Video: Financial Services Resilience in the Post-Quantum Era | Duration: 3604s | Summary: Financial Services Resilience in the Post-Quantum Era | Chapters: Introduction and Introductions (17.535s), Resilience in Finance (137.285s), AI and Cybersecurity (440.025s), Resilience and Cybersecurity Priorities (1153.455s), Security Platform Capabilities (2197.75s), AI Security Considerations (2793.45s), AI and Security (3139.08s), Concluding Remarks (3417.4102s)

Transcript for "Financial Services Resilience in the Post-Quantum Era": Hello, everyone. My name is Farooq Sheikh. Welcome to our webinar. Today, we will talk about financial services resilience in the post quantum era. Next thing. I'm joined by Tyler Ray Andre for a fantastic conversation. Tyler, over to you for introductions. Yeah. Hi, everyone. Tyler Melton. I'm with Accenture. I'm the managing director. I lead our financial services security team. It's a pleasure to be with you all today. Trey? Yeah. Hi, guys. My name is Trey Guinn, field CTO at Cloudflare. I've been at Cloudflare for twelve years and work with, key customers, partners, and governments, helping them and advising them on their, cyber and, technology strategies. Andre? Hey, everyone. My name is Andrei Migia, principal solutions engineer at Cloudflare. I focus on our New York based financial services customers. Great to have have everyone here. Thank you, Tyler, Trey, and Andre. And just quickly introducing myself. My name is Farooq Sheikh. I lead a global insurance global financer business. As we get started, I wanted to start a little bit with getting Tyler's perspectives on what he's saying broadly, across financial services around the topics of resilience, post quantum readiness, and AI. As you may know, Accenture and Cloudflare are partnering to help financial services from modernize, with secure, resilient, and intelligent infrastructure. This partnership is intended to bring Accenture's deep industry expertise and consulting background along with Cloudflare's global network and cloud native quantum safe platform. Tyler, we'd love to get started with you. And starting off, we'd love to get you to share a little bit around the vision behind Accenture and Cloudflare's partnership and how it specifically addresses the evolving needs of the financial services sector. Yeah. Yeah. Absolutely. So the Accenture Cloudflare partnership is designed to help financial institutions modernize securely and efficiently by combining Accenture strategic expertise with Cloudflare's global network and security capabilities. We're enabling banks and insurers to adopt zero trust architectures, streamline compliance, and reduce operational costs. This collaboration addresses the sector's unique challenges, such as evolving cyber threats, regulatory demands, and by providing integrated solutions that enhance resilience and agility. Looking forward to building that partnership with you, Tyler. Across financial services, we continue to hear consistently about the need for resilience. Financial services being a critical industry seem to be very focused on resilience. I would start off with a very fundamental, very basic question for you. What does resilience look like for financial services in 2025, especially for firms that are trying to balance innovation, regulation, and systematic risks. Yeah. It again, certainly an area of focus for, FSIs and the regulators as well. So to to me, what it means, in 2025 means to be able to innovate without introducing fragility. Can you keep moving forward out making the system more fragile? It's about having a a secure posture that's proactive, where and and adaptive. Right? And operations that can withstand disruptions, whether that's from cyber attacks or regulatory shifts, of market volatility. Cloudflare's global platform, we believe, helps firms kind of always stay on and compliant even if that complexity of operating in a a changing global environment, grows. That's great. Thank you. Thank you for that, setup. As we think about financial institutions, we always think about how can financial institutions reduce the latency. How can they improve reliability, especially around mission critical apps? Right? Like, how do you see that playing out across the industry? Yeah. I mean, I I think there is an embrace of distributed and cloud native architectures going on that brings applications closer to the users with edge computing and, minimizing bottlenecks through smart traffic routing. So Cloudflare Edge Network enables us by accelerating securely or securing traffic globally and reducing latency, while ensuring applications remain highly available and protected right at the same time. We're seeing this very very fair comment, Steli, and we're seeing this across critical industries. Telcos, health care, FinServ, all the critical infrastructure providers are drifting towards the same need for, reduction in latency, improvement of prop performance, and increasingly focus on reliability. To the same effect, maybe you you didn't notice, hopefully, the open letter from, the CISO at JPMorgan Chase where he talked a little bit about the importance for resiliency including third party risks. Right? And this is kind of the the talk we had collectively across RSA last week. Wanted to get your perspective. How should, financial services firms think about resilience, including third party risks, including regulatory pressure, and including this whole transformation that we're seeing into this hybrid, multi cloud world. How do you see that playing out? Yeah. I mean, I think first lesson, you know, let me acknowledge some realities. Right? Third party risk managers come extremely, extreme focus area for, financial services and solutions. We've seen the digital supply chain, you know, create cyber risk within all of our institutions and clients. Right? So that's that's definitely an area of focus. And all of them are going multi cloud resiliency reasons. Right? So this is definitely the direction that I'm headed. So, you know, what what does resiliency mean in that context? What does it mean today? It means visibility into your entire digital supply chain, not just internal systems. So you need to look outward. Right? It includes managing third party risks, ensuring compliance across jurisdictions. Right? And building security directly into your multi cloud, architectures. Right? So together, CloudFront's ensure, can help firms unify policy enforcement, gain, centralized observability, and kind of meet of these evolving regulatory expectations we're seeing. Right? Yeah. All of last week at RSA, we had this conversation with multiple partners, multiple customers around end party resiliency. And depending on the company we were talking to, they had somewhere between 500 to a thousand SaaS