Oktane20 Customer Q&A Baker Hughes

Speaker 1: What is an energy technology company? We're so glad you asked. Some might think it means lab coats, oil rigs and refineries, but at Baker Hughes it also means cleaner, safer, smarter solutions. I didn't even know that was a possible type of technology. And redesigning what we know for a future we don't, our who is our how, and they're anything but average. They're movers makers, status quo shakers, all on a mission to do what others don't, by committing to what others want. Like industry transforming innovation that unlocks the power of AI. Finding new ways to cut carbon emissions and sensing what's next to produce more energy from less. We may be a hundred years old, but we're always in startup mode and we problem solve not just for the benefit of our partners but for everyone everywhere because we're on a mission to do what's never been done by creating what no one else does. Energy technology isn't just what we do, now it's who we are. Look to us. Baker Hughes.

Frederic Kerrest: Well, Keith, great to have you. Thanks all for joining us today. We really appreciate it.

Keith Herdon: Thank you. Appreciate it. Glad to be here.

Frederic Kerrest: So let me start by telling us a little bit about Baker Hughes's transformation to an energy technology company. What does that mean for you and how you operate?

Keith Herdon: You bet. So bottom line is it's all about digital transformation. So we provide technology to integrated oil companies, and it's all about really making things better, faster, more efficient, safer and more carbon neutral in that sense. And so it's really creating new insights to technology. So it's really a very fascinating area, an area that's really changing tremendously because of really the ability to now really look at how equipment is working, as well as just the new technology. And then for a company for like Baker Hughes, we're expanding out beyond just oil and gas into other areas where that technology is relevant. So that's really what we mean by energy technology, where there's really energy transformation more than anything.

Frederic Kerrest: Yeah, that sounds pretty major obviously as you started using with products that are moving well outside of traditional oil and natural gas. There's a lot of transformation there and probably a lot of exciting things and projects that you're working on too.

Keith Herdon: Absolutely.

Frederic Kerrest: Yeah.

Keith Herdon: Absolutely.

Frederic Kerrest: I know that Zero Trust is obviously big for all of you. What role does Zero Trust, and will it play, in Baker Hughes's transformation now in going forward?

Keith Herdon: You bet. So if I can give you just a very brief overview of who Baker Hughes is, it tells you we came from General Electric Oil and Gas, it would just [inaudible 00:03:04] area of about 35,000 individuals. With Baker Hughes, again, a hundred year old company with also 35,000 employees. So in June of 2017, we created a new company, New York stock ticker and new stock ticker, etc. And then what happened was after about five or six months, General Electric, who was our major shareholder, decided they wanted to get out of oil and gas. So, after 18 months, we became a new Baker Hughes company. Well, that 18 month window gave us the time to really go in and decide who do we want to be as a Baker Hughes. And so for us it was fantastic opportunity for us to really think through what's the future going to look like, and this is really where Okta really came into the picture.

Keith Herdon: So we looked at basically a new identity system. We looked at a new cloud system. In my area, a new cyber fusion center. But we had to go in and build a new accounts receivable, a new foundation for treasury, all those type things. So we have a tremendous amount of work that's going on in terms of building that new Baker Hughes. So it's really given us quite a challenge to say the least as we have moved forward in terms of our new relationship.

Keith Herdon: So it's actually a three year journey. Unlike most companies where you do a divestment and you flip badges overnight, we actually have a three year transition period. And so the issue around Zero Trust becomes absolutely fundamental in terms of our way forward because now we need to make sure that we understand who has access to these new applications that we're building. How do we make sure, when we have any relationship, how do we make sure we are, we're protecting our intellectual property?

Frederic Kerrest: Yeah.

Keith Herdon: Because as a manufacturing organization, it's all about IP, intellectual property. What are we doing to protect that? And as we go forward in terms of our cloud new applications, et cetera, how do we authenticate and authorize individuals? So it's a tremendous change that we're seeing within our organization, and Okta's really been fundamental in that journey along the way.

Frederic Kerrest: That's great. So, obviously a big piece there is what your security strategy is in it and how it changes and how it evolves, in particular as your industry does and as the risks do that are associated with that. But also specifically in your case, as you said, you were under some very interesting times, just gone public, just listed, now had to remanage into splitting up the two companies. There were very basic things I know, like Office 365 deployments, that you had to figure out on the fly. Tell us a little bit about that security strategy and what your thinking was and how you work through that.

Keith Herdon: You bet. So you've mentioned Office 365 so I'll give you an example. So we were pushing for multifactor authentication with Okta, and our infrastructure team was running ahead and had done some pilots around Office 365 and during the time that they were doing some experiments with Office 365, because they were using the native tools for MFA, they actually were compromised. And so it was really clear that we needed to move to Okta as quickly as possible. So along our journey as we were piloting Office 365, in December of 2019 we had about 17,000 you know, of our staff on Office 365. Over a weekend, we moved it to Okta. And would you believe that literally with those 17,000 individuals during that time, that Monday morning, we had 12 phone calls from our help desk asking questions around authorization and authentication, so it was amazing in terms of our journey.

Keith Herdon: But when we look forward in terms of our security strategy, Okta has been really critical for us. We rolled out in February a new Workday system and a new contract management system. So we had to go in and create what we call, we use Okta, we call it My ID.

Frederic Kerrest: Yep.

