Wells Fargo & Company (WFC) Earnings Call Transcript & Summary

Next up, securing the future of work. Marc Rogers, VP of Security from Okta. Marc, are you there?

You guys have had an incredible run a late. Amazing watching you guys grow. Congratulations. So you're really the Head of cybersecurity strategy. That's a big role.

Yes. It's an interesting role. It's kind of a lot of future thinking, looking at how we're going to shape some of the things that we're doing, but also working with customers and looking at the security landscape to see what is the -- what are the lessons we can take away from it? And of course, during this period, where there is nothing but lessons. In fact, you could almost argue that you're drinking from the firehose of lessons. We come across new and compelling things almost every day. In some ways, it's been a strong validation that the model we advocate of identity-based authentication is the right way forward. And we're seeing companies that have already adopt these kinds of practices, they have already moved forward with their journey into the cloud thrive under these circumstances. Whereas other companies who were maybe perhaps a little bit behind with more traditional models are struggling to pivot in a hurry because everybody has been forced to work remotely. Workforces are distributed in a way that they have never been distributed before. And that makes access to the kind of traditional resources that you would rely on for work, even normal remote work hard to get access to. So those companies who have left it to this point are finding themselves starting their agenda for cloud under some of the most challenging circumstances.

Hey, Marc, you're a thought leader and practitioner, what makes Okta unique? And why should people look at you all?

So I like to think that we are at the very forefront, [Audio Gap] evolve and change the understanding of the [indiscernible] where argument about whether or not the network should be porous is almost negated by these new architectures. And Okta is right at the front pushing these architectures and evolving them. And many of our products already leverage these kinds of technologies. And I think that both puts us in a great place in terms of leading the market for what we're doing with this, but it also puts us in a great place to protect people.

Excellent. Stay with us, Marc, we'll circle back to you. I got Lakshmi. Lakshmi Hanspal, CISO from Box, is here. Welcome.

Hey, Hunter, how are you?

I am great. The last time we were together was at RSA in San Francisco. You always surprised me and how brilliant you are about your area, your space and business. What are your thoughts around the tension between innovation out there on the edge and how do you secure enterprise?

I -- my philosophy is very simple. Any areas of tension, whether on the professional, personnel front, should have a common language. So when we think about innovation as well as the ability to get it right, they have to have a common language. And sometimes that common language is that shared vision. What is the shared profits we are going after and sometimes the common language is risk, do we understand the risks that innovation can bring to the table and how do we build guardrails around the risk. So it -- I think there are many ways to address it. But ultimately, if the 2 sides are not seeing that shared purpose, then they are pulling in different directions, right? So how do we get there is first? And then how do we get it right, right? How do we get that together? And then how do we get it right?

What keeps you up at night in this current environment working from the home?

I think this current environment has not significantly changed what would keep me up at night in a way with scale or with velocity. But I do worry about workforce burnout in some way and how does the comradery and the team continuing to -- how can we foster comradery? Because there are -- if you think about the workforce that we have within Box, it's mostly young workforce, millennials. And it did thrive on some level of having that interaction, the constant interaction and not just the Zoom that we're in right now. But the nonscheduled meeting sort of interaction. So that's -- so workforce and how do we keep them inspired, but how do we also avoid burnout because someone's just saying, "Oh, I have some time, I'm just going to open up a laptop and jump through some tickets. That's not what we want. We want them to engage meaningfully. And then from a customer and partnership is what is it that we need to accelerate on now and be on point and make relevant for securing remote work with precision, like such as automation with machine learning and augmented intelligence. And how do we get there in a meaningful adoptable framework way, right? So -- and it's not so much that it keeps me up with fear. It keeps me up at night with fear, but it keeps me up at night with a lot of ideas coming my way or with conversations.

Excellent. Thank you. Stay with us. Next up, Tom Malta, Head of IAM Access Controls at Wells Fargo. Tom, welcome to the program.

Thanks, Hunter. Glad to be here.

Great to see. And thanks for jumping in. My understanding is you're a happy Okta client, is that right?

I am, yes. We've been using Okta now for about a year or so. And certainly, with COVID, the push of getting those third-party software as a service vendors, if you will, onto a common authentication and identity platform has definitely been paramount with COVID. So that push has definitely moved a lot harder. And also, as many of the panelists talked about, we got a lot of people now working remote. What was just a few months ago, 20%, 30% of the workforce, work on remote is now 80%, 90%, maybe even 100% in some companies. So making sure that you can lockdown those credentials, you know what those identities are coming in and out of the workplace is even more important nowadays.

Interesting. Anything really catch your eye in terms of new things, ban actors out there in this current environment?

