's
17:24copacetic we can bless it anything out
17:26that is bad but when you start breaking
17:27it apart and say well all the services
17:29are in my data center people are roaming
17:31around then it gets harder and trickier
17:32so just the basics making sure people
17:35only have access to what they should
17:36have access to making sure that when
17:39people change functions that gets
17:40updated it's it's not it's not a simple
17:42problem but that's some of the basics of
17:44the access if you look a lot of these
17:46is these these breeches it was very
17:50basic things that were used or problems
17:53that were used to take advantage of
17:55these networks or these systems and
17:56there was just simple stuff that wasn't
17:58it was the administrative access on a on
18:01a Hardware monitoring system that had
18:04public internet access right it was you
18:06know the employee that hadn't used their
18:08account and was used to login to when it
18:10should have been shut down a long time
18:11ago so just it's almost like the
18:12housekeeping of it all and making sure
18:14the least privileged access is the first
18:16step because I agree you're not you're
18:18never going to have perfect perfect
18:21human compliance it's just impossible so
18:24if you just define really what is
18:26important you know you have a way to put
18:27least privileged access and then you
18:29have a way to actually this is an
18:30important one you have to put in systems
18:32to to monitor and understand so you know
18:35when you've been breached
18:36just knowingly you've been breached
18:38without you know will allow you to react
18:41much quicker and minimize the damage
18:42some of these attacks
18:44they've been breached for months and
18:45months and months right they didn't know
18:46I really found out because some
18:48contractor came in to do some work and
18:49said what's this massive log file that
18:51shows everything being exfiltrated off
18:53the network so it's like it should have
18:57been caught sooner than that right and
18:58and something done about it in which
18:59case you know and in many cases nothing
19:01has been done and until the worst
19:03happens do you feel like customers and
19:07just you know the enterprise at large
19:10has a sense that look the bad folks are
19:12already inside or or are they not there
19:15yet or should they be there for that
19:17matter yeah I think you know whoever we
19:19talk to makes the assumption that
19:21they've been breached
19:22they've been breached they have to have
19:25great monitoring systems to understand
19:28the extent of the breach you know what's
19:29what's going out right and then the
19:32second part of it is you know deciding
19:35you know what is important to defend
19:37right if you have a database of emails I
19:42mean of usernames and passwords that's
19:45important that's you that's that's
19:46that's you know everything that you have
19:48about all your customers and so you need
19:50to protect that very very carefully the
19:52only problem is you know companies are
19:54growing this rapidly that they forget to
19:57stop and think about this
19:58and I can talk about it from just
20:00personal experience right we're growing
20:02massively how often do I get into a
20:04meeting where my engineers are saying
20:07you know what we need to be careful
20:08about the security of these boxes when
20:11we roll out a VM with our software and
20:13you know with call sensitive calls we
20:15need to be careful about that we do that
20:17very very aggressively but you know I
20:19would want more of that to be done right
20:21you you when you're growing at the rate
20:23at which we're growing it's always a
20:25question of functionality versus
20:27security and you need to figure out a
20:30balance between making sure things are
20:32as secure as you add functionality what
20:34we see is that that like earlier I was
20:36talking about the CEO board level and
20:39then CIO sees two security officer we
20:42see that the CIOs and the chief security
20:44officers they understand that that
20:47they've likely been breached in they're
20:48very into monitoring and so forth senior
20:51level people see more senior than that
20:53ceos boards they their mindset is we've
20:56never been breached we're not one of
20:59these four companies you've heard in the
21:00news in the last six months we've never
21:01been breached right how do we never be
21:03breached right so a little bit as you
21:04know the communication starts because
21:06those CEOs and boards are so interested
21:08and now it's up the CIO and the chief
21:11security officers to have that
21:12conversation where they explain hey you
21:14know we're spending a couple million
21:15dollars on this monitoring service but
21:18because we may have been breached but
21:20not not we're not sure anything's been
21:22done so it starts that conversation I
21:23think it's healthy for the whole
21:24industry what how do you shift that
21:26mindset from like we've never been
21:28breached to those people on the inside
21:29understand that you probably have to
21:31then setting policies and procedures
21:34that can kind of keep up I mean Vijay
21:35you talk about how you're a fast-growing
21:37company and there's new kind of
21:39scenarios every day so Todd if you're
21:42setting policy how do those policies and
