Join us to learn how several leading federal research organizations leverage the power of the Box Content Cloud to power their R&D missions.
Wyn Elder
Well, good morning and welcome to our podcast today. My name is Wyn elder and I'm the managing director for global public sector for Box. And today we're going to explore federal research and development use cases and how technology can accelerate and improve this critical mission in the federal government. Many people aren't aware that federal R&D is an enormous expenditure, and the value it provides to our citizens in an economy. In fact, we spent $708 billion as a nation in 2020 for federal R&D, and approximately 22% of all R&D in the US is funded by the federal government. In fact, 45% of basic research is funded by the government. So, making federal R&D successful makes R&D overall for our nation successful it drives innovation and economic growth. And many of the most important commercial successes in our country were underpinned by federal research and development, especially basic research. We're fortunate today to have three guests joining us to explore federal R&D use cases, and how technology can accelerate and enable that use case. Our first guest is Mr. Dan McLaughlin, who's going to cover sort of how does collaboration work in a federal agency. And his two customers are the Department of Energy, and then all the National Labs associated with that. Our second guest, Mr. Steve rash, is going to cover the more of the technology side of how a content platform like Box can integrate into so many data silos, work with so many external partners, and how it all can come together to be more efficient and more effective for researchers to do their work. And finally, we have Mr. John Thoren, who supports NASA and Veterans Affairs. And he's going to focus a little bit more on the security of aspect and compliance aspect. How do you do such open work with universities and industry partners, but do it in a way that they can feel that the agencies can feel that their data and research and intellectual property is secure and compliant with and stays that way as they do this research? First up today is Mr. Dan McLaughlin. Good morning, Dan, and thanks for joining us. Let's begin by just having you introduce yourself to the audience and tell us about the mission of the Department of Energy and in particular, the national labs that you support.
Dan McLaughlin
Great, thank you, Wyn. Happy to be here. So, I'm Dan McLaughlin. I'm one of the leads covering the Department of Energy and the national labs here at Box. I've been at Box about four years now. And then prior to Box, I spent about four to five years at Oracle, mainly focusing on the public sector space at both organizations. So definitely very familiar with some of the challenges and processes that both federal and state and local partners face. But focusing specifically on federal R&D and the Department of Energy, I'll just go ahead and read the Department of Energy's mission statement. And then we'll talk a little bit about what that actually means. So, the Department of Energy's mission is to ensure security and prosperity by addressing energy, environmental and nuclear challenges, basically, through science and innovation. So that sounds really fancy, but at the end of the day, they're really focusing on a few key missions. One is that the National Lab community of which they're 17, National Labs, they actually focus a lot on innovation that you and I benefit from, for example, and REL, which is the National Renewable Energy Lab, they focus obviously a lot on renewable energy. So that means things like creating more fuel-efficient engines, electric cars, they're actually partnering with Ford and GM, at least they were as of about a year or two ago. And then on the national defense side, you have the NSA Labs, which focus primarily on their partnership with DoD. So, for example, Idaho National Lab is a very good partner of ours. They focus a lot on creating nuclear reactors, some for public energy, and then others for, you know, nuclear reactors for submarines for the Navy. So, there's a lot of benefits that that we that US citizens derive from the National Lab community and there's tons of research going on every, every single day.
Wyn Elder
Yeah, I read somewhere about the number of national labs Not just under Department of Energy, but across the government is well over 200 Labs in total? Yes. So, it really is really broad based, and I think wider and deeper than many people realize. Yeah, before we go more in detail about the your national labs with Department of Energy, let's start with more of The Basics about sort of the process of how federal R&D happens. Like, what, you know, when we say R&D, what do we mean, you know, for the agencies, we're talking about R&D is kind of at the heart of what they do and how they accomplish their mission. But from what you've seen over the years, how does R&D happen? What makes it successful? Like, why do why is it better at some places or than others? Like, I'm sure, you know, clear, you know, priorities and outcomes and talented scientists are critical, but beyond that, like sort of what have you seen that helps determine success.