providers. And, thus, we are kind of in the space of, like, how do you think about resiliency when you're dependent on these many critical providers and so forth. So I I expect there to be a lot of focus in this space in financial services and all the critical industries we talked about. Shifting gears a little bit, and I would love to talk to you about cybersecurity post quantum readiness. Again, similar to the resiliency conversation, this is a critical area of focus across financial services. Would love to start with a with a broad question, with a broad perspective. How are you seeing banks and insurers start to adapt their cybersecurity posture to defend against the the what we see as increasingly sophisticated and state sponsored in some cases and starting, kind of parts of the AI powered, threat vectors. How do you see that playing out, Tyler? Yeah. I'd say they're they're shifting from, you know, the old they're shifting faster from the old world kinda reactive manual defenses to more proactive intelligent data that automated security models. So this also means adopting things like zero trust, leveraging AI to detect anomalies faster, and then using platforms, like Cloudflare to secure, you know, using apps and APIs in real time. You know, with Accenture's threat intel and strategic guidance, it becomes a coordinated defense. Right? Not just a patchwork of tools. Right? When when we work together for our clients. This is it's very timely. Right? Because what we're seeing is both an increase in severity for hypergolic attacks and a and an increase in frequency. So just two weeks ago, for example, we had what I would call now our record high, you know, kind of hyper volumetric DDoS attack clocking in at five or eight terabits per second. And there was even a a bigger one that happened the same day that we are in the process of kind of formalizing a report on. And then if you think about as you know, the Cloudflare protects roughly 20% of the Internet traffic across the world. We saw an increase of roughly 26% just in q one alone across financial services globally where most of the financial services organizations are getting much frequently attacked by such, such activity. So, clearly, there's a big need for, cybersecurity and post quantum readiness in this space. As we shift a little bit to post quantum, we always like, inertia tends to be the biggest, issue or biggest, constraint, so to speak. Right? So and post quantum threats feel distant to some. It feels like you have to be in this era of post quantum chips and things like that to materialize before this becomes a real risk. Why should financial institutions act now? Like, what does the practical roadmap to post quantum readiness look like? Yeah. Before I address it, I'm I'm gonna go back and agree with you on a point about rising threats cyber threats. Right? We're in a period of great geopolitical tension. Right? And history tells us, we've seen it time and again, that cyber threats increase. Right? Attacks increase, more activity by nation states, more activity by activists. Right? So this is a this is a very, you know, you know, a critical time. In terms of post quantum, Trey, great topic. Right? Very we talked a lot about this last week at RSA. But, you know, FSIs we need thinking about the capability development timeline. Right? Quantum threats may not be here today. Right? Maybe we could we could debate whether it's, you know, you know, whether it's coming a month out, a year out, further. Right? Maybe you never really get there. But the data is at risk already. Right? And the adversaries can steal that encrypted data now and decrypt it later. So acting early is a key. Right? You know, a practical roadmap includes intertwining all your cyber or your cryptographic assets. Right? Testing, post quantum safe protocols and rolling out hybrid photography where possible. Also need to think about the regulatory and compliance timelines. Whether we end up with a part of gear that can factor, you know, you know, RSA ten twenty four next year or never, it doesn't matter because new standards are already out. Right? And that's triggered some adoption requirements in government and industry frameworks. Right? Seeing some of those around this. So adoption is becoming a hard requirement and the clock's ticking. So Makes a lot of sense. And how are they're gonna a little bit of a, kind of mentioning and highlighting some of the areas where Accenture and Cloudflare are partnering. How are you looking in this space, especially in terms of post quantum readiness? How are Cloudflare and Accenture doing more work together in this space? Yeah. I mean, we're doing a lot of, assessment work for our clients today, starting to get the plans ready. But together, right, one thing we love about the cloud solution, it's already embedded with post quantum cryptography cryptographic algorithms, It's a mouthful. Into its, network services. So it enables clients to experiment, transition safely. Right? So combined with our kind of strategic oversight program management. Right? We're helping institutions prioritize where and how to deploy, PQ protections based on real world risk. We're looking forward to partnering with you on that journey, especially given the focus on critical industries. So post quantum is a big area of focus at the same time, and I think you mentioned this early earlier, basically, zero crust both as a concept and as a practicality and as a and, increasingly, we talk about it as a journey, right, is becoming more and more central to our financial services customers. How does, in your mind, zero crust architecture support both the the the reality of financial services customers where they have a significant legacy footprint as well as the modern cloud, first or hybrid cloud footprint in a highly regulated environment? How can Zero Trust best support that architecture? Yeah. I mean, I'd say, you know, first off, you know, zero trust is a set of principles. Right? There there is no way, you know, one shot solution to it, you know, out there. But, it it's it's not about replacing everything overnight either. You mentioned it's a journey. Right? So it's about layering, adaptive controls across your existing environment. Right? And Cloudflare's approach actually allows to cure identity based access to both legacy apps and modern cloud services without back on all traffic. Right? So, you know, we can bring in our, you know, Accenture expertise, right, to help firms, you know, implement zero trust incrementally, in line with regulatory demands and operational priorities. Great to hear. Great to hear. And then I think we talked a lot about cybersecurity. We talked about the key kind of post quantum and zero cross two initiatives that are kind of underpinning that movement. I