Ep 27 | Securing NATO's Future: Secure Collaboration in Multi-Domain Operations

Transcript


[VAUGHN]
Alright. Welcome to Hash It Out, hosted here by Virtru. Today, I'm, joined by Joel Bilheimer from Pexip, who's the CISO of Pexip Americas.

And I am Shannon Vaughn, I'm the general manager of Virtru's federal practice. Joel, good to see you, buddy.

[BILHEIMER]
Good to see you too, Shannon. [VAUGHN]
Yeah. I think we're gonna have a fun conversation today. So, the title of today's conversation is on secure collaboration and multi domain operations. We will definitely get to that. I think, you know, where this conversation first started was, you know, we we we kept finding ourselves in the same room over and over, found out we had a lot of similar customers and prospects. And what they realized is it it really was a better together story. So, you know, Virtru, we're we're a data centric security company that offers a platform that you can serve up, data in a truly z t manner. Pexip, I'll let you describe, but the way that I think about Pexip is it's a very sexy, quick, easy, clean interface for doing unified communications. But I'll let you do it. You work for Pexip.

[BILHEIMER]
I'm gonna I'm gonna forward that over to our marketing department because that's that's gorgeous. Yeah. So Pexip, we are a a video conferencing company. We are mostly a business to business or business to government company. We tend not to focus on the consumer side, which is probably why most of your viewers probably haven't really heard of this. But if you are in, you know, government communications, you know, certain specialized industries, military, financial, health care that specialize on highly, highly secure video conferencing, then then you probably have actually heard of us. If if you've been around the industry, we were actually born out of one of the the splits from the Tandberg Cisco merger way back in the day. One one group branched off and formed a different company, and then this group formed about 12, 13 years ago. So one of the things that that sort of sets us apart, we are entirely software based. Video conferencing traditionally tends to be hardware based, and then there's sort of a cloud portion of that. But we've always been entirely software based. And so we can deploy into, for example, air gap environments, which is which is pretty unique, in the industry. And, of course, we can hyperscale, you know, Azure, AWS, Google, Oracle, whatever you want. So that's that's who we are. That's what, we're a Norwegian company. I am based in the US. So I will say y'all, and I do not apologize for that. And, and yeah. So, just following what Shane's been saying, you know, we've been working with Virtru for a couple years now, I think. And, and we're really, really excited by that collaboration and and what we can continue to do.

[VAUGHN]
So as I do find I do find it interesting, you know, both of us have customer bases on both sides of the Atlantic and and kind of elsewhere. You're focused on this side. I am as well. Your guys' US headquarters is in Herndon, Virginia. We're in downtown Washington, DC. So tell us, what is that differentiation? What what is your role within the PEX of America's team, and what is that traditional target market?

[BILHEIMER]
Yeah. So, I'm the my official title is is that I'm the CSO, but, essentially, that just means I'm the guy that gets brought into all the meetings to talk about, security and, more specifically, why you should use us as opposed to something else. So, I'm I'm the guy that hopefully gets over the hurdles. If, and I'm I'm sure you can relate to to that kinda situation. My my answer is always or my when talking about these things, I always like to say that security is not actually a hurdle, because, you know, I've been in government. I've been an ISSO and an ISSM. My I always saw my role as not saying no, but trying to figure out how to get to the right yes. And that's what that's what I try to do now, and that's what we as a company try to do. We try to get you to the right yes. And so, you know, that typically would mean a customer base that is focused more on frameworks, that is compliance, GRC, you know, those types of things where there are certain baseline requirements that must be met, and then there are certain requirements that can be met in a number number of different ways. And sort of working through that, figuring out what makes the most sense, whether that's, you know, a policy decision, whether that's an application layer issue, whether that's something that can be handled by a network situation that, you know, we don't necessarily deal with but we work with. You know? And I I know that that's a lot of what you guys tend to focus on too is trying to parse out what makes the most sense in terms of allocating those types of resources both internally and externally.