Dan McLaughlin
So, I think one of the things that I've seen is that success is really determined about by the, the partnerships and the strength, strength of the partnerships that the labs have, either with industry or with, you know, universities or other federal agencies. Like you mentioned, with the talent, you know, I mean, these labs, obviously have tons of talented researchers, but there are, you know, bits and pieces of the projects where they need to tap into, you know, an outside agency or industry group to really make the full project come together. So, for example, like Idaho National Lab, when they're working on these nuclear reactors and nuclear test reactors, a lot of that work is done in house, with their own researchers, but they also have a very long-standing partnership with General Electric. So really, the process is all about collaboration and sharing information with people who are, you know, maybe not necessarily on your team, but also outside of your team to really kind of bring everything together. So, I would say in the R&D space, information sharing is key and also knowing who to partner with. So.
Wyn Elder
Yeah, I mean, that makes sense. I guess effective collaboration has been critical to scientific discoveries and breakthroughs throughout human history, that sort of the quintessential two heads are better than one. But I guess it's also which had, in this case, we vacations and universities and companies and other federal agencies that you're trying to share in for formation with what so? So, technology seems to be a big part of how collaboration happened certainly in 2022. How have you seen sort of technology enable or accelerate that collaboration process that's at the core of federal R&D success?
Dan McLaughlin
So that's a very interesting question. I could give you lots of different answers. So certainly, in the private space, we all know that we have access to tons of different technologies that are going to make our lives easier and make our work more efficient and more productive. And I would say that at some of our national labs, that's absolutely the case, mainly just with some of the different things that we're doing here at Box. I would say, in the traditional sense, from a technology perspective, when we're bringing all these different teams together, if they don't have a technology that they've standardized on like Box, it can be this really inefficient, or I don't want to say clunky, but fragmented process, right? So there's all these different IT systems, let's say, you know, you're at Lab A, and you use Microsoft Office, but someone else uses Google, someone else's, you know, they wanted to share information via an FTP site, or some people, which actually surprising has been the case, you know, they're not even on the cloud yet, or just beginning their, their cloud journey. So, it kind of it adds a few roadblocks into the process. So basically, what we like to do is come in and have a standardized platform, and really work with agencies to try and settle on a true content strategy. Because that's not something that actually everyone is has thought about. But if it is something that they've thought about, you definitely can do a few things. One, you're just certainly going to speed up your collaboration and be more efficient when you're standardizing on a tool like Box just mainly because it's more efficient, it's more secure and it's very easy to use. And then to kind of going back to the security point there in a researchers are very intelligent. So, if they're using a tool that isn't very effective, like an old FTP site, they're just gonna go ahead and download another tool. Or you know, create a free account whether it's at, you know, any XYZ company just to make their lives easier. But when you standardize on something like Box, you get rid of all those unsanctioned, you know, file sharing collaboration tools, and it just becomes a more streamlined, secure process.
Wyn Elder
Yeah. But that makes sense. And I agree, you know, like government employees will figure out a way to get the mission done, even if they don't have the right tools. But so, if the problem isn't really technology, like sounds like there are technologies that can enable this collaboration securely, and more efficiently, what do you think the problem is? I mean, why don't federal agencies and researchers more quickly adopt, you know, technology that could help them perform their mission.
Dan McLaughlin
So, I actually think that, um, there's definitely a slight disconnect. And maybe it's a communication issue between, you know, the, the actual end users, the researchers, and then and then IT departments. Obviously, it is a much more structured organization, they have their budgets, sometimes they're locked into contracts, and these are the tools that they're going to use, but, but sometimes those tools might be antiquated, or not necessarily the best fit for the mission. Whereas you know, the researchers on the ground that they know what works, and to your earlier point, they're the very least they're gonna go look for what works better. And that may not necessarily be something that it is aware of, or actually, I'm on board with. So, we do kind of end up in this fragmented process where it wants you to use one thing, but that's not necessarily the best fit. Whereas the researchers want to use something else. So, I think we found success is definitely getting buy in from all the different stakeholders, and just showing, one, that the researchers usually already understand the value just because of the ease of use and security. But then also working with the IT leaders to say, hey, you can you know, use Box, and that's going to reduce a lot of the inefficiencies in your processes, reduce some of this fragmentation and also create a more secure experience for your users as well.