would love to switch a little bit and we kind of ten, fifteen minutes into the panel. We'd love to switch a little bit to AI and, specifically, what we're seeing across financial services in AI adoption as well as what's becoming critical, which is AI security. And we think we try to increasingly frame it as AI rails and AI guard rails. Right? We'd love to kind of, get your input on both of those, sites. So starting off with that auction conversation, starting off with AI rails, how are you seeing financial institutions leverage or think about leveraging AI either for decision making purposes, for fundamental business processes, like fraud, for example, through personalization? How are you seeing that come through? And what are the security concerns, that are coming, that are becoming associated with the AI topic? Yeah. So the AI topic is so fascinating. It's so many ways to go with it. Right? But the banks are and insurers are using AI to spot fraud patterns real time, automate risk assessments, tailor customer experience with precision, do additional, you know, analysis of data of customer data. All that comes with additional security challenges and opportunities. Right? So, I mean, you can think about from the Secure AI perspective where we go out and help clients, you know, you know, you know, in implement governance and standards so that they can, ensure the business is using AI securely. You know, it, it also means, gives opportunities for the security teams to be much more efficient automated by implementing AI and agentic AI, right, into into their, own processes and capabilities. You know, so it's important to secure the full AI pipeline. Alright. And that's actually a four level concern I see quite often these days. So it's it's both helping the business to the outbreak securely and then security using it as well. And then also, you know, lastly, know what the attackers are doing with with it. Right? What how are they using it? How are you defending against those threats? You know, and, you know, I mentioned regular regulation in terms of postpartum. It's also coming on, on AI. We're already starting to see it with some regulatory bodies issuing guidance around AI. Makes I always wondered, like, even with some of our customers, like, education around AI risks are is pretty fundamental. And whether it's, you know, prompt injection attacks or whether it's data act filtration issues and all that, like, just having that conversation tends to be eye opening because I think AI and the hype around AI is so focused on the productivity and the commercial benefits that it might have. But the risk side is a little bit, the risk conversation, frankly, is a little bit underweight. So really appreciate the the focus there and the bold double focus there, which is great. At the same time, like, I I did want to kind of maybe ask a question around the increasing power and sophistication of AI models. Right? That they're becoming more and more powerful, large language models, small language models, and computationally intensive and so forth. They're also becoming very opaque. Right? So as you're thinking about the other elements of risk management and security, whether it's data privacy, model risk management, model security, compliance, and others, how are you seeing the world of AI security evolve? Yeah. I mean, success. Right? What's going on? Continuous monitoring is also part of that. So if, you know, we'll we'll go right. So firewalling and and and and protecting the data that's going in those models is super important. Right? And then monitoring it for drift and misuse over time is also of major importance. Right? You know, you you you know, you need to secure the APIs and endpoints. Right? And you can do that with CloudWatch capabilities. Right? And using our AI governance framework over the top. Right? That'll help the our clients innovate with confidence while staying compliant, secure with the models. Very helpful. Very helpful. And maybe going a little bit more technical, we're seeing quite a bit of activity in this remote multiparty computational, space, and it's getting traction for more secure collaboration, for data analytics. How are you seeing this applied across, and the various customers in financial services, infrastructure requirements, scaling requirements, perspectives there? Sorry. Farooq, could you repeat that question? I cut out a little bit on my end. Yeah. No worries. I was, starting to think a little bit about remote multi party computation Yep. And how that fits within the financial services world, where you're seeing that getting applied from a AI workflow perspective, from a infrastructure requirement perspective, and so forth. Yeah. So, we're seeing, you know, multi party computation used for secure credit modeling, fraud, balance sharing, you know, even federated learning. So it's allowing institutions to collaborate on sensitive data, you know, without exposing it. To scale it, though, firms need, like, low latency and high trust infrastructure. Right? You you're perfectly suited for it. Yeah. Yeah. Definitely, like, an area of focus for us. So really appreciate the guidance. Yeah. Great. Now what I would love to do is continue to move forward and share a little bit of what we are seeing. Thank you, Tyler. This is very helpful, both in the review perspective and the partnership we are building here. We are very excited, and would I'd love to see many more of these over the next couple of weeks and months to come. Pivoting a little bit in terms of what we are seeing in financial services, we wanted to reinforce the concepts that Tyler and I just talked about around resilience, around cybersecurity, and around AI, On resilience as the the conversation was going, it was all about having the ability to provide the most resilient solution in the context of financial services globally that protects you from hypervolumetric data loss attacks that we talked about that are increasing in in frequency, but also reduces the single points of failure that the organizations and the companies as a whole have at the layer three, layer four, layer seven levels and, including some of the SaaS vendor versus SaaS we talked about. Increasingly, this is becoming a regulatory imperative, and we've seen geographies globally prioritize resilience as as pertains to critical industries, including financial services. And we're seeing this trend of resilience becoming either the number one or the number two priorities across large banks in The US, in Canada, in the European market, in UK, in Singapore, in Japan. Right? So this is a global trend for critical industries. Financial services is just one of the biggest critical industries that has brought us in that. And it's a area where we're doing deep amount of work