The volume certainly has gone up, right, which I think everyone would agree, we're starting to see a lot of people hitting more, especially people working from home getting potentially phished or try to attempt sort of attacks, if you will, happening in the home network. But I think some of the technology that's now out there and some of the push, if you will, away from manual processes more towards automation has become very important, not that it always wasn't, but people aren't necessarily tolerant anymore. It take a longer time to get credentials provisioned when to sit at home. And so they want things to happen a little bit quicker.

Interesting. What keeps you up at night?

That's a great question. A lot of times, it's around hygiene, if you will, right? So making sure you got good hygiene in your identity programs. And what do I mean by that? Well, people -- when people are trying to onboard to a company, the managers are trying to get them the access as quickly as possible. And making all the phone calls, hey, Tom, I need this right away. But when that contractor or that person leaves the company, right. There isn't really a large impetus to get them off of the network get all their credentials removed. So I always worry about the cleanup, if you will, right? Are we getting all of those identities? Are we getting all the credentials removed and protecting the firm appropriately?

Excellent. How would you characterize your leadership style in the business?

For me, I'm definitely more laid backed. I try not to micromanage people. I come from a development background. So when I need to speak to the development team or I need to dive deep, I can. But I'd like to let people run with it, and I think many of the great leaders and panelists on the calls today would agree to that, right, just let people do their own thing, let them shine, give them some rope. And know when you need to pull back a little bit, but not try to let them along with it and see what develops.

Thanks, Tom. Great to see you, and we'll circle back to here in a minute. Next up, Jesse Bociek, he's the CISCO at DRIV. Jesse, welcome to the program. Good to see you.

[Technical Difficulty]

Okay. So give us a little -- a minute on DRIV. What DRIV is? And global nature, your whole scale that you secure?

Yes. Sure thing. We're in the automotive supply chain, right? So currently driving Tenneco, our still conjoint as Tenneco. And effectively, we provide automotive parts for most of the OEs in the aftermarket. We're about at 350 locations, about 81,000 people worldwide.

Interesting. What's your take on post-COVID? What are you experiencing now in the front line?

Well, very interesting. I'll share a couple of things with you. When the Asia wave was accelerating and we took manufacturing offline, it was first time, we took knowledge workers offline worldwide in preparation as well. And frankly, when the time came we did take 81,000 people out of the office and span up in just a few days. Thankfully, we had a reasonable modern endpoint already. We invested in collaboration and security platforms extensively prior to more product talk here, but we have a Zscaler private access platform and the full Microsoft O 365 stack. That put us in a really good position. Thanks to Jay. Thanks, [ Satya ]. When the pandemic hit, it was incredible how our employees responded. More importantly, how they technology-enabled their response, especially with the transition to new ways of working virtually. Ticket counts stayed roughly the same pre-COVID. Any the organization with this capacity, we quickly realized we can run the business and I see this way with the exception of the manufacturing floor. In fact, in a more and meaningful way, this doesn't downplay the nature of human interaction, but I find that we genuinely are interested in each other for maybe the first time ever. A challenge though came with an on the fly reevaluation of attack surface and ultimately our threat landscape. We are now a remote work-from-home company. And we had to secure our endpoints in an environment filled with Wi-fi, kids, dogs, distractions, trade and so on and so forth. So we immediately work to ensure that our endpoints were modern with Windows 10, on appropriate configs for firewalls, proxy, intrusion, AV, those sorts of things. And from there, we wanted to be able to patch and secure them with cloud gateways quickly and easily. So we were pretty quick to the order of that. While this was in place already, the reality was we wanted to certify that footprint and the position. And we did so. And so the rest is history now.

Excellent. Interesting. Thanks, stay with us, Jesse. Great answer. We'll go back at Okta. There they are. What are the biggest security challenges right now for remote work. What do you see out there?

So as other panelists have mentioned, one of the biggest challenges, there's just so much going on right now. In parallel to my role, Okta, I also run an organization called the CTI League, which is a group of professionals of law enforcement working to protect our health care during this pandemic. And we're literally seeing attacks coming from every country going to every country. Sheer volume is just staggering. And it runs to the full spectrum from simple phishing e-mails that don't even have attachments trying to extort things out of employees through to sophisticated pieces of malware being flown in employees. And then you combine that with the fact that all the workers are distributed, the ability to go to your IT department or your security department to say, I clicked on a battling calling something suspicious is going on, is now infinitely more complicated and you have quite challenging circumstances. That then finally, the icing on the cake is that people need to access sense of material in order to do their jobs. So they need to get into their companies. They need to get into their information stores. And then to do it securely.

Excellent. Thanks. Many CISOs have had their budgets cut. Any advice there, Marc?