Wyn Elder
Yeah, that makes sense. I mean, it sounds like the fragmented it causes lots of pain points for researchers, and so on a slow put sludge in the machine of collaboration and research. But so, let's talk about maybe more specific specifically about how you've been able to help some of the customers. I mean, I think our audience probably understands conceptually what you just talked about, but maybe give a specific example about how you work with a particular agency and help them evolve their collaboration, technology since you started working with them?
Dan McLaughlin
Sure. So, I would say, in First off, we definitely a very strong partnership in the National Lab community, you know, we're about 10 of 17 different labs today. And we also partner with NNSA and headquarters on just using a customer example. So, I have a national lab. They've been with us for about four years now or so. And mainly, you know, when we first got there, the main use case we were solving for was secure external collaboration. Because prior to Box, there was really no, you know, content collaboration is certainly from an external perspective strategy. So, you know, they had people signing up for Dropbox, they had people on their legacy FTP sites, some people were sharing things via email or USB, or trying to set up SharePoint sites. So, it was this really kind of wide-ranging process. And there wasn't a standardization. So, I mean, depending on who you talk to, they would try to collaborate with you in a variety of different ways. It was just basically very inefficient. So, when we first got there, the first thing that we solve for was really setting a Box to be this platform to get your work done with people who are outside of Idaho National Lab. And like so that's really where, where we started. But from there, I would say that our partnership continued to deepen. And we really started working on other use cases, as well. So, we started working on some of their business processes and their workflows, and shoring those up a little bit, making them more efficient, using something that we call Box relay. We also saw for this one use case where they wanted to have their own custom portal, where they would have researchers from outside agencies, I think at this point, they're actually universities, and they wanted to collaborate with IML researchers, but they didn't necessarily want to do it through the Box web app, they actually wanted to use our API's to create their own customer site, which we help them with. And using that there was a variety of click through agreements and digital signatures, basically just to help kind of short the security process around the content. So, there'll be legal documentation of the work being done, people were accepting idols Terms and Conditions on when they were agreeing to do research with them. And, kind of creating their own portal for specific universities that they wanted to work with, on specific projects. So that's, that was something else that we did as well. And then finally, and this is definitely a little bit more basic, but we're starting to expand the value of Box internally as well. So, integrating with their different lines of business applications like ServiceNow, also integrating with Microsoft Teams. So really kind of transitioning away from even internally where maybe they would have used SharePoint or OneDrive in the past. They're starting to use Box to share information internally as well, you know, in their in their team's channel, via ServiceNow.
Wyn Elder
Thanks, Dan, that makes a lot of sense. But it sounded a little complicated and a lengthy process. Is this like a multiyear journey? Or is there ways that they can that a federal agency that's interested get started more quickly?
Dan McLaughlin
Yeah, so that was, I just gave you a four-year journey, basically. So, I would say it when any federal agency wants to get started with Box, the actual time to market is, is much less than four years. In fact, it could be something as simple as four weeks depending on the use case. So, like I had mentioned before, if you're a federal agency, and you're working on just a basic, secure external collaboration use case, and that's what you want to solve for the actual time to market and seeing some value out of that is, is very quick. I mean, we're talking a few weeks, certainly no more than a few months, where you actually will, you know, work with our Box consulting team, get the instance set up, tested, make sure that everything is good to go and roll it out to your end users. Just kind of going back to some of our COVID times actually, there were several occasions where we got an agency set up in two to three weeks using Box to collaborate. So, the actual time to market is very quick. There were some confusion there on the customer journey.
