Thank you be. And welcome again. In fact, you, we have been here before me, so to speak in this session, Oliver and Paul, and right now, as Beth already said, and you already mentioned those in your talk. I just wanna discuss some of the points a little bit more in detail that you already touched. And I think we, we are facing a fundamental transition of the way we are working these days, which also means we are facing a fundamental transition of the way we need to protect device and what we need to accept. And, and I think you brought up this point that remote uses are creating risks and factually what you ended up with is it's not saying you can't do it because we need to do it to enable work. It's saying, yes, you need to support it. And so I think the first step apparently is knowing what is happening there. And, and so, so what is your take on, on how to gain visibility and, and control into the environment with a mobile workforce where, and everyone is working with a company, all device where you don't operate within the parameters. So what is your advice on that wants to start, Paul?
Shall I tell that Paul?
Yeah. Sure.
So, so thank you for the question. I, I think when you are, when you look at the authentication process between the user and the device and the application, every time that you are accepting that connection to be established, you are updating your corporate asset inventory for which users and which devices are connecting to what applications. And that's a level of granularity that many organizations don't have today. So by putting some basic controls in there, like MFA as a, as a starting point, which can be done, you know, in, in, in, in with certainly within a day for many applications, sometimes within an hour, that simple step, which is transparent to the user, it's a friendly interaction. It, it gives you a huge step in visibility, which continuously updates for your user base, your device, your asset inventory, and then obviously the granularity around which applications are being accessed. And I'd have one more thing to that. As we, as we transition between staff and legacy applications, and we live in a hybrid world, how do we manage policy in a consistent manner across both, both those environments? I think that's a, a great question that we've been asked,
But, but what you were saying factually, the access is the, the touch point where you can control everything. So when the users are accessing, you can track for device, you can enforce the strongest education, the multifactor education, you can apply policies. So this is in fact the touch point we, we need to look at because that's where we really can gain control.
Yes, a absolutely. And I would add to that, that it, it actually makes your on-premise environment even more resilient. So although you might put it in place for your remote workforce, when they're also in the office, you end up with a higher level of control and visibility. So it's, it's a great solution for both sides.
Apparently you shouldn't do it only for remote access. I believe.
Absolutely. Absolutely.
Wouldn't, wouldn't be very smart. I, I think that also shifts us to you didn't touch it much, but at the end of the day, I think basically what, what you're, what you're saying is we need to think in a, in a manner where some call it zero trust or whatever, you'd like to call it, where, where we say we have devices and we have services and we control access from the user to the device, to the service, regardless of where, what runs. So don't, don't think in trust on premise or cloud as, as two totally different things, which leads us to another question. So why is the cloud so important in that context of what we need to achieve here, how we need to enable our workforce?
Yeah. So I can, I can say that one Martin, I think, I think examples that we've both talked to is around the simplicity and also speed the need to, to roll out services very quickly to thousands. If not tens of thousands of users, we we've been able to see that happen because the solutions are engineered from the cloud. You know, the cloud scale out model, the availability model, the coverage, but then the simplicity of thinking about the user side of actually onboarding so much of that onboarding is done at a user standpoint. It could be as simple as a link that, that a user clicks to subscribe it and get onto the service. So it's hand in hand bringing security with simplicity and the scale that's needed. I don't think any of us realize just how many users would need to go and onboard in recent times and, and as quickly as they have, but cloud has kind of been a savior.
Many guys may be collaboration may be security as, as two great examples that, that we've seen and just kind of a lead in from that previous kind of question as well, around security and, and protecting the user. I think one other aspect that we've seen is the ability just to be able to see what applications a user is actually accessing, and then kind of give, give that a risk rating as well. I think anyone that's managing security wants to be thinking about, you know, what, what, what are the users accessing? And is there a risk based on some of those applications, because ultimately there's been a, quite a free reign of people using various different applications to collaborate. And then we wanna understand, you know, is that putting any risk to the corporate based on the data that's being shared as well? So that, that also is something else that we look at
And, and it brings us back factually to this point of policies apply control, and that is what we need to do. And I think you're absolutely right. We are using far more cloud services. If you look at the, the uptake of whatever Microsoft teams of zoom of Google apps, these days are a lot of numbers out there. The cloud use has been, has experienced the massive increase. And, and it's interesting. One of the, the early videos I did myself on, on which measures to take right now, one of the early videos, interestingly, was about saying, okay, there are few things you need to do, but the one thing is MFA. So you usually infrequently can enable very, very simple, and you can make a huge step towards more security because also with all the Corona related phishing attacks, for instance, fishing becomes far more difficult if there's more than just a password, apparently. So that is one of the points apparently to consider an MFA solution. But which other points could you bring up to to say, why should everyone, anyone consider an MFA a solution? And maybe also you can look at a little bit about at what you can offer beyond pure MFA touch points, which go beyond MFA.
So thank you, Martin Martin, for the question. So, so we, we fundamentally believe that understanding who the, which users are connecting to your organization and making sure that it is that user establishing trust that you have that user connecting to your organization is very much table stake. It's the, it's the basic, the basics of security in order to do that in a way that it is really easy for the user in order to do that without with whilst taking as little data from that user as possible. So respecting privacy, and by the way, from a, a privacy perspective, I know data residency is a key issue. And so duo and, and, and the Cisco clouds both have German data centers and, and presence within the EU, not just United States, but we see MFA table states because, you know, having, having seen so many red team activities in, in my previous life, you know, we, we used to hunt the, the devices, which were unpatched.
We used to, you know, go after those devices because they were away for us to, to go, go naturally to escalate privilege. And so fundamentally it's not enough to be establishing that the user is who they say there are, you have to look at whether the device is compliant with the policies you have around, you know, your versions of software and, and all the rest of it. So for, for us, it's kind of those two combined, but then doing that in a really easy manner so that the user doesn't have to go and learn many new capabilities, they receive an email, they can self enroll, and you can, you can just roll these solutions out in hours. We've, we've seen it happen during the last three months where organizations have gone from, from literally nothing to, you know, multi-thousand organizations enrolled within hours. And, and that's not just one integration that could be five, 10 different applications integrated within a day.
Our customers don't believe it, but it's, it's, it's, it's very funny when you, when you see them at the end of the day one, they, they can't believe the progress that can happen. And that's down Martin to the cloud integrations. It's down to the APIs, it's down to the documentation on top of all of that is, you know, people are saying, do I need, do I need a traditional VPN? If you've got these kind of Sam based applications, can you just set up a reverse proxy and, you know, go down that route. So that's what some of our more leading edge clients are doing. Most organizations are focusing on user device and the user. How can you establish trust in, in, in those two?
Okay. Paul, do you wanna add something here?
Yeah, I think the key thing here is, is thinking about the layering of capability. So as OIE was talking about the MFA piece, there was still many customers that, that have gained benefits in adding that, and didn't really have a full capability rolled out previously, I think from an umbrella perspective, you know, having a service out there since around 2006 in protecting users are now hitting around 200 billion requests a day. I think what we've seen is, is, you know, protection of, of corporate based devices and assets, as well as non corporate. So devices that are accessing the internet, you know, directly from, from our consumers and obviously a consumer solution as well. So we've been protecting across all of those different areas. So I think it goes back to that, that basic of basic level of hygiene, you can do things to protect. As soon as someone connects to the internet, you can think about identifying them through MFA type solutions and ensuring there's the right posture of the device.
So again, evolving the type of device and looking at that device. Yeah. We can look at the types of applications the users are using and making sure that, you know, inherently they're secure. So I think it's, it's a step by step process. I wouldn't say you have to do all of them in one go, you can take it one step at a time, but because they're cloud-centric capabilities, it means that a customer can make a risk assessment and decide what they need to do first to, to get the best, you know, experience for the user to get that access, you know, to keep the business running. I mean, our objective here is to ensure the business is running successfully and our users are secure. So I'd say, you know, think about that layering process. And we're just adding some capabilities into those stages.
Thank you, Paul, and all over. And Paul are close to the Analyst, this interview Analyst session. So in one sentence, one, why do Cisco umbrella in the short sentence
Do, and Cisco can accelerate your transition to the cloud, enable digitization at speed and ultimately reduce your threats, your, your risk as you do that across a hybrid environment. And I would say that there's a huge Cisco announcement today. This evening as the us comes online with Cisco live. We can't talk about it now, but anyone interested that will be free to air later today.
Okay. Thank you.
And, and from an umbrella perspective, I'll just say it's a very simple and effective way to block against existing and future threats. So I'll keep it as simple as that.
Okay. Oliver and Paul, thank you very much for your talk and for the insights you provided that interview on back to battle.