across our client base, and we'll spend some time, with my with my good friends, Trey and Andrei, and dissecting what we're seeing in that space and how do we ensure and enforce some of the resiliency behaviors we're seeing at the l three, four, and seven levels as well as SaaS vendors. That's the big area of focus. You heard that from Tyler as well. We're seeing that as a con continued area of focus across financial services. The second trend, training in financial services that we spend a lot of time on is cybersecurity. And this is similar to some of the other critical industries, financial services that needs to be attacked like a nation state. Right? So you are continuing to see, the plethora of attack and threat vectors across financial services firms. You saw some of the critical financial services, organizations that impacted, later last year. It was treasury. Earlier this year was the OCC, and this is the central kind of regulatory bodies that are starting to get attacked by one or another form of cybersecurity attacks. And, similarly, the as I mentioned earlier, the DDoS attack activity against financial services firms have gone up by by a factor over the past couple of months. And we are seeing this emergence of, industry partnerships, whether it's the treasury, whether it's the FSI sect, whether it's the ARC, become coming better and closer together around threat intel, around threat hunting, around the ability to help the industry better protect themselves from emerging risks. In that context, you may have seen the recent, press release from Cloudflare around joining the critical provider program with the FSIS side and the continuation of the work that we're doing with Accenture and other partners to build a better industrial partnership and collaboration environment together. Thirdly, what I wanted to kind of highlight and focus on is the work we're doing in AI go and as I mentioned earlier, the AI rails and the guard rails, and we'll explore that further with my colleagues, Trey and Andrei, around what we are seeing in that space both from a risk perspective as well as from a developer, productivity and, agentic AI perspective. So with that, I would love to welcome my colleagues, Trey and Andrei, to the conversation as well as we move to the next slide. Trey, I wanted to, start with you on the next slide. Justina, can we move to the next slide, please? Thank you. Trey, I wanted to start with you on the next slide. Would love to get your perspective on how you think about resilience from a Cloudflare perspective and how you see that become critical for financial services customers. Sure thing. So, obviously, this is, as, you know, both you and Tyler mentioned, it's a major focus area for, for financial services. Resilience is absolutely key. You know, I think Tyler mentioned this as well. Is this is this sort of transition towards more distributed systems. Last week at RSA, we talked to some of the largest banks in the world and they're talking about having, you know, thousands of SaaS applications and their data is in more and more places. And so when I think about, you know, leveraging, you know, the way Cloudflare builds our network and how we deliver resilience, one, the first thing is actually just providing protections in a distributed way because customers data is in so many locations, it's in so many different providers providing strong DDoS controls and WAF, etcetera, stopping applications from being compromised. That in itself provides a significant amount of resilience. But then there's sort of there's two parts of this. One is how do you keep a financial services infrastructure safe and operating their data resilient, their operations resilient? And then if they're dependent on a provider like Cloudflare, how do you make sure that that provider themselves are, is resilient? And the focus really at Cloudflare side is to build this, very unique network where every data center can you know, every server in every data center can do any function for any customer. It's a very unique sort of combined architecture. But what that means, when I think about this when talking to financial services, is when it everyone's on this cloud journey, and I always ask them, when you think about making cloud services highly available, generally, are you going to, use AWS and Azure or and GCP, like, multiple hyperscalers? Are you gonna take the same application and try to run it in more than one location? Other than the most regulated banks, and the the most stringent, generally, they won't go to the extreme of trying that the complexity of running application in in multiple providers at one time. What they're going to be doing is looking at how to run an application in multiple availability zones. And so the long way to say that's actually how we're driving resilience in the Cloudflare network is we have we're in three thirty five cities, but this is actually made up of about 700 pops. So we're essentially managing 700 availability zones on behalf of our customers. So any server can fail, any data center can fail, links can fail, but this is a very, very sort of, resilient and self healing network, which means that one, we don't go down, and two, we can continue to stop the attacks that are gonna impact the operations of a bank like a DDoS or an application layer attack. That's that's great to hear. Andrei, you mentioned earlier you support some of our largest customers in the financial capital of the world, New York. What are you seeing on the ground that kind of resonates with our financial service services customers and the benefit of that network that our customers really appreciate? Yeah. As, as Trey already started covering, we see some of the same we see some of these same ideas be be critical to our customers. Right? Ensuring that there's that there aren't gaps between what what they might be doing with one cloud provider or another and then ensuring that that we're, that they're, again, getting that resilient and and secure experience. As one of those things that we see is that there is a spectrum. Right? So it's like the largest customers driven by regulatory pressure will put will put more of these high, highest criticality workloads on on the path. Okay. Having having maybe two of each types of, services. And then we see that ranging again as as you mentioned earlier, Farooq. It's like, this is sometimes making sure that your data center protection at layer three again, they they used to use maybe systems that warn us as a highly available as Cloudflare. So standardizing on our services or sometimes making sure that that there is a, that there is a well documented path for failover, to to our service from another. So there's there's that that we see. And, again, whether this is a journey in DDoS