Wyn Elder
Yeah, no that that makes more sense. Because, you know, there's I was in the government for 30 years, and I can't tell you how many years I just was waiting for these massive deployments that took a decade and then they were out of date. And this sort of like deploy quickly start with use case, find value, and then continue to expand makes a lot more sense. So, Dan, I appreciate you joining us today. Great insight. Any final thoughts for the listeners out there who might be struggling with collaboration?
Dan McLaughlin
So, I really think, well, collaboration is not only a technology process, but it's a you know, human process as well, that also involves a lot of communication. So, I think it's important for you know, the end users and IT to really partner with each other and let each other know, what are the tools that are actually going to help me get my job done. I think that's when you really see a lot more efficiencies being driven in the federal space. And to your point, not having some of these really lengthy contracts that take forever to deploy, and then things are out of date. And I think that's why cloud tools like Box are so effective, because you can deploy them quickly. And we're constantly innovating. So, I do think that, um, you know, coming up with a with a strategy between your business users, business users and your IT leaders, it's probably the most effective way to move forward.
Wyn Elder
Great. Thanks, Dan. I really appreciate you joining us today. Have a great weekend, and we'll talk to you soon. We're now going to move on to our next guest, Mr. Steve brush who works with the National Institute of Health and the Food and Drug Administration. Steve, welcome. Let's begin just by having you introduce yourself to the audience and tell us about the mission of your customers. Both of these agencies that I mentioned, have been obviously critically important in combating COVID Over the past few years, but I know their mission extends well beyond that. So, Steve, welcome. Thanks for joining us today.
Steve Roesch
Yeah, thanks for having me when so Steve rash on the program lead here at Box that supports NIH and FDA and I've been at Box almost five years now. And been in the government space for almost 20 years. So definitely very familiar with the mission. And yeah, absolutely when both NIH and FDA play huge roles right, during the COVID crisis, and so we'll start with FDA so beyond vaccine review and approval. The FDA has many other important regulatory functions to ensure public health, so they ensure the safety and security of human and veterinary drugs, biological products, medical devices, and food and cosmetic products. Um, they're also responsible for regulating the manufacturing, marketing and distribution of tobacco products. And then switching gears to NIH. So, the National Institutes of Health is responsible for biomedical and public health research to help diagnose, prevent, and cure disease.
Wyn Elder
Okay, great. Well, let's shift a little more detail about how you've been able to help NIH and FDA with their mission. And you know, what's been that customer journey that Dan talked about over the last four or five, six years as you've been supporting them?
Steve Roesch
Yeah, absolutely. So, I'll start on the FDA side. So, we've partnered with FDA since 2017. And the major use case there is really all around secure external data sharing and collaboration with different industry partners, medical institutions, academic research universities, across all of FTAs mission areas. So, we really saw a huge increase in Box usage during COVID, as the agency moved to more remote working. So, a good example of this is the work that we did at the Office of Regulatory Affairs. So, Box enabled secure data sharing between the consumer safety officers and medical facilities to help support remote safety inspections. So, in this capacity, I mean Box played a huge role in making sure that FDA could continue to meet its mission, despite some of the challenges that COVID brought to the federal government with remote working, and then kind of switching gears a little bit on the NIH side. So NIH and Box have partnered together for over seven years, and boxes use extensively across all the researchers and all the 27 different institutes and centers, really similar type of use case to FDA to support that secure data sharing and external collaboration with academia, different research institutions, and we played we've played a huge role and speeding up the efficiency of NIH is biomedical research. And, you know, what we hear from the researchers is, they love the ease of use of Box, right, and the ability to support different types of content. And some examples of that are genomics data path, ology Report reports, and being able to support the viewing the previewing, and the sharing of DICOM images, as an example, as well. And then switching to the IT side of things at NIH, they really see the value in the granular security and the access controls that Box provides, and the ability to audit and report all the different activities that happen within Box. And the really nice thing about some of these audit logs as well as they can easily be integrated into different SIM tools like Splunk, for instance. And that's an integration that NIH is leveraging today.