[VAUGHN]
So Yeah. I I think I think that is spot on. I think the other thing that, both of our companies align on is that we are security companies at the end of the day, but as our CEO likes to say, we're almost a user experience company. Yeah. And the reason why is I've never met an end user that likes doing added layers of security. Right? Nobody likes doing the extra clicks. What we wanna do is we wanna get into your existing workflows and make them secure. Right? So unified communications is obviously what you guys do in your bread and butter. How do you make that a a seamless, actually, I'll frame it a little differently. How do you make it seamless specifically within a air gapped environment, a customer like that who who doesn't really expect them to be able to have a good user experience while operating at a much higher security classification than they're probably used to?

[BILHEIMER]
Yeah. So that's that's a really good question. And, you know, obviously, different customers will meet you at different points on that spectrum. Right? There's there's some that, you know, they wanna build their own solution, their own front end, their own back end, and that's great. And fine. You just use this as an engine, slot us in. I think probably to be to be honest, I don't think that is a the majority of our customers aren't really there. They they want us to to meet them sort of in the middle at the very least. And, of course, we do have some that, you know, just want a SaaS type offering, which obviously isn't necessarily air gap, but we do have, for example, a a FedRAMP offering and and that kind of thing, and we do operate in sovereign clouds. But we understand those environments. Right? So, you know, in some cases, we come from those environments. So traditional things, whether those are application issues, whether they're business logic issues, we try to push as far towards the customer space as possible. So for example, things like licensing. Licensing can be a real problem in an air gap environment when, you know, it's day 366, but the mission hasn't ended, you know, that that kind of thing. So so coming up with sort of creative ways to to deal with that kind of problem as well as, of course, the technology that that we're using. So so one of the things that that we figured out a long time ago is we are never going to be able to answer every one of those questions. Right? We can, you know, put the technology together and the engine is rock solid and and the interface is great and all those things, but there will always be, for example, a permission stack that we won't have visibility to. And this is obviously some as you very well know, these are the conversations you and I have had many times. So, one of the things that that our basic architecture incorporates is a notion of both internal and external policy hierarchy, You know? And that I won't say that was before John Kenderbag created 0 trust, but, you know, it was it it it aligns with that timeline, you know, because that would again, that was just an architectural decision that the people who created the company or created the technology said, you know, we can either build something that answers all these questions or we can let the customer make those decisions.

[VAUGHN]
Yep.

[BILHEIMER]
And by by pushing it off, it opens us up to so many more possibilities. Right? Because we can start to introduce layers of granularity of access of, you know, compartmentalization, for for, you know, mission based, issues, things like that that on our own, we would not be able to create.

[VAUGHN]
Yeah.

[BILHEIMER]
But by say, you know, combining with with Virtru, and sort of, obviously, possibly educating customers on what they can do, then that turns the art of the possible of our engine into something that really sort of flowers and and becomes, you know, a much more integrated component to, to the overall communication or even, you know, business mission. Because one of the things that we see is we don't see ourselves as just a video conferencing company. We see ourselves because too often, and not just in our technology, in any application layer technology, it's here's my widget. My widget is the best. Now go deal with my widget and maybe my ecosystem, but my ecosystem doesn't talk to your system. My ecosystem isn't integrated. My widget, you know, sits out here and you have to figure out how that works. We didn't wanna do any of that. We wanted to slide in and be completely seamless, completely visible. So, you know, if you've got, you know, if you're using Microsoft Teams, for example, or, you know, you're using Zoom or Google or something like that, or you have a platform that you've built because you're a healthcare organization, or, you know, you're still using physical endpoints because you're a military organization. That's all fine. We can however you wanna deal with all that should be to the end user completely seamless because, you know, regardless of what form of communication we're using, we're sharing data. Right? And the mission isn't gonna slow down. So the technology that provides you the ability to do that should not slow you down.

[VAUGHN]
Yep.