resiliency where customers are choosing a service that runs in 335 cities, whether this is layer seven application services, web application firewall, things where, again, not only is is there additional resiliency, but there is also also the power of the security that we bring into the platform from millions of customers that that feed into our our threat intel. That's, that that's and, again, it's a spectrum between depending on the regulatory pressure that customers see within is this a critical infrastructure type service where we, where we support customers? That's great to great to hear. As we move to the next slide, what I would love to do is hand over to you, Trey, a little bit of the opportunity to talk about the alphabet soup that is post quantum cryptographic agility. It's definitely one of those things that goes off the tongue easy. Right? So I would love for you to kind of explain to our audience a little bit what it is, why it matters, and why we are so excited about it. Yeah. Sure thing. You know, you guys just, chatted a little bit about this. Tyler, raised the one of the key points, which is the, harvest now, decrypt later attacks. But so just zooming way out, what is this? Right? We I've actually been in Cloudflare for twelve years, and I can remember when the Internet wasn't encrypted by default. You know, back in 2013, most websites you went to didn't even have the little lock. Like, and it was, you know, in your browser, you got a lock as a special thing when when you're on a secure website, and the rest of the time, it was just a normal website. That the the default has switched. Right? Like, we we've stopped displaying the lock. Now we display a warning when something is is no longer encrypted. We say this is very insecure, it should probably not be here because everything should be encrypted by default. So what we're seeing is across the Internet and in any sort of computing workloads is, is encryption, at rest, encryption in transit, and also, working now also encryption, like, while in use. So encryption is everywhere and it's all over the place, and there have been some pretty standard protocols used for that historically. RSA and elliptic curves were the were the the hot new thing about ten years ago, and they're and they're great because, they're fast and and very secure. But fundamentally, these cryptographic algorithms are based on this, like, math, like, math problems that are easy to go one way but hard to go the other. So RSA is really easy to understand. RSA is like you multiply two really big prime numbers together, you end up with a really big number, and factoring that back to the prime numbers is hard. Nice and easy. So that's that's how so much encryption works right now. This is sort of like one way math, you know, this math problems that are easy to go one way but hard to go the other way. And it turns out we now have quantum computers evolving. We're we're talking about, Microsoft's research, Google Willow, IBM, Chinese have some really impressive progress here as well. And we know because of a thing called Shor's algorithm, that as quantum computers, emerge, they will be able to break traditional encryption. So that's that's the big fundamental challenge is that these math problems that were hard to go back will become a lot easier. Sorry. A little bit more background than you probably wanted, but that's that's what we're trying to to protect against. But as sort of Tyler mentioned before, we can't just wait until, we can't wait to upgrade everyone's encryption until quantum computers exist because it turns out it's pretty affordable to just start capturing traffic today that is encrypted and storing it because because it turns out hard drives are cheap, and you can store huge amounts of data. And so and then when quantum computers come out, you can go back and and decrypt that at a later date. So this is the harvest now decrypt later attack. And so particularly for financial services institutions or anyone, you really have to think about the lifespan of your secret. Like, how long does the secret need to stay a secret? The case in point is, like, you know, if you're having a baby today and you wanna do encrypt their health care records, you know that in that per in that child's lifetime, a quantum computer is gonna come over about. So are you starting to manage their data in a post quantum safe way? So that's really the driver in the industry. And, getting into that, what do we have is, one across the industry, every sort of regulatory group and organizing body is making strong recommendations. And we're seeing those now trickle into requirements. And, NIST is even saying that we're having to sort of phase out and start deprecating, sort of legacy like RSA and ECC, you know, starting in 02/1930, which is not far away. We're talking about less than five years, and this is a big change. It has to be adopted, you know, across what is a lot more encrypted now because, you know, twelve years ago, when I started Cloudflare, we didn't have that much encrypted. Now everything's encrypted, so it has to be upgraded. Around the question of is this a is this an actual challenge? It turns out that and we can go look at radar.cloudflow.com. We expose these this data all the time, but 40% of the traffic we're serving is now going over post quantum safe cyber suites. So this is not some science experiment that doesn't exist. The last thing I'll say here, which is actually really relevant for, for financial services or probably regulated industries, is both, are not only is this a transition to post quantum, but it's really a transition to cryptographic agility. And that's the thought here is, this is not a one and done. It's unfortunately, this is we, you know, when we when we a lot of organizations are still transitioning from, like, TLS one to TLS 1.3. They run this big program and you're and you're done with it. This is actually about getting yourself the ability to be able to roll out different cryptographic suites as necessary. Because there's actually a a real challenge and and risk coming up where different sovereign nations are gonna start to require sort of sovereign cryptographic stats. And so we see a lot more regulatory pressure around specific cryptographic cipher suites in different locations. You really need to have that agility. So it's actually building a program that allows you to be flexible to these new cryptographic standards. Bit of a mouthful, but, hopefully, that was helpful, Farooq. I I appreciate it. And we are we are definitely coming out with shirts that say that. Right? The the piece that I always think about on, post quantum cryptographic agility is that this is essentially like, for anybody that, remembers y two k, like, it's a similar kind of a problem. Like, you