Wyn Elder
Okay, that makes sense. One of the things that Dan mentioned, and I was thinking about while you were explaining that is just sort of the complexity of, of these workflows, of these large, you know, R&D centers, there's, there's lots of different parts, there's different data sets, there's different partners, I imagine sometimes you encounter a bit of a complex IT stack and architecture. But so, for all of this to work effectively for researchers, it's got to be some sort of seamless integration or like, how can you talk a little bit more on the technical side of that? How do you connect all these things together so that from the end user, it, it makes it easier to access and share the information?
Steve Roesch
Yeah, absolutely. And that's another thing that I think agencies are starting to look at more is what is their content strategy look like? Because, as we've seen, there's a lot more in applications that are being deployed across enterprises like that number is just steadily growing, particularly, you know, software's the suit of service applications. And all those applications, a lot of them have a unstructured or a content component. And so, these organizations are trying to make sure that their researchers have a seamless experience, right? They have a single source of truth for this content, and they're also making sure that on the kind of the back end, that the IT organizations have an easy way to audit and report and have visibility into all the actions across the enterprise. And so, we primarily see it done a couple different ways as you know, kind of standard built integrations with various different technologies like that with Box has some we have over 1500 different integrations that we'll talk to in a second, or we see it done via, you know, pre-built, or through API's and a development framework. And we've started to see a lot of agencies start to integrate all these applications, in order to, like I mentioned, have a seamless experience for those researchers.
Wyn Elder
Yeah, I read recently that the average enterprise has close to 200, different applications, all with some form of data siloed, in that, so the ability to just integrate and access that data seems critical, especially for this this particular use case. So, I really appreciate you joining us today, and talking about your customers that they do such great work protecting Americans every day, from such a wide variety of things, some well-known like diseases, but others, like you said, like the consumer safety mission every day and being able to continue that virtually. It must be a feel good to be part of that. Any final thoughts for our audience? That might be like, like I asked Dan, just federal agencies that are looking to improve how they conduct R&D and how to improve their collaboration with all these partners.
Steve Roesch
Yeah, I would say a couple of things to keep in mind is really, as you're thinking about that content strategy, right? And, you know, as you're deploying more applications, you know, what does that look like for the end user, right, and really considering what that experience looks like? Because it does make a big difference. And meeting the mission and having kind of that seamless environment for your end users to work in. And then the other thing is, obviously, ease of use as you look to deploy any type of tool is how easy is it to use? What's the end user experience going to be? Is it going to be confusing for my for my end users in order to meet their mission?
Wyn Elder
Okay, thanks, Steve. Great insight, as always, again, thanks for joining us. Have a great weekend. And we'll talk to you soon.
Steve Roesch
Yeah. Thanks, Wyn appreciate you having me on.
Wyn Elder
You bet. All right, and now it is time for our final guest. pleased to introduce Mr. John Thoren. John, thanks for joining and welcome to our podcast today. Like your colleagues, let's begin by introducing yourself to the audience and tell us about the mission of some of your main customers.
John Thoren
So, thanks, we appreciate that. So been in it for about 20 to 23 years total that about the last dozen of those have been spent supporting the federal government, specifically civilian agencies, or Box, I helped work with the Department of Veterans Affairs and NASA, which is we've been talking about so far. They're very research heavy, a lot of things that they're doing around, you know, helping the veterans, some of the pathologies and things that they've had and how they can better treat and care for those veterans. And of course, we have NASA who's you know, concerned about sending people to Mars. So those are, those are some pretty fun things to, to get involved with.
