>>Welcome back to the Cube, as a continued coverage here from AWS Reinvent 22. It's day three of our coverage here at the Venetian in Las Vegas, and we're part of the AWS Global Startup Showcase. With me to talk about what Kong's to in that regard is Marco Palladino, who's the, the CTO and the co-founder of Con Marco. Good >>To see you. Well, thanks for having me >>Here. Yeah, I was gonna say, by the way, I, I, you've got a beautiful exhibit down on the show floor. How's the week been for you so far as an exhibitor here? >>It's been very busy. You know, to this year we made a big investment at the WS reinvent. You know, I think this is one of the best conferences in the industry. There is technology developers, but it's also business oriented. So you can learn about all the business outcomes that our, you know, customers or, you know, people are trying to make when, when adopting these new technologies. So it's very good so far. >>Good, good, good to hear. Alright, so in your world, the API world, you know, it used to be we had this, you know, giant elephant. Now we're cutting down the little pieces, right? That's right. We're all going micro now these days. That's right. Talk about that trend a little bit, what you're seeing, and we'll jump in a little deeper as to how you're addressing that. >>Well, I think the industry learned a long time ago that running large code bases is actually quite problematic when it comes to scaling the organization and capturing new opportunities. And so, you know, we're transitioning to microservices because we want to get more opportunities in our business. We want to be able to create new products, fasters, we want to be able to leverage existing services or data that we have built, like an assembly line of software, you know, picking up APIs that other developers are building, and then assemble them together to create new experiences or new products, enter new markets. And so microservices are fantastic for that, except microservices. They also introduce significant concerns on the networking layer, on the API layer. And so this is where Kong specializes by providing API infrastructure to our customers. >>Right. So more about the problems, more about the challenges there, because you're right, it, opportunities always create, you know, big upside and, and I, I don't wanna say downside, but they do introduce new complexities. >>That's right. And introducing new complexity. It's a little bit the biggest enemy of any large organization, right? We want to reduce complexity, we want to move faster, we want to be more agile, and, and we need an API vision to be able to do that. Our teams, you know, I'm speaking with customers here at Reinvent, they're telling me that in the next five years, the organization is going to be creating more APIs than all the APIs they've created up until now. Right? So how do you >>Support, that's a mind boggling number, right? >>It's mind boggling. Yeah, exactly. How do you support that type of growth? And things have been moving so fast. I feel like there is a big dilemma in, you know, with certain organizations where, you know, we have not taught a long term strategy for APIs, whereas we do have a long term strategy for our business, but APIs are running the business. We must have a long term strategy for our APIs, otherwise we're not gonna be able to execute. And that's a big dilemma right now. Yeah. >>So, so how do we get the horse back in front of the cart then? Because it's like you said, it's almost as if we've, we're, we're reprioritizing, you know, incorrectly or inaccurately, right? You're, you're getting a little bit ahead of ourselves. >>Well, so, you know, whenever we have a long-term strategy for pretty much anything in the organization, right? We know what we want to do. We know the outcome that we want to achieve. We work backwards to, you know, determine what are the steps that are gonna bring us there. And, and the responsibility for thinking long term in, in every organization, including for APIs at the end of the day, always falls on the leaders and the should on the shoulders of the leadership and, and to see executives of the organization, right? And so we're seeing, you know, look at aws by the way. Look at Amazon. This conference would not have been possible without a very strong API vision from Amazon. And the CEO himself, Jeff Bezos, everybody talks about wanting to become an API first organization. And Amazon did that with the famous Jeff Bezos mandate today, aws, it's a hundred billion revenue for Amazon. You see, Amazon was not the first organization with, with an e-commerce, but if it was the first one that married a very strong e-commerce business execution with a very strong API vision, and here we are. >>So yeah, here we are putting you squarely in, in, in a pretty good position, right? In terms of what you're offering to the marketplace who has this high demand, you see this trend starting to explode. The hockey sticks headed up a little bit, right? You know, how are you answering that call specifically at how, how are you looking at your client's needs and, and trying to address what they need and when they need it, and how they need it. Because everybody's in a kind of a different place right now. >>Right? That's exactly right. And so you have multiple teams at different stages of their journey, right? With technology, some of them are still working on legacy, some of them are moving to the cloud. Yep. Some of them are working in containers and in microservices and Kubernetes. And so how do you, how do we provide an API vision that can fulfill the needs of the entire organization in such a way that we reduce that type of fragmentation and we don't introduce too much complexity? Well, so at con, we do it by essentially splitting the API platform in three different components. Okay. One is API management. When, whenever we want to expose APIs internally or to an ecosystem of partners, right? Or to mobile, DRA is a service mesh. You know, as we're splitting these microservices into smaller parts, we have a lot of connectivity, all, you know, across all the services that the teams are building that we need to, to manage. >>You know, the network is unreliable. It's by default, not secure, not observable. There is nothing that that works in there. And so how do we make that network reliable without asking our teams to go and build these cross-cut concerns whenever they create a new service. And so we need a service match for that, right? And then finally, we could have the best AP infrastructure in the world, millions of APIs and millions of microservices. Everything is working great. And with no API consumption, all of that would be useless. The value of our APIs and the value of our infrastructure is being driven by the consumption that we're