have encryption all over the place. You need to kind of inventory the amount of encryption assets you have. You need to think through the remediation plans and pathways, the ground rules that you have to remediate faster than others. You have a very clear timeline, regulatory and otherwise, that you're working against. So I always think about this as, like, a big scale transformation and the kind of things, you know, our friends at Accenture do quite well, and that's that's the kind of basis for the partnership there. And then how do we get the industry to acknowledge and understand the issue and work with the industry collectively in partnership with our friends at Accenture to transform this critical, issue. Yeah. And we even have this idea of Q Day coming up. So that's the thing we're all getting ready for. So it's almost like, y two k. We're we're we're getting close to this. We're getting close. As we continue moving on, I would love to kinda bring Andrei, into the conversation around the security capabilities, security at the core, data assets, what we can see and and introduce into our products by virtue of the fact that we support more than 20% of the Internet traffic. Andrei, how do you see that the data assets and differentiation, threat intel, and otherwise? Great question, Farooq. So it's like as, I'm not gonna talk through the through the diagram, but it's like you'll see a number of data points. Right? So about 20 of websites on the Internet proxying traffic through Cloudflare. We, again, we in addition to that, it's like so the breadth of of customers who range from, again, the Fortune 50 to two fifty individuals at a at a smaller company, taking advantage of services to the one one one one resolver that, that helps us get additional insights, right? We anonymize those things, but they all feed into the platform, right? So that particular data, gets built into the products. Like I often talk to my customers about the managed threat intel service that we have as the most deceptively simple to implement because you do that once, then you kind of forget about it. But Cloudflare behind the scenes, right, we're taking all of these data sources, powering in, this data. So once you're on once you're on the Cloudflare platform, you practically forget about some of this because we take care of it for all the assets that sit behind Cloudflare. And in addition to that, it's like the bottom right that you'll see here, the Cloudflare, a Cloudflare threat intel. That's one area where the larger customers, will actually integrate with us into their source systems and other their systems to request from Cloudflare. Have have there been any any attacks that you're seeing across the Internet? And again, even even smaller organizations can can look at Radar and see is this something that we're seeing basically as a as a website, something that we're seeing as malicious or not. But, again, that's sort of like the the intro level to to what the power of the platform that we're building our services to to bake this into. That's great. That's critical. And the the Clerk Force one, like, some of the things that get really exciting here is Cloudforce one, which is relatively new capability that we're offering to our customers have. The the threat intel, threat hunting piece as well, built in. In addition to all the goodness that you have, in terms of the data that already feeds and and supports the platform, the DDoS mitigation, marks, email security, all the various cases, that we kind of help, make make for a better Internet, Air Force One sits on top and and then has a very proactive threat intel and threat hunting capability as well. So that's exciting to see come together. As we start to kind of move towards the next, slide, we're now clearly talking more more about the trends that we are seeing across cybersecurity, across Zero Trust, which, Tyler mentioned as well, across network services, across, kind of more and more, cloud, security posture management capabilities, and then to Andrei's point around threat intel. Trey, we'd invite you here just to think a little bit about broadly how are these things best being utilized by financial services? What where are you seeing the priorities, the maturation across this critical infrastructure? Yeah. So I think that's a great question. We work with a lot of financial services companies, and a a key thing I noticed is that, you know, one size does not fit all. It is a very different story if you are, you know, the world's largest bank or if you are in, you know, building financial advisor software, we can still be talking about public companies, but the regulatory pressure, the assets under management, etcetera, can be quite different. But I'm trying to bring out some of that sort of surface some of the trends we're seeing across our our customer base. Obviously, we talked about this a little while ago. Zero trust is a philosophy. It's not a product. It is well, it's an overused term in marketing. It is a fantastic philosophy that is largely being rolled out and this need for SASE is really key because, you know, the pandemic happened and it turns out we didn't all go back to the office forever. We we learned that we could be working from anywhere. Businesses and organizations are getting so much productivity out of all of us as we're productive anywhere in the world. And how do you have that distributed sort of security infrastructure in place? So we see this across, all of our customers, whether large or small, both adopting zero trust principles and these sort of like, sort of SASE architectures, this idea of a distributed sort of, ingress and egress layer, for controls. Then on top of that, we think about sort of tied to SASE is this idea of obviously, everyone's gotta stop DDoS attacks across their network, but, you know, attacks are getting really big. You mentioned this a little while ago, Farooq, you know, the 5.8. I mean, they just every time we do a DDoS report, it turns out they're just they are more attacks than they're bigger. So we've gotta be able to stop those. But on top of that, you have corporate networks that actually have to operate as well. So, and those corporate networks are more and more complex over time because it's no longer a handful of physical sites. It's your physical sites plus your cloud environments plus your cloud exchanges, those are getting more and more distributed as well. So these sort of first two buckets, the zero trust SASE and then sort of network services, I think the big trend I see is the convergence of these and even converging this with application security. This idea of trying to reduce the number of vendors that you have and instead of, you know, bringing in, five vendors across these different capabilities, we're