Yes. Well, actually, one of the interesting side effects, I think, of this move to the cloud that's been driven by the remote work is that actually, if you're able to move a lot of your operations into things like cloud providers. You can leverage the investments those companies make and reduce some of the investments that you would traditionally have to make. So the days of having to buy traditional tin-based firewall appliances, et cetera, to go in and protect your offices are starting to fall away now. You can get almost all of the benefits for a fraction of the price if you leverage the right kind of cloud providers. So I think there are some great options for budget-constrained CISOs as a result of this. But obviously, there's going to be some initial paying upfront because there's a substantial change in working practices that has to be rolled out. And change isn't ever cheap. You have to do things to make sure that it gets done properly. I would just advise to avoid short-term savings and think about the long-term savings that you can potentially get by doing things the right way.

Thanks, Marc. And, Lakshmi, over to you. You're a cloud company, right? I've heard folks being concerned about having their documents in the cloud. Is it true or fact or fiction?

I think progressively, the comfort level is increasing, that cloud is initially secure. And this has been a journey, Hunter, over the last -- over 10 years. I mean there were times when cloud providers ask customers to bring your own blank, right? And you can fill in the blank with anything, bring your own key, bring your own web application firewall, whatever you need it, right? And now today, we're at a point where we expect providers to have many of this, to Marc's point, initially available in the platform. So each of the clients and customers can benefit in leveraging that investment that providers have made within that space, whether it's in resiliency, whether it's in trust, which is security, compliance, privacy or in other areas such as differentiated -- feature differentiators as well. So I do believe that the cloud now, we have come to a point where we can say is inherently secure. But there is a shared responsibility. There's a shared partnership between the provider and the customer. And that shared understanding that shares responsibility is very important. No one party can get it right, but both together with that clear understanding can make it highly secure.

Thanks, Lakshmi. Great job. Jesse, what are your thoughts on the implications of 5G for manufacturing and beyond?

That's an interesting question, Hunter. If I could sum it up, imagine if every single thing in your home today, right? The simple analogy of using the pizza account quite recently is connected to the Internet, right? This paperweight on my desk, the fan sitting in front of me. Like no longer behind my home firewall, which all the IoT in my house is now. But ultimately, facing the Internet directly, right? The surface area becomes my entire shop floor. Surface area becomes my entire ICS or SCADA environment. When we think about that general concept, that's the introduction, quite frankly. And ahead of that, we need to get because when the cost comes to bear on sensor-driven devices, and we can connect everything seamlessly. That IoT's life is going to go like a hockey stick. When that occurs, if we're not prepared from an investment perspective, we will be behind. You prepared to present anything that you have to the Internet directly and procure it as such, legacy systems, technical debt, old source code, all of those things will come to die in minutes as a result of that connection and interface. I simply beg the question for everybody to think that through. If you can connect your hairbrush to the Internet, is your hairbrush inherently secured? It sure should be.

Hilarious. Okay. Thank you, Jesse. Hey, final comment on leadership styles, Jesse?

In this day and age, I think servant-led with authenticity and sincerely. Quite frankly, I make mistakes all day long, and I leave my team in such a way where we empower them and everybody around us to think clearly about those things. We fail fast and we fail often and quickly raise your hand and ask for some help, I truly believe in that perspective. Authenticity is the word that strikes me every day.

Thanks, Jesse. Tom, final thoughts on the leadership style?

Just to say that I don't have to worry about the hairdryer, a couple of us on the planet don't have to worry about it, right? Yes. I think -- again, I think just let your people run with their ideas, right, cultivate it. I think it's okay to fail fast, right? I know it's an old term, but I think it's good to fail and you learn from it and you move on and pick up the pieces and for another day, right?

Excellent. Thanks, Tom. Marc, thoughts on leadership style?

Well, I am actually lucky, I'm taking a break from leadership at the moment, having transition from a CISO role into a sort of sole contributor role. But I do have to work now cross-functionally across all the other teams. So in some ways, I've got all the challenges of leadership without some of the benefits. So often, it's a case of leading by example and convincing people that my agenda is actually the right agenda to follow. But it's also a lot of empathy and understanding with the different teams that I have to engage with and work across, have their own challenges and work out how I can fit my needs into their needs so that we will end up working on the same page.

Thanks, Marc. Lakshmi, final comments on leadership style?

Plus 1, Marc, on empathy, plus 1 for Tom on the empowerment, clearly. But I would just add that it's okay to be vulnerable and appear vulnerable, right? And that makes it part of the -- I think authenticity, Jesse, you had mentioned, we are -- it's okay for us to be human and leaders at the same time in some way, right? So that's what I would say.

Thank you, Lakshmi. This is a great session. Thanks, Jesse, Tom and Marc, awesome you guys are fantastic and welcome to come back anytime. We'd love to have to engage in other virtual summits and in-person summits into 2021.