able to drive to all of these APIs. And so there is a whole area of API productivity and discovery and design and testing and mocking that enables the application teams to be successful with APIs, even when they do have a, the proper API infrastructure in place that's made of meshes and management products and so on and so forth. Right. >>Can you gimme some examples? I mean, at least with people that you've been working with in terms of addressing maybe unique needs. Cuz again, as you've addressed, journeys are in different stages now. Some people are on level one, some people are on level five. So maybe just a couple of examples Yeah. Of clients with whom you've been working. Yeah, >>So listen, I I was talking with many organizations here at AWS Reinvent that are of course trying to migrate to the cloud. That's a very common common transformation that pretty much everybody's doing in the world. And, and how do you transition to the cloud by de-risking the migration while at the same time being able to get all the benefits of, of running in the cloud? Well, we think that, you know, we can do that in two, two ways. One, by containerizing our workloads so that we can make them portable. But then we also need to lift and shift the API connectivity in such a way that we can determine how much traffic goes to the legacy and how much traffic goes to the new cloud infrastructure. And by doing that, we're able to deal with some of these transformations that can be quite complex. And then finally, API infrastructure must support every team in the organization. >>And so being able to run on a single cloud, multi-cloud, single cluster, multi cluster VMs containers, that's important and essential because we want the entire organization to be on board. Because whenever we do not do that, then the developers will make short term decisions that are not going to be fitting into the organizational outcomes that we want to achieve. And we look at any outcome that your organization wants to achieve the cloud transformation, improving customer retention, creating new products, being more agile. At the end of the day, there is an API that's powering that outcome. >>Right? Right. Well, and, and there's always a security component, right? That you have to be concerned about. So how are you raising that specter with your clients to make them aware? Because sometimes it, I wouldn't say it's an afterthought, but sometimes it's not the first thought. And, and obviously with APIs and with their integral place, you know, in, in the system now security's gotta be included in that, right? >>API security is perhaps the biggest, biggest request that we're hearing from customers. You know, 83% of the world's internet traffic at the end of the day runs on APIs, right? That's a lot of traffic. As a matter of fact, APIs are the first attack vector for any, you know, malicious store party. Whenever there is a breach, APIs must be secured. And we can secure APIs on different layers of our infrastructure. We can secure APIs at the L four mesh layer by implementing zero trust security, for example, encrypting all the traffic, assigning an identity to every service, removing the concept of trust from our systems because trust is exploitable, right? And so we need to remove the cut zero trust, remove the concept of trust, and then once we have that underlying networking that's being secure and encrypted, we want to secure access to our APIs. >>And so this is the typical authentication, authorization concerns. You know, we can use patterns like op, op or opa open policy agent to create a security layer that does not rely on the team's writing code every time they're creating a new service. But the infrastructure is enforcing the type of layer. So for example, last week I was in Sweden, as a matter of fact speaking with the largest bank in Sweden while our customers, and they were telling us that they are implementing GDPR validation in the service mesh on the OPPA layer across every service that anybody's building. Why? Well, because you can embed the GDPR settings of the consumer into a claim in a gel token, and then you can use OPPA to validate in a blanket way that Jo Token across every service in the mesh, developers don't have to do that. It just comes out of the box like that. And then finally, so networking, security, API security for access and, and management of those APIs. And then finally we have deep inspection of our API traffic. And here you will see more exotic solutions for API security, where we essentially take a subset of our API traffic and we try to inspect it to see if there is anybody doing anything that they shouldn't be doing and, and perhaps block them or, you know, raise, raise, raise the flag, so to speak. >>Well, the answer is probably yes, they are. Somebody's trying to, somebody's trying to, yeah, you're trying to block 'em out. Before I let you go, you've had some announcements leading up here to the show that's just to hit a few of those highlights, if you would. >>Well, you know, Kong is an organization that you know, is very proud of the technology that we create. Of course, we started with a, with the API gateway Con Gateway, which was our first product, the most adopted gateway in the world. But then we've expanded our platform with service mesh. We just announced D B P F support in the service mesh. For example, we made our con gateway, which was already one of the fastest gateway, if not the fastest gateway out there, 30% faster with Con Gateway 3.0. We have shipped an official con operator for Kubernetes, both community and enterprise. And then finally we're doubling down on insomnia, insomnia's, our API productivity application that essentially connects the developers with the APIs that are creating and allows them to create a discovery mechanism for testing, mocking the bagging, those APIs, all of this, we of course ship it OnPrem, but then also on the cloud. And you know, in a cloud conference right now, of course, cloud, right? Right. Is a very important part of our corporate strategy. And our customers are asking us that. Why? Because they don't wanna manage the software, they want the API platform, they don't, don't wanna manage it. >>Well, no, nobody does. And there are a few stragglers, >>A few, a few. And for them there is the on-prem >>Platform. Fine, let 'em go. Right? Exactly. But if you wanna make it a little quick and dirty, hand it off, right? Oh, >>That's exactly right. Yes. >>Let Con do the heavy lifting for you. Hey Marco, thanks for the time. Yeah, thank you so much. We appreciate, and again, congratulations on what appears to be a pretty good show for you guys. Yeah, thank you. Well done. All right, we continue our discussions here at aws. Reinvent 22. You're watching the Cube, the leader in high tech coverage. >>Okay.