21:44I'm just thinking about an approach that
21:46companies can use to be flexible enough
21:48and kind of reactive or foreseeing
21:51enough to to build something or a build
21:54of mindset that can account for what's
21:56gonna come next I think the key is kind
22:01of like the government has you know so
22:04different levels of classified they have
22:07super classified and like double
22:08super-classified and only the president
22:10can see it and then they
22:11things that are unclassified I think
22:13companies need to have that kind of
22:14framework maybe not that formal but they
22:17have to define what's super sensitive
22:19lock that down in a way that's
22:21commensurate with the sensitivity of
22:24information and then think of it like
22:26concentric rings outside of that the
22:28things that aren't a sense it's incitive
22:29or classified be more flexible be faster
22:32but at the end if they get that risk
22:34reward right they can I think take the
22:36appropriate amount of focus and care for
22:38the super important things the secret
22:40sauce and for things that aren't as
22:42sensitive can be faster and more
22:43flexible and maybe take more risk right
22:45okay yeah I mean I think the important
22:47is thing is to not be reactive but to be
22:50proactive about a lot of this and to be
22:52you know really clear about what you're
22:54defending like I remember this incident
22:55we were going on to do a POC with this
22:57particular client and just after that I
22:59mean we were well on our way to get the
23:01POC sign and just after the target
23:03breach happened that POC just got
23:06completely locked down they said we're
23:07not doing a POC because we don't know we
23:10don't want to give any data and was
23:12completely not sensitive data that they
23:14were working with right that's a
23:15knee-jerk reaction is one to this one
23:17too far right so it's it's it's like
23:19this wildly swinging pendulum that goes
23:22one way here and when you're doing when
23:24you're trying to do everything what ends
23:26up happening is it seems so onerous that
23:28you you know you're like okay we're not
23:30gonna win this we're not gonna take care
23:31of it and then you go all the way to the
23:34other extreme saying oh we've spent so
23:35much time and we've we've got so little
23:38to show for that we're now you know
23:40going to change back to being an agile
23:42functional company and so you keep you
23:44know moving between these things and the
23:46idea is to always find the right balance
23:49are we gonna win this or is that even
23:51the right question to ask I think so the
23:55way I think about it is do companies and
23:58organizations take advantage of
24:00technology to make them more effective
24:01so that's winning I think that if you
24:04think about winning is not zero breaches
24:06I think winning is moving your
24:09organization forward and that means you
24:12know taking some risks in some areas
24:13guarding things and being very slow in
24:15other areas and figuring out the right
24:17another thing we haven't talked about
24:18which is interesting might be a whole
24:19other podcast but it's the the role
24:22regulation hasn't all this we're talking
24:24in fraud but there's not a big question
24:27mark companies have especially
24:28internationally which were the regs what
24:30are the regulations right and what do
24:31they mean and are they even applicable
24:32and that's a whole another variable when
24:34you think about what to lock down and
24:35what not to lock - well we are gonna do
24:36another series if I get some regulation
24:38I can tell you that but yeah like you
24:39say disclosure like who gets to know
24:41what and when and what are the sort of
24:43liabilities and one of the requirements
24:44is by the way that drives as much board
24:47concern and CEO concern as security does
24:49interesting we will definitely revisit
24:51that as a as another topic Vijay what's
24:53winning yeah I mean I think you know the
24:56one thing is that the fraudsters are
24:59constantly changing but the nice thing
25:01about what we have here is the platforms
25:05are constantly changing so the
25:06battlefield is constantly changing right
25:09you have new and newer interfaces so
25:10there is really a chance to build
25:13security up from the ground up right we
25:16keep forgetting to do this and we keep
25:17calling it a cat-and-mouse game it's
25:19really not a cat-and-mouse game right
25:20it's a I mean the the fraudster is not a
25:23mouse right like the cabin mouse game is
25:25traditionally that the mouse is so weak
25:28that you know the cat chases and catches
25:30him and then lets him go that's really
25:31not the story right it's a cat and dog
25:33game dog your cat you're trying to catch
25:35the dog when you're a cat right and so
25:37it's a particularly hard thing and by
25:40virtue of what we're seeing is more and
25:43more organizations are becoming more
25:45holistic in the way they look at things
25:47not only look at just the network but
25:49look at call centers located across
25:51because the fraudsters are not saying
25:53I'm only going to attack you on the
25:54network side and then they're also doing
25:56collaboration right that's also really
25:58important right once you collaborate
26:00with other organizations what happens in