seeing a desire to simplify, to simplify operations to like, one is you can sort of derisk through simplification. You're driving business agility, and and as much as possible sort of like bringing those things, together. Not always possible for the very largest institutions around regulatory bodies. They may actually have to simplify to two platforms instead of one. But generally, having fewer vendors instead of more vendors is is the transition. The other areas which I think are interesting here, one is a sort of this, like, this next generation, CSPM. So cloud security, posture management, everyone's heard of a company called Wiz. They've been very successful because, you know, every organization is is leveraging cloud. Developers, everyone's moving quickly, developing, you know, building sort of cloud resources, and we discover that we, oftentimes, because we're humans, we we do sort of insecure configurations, and it's up to the CSPM to go find those and and alert someone to fix it. The problem is the time between creating that infrastructure, finding the problem, and then actually getting it fixed is like it's non zero. Right? It's greater than zero when when you're doing this after the fact. And I think this is actually a really exciting sort of transition, and an acquisition, Cloudflare made of a company called Givera because they just had a completely different way of thinking about it, which is, can you take those same controls but make them proactive instead of reactive? So we're actually bringing those controls into a forward proxy. So as the developer is interacting with the APIs to generate cloud infrastructure, we can enforce policy at that moment. That becomes really, really powerful, and we don't think we'll be the the last people to do this. And we also in financial services because it's all about controlling risk. It's not like people are throwing their CSPM out. It's just how are you reducing the risk and reducing the amount of things your CSPM has to go detect. And so that's that's an interesting trend. And then lastly, as you sort of just mentioned a little while ago is this, threat intelligence is is critically important. This is a thing to where it really, you know, one size does not fit all. The largest institutions out there, these large banks, they essentially have the resources and sophistication of nation states. They're able to ingest very raw data, leverage that, doing the threat hunting, etcetera. And that's in one end of the spectrum. At the other end of the spectrum, organizations, you know, they need they need their their controls and the capabilities they use to be very intelligent. And so the equivalent of, like, ingesting raw data versus ingesting a dynamic, you know, block list, and applying that dynamic block list. And so I think that's the important thing with threat intelligence is to understand based on the size of your organization, what's the best way to leverage that threat intelligence. The the big key here is security shifting away from black and white, you know, static list, and it's really going towards very dynamic security things that are oriented around, confidence levels instead of, static list. So, this is, you know, in a way, I've heard it sort of argued as, like, shifting from, like, analog to digital, security. But that's, that I think is what really good threat intelligence is driving. This is great. I know we're coming up on time. So I I do wanna talk a little bit about, the next slide where we are spending our time on AI, but it's cybersecurity topic is very, very relevant. As we move to the next slide, we'd love to cover a little bit of what we're seeing on the AI side. And, again, like, like, there is as I mentioned earlier, you have the AI rails, which is how we think about building AI. That's where our developer platform, the workers' AI, the remote, model context protocol are the kind of things we are very excited about. But then you also have the AI guardrails, that come along with it to your point, Trey Guinn, around the the security kind of posture the transverse and the systems have. And that includes all of our capabilities around the firewall, which provides a lot of capabilities including the Lamguard analysis and some of the PII controls, the AI audit, the DLP controls, and so forth. Would love for you to kinda talk a little bit about how you think about the AI grills and guardrails or or the way you think about AI solutions from a Pipedrive perspective. Yeah. Well, you know, we, obviously, at Clubhouse do a ton with AI, and our customers are doing a ton with AI. There's this incredible imperative to leverage AI to drive your business. No one wants to get left in the dust because it is a transform transformational technology, and the unknown, the risk, the security controls are very, very challenging. And so the taxonomy we have laid out here, I think, is actually a really useful way for organizations to think about this. Really, we are thinking about this in three areas just to go very, like, at a very high level and brief because we could talk about this all day. There's application services for AI. And this is really, thinking about when you're building applications that are leveraging external, models, we're building sort of AI firewall. Actually, take that back. If you're if you're trying to protect your own models, that's what AI firewall is about. So this is gonna stop people from exposing training data, etcetera. And this is this is an emerging area where you actually have to use an LLM to protect your LLM. And and then on top of that, there's audit. This is an interesting thing. Lots of organizations, the content they have is really the value that they bring, and that content has to be protected because you wanna make sure that the, that, you know, let's say, if someone's googling for you, they're still gonna come visit your site and interact with your content instead of only asking for an AI model, and then you never get the benefit of of generating that content. So be able to detect when AI crawlers are are capturing your data, and to be able to control when when that happens and and whether you want it to happen or not based on the content you have. So that's in the application services side. Obviously, your end users are all interacting with AI. We all use the different chat products, etcetera. And the key thing here is really, data loss prevention. Like, how do you stop someone from posting internal source code, posting customer data? How do you stop stop an employee from leaking data out? And this is a pretty straightforward thing. It's it's DLP. We've all been doing it for a long time, but it has to be applied, in, sort of a secure gateway and these are applied no matter where that user is. If they're at home on their mobile