Transcript
Matt Sack: Hey everyone. Welcome to our latest Hash It Out session. I am Matt Sack from Virtru's Partner Team. I'm happy to have a good friend, Austin Reeder, here to talk about what he's seeing in the market in terms of Google Cloud, Microsoft, privacy, and Austin, I'll let you introduce yourself, but I'm particularly excited to get you in here today just because, not only because you're a fantastic consultant when it comes to cloud security, but also because you've already been on the customer side of things. So, excited to hear what you've seen there, and also in your new role. I think it'd be great if you could just start off a bit and talk about your background, and talk about what you did on the customer side of things as it pertained to Google Cloud, Workspace, and privacy, and then how that's parlayed to what you're currently seeing in your current role at SADA.
Austin Reeder: Of course. Thanks for having me, Matt. So Austin Reeder here. I'm a workspace specialist or really a productivity and collaboration specialist over at SADA Systems. I've been in the cloud space for about 10 years now and I started my career over at Dish Network, so one of the things that was really exciting that I've been able to work on was that transition from Office 365 over to Google Workspace as well as the encryption software and some of those ancillary third-party software is that come with it in order to kind of fill any sort of feature gaps during that transition, but really excited to be here. I've been outside for about two to three years, so, coming from the customer side, I've been able to kind of facilitate some of those interactions myself and I'd love to just dive a little bit deeper and see what we can uncover today.
Matt Sack: Yeah, I think it's great to have you here and great to have your background. I think what I'd be curious about– I don't think we've actually ever talked about this. I know you came from Dish and I know you oversaw a migration workspace, which would just love to hear a little bit more about that experience, and particularly how did Dish come to the decision to migrate over to Workspace and particularly what were their biggest roadblocks when it came to privacy security compliance, and how did you guys get to the realization that Google could help you meet those challenges.
Austin Reeder: Great question. So I want to say that the journey to get to that point was really the hardest part. Conducting an evaluation to ensure that it's meeting expectations across the board from the business unit to the legal teams, so completing that due diligence was really one of the hardest parts and some of the decisions that we had to make were around whether this was a culture fit, right, for the organization. So some of the things that we were considering top of mind were collaboration. We knew that we had organizational silos and we wanted to be a little bit more lean as well as have a little bit more collaboration, horizontally, at the organization. The other thing we were looking into, of course, is security is top of mind at an organization that's 26,000. I think they're close to 30 at this point. we need to ensure that there are no vectors for actual filtration and so that was top of mind as well. And then the third thing, as I mentioned, was a culture for it, is this the direction that our organization wants to go. We saw a lot of the younger population exploring around with features like sheets and docks when they're in college and kind of using that freemium service really getting used to it, and so really checking off those three boxes was essential for moving forward.
Matt Sack: Yeah I think a lot of the customers that we speak with— a lot of them just don't even realize that they can meet a lot of their most advanced privacy and compliance requirements in Workspace. Was this something that you all knew about? Did you feel like you guys understood the full breath of Google's privacy and security and cloud collaboration capabilities when you entered that evaluation process? Or as you kind of started, looking at those products, did new features come to light on your end?
Austin Reeder: I think that one's kind of a trick question, Matt, because Google's constantly iterating on their products, so I feel like the moment you read up about something they already have, a new release or something new out there, but to really kind of reel that one in, I would say that no, we didn't fully understand what we were getting ourselves into as it relates to, really, the organizational requirements for security and how Google could or could not kind of fill those gaps for us. So, I think during the process, there was a little bit of kind of uncovering, you don't know what you don't know on those large projects, and so one of those components was the concept of encrypting data in transit or at rest whether it's an email or a file share; that was something that our legal team brought to our attentions as we kicked off the project.
Matt Sack: Gotcha. Yeah and I think it's cool that now you're on the other side of things. Now you are working with customers similar to your old employer, to kind of help them on that cloud migration journey and I'll just say, and my many years here at Virtru work on partners, I've never met a partner seller who seems to understand so intuitively the privacy benefits that Google Workspace brings, so love to hear a little bit more about kind of what you're approach is like when you start to talk to customers and start to guide them on that journey because one thing in particular that I think you do a really good job, explaining to folks is Workspace Client-Side Encryption which it, as we both know and a lot of folks out there understand now, it's a new feature that Google has put out that makes it really easy for their customers to choose third parties other than Google to manage their encryption keys. So that's something that we obviously work with many of our customers on and many of our partners like SADA with. Would love to just kind of hear a little bit more about how you start to introduce these concepts to customers because I think they are not necessarily the easiest for customers to understand, but they're definitely things that we hear more and more folks asking for, and it's, what Google's doing is a stark contrast to Microsoft's approach. We think Google's being a lot more open, a lot more innovative, a lot more secure when it comes to cloud, collaboration and privacy, just curious how you've been talking about this with customers and how you're seeing it resonate in the field.