[BILHEIMER]
And so that's where, you know, being able to take, for example, some of the things that you guys are doing and say, yes. You know, you don't have to change your platform for us. You know, just use us as yet another tool in your box, and, you know, we can make some really cool things happen. So, you know,

[VAUGHN]
Yeah. I think that's where, you know, our 2 companies that have, you know, come together is, you know, being able to to leverage, you know, a unified comms capability that our common customer bases are are using, Pexip, and then a data security platform under the hood called Virtru, and being able to to centralize policy decisioning for 1. Right? So being able to have a common ABAC engine. Right? Being able to leverage, zero trust data format or ICTDF, to be able to make, determinations on who or what should get access to that resource or that piece of data. Right? A a a feed, has been really cool. What I would say is I think it's it's more cool, as we look into the mission partner environment space

[BILHEIMER]
Yes. [VAUGHN]
And the partners and allies space. Right? Because you and I both come from similar backgrounds, you know, in in the government. And it's it's it's always cool to say, hey. I'm at agency a, and I can talk to agency b. I still remember that day and said, wow. That was that was that was actually, fairly seamless, and it happened to be on a Tandberg system, believe it or not. What I will say is it's gotten much cooler where you can actually say, hey. I'm gonna go out and talk to my 5 Eyes partner or my other NATO alliance partner. Right? Because as I like to always remind people, if you go and read at least US service doctrine and some of our 5 I partners, you know, their service doctrine, they've all started to say the same thing. All future fights are joint fights, and that's not just army and marine corps coming together. That's United States and Great Britain coming together. Right? And so we have to be able to bring capabilities together to allow them to do what you just said, operate at the speed of war. Right? Because that mission is not gonna slow down. But I don't know, you know, if you wanna talk

[BILHEIMER]
to that. Absolutely. And and I'm totally in agreement with you. That's the most exciting or interesting thing about, you know, where where the technology is going and, hopefully, where the policies are able to catch up to where the technology is going. But yeah. So so for example, you know, we've got we've got situations where, you know, in a 5 eyes type of an environment, in, you know, an allied Europe type of environment, where a given mission may have, let's say, I don't know, 7, 8 different, national boundaries that are coming in to discuss that mission. For when we are sharing that information, whether that's, you know, in planning, whether it's, you know, actual kinetic sharing, you know, that kind of thing, everyone needs to be able to instantly do what they need to do, communicate to whom they need to communicate, whether that's a war room style thing or an ops center or, you know, you're you're bringing in humans or whatever it is you're doing. Yeah. But then as soon as that mission is over, you need to be able to ensure that national boundaries are still respected, that mission boundaries are still respected. You and so, you know, that's that's the flip side of the joint environment. Right? It's not everything to everywhere all at once. It's everything everywhere when I need it or Yeah. What I need where I need it is probably a better way to say it. And so a lot of ZT today, and I really, really wanna hear your thoughts on this. A lot of ZT today to me is, well, I put this device in, I checked the 0 trust box, and now I have 0 trust. Yeah. And it's like, yeah. That's not actually how that works. Because, you know, what we're trying to do is say, okay. Fine. You've done that at maybe a network layer. That's great. Good start. But or maybe you've done that on your desktops. Fine. Sure. But, you know, we need to now start to get to the way that we actually communicate as human beings. You know, it's talking, it's looking, it's, you know, it's maybe typing into a chat room, but being able to have all of those different things integrated and synchronized so that it's not just attribute attribute based access control, it's mission based access control where this conversation is today is parsed at one level. Tomorrow, maybe it isn't. You know, I've still got access to other things that are my normal baseline, but that you know, I'm not part of that mission anymore or, you know, maybe maybe we're gonna bring in the new ally. Okay. Well, now we're gonna elevate them so that they can do what they need to do, but they're not participating in other conversations. So that's that's what's really exciting to me. But again, well, what are your thoughts

[VAUGHN]
I think there's, you know, I think there's there's 2 sides to that. Right? So so one of them for me is, let's get rid of lazy data spillage. Right? So just because I was read onto a program, you know, 3 months ago because I had need to know, well, oh, sorry. The the person forgot to read me off. I can still access that thing. Well, that shouldn't happen. Right? You should be able to, plan against that. And that's one of the things that, you know, virtual platform does, very well. The second side to that is, you know, I like to say, I think there's 2 ways that communication happens. There's file based communication. Right? And this is a little bit of a virtual plug, but virtual data security platform, you know, we've got email, SharePoint, Windows Desktop. Those are all file based. Hey. I'm gonna create a thing. I'm gonna drop it into a SharePoint repo, or I'm gonna drop it into a s drive or email it off to somebody. And then there's real time communication, and I think that's that's

[BILHEIMER]
Synchronous and asynchronous. Yep.

[VAUGHN]
Yeah. That's unified comms. Here's here's why this relationship works so well, because the fastest way to get past that data spillage issue that I talked about in the first half is don't don't allow people to receive an email with somebody on the to line and go, oh, I didn't know they were read into project x-ray. So then they pick up the phone, and they call the guy and say, hey. You're in project x-ray. Guess what? You have a data spillage moment. Right?

[BILHEIMER]
Right.

[VAUGHN]
So you have to realize that there's really 2 different ways that people communicate, and you need to be able to protect in a data centric way both of them. Right? That's how you can enable mission while reducing, you know, data spillage.

[BILHEIMER]
and I'll give them a And that's the yeah. That's the exact reason why, you know, even though we we have a new Pexip and Virtru, the Pexip has a pretty good zero trust story to tell. I'm not a zero trust company. You know, I I don't I don't build that, but I also don't wanna be the barrier to that. I don't want you know, what I wanna be able to do is take what Virtru is doing and say, yep. You know, we here here's our APIs. You know, let's build that out. Let's let's put in what you need, you know, to start parsing that on, say, a per participant basis. Fine. So that it's not just, well, I'm a member of a company or a business unit, and therefore, I get all this stuff access. No. Like, we can actually get literally down to, are you allowed to have this conversation at this particular time from this particular location using that particular device? You know, like like, we can do all of those things. Right? And so, but it's not me doing that. It's it's Virtru. It's but I'm making your life easier, and, obviously, we're making the customer's life easier by essentially saying, you know, the same policies that govern email or or or, you know, your your SharePoint drop or whatever that is, those are the exact same policies that govern who you can talk to in in a synchronous or a real time environment. And, you know, I don't think that that is, you know, shrinking. I think that's growing. I think, you know, we are we are moving more towards, you know, whether that's, you know, holographic, you know, AR, VR type situations down the road. But I think, you know, real time is going to become much more prevalent even than it is today, which is a little bit for an old guy like me, that's a little bit difficult to conceive of. But, you know, so so that's that's where I I like to think we're at the beginning of this process.

[VAUGHN]
No. I I I think I think, I think you've said it well. It kinda gets back to actually what I said earlier. We're both user experience companies at the end of the day that do security things. Right? But, we do have to roll here. I told him we'd only go about 15 minutes or so. But last words, what what do you what do you think is, next up for Pexip? Where where are you where are you guys where are you guys going? Besides Yeah. Besides NATO Edge, we'll be at NATO Edge with you guys. But what where where are you guys going as a company? What what what's the next, kind of machinations in in

[BILHEIMER]
Yeah. So so, obviously, kind of the the the big story that any technology company has right now is what are you doing with AI? Yeah. You know, we we have a a really great partnership with NVIDIA, where we are we are starting to explore, you know, we we actually don't tend to focus on things like generative AI because it doesn't mean much to us. Yep. We're using more analytic g AI. So kind of where where we're starting is things like, live translations into again, this is something that does impact allied environments, for example, where where you've got native language, on both sides, and native accent or, you know, something like that. But, again, with those same mission controls, the same access controls that we're just talking about. So so that's kind of like Vanguard, but it is where we are now. But we're also looking at maybe expanding some of that into, for example, defect technology or anti defect technology, detection, using the engines that we've created both as processors, but also as sensors so that there's this recursive, maybe continuous analysis, continuous assessment, you know, confidence, concepts as as you're very familiar with in the ZT world. Yep. So, so so, yeah, some really interesting, concepts that that we're sort of playing around with there and, you know, really excited about some of the direction that might go.

[VAUGHN]
Yeah. I I think I think smart companies are starting to look at, you know, how do you plan for the future? You know, we've got some some very fun things that I think you'll you'll see, released, fairly soon around, secure analytics and confidential compute and some other some other stuff like that. But I think that'll be for a future hash it out. But, Joel, I wanna say thanks for coming on here today. As always, it's great, chatting with you, and I look forward to the next time we catch up.

[BILHEIMER]
Absolutely. Always great to talk to you, Shannon. We'll see you in NATO. Alright, buddy. See you now.