Keith Herdon: We had to roll out Okta to 70,000 employees and, again, 13,000 contractors. And so when we talk about our staff, we're talking about office staff, we're talking about people that are working in the field, 29 days off, 20- [crosstalk 00:07:20].

Keith Herdon: Exactly. So people that never use a PC except they want to check their paycheck, right? They want to see what's going on. And so we had to go in and figure out between December and February, how do we enable all of these individuals? Well, because of Okta, they could do it on their phone, they could do it on a work PC, they could do on a telephone, et cetera. And then we're actually a huge cloud-enabled company today, but we built a brand new cloud environment. And so again, Okta has been fundamental in establishing that foundation, not just from the administration but also of course from the application developer perspective. So we have something like 400 applications that we're moving from a GE cloud environment into a new Baker cloud environment. And again, Okta's been fundamental in really helping us through that journey.

Frederic Kerrest: So obviously a lot's changed since you first agreed to join us at Okta some months back. I know for one, we're doing the event virtually obviously. Thank you very much for joining us for that. And this spread of Covid-19 has had a very far reaching impact. How have you been responding at Baker's Hughes? What security challenges have you faced as you adapt to this new remote workforce, in particular with this largely distributed group as you just discussed?

Keith Herdon: Yeah, exactly. So, first just a real shout out to both the infrastructure team and our security teams and literally kind of doubling capacity around the globe around VPN access, etc. But when I think of it from an Okta perspective, really there's three different areas. The one is the ability for us to integrate Okta with our legacy, Cisco VPN environment. Very seamless, very easy to do, very straightforward, allowed us, again, a new, from a security perspective, MFA just right up front.

Keith Herdon: The second though was because of Okta, we were able to go in and do things like Office 365 and Skype without using VPN access. So because we were able to create a web application dashboard for our employees, again, we don't need to use VPN, so it's, again, saved us from a bandwidth perspective. And the third aspect is really issues around how easy it has been for us to deploy our applications in our Okta portal. What's really positive is that everybody knows My ID. So My ID, when can we use My ID because it's been easy for us to get into these applications.

Frederic Kerrest: So security teams like yours obviously evolved from, in particular, based on what we just talked about, being a check the box necessity to being an essential part of an organization and strategy, in particular an organization like yours. So now security has gone from being that business protector to also being an enabler, right? How have you seen that evolution play out at Baker Hughes, certainly in the past six, nine months, but also more recently?

Keith Herdon: Yeah. So if I think back, so oftentimes the CSO organization was known as the department of no.
 

Frederic Kerrest: Right.

Keith Herdon: "No, you can't do this. No, we can't make this happen. No, this shouldn't happen," et cetera. The reality is the CSO organization needs to be an enabler for the business. So we really need to understand what those business processes are, what products that we're selling, where we're going, where the business is trying to go. And so, as we've seen this department evolve, it's really around partnership. Success for me is when the business is coming to me and saying, "We want you to come in and help us protect this information, protect this data," or, "We're doing a merger acquisition or divestment. I want to make sure that the data that we're pulling together for this business deal is protected. Can you come in and make sure that that's happening in a secure way?"

Keith Herdon: But one other thing I did want to mention in terms of what's evolving, and that is the relationship in terms of companies communicating about what they're seeing in terms of cybersecurity related issues. If we don't communicate and share this information, as well as sharing information with government, in our case, the Department of Energy, FBI, if we don't share information, we're really on the back foot because we know our adversaries, in fact, nation states are sharing information, and so it's really critical that we do work together. And I do see really some positive trends in that direction. So I'm real pleased about that.

Frederic Kerrest: Let's wrap it up by paying it forward a little bit. Not just about your organization, but you, yourself, you've grown that organization at Baker Hughes, you've taken on more and more responsibility. You've clearly established yourself as a business enabler, technology leader, but also business leader. What advice do you have for a lot of the other security leaders listening in who might want to do the same in the times ahead?

Keith Herdon: Well, so first it is, is make sure that you really do understand the business that you're operating in via, in this case manufacturing, but be it health care or whatever it is, really understand the business. And so build those working relationships with product company members and understand what their day job looks like because at the end of the day, again, you are a service provider, so how can you service them? How can you help them all along the way?

Keith Herdon: The other is really work on your listening skill versus your presentation skills. What is it that you're hearing? And then I look at things in three different areas, capacity, achievements and relationships. Are you building the right relationships? Are you going to the people that you want to hear the right answers from or are you going to people that really will challenge your understanding? Capacity in terms of are you really thinking broadly in terms of how to solve problems. And then from an achievement perspective, are you actually delivering? Are you delivering what you have promised to your management team?

Keith Herdon: Then the last couple things is issues associated with taking a risk. At the end of the day you're going to make mistakes. You've got to put yourself out there. And for anyone that thinks that a career is going to be in a nice straight line, it doesn't work that way. You got to step aside, you've got to step out of the box. You get to do things differently. And really to take that risk. And again, being security and a compliance-oriented individual, you got to take a risk to really be successful going forward.

Frederic Kerrest: That's great. Well, Hey Keith, I really appreciate you taking time out of your busy schedule to chat with us today. Very informative. Certainly I learned a ton. I thank you again for your support and your partnership and thanks again for your time today.

Keith Herdon: Thank you. Take care.

Frederic Kerrest: Thanks. Take care.