device, if they're at work on a on a desktop or if, you even have, you know, API to API, machine to machine, like how are you applying these sort of DLP policies. And then the last area is is what is exciting me are organizations that are actually building AI applications. Cloudflare has a a full stack developer platform. It's really, really powerful. People are building sort of new applications on it. And AI applications are by default sort of new because it's because AI is so new. And this is giving people an ability, a lot of our customers ability to move super quickly in building new applications as fast as possible that also leverage open source models and their own models. And so that's what our, developed platform are, is based around including, remote, model context protocol. So MCP. Not to be confused with, what we're talking about before with, multiparty multiparty encryption. But this is model of contact protocol. It's sort of the rest APIs of for a GenTec AI. And the thing that was found really powerful about this is, we saw last year last week at RSA, a bunch of companies announcing their MCP servers are becoming available. So, a bunch of financial services, PayPal, Mastercard, others, a bunch of companies saying your your AI agents cannot interact with us over our remote MCP. Well, it turns out because people were using AI to build their MCP servers, they were all able to build this in a matter of weeks. And so this is it's funny how AI is actually making the adoption of AI go even faster. So there's a bunch of different places to think about, with with AI. It's this is one of the most fascinating areas that we're excited about, the remote model context protocol area, Trey, as you mentioned. And it was it was very exciting to see the demo day last week across you mentioned Block and Stripe and PayPal along with all the the usual, like, Atlassian and the signers of the work. So this is the fundamental infrastructure for agentic AI to to emerge, and there's a lot of excitement in this area. I know we're out of time. Would love to switch a little bit towards, the questions. I know there might be a few already. And just as a FYI, for any questions that are unanswered today, we'll follow-up via email to ensure that all questions are addressed. So we'd love to start a little bit with the questions that we're seeing, in the chat. Right. So I'll post the first one to you, Trey, kind of cover cover the questions. How are how are you seeing IT teams, think a little bit about zero trust think about zero trust architecture from an implementation perspective while you're looking at maintaining performance on on on prem systems and so forth, especially for critical industries? Like, how do you see that kind of balance, and optimization come together? Yeah. So, I mean, I think the the the short answer here, when you think about, you know, highly regulated resilient organizations driving zero trust. Like, how are they adopting it? I would just say carefully. That's that's how we do all things. Right? Yeah. Yeah. It That said, everyone is aligned to the outcomes here. Like, we're we're all trying to reduce risk, and we know that sort of zero trust architectures will drive down risk over time. And so the, I think that's really probably the biggest change here is because of the the sort of distributed nature of users and applications data. What what I'm seeing probably the biggest changes in, historically, there was a lot of best of breed. So let's let's go get, 12 or 15 different vendors and figure out how to, like, bring those those services together. And that kinda worked when you had boxes at the top of a rack sort of interacting with that flow of data. The big change here, I think, is organizations really deciding which platforms, the more holistic platforms they wanna take a bet on. And so I think that's that's probably the biggest changes. Who who are you strategically betting on as you start to consolidate these functions to to drive zero trust across a a critical infrastructure? Exciting times where you're getting resilient cybersecurity and AI as critical areas of focus for the industry. I think one last question for the group, from the from the chat here. As you're looking at the financial services organization expand the use of AI, like, how are you thinking or how are you seeing your customers think about security frameworks? How are you thinking about implementation of the security framework for models and for sensitive data? Trey, any any thoughts there? Again, this is this is one of those hard hard questions. You know? This is something that changes, like, by the minute. I mean, if you if you go on vacation and come back, a week later, you and, like, the whole world of AI has changed. And so yeah. How are we doing this? You know, AI or nondeterministic systems, as I mentioned before, they have firewall. Really, you almost have to use AI to protect your to protect your AI resources. So one, you know, there's there's protecting your your model, protecting the training data that is that are in those models, building frameworks that help you understand the predictability and truthfulness of different models. So I think that's actually a a very interesting challenge, which is the business risk of models taking actions or hallucinating and, like, the the impact of those hallucinations, which is a sort of a different category than someone sort of hacking your model. And, and then at the same time, how are you, you know, really sort of pushing the business forward, leveraging AI to to drive things? I was in a conversation last week at RSA with a with a CISO of a of a large bank, and they were talking about this need to leverage AI to build new code because people are so much faster at writing code. But at this point, when will we get to the point where humans are no longer able to actually even properly sort of, evaluate and approve that code? And should we change the whole model when we talk about zero trust? Should we move the model of having, code just be untrusted and run-in sort of immutable containers with, like, well defined interfaces? And so I think AI is really making us reevaluate a bunch of different, assumptions we had, all the way down to, can we trust the code in our organization? Good. Thanks. Great. Thank you. Thank you, Tyler. Thank you, Andrei. Really appreciate the partnership here collectively. As you can tell, we're very excited about the transformation happening in financial services across the civilian cyber security and AI topics. We'd love to partner with the industry. There's a lot of work underway. Feel free to reach out via questions. As I mentioned earlier, questions will be answered via email. I'm looking forward to continuing the conversation. Thank you, everyone. Until next time.