Wyn Elder
Absolutely. And, you know, as a veteran, and I know, you still serve in the naval reserves, we are both personally invested and interested in the success of the VA, not only in their health care, but their benefits and their maintaining of National Cemetery. So, you heard Dan and Steve talk about two aspects of sort of the IT side of research and development, collaboration, connecting people, and integration, just sort of allowing all these systems to talk to each other. But there seems to me that another big, you know, sort of the third leg of this and a critical aspect of any ITA that we haven't discussed in depth, and that's security. Like, you know, it's one thing to make it easy, it's another thing to make it easy and secure. So, I'd like to focus our conversation on security. And your customers in particular deal with highly sensitive information, I assume, either for national security or intellectual property on the NASA side or for people's health data on the other side. So, can you talk about how your customers view sort of security when it comes to technology and R&D?
John Thoren
Yeah, so that's a great question, because that's where it all starts with and how we became involved with those agencies is what they find is that researchers are very mission focused, they want to solve the problems they want to they want to come to outcomes and they want to have something that's measurable and impactful to their to their work. What they don't want to have is friction with their IT teams. They want to they're going to find a way to work with their external partners, whether it's through, you know, sneaker flooding, bringing USB drives, you know, burn DVDs, we found instances where the agencies were taking physical documents and hand carrying them back and forth between research facilities. So, what would they did is they said, we need to, instead of trying to prevent and block things we need to enable. So how do we do that we have to look for something that's secure, that looks something that's approved, but then has the ability to configure itself so that they have governance over what those researchers are doing. So, there's a very fine balance there, of providing the tooling, but not limiting it to the point where the researchers can't use it. I know Dan and Steve have both talked about user experience. And that's another big component as well, because the, you know, when you're putting a secure system in place for these researchers, a lot of times these are medical doctors, these are engineers, these are people that are worried about building rockets or solving cancer, they don't want a system that is having it's hard to use, they won't be able to point and click, and that's the easy part of their day, right? So that's a very fine balance about how those agencies implement a tool that allows your teams to collaborate but doesn't allow for like the free flow of information just to go out. And as one of my clients actually aptly said yesterday, we don't want to be back in front of Congress. So.
Wyn Elder
Yes, I fully understand what he means there. So given their security concerns, rightfully so, like, how do they share research documents and files and other content before deploying a secure platform like Box? Like, how did they get it done?
John Thoren
Yeah, so, in some cases, you know, it's the age-old shadow IT, a lot of times these teams would go out, they would use a personal credit card, and they would buy, you know, they would just say, look, I needed to end this solution. They would work around whatever blockers it put in place for them. And they'd go and buy a, you know, online sharing service, just for their team of three or four people. And, or, like I mentioned before, they were they were they were using USB drives, which unlock cases are supposed to be prohibited, but they're still putting information on those drives or putting it on DVDs, which is another security risk, you know, things that are just laying around a lot of cases it's email, right, which is, as we know, once I send you an email, where does that email go from that point forward, I've got no audit log, no ability to go back and recall that information or see who touched it, and when. So, it really varied across the board from as far as the US Postal Service to, to other, you know, online systems that they were that they were using, so that those were considered security holes. Once these, once these agencies, both NASA, and the VA really started looking at it.
Wyn Elder
Yeah, and sadly, that's not the first time I've heard that story. When I when I talked to CIOs and other IT decision makers in federal agencies, it's always amazing how quickly the employees will get the mission done. And if they, if it and department doesn't provide a secure, easy to use platform, government, police are going to get the mission done, we find it over and over again. And unfortunately, if there's not a good way to do it, they'll find other ways that they can get it done. But it's far less secure email and USB drives and things like that at the top of the list or, you know, personal cloud accounts. And so yeah, it we, we tend to see that everywhere. So, let's, let's talk more specifically about your customers kind of that customer journey that Dan and Steve walked us through, you know, as I assume it followed a similar path of sort of a pilot program or something and then expanded as they found value, can you walk us through one or both of your customers sort of that experience so far?
