>> Narrator: Live from Las Vegas, it's theCUBE covering AWS re:Invent 2017. Presented by AWS, Intel, and our ecosystem of partners. (techno music) >> Welcome back to The Sands. We are live here in Las Vegas as theCUBE continues our coverage of re:Invent. Still a jam packed show floor, it was like that yesterday. Talking about 42 to 45,000 attendees. I don't thing anybody's left the place yet. It's that kind of excitement that is certainly built within this community, so hats off to AWS for putting on such a great show. Along with Stu Miniman, I'm John Walls. We're now joined by Alok Ojha, who is the senior product manager and the lead for container security at CloudPassage. Alok, good to see you, Sir. >> Good to be here. >> Welcome to kind of breaking your maiden here on theCUBE, right, first time? >> Alok: First time here, yes, and super excited to be here. >> We're glad to have you, been talking about all kinds of fascinating things, gaming and security, we might get into that a little bit later on. First off, tell us a little bit about CloudPassage. I know you've only been there a short period of time, so, not only what it does, but what you're doing there. >> Great, great, so, CloudPassage is a cloud security, a cloud application security, infrastructure security company. We help our customers secure their workloads, whether they're running on servers, bare metal servers or VMs, and now yesterday we actually made an announcement around container security, so we now support containers as well. >> John: Alright, so go into that a little bit. I know you're pretty excited about that. >> Yeah, yeah we're pumped about it. So what we're hearing from our customers is that they have been using us to secure their workloads today whether it's running on Amazon, Azure, Google, their own data center, it doesn't really matter. What they're really looking for is one single platform that helps them secure and be compliant across the board. The next step in that direction of evolution is to have support for containers. And we announced the support for container security. We call it, pretty smartly, CloudPassage Container Secure. >> John: How long did it take you to come up with that, that must have been? >> Took us a million dollars to actually find somebody to get the idea. So we announced that yesterday, we are seeing a lot of excitement in our customer base. We actually had a pretty exciting beta as well where we had 10-plus Fortune 1,000 companies participating and a good chunk of them are actually looking at getting on board and using Container Secure. >> Alok, I want you to step back for a second. Security's been going through massive renaissance. It feels every few years there's always discussion, oh we're going to change the security model, but especially with DevOps. One of the main changes, I've talked to my friends that are developers, you read the literature, it's DevOps forces some of those changes in security and while it's one of the challenges, it's really one of the huge opportunities. Maybe talk about your thoughts on that. You've been in this industry a while. I think it's one of the reasons that brought you on to CloudPassage. >> Alok: I'll actually take multiple steps back because I kind of look from a broad perspective. So, when I look at trends, to me it's more about what's happening and how are the lives of people changing when it comes to people, process, and technology, right? So I'll start with tech. If you look at tech, there are three major changes that are relevant to our customers. On the infrastructure side, we have seen customers using servers, moving to containers, moving to surface architecture, right? And in between, there was this massive shift that happened between customers moving from pure place servers to VMs and there was huge concern about, hey, how do we handle security for VMs? Now we are past that and now the next wave of questions and concerns are around how do you secure your containers running across your infrastructure? The second piece is people used commercial, off the shelf software and that's moving on, but companies like Amazon providing services like databases, we had a huge set of announcements from Mandy Jesse today in the morning about databases and some interesting comments made there. So, we have seen trends in that direction. We're also seeing a trend that people are building monolithic applications and now they're breaking it apart and building micro services. Now because of these major tech changes, we are seeing significant changes on the people process side, which is what you're talking about. So you had people structured as IT, operations and IT security, buying commercial software, providing security and compliance based on it and driving business. It changed, as Mark Anderson said, software is eating the world, and as a result, you're seeing more developers getting hired by organizations, building softwares fast, delivering it to meet their respective customer needs, and as a result, there's a major shift happening driven by technology, as