Austin Reeder: Great question. A lot to unpack there as well, Matt. So, when we start to talk about security and privacy as a whole, Google really kind of takes the cake as it relates to a solution that you can purchase at pretty much a premium rate compared to what's out there from a point solution standpoint and get the full gamut of tools that you're disposal. Now, one thing that Google does a little bit differently than some of the Microsoft in the world is they're kind of moving away from this big brother type of stance, and I don't think that they ever really had that. If you look at where they initiated the platform, they were this digital native starting in the cloud, really building out through that collaboration motion, relying on things like redundancy, and ensuring that collaboration is top of mind. And I think that they've really stuck to their guns as it relates to that concept with that decentralized level of running a lean organization, trusting your employees with the right configuration to be productive and you see that with client-side encryption. Really, what I mean by that is they've moved away from that idea that, at any point in time. Google could look into what's going on in the organization, data mining, right? We see these things in the news about privacy and organizations kind of maintaining their own data. Well, part of that is a confidence level or confidence score, and the thing that Google's done to make this really easy with client-side encryption, is that if you're going to encrypt this data and transit, you're going to send it to a third party. They're allowing you to do so in a way where you can use a third party tool or you can manage your own private key store and that's really where Virtru comes into play, right, so if you're going to start to leverage that client-side encryption functionality with Google, essentially what they're saying and in the simplest form is we don't want to look at the data. We don't want to touch the data and we'll show you that by allowing you to manage your own keys versus on the Microsoft side. In contrast, there's really an element of key management that seems ambiguous to the end user. You're having a handshake agreement that your data really is not being touched.
Matt Sack: Yeah, and we've heard from customers who have approached Microsoft with the same challenge and Microsoft's answer, generally is, why don't you bring encryption keys and then give them to us Microsoft and we will then use those keys to protect and encrypt your data, and that really doesn't suffice because that'd be like If I said, hey Austin, here's my car keys. Please don't go into my car. It just isn't quite what customers are looking for and I think Microsoft has some other options out there that can circumvent those privacy challenges but then they tend to compromise ease of use. And so I think what Google's doing with client-side encryption, partnering with us at Virtru is just really really progressive and it's really catering to what customers want. So I give Google a lot of credit for understanding that when it comes to key management in the cloud, it's really just about customers not wanting to trust any third party provider with their keys. So, it's great to see how this has been picking up and we touched on, obviously, key management and privacy but are there other blind spots that you think companies just generally have when they're developing their cloud strategies?
Austin Reeder: Absolutely. I think that the first blind spot any organization has with the technology challenges, looking at the business and the change that comes to the business, and so I think change management is going to be top of mind or needs to be top of mind with any of these types of conversations. How is this going to affect the end users? And I also think that's where a lot of these conversations start. What do the end users need? And so you ask me about how do you start to uncover some of these needs? And I think that's a good segue into this talk track, and I think that one of the main things that we do that's really great is having regular touch points with our customers about the never-ending roadmap iteration, right, so we meet with our customers on a quarterly basis. We released that roadmap, we tell them what's coming as it relates to clients that encryption, we get them excited about these features , but we also apply them to their needs and say, hey, this is a feature that you've mentioned in the past or maybe you've mentioned a problem at the business in the past that we feel that this feature will apply to. So we typically start to use applied knowledge during those sessions to talk about things like client-side encryption and security.
Austin Reeder: Now, one of the things that is a red flag for me, any conversation with a customer, is really just understanding if they haven't had any sort of conversation with their legal and compliance team, as it relates to the technology that they're using. The legal and compliance is definitely a spot that we want to take a look at. In the sense of the Dish migration, our legal team brought it to our attention that we were actually using ITAR and EAR data in certain pockets within the organization, and so I think compliance is a great place to start. The business is a great place to start. How do you need to use this but also what are your external parties doing? And I think that that's something that we've started to ask questions about recently. How are you collaborating with third parties? How much control do you have over that data? What are their requirements for collaboration? We have a lot of coexistence going on in the market, where customers want that other partner to use the same software as them so that they're compatible, and so interoperability is something that we're really probing about, because as a business, there maybe needs to be a level of coexistence. How do we support that as a partner, right?
Austin Reeder: And I think that Virtru has come into play in a really strong way for those types of situations. All three, when we talk about the legal and compliance, about the business use case. Of course, the security posture is going to be top of mind but I think that's typically the conversation we have with the IT teams, with the technology front. It's really just understanding, like, what the entire business needs as a whole, and I think that between our roadmap sessions and QBRs we've been having with our customers, we really challenged them to bring those individuals, people from those businesses, from the legal teams. We need to start thinking outside the box as it relates to technology, and I think we need to start addressing the organizational needs as a whole, involving that Chief Operating Officer, right. Not just creating decisions, or having conversations that vacuum and making decisions in that vacuum. So I think we're really kind of being pioneers in this space as it relates to challenging our own customers, and I think that we've started to see more of an outcome-based model result, where we're really talking about investments in a way that can protect an organization while empowering them to be productive at the same time.
Matt Sack: Yeah, and I think that sort of level customization that you all provide. I think that's one of the things from SADA why customers are so pleased with you. Often, we think that the good partners are tailors of specific solutions based on a company's particular needs. The exceptional partners are going to also tailor that specific solution based on the needs within that company and all the different departments, and I know that's not easy, but I think you and SADA really understand that and it's been nice to watch. I mean, you're able to kind of figure out what each line of business needs, how they need those specific tools, but still reign that in and have it be streamlined and comply with what centralized departments like legal and compliance and finance need to see from them. So, I can testify that, I know that matters a lot to you guys, so it's been cool to see that in practice and I know you need to go get back and kind of serve those very customers that we're talking about. But one last thing I just wanted to get your take on it, I think as you know, a partner like SADA, you are responsible with advising on big, big platforms like Google Workspace but you also have to bring in other third-party solutions, like Virtru, other tools to help round out a business's needs. Just curious how you work with businesses to balance their adoption of these native cloud platforms with the need to bring in third-party vendors like Virtru. What's that process typically like for you?
Austin Reeder: Another great question. I think this is something that we are constantly exploring. We're constantly iterating on and I wouldn't say that there's a right answer to challenging this problem, but there are ways to balance, and I think that Google Workspace really, as a center point, has been very helpful for us as an organization and Google has put us in a good position because they don't take on a lot of challenges that they're not good at, right. They do this thing where they eat their own dog food, as an organization; they know what they're good at and they rely on things like collaboration and security and they leave the rest to point solutions.
Austin Reeder: And I think we've seen this right. Over time, yes, they're going to iterate on their product, but as you look at the roadmap, the places that they're iterating are very prescriptive. And so you can identify these areas where they want to point solutions to come in because they know somebody does it better. And I think that in this case scenario, it's a combination of allowing customers to take over their own data, over their own destiny. Having that level of confidence, that confidence score, from a security posture to, have a CISO give that CEO a thumbs up, knowing that they have a set and leave it type of configuration where there's monitoring and they have the ability to retract data and manage it. I mean, that is such a beautiful thing to see and you can only get to that point when as an organization or Google as an organization can make those hard decisions to say "this is what's best for the customer." And I think that that's really the question that we need to answer as we're going through these evaluations with products to let's put pressure on the system, right. We understand Google. We know how it works, so let's put pressure on the system. Let's take business requirements and apply them to the solution. And I think that we have a lot of great thought leadership sessions with our customers around that scenario of hey, you ran into a problem. Let's put as much stress on what you pay for as possible, and then we have the understanding of what's available in our alliance program or the third party solutions out there that plug and play, that work very nicely with Google. I mean, we know, every workaround in the book at the same time.
Austin Reeder: And so there really is a balance on what is best for the customer. And I do see customers cut corners and I do see them ask for workarounds, but at the end of the day, the ones who are really investing in the success of their organization, the ones that really do care about security, they are implementing the types of software, the types of features. They're configuring the software properly,. They're giving their employees ongoing training and learning on how to leverage these items, how to implement these items, how to make them better, and they're coming back to the table and they're asking questions and they're asking the right questions. And I think that that's so important. So, I'll kind of leave you with that because one of the best customers I can possibly ask for is an allowed customer who's asking questions because they're trying to solve problems and we're here to help them solve those problems. We can't do that unless they're asking questions and so that's all I can really ask for,right, is asking me the right questions. We'll give you the right answers. We'll tell you where to look, but we really do need that level of engagement in order to provide educated or pointed solutions.
Matt Sack: Yeah, and I should say as Virtru, we're both a partner side as well as a customer side so I can definitely validate that the engagement is super high and you guys, your expertise around Google kind of blows my mind at times. So, love working with you as partners, love being a customer of yours and really grateful for everything you're doing out there in the market. So, I'll let you get back to your day. Here, also would be remiss if I didn't channel our Chief Sales Officer, Bill Smith, and tell you how much we love the boilermaker shirt there. So Virtru is rooting Purdue, rooting for SADA, rooting for Google, and really glad you took the time here, Austin.
Austin Reeder: Love it. Well, happy to give a shameless plug for my boilermakers. Thanks for having me Matt. Really appreciate the time and would love to do it again.
Matt Sack: Awesome, thanks, Austin. See you later.
Austin Reeder: Cheers.