26:02one organization definitely affects you
26:04we saw this in the anti Dropbox leak
26:07right like everyone said Dropbox had
26:09been compromised but what these
26:10fraudsters had done had figured out
26:12username passwords at all these other
26:14breaches that actually worked on Dropbox
26:16so so you're no longer just one entity
26:19so when I talked about line of business
26:20and being able to be cross channel
26:23across these different lines of business
26:24I believe that organization should look
26:27across themselves and collaborate and
26:29contribute and that's the only way you
26:30can get you know you can win and you
26:33know winning is is a relative term it's
26:35you know how do you manage to do all
26:37things that you need to achieve in the
26:39next year or so without having you know
26:42without giving away the keys to the
26:43kingdom you guys are building the future
26:47of security and I just want to get a
26:50sense from you and maybe it will be
26:52invisible right things will be secure
26:54Internet of Things all these devices we
26:55have will be secure without us knowing
26:57it but what does that future start to
26:59look like from a user standpoint and
27:01from a C so sitting in a large
27:04enterprise I was just thinking you know
27:08just because there's been bank robberies
27:11forever we never got rid of money right
27:12I know I think it's I think it just as
27:15part of the environment I think the more
27:17we embrace technology the more people
27:21organizations got value from it the more
27:23they'll invest in it there'll be some
27:25malicious attacks and we'll have to deal
27:28with those and it'll be kind of a
27:29constant thing I mean bank robberies
27:30never go away they get they change and
27:33we get better at them that's it's kind
27:35of good to be with us I think for a long
27:37time I think that the I mean I think
27:40that the security technology will get
27:41better I think the fact that in somewhat
27:44of an ironic way I think that the world
27:46is becoming the fact that the world is
27:48becoming more mobile and more cloud you
27:51know something that you use the term
27:53earlier or v-j about attack service and
27:55increase attack service that is true but
27:56I also think we have a ton of more tools
27:58that we can use to secure the circular
28:01surface I mean the fact that we all have
28:02computers in our pocket now in terms of
28:04authentication a simple example or
28:06fingerprint Raider in our pocket gives
28:08us a tremendous tool to make things more
28:09secure while at the same time giving a
28:11bigger attack surface so because we have
28:12mobile apps you know they're running on
28:13all these devices with tons of data so I
28:16think it's kind of an evolutionary thing
28:18and I think that again you know I just
28:20when I talk to people a lot I just say
28:22listen you know just don't lose the
28:25opportunity to embrace some of this new
28:26technology and move your organization
28:28forward because you were so scared and
28:30so risk-averse for everything that you
28:33had to lock it down I think that's you
28:35know in that that is a that is a real
28:37risk I'm sure there are companies up out
28:39there right now losing opportunities
28:40because they're locking things down yeah
28:41yeah and they wish for the old days
28:43where was all literally like you know in
28:45servers locked into a room someplace and
28:47yeah yeah we're not getting rid of money
28:49we're not getting rid of credit card
28:50there's gonna be fraud but you've gotta
28:52move forward yeah yeah I think I think
28:53you know we have to just change the
28:55mindset that this is something that we
28:57need to do right there's no way we can
28:59not do it and somehow stay secure
29:01right so it's almost like breathing
29:02right like the question is can you stop
29:04breathing and still function well like
29:06you can't right you have to have
29:08security built in and and we have to
29:11start realizing that what we're
29:13considering breaches is also going to
29:16constantly change right with the
29:17Millennials the amount of stuff they
29:19post on Facebook and Twitter that would
29:21have been considered a breach right like
29:23they voluntarily voluntarily give all
29:25that information like my parents would
29:27consider that a breach of privacy yeah
29:32it's it's it's been giving that so so
29:35then the question is once you have all
29:37this information out there is that what
29:39an identity really is if I compile all
29:42those pieces of information does that
29:44make Michael Copeland
29:45no right that's where the security
29:46companies decide you know through
29:49authentication more clever
29:50authentication how do you determine that
29:53this is really Michael Copeland right it
29:55just can't be because of the fact that I
29:56know your mother's maiden name or I know
29:58when you were born right that clearly is
30:00not you I'm wondering why you know my
30:02mother's maiden name because we met just
30:05ancestry.com ancestry.com have a great
30:12Vijay Todd thank you guys so much that's
30:15great thanks yeah we're definitely
30:16follow up and talk more about this but
30:18you know we'll use your security tools
30:20too and hopefully be more secure yeah
30:22absolutely really appreciate the
30:24questions they were very insightful