John Thoren
Yeah, sure. I think I think what, they both had little slightly different journeys as to how they got to where they are today, NASA did a big security sweep across their network. And there, they found a lot of unauthorized file sharing services and things like that, that they, they found what they consider kind of holes, and so they want to patch those up. And they looked across the industry, and they thought they found who had the authorizations who had the security posture that they were looking for. And so, of course, you know, through the government selection process, they came down to a few vendors Box being one of them. And we entered into a pilot with them, just a couple of 100 users just to ensure that one, we could, you know, secure our platform the way we said we could secure it went through the whole ATO process with their security teams to ensure that you know, all the controls and things along the FISMA moderate or FedRAMP Moderate level, were accurate. Got through that pilot phase achieved, their ATO had great feedback from our customer base and the researchers and so then they adopted us to go into more of a open architect, not open architecture, but more openly available to the teams across NASA. And that allowed them over time to start to really go look through their network and narrow down and close some of those holes at the network layer, preventing other tools that they knew were out there. Sort of Going away, I don't want to say passive aggressively directing people towards a tool that had been authorized. But you know, it really did, it really did kind of direct them and filter them into, into what they had authorized from an IT perspective. The VA, on the other hand, you know, they had a lot of email going on, they recognize this, you know, the Office of Research and Development at the VA is relatively large. So, you got about 3000 investigators, there's 10,000, total staff, you got these VA projects are going across about 120 VA medical centers, so a pretty large footprint across not only the United States, but the globe. And these teams, they found reusing, and actually a lot of cases, they were using Box, but they were using personal accounts. And so, they were they identify that these teams were sharing data with external parties, a lot of universities, a lot of other medical facilities that they would have contracts and grants with, until when they actually looked at that they're like, well, you know, these people are already kind of using boxes, take a look at this. And, and so we got involved with the VA went through a very rigorous ETL process with them. And I will tell you that every single time we talked to them, security is a part of every single conversation, it is paramount to them, both how the researchers are sharing data and what data they're sharing, and making it very clear as high as the executive level, what is authorized to happen and what is not.
Wyn Elder
Yeah, that makes sense. John, thanks. Um, let's shift to the sort of the flip side of the coin from security. And that's, that's compliance. Right, which it's not exactly the same thing. But it's equally important for federal customers, for sure. So, it always comes up in discussions about compliance, and it's one thing to be secure. It's another thing to be compliant. Can you talk about sort of, maybe pick something like ITAR or FedRAMP, or something that that could illustrate the compliance piece of the security equation?
John Thoren
Sure, yeah. So, I mean, you know, you make a very good distinction there, which is, you know, we secure our platform as a SaaS provider, we put controls in place that help to eliminate risk and threat vectors. But from a compliance standpoint, you know, what we look at is the classification of data that goes in that platform. Now that data belongs to the customer, the customer classifies that data. So, in your case, you brought up ITAR. So, ITAR data is relevant, you know, for certain agencies that are working on rocket plants, and those things we can't have go to other actors or other people in the globe that we don't want to see them. So, you know, if you look at the agency, they have a, you know, like, for instance, NASA has an import export control branch and their purpose in life is to sort of, you know, put controls in place to prevent the sharing of that data with people that probably shouldn't have it. So, we're boxes Box supports that ITAR compliance. So, way that we put control sets around and classify the data that ends up in Box supports the ITAR compliance that NASA is looking for. And so, you know, that's, that's common, a very, very common distinction that happens between our in our compliance story. And we look at, you know, PHSI, with the VA, you know, we've got, you know, veteran health information to a certain level that can be stored in Box. And as we're going forward, and working on our FedRAMP, high ATO, we're going to expand those use cases into more from going from a anonymized data set to a very specific data set, allowing veterans to exchange data directly with the VA that's pertinent to them. That, again, takes out another compliance story of how do we how do we allow that, but you know, not let the data go, where it shouldn't go into who it shouldn't go to?
Wyn Elder
Yeah, that makes sense, John, thanks, I. And for those customers interested in FedRAMP pie, I would say stay tuned. Hopefully, there'll be some good news soon. So, let's move to one final question. And you know that I appreciate how you've helped our audience sort of understand security and compliance and the challenges for federal agencies, especially those doing R&D With so many partners and how Box can help address that. But as you know, better than most security threats and technology continue to evolve, right? Like it's not a fire and forget. So, what do you tell customers who are worried about sort of investing in a security solution, whether it's Box or anything else, only to find out that threats have evolved? And then they find that whatever solution they bought is kind of out of date? Like, how do you how does Box approach security philosophically?
John Thoren
Yeah, I mean, I think I think it's a great journey and kind of the customer base has demanded where we are now. So, Box as a SaaS provider. We were a, you know, we run our platform in our cloud and we update it and we're responsible for maintaining that Vice having an on prem architecture, which you know, if I go back 20 plus years ago, when I first started it was Do you have the latest patch set, you know, is the code up to date, you know, a new release comes out every six months, and you have to make sure your code is up to date. That's so much evolved now into this cloud native framework where we're able to as zero-day threats emerge, cloud providers and SaaS providers like Box are able to iterate on that zero day and provide a patch within, you know, days, right, potentially hours. And, and we do that without impacting customer uptime, because we are the roll that patch out throughout our platform in a rolling basis. So you know, when we see that, if we're impacted by it, we address it quickly, we roll it out, we're not talking about shutting down a service patching the hardware that's sitting on premise, impacting what the end users are going to have, we're able to do this in a very fast and iterative fashion. And, you know, I'll tell you from having spent a lot of time with other organizations, other companies, you know, Box takes us extremely seriously, which is great, because, you know, I'll get notifications that I have to send to our customers in the case of the VA proactively and say, Hey, that latest zero day, we're not impacted by it, we've already investigated it. So, from that perspective, it's a great asset to our customers, and how they kind of look towards SaaS providers and, and cloud is, you know, that rapid iteration, and really kind of narrowing down at those threat vectors from a security perspective.
Wyn Elder
Yeah, that, you know, when I talk to federal customers, one of the things I, I find that's advantageous when they when they deploy advanced commercial technology, like Box is Box is supporting the largest banks in the world. And, you know, the federal government takes data seriously, but sort of the largest banks in the world, right. And so, the largest creative companies with their intellectual property, so customers across dozens of industries that all take security very seriously and have different requirements. And when you have a platform that can support security across so many different requirements, it ends up being and that's updated real time, you can see the advantage for a federal agency.
John Thoren
Well, yeah. And just to kind of piggyback on that a little bit, I think when I talk to our customers in the federal government, you know, we're talking to exactly what you just said, which is, what's important to that fortune 100 financial institution like that threat that the CIO of that organization that has billions of dollars invested in their business, it may not even be on the radar of the federal government. And you because it's on their radar boxes addressing that concern, and vice versa, right. So, the government's always concerned with certain threat vectors and attack signatures, that may be the civilian market. So, when you get into the SAS environment, everybody benefits because there's so much feedback coming from so many different points of view. And that helps us iterate to on the on the security solutions we have inherent to the platform.
Wyn Elder
Yep. Couldn't agree more. Well, John, thank you so much for joining us today. I give you the mic one last time for any closing thoughts to our audience?
John Thoren
No, yeah, I appreciate it, Wyn. I mean, I think the thing that I've seen over my almost five years here at Box is that, you know, from a research and development standpoint, Box has really provided a lot of value to these researchers, as Dan and Steve, I think you've heard throughout the entire podcast is it's a very easy to use quick to stand up platform, but it does provide that secure channel. So, you're enabling those team members instead of instead of putting something in front of them that's, you know, a little harder to use, and maybe a little archaic.
Wyn Elder
Yeah. Well, thanks, John. And that'll wrap us up for today. Thanks again to Dan and Steve and John, for joining us today. Thank you to our audience for taking the time to listen. We hope you found this conversation useful and informative. If you'd like to get any additional information or reach out the speakers, emails are on the podcast web page, or you can go to www.box.com/industries/government or feel free to reach out to me at welder, W-E-L-D-E-R@box.com. And we'd be happy to have further conversations with you. So, thanks again to all our guests and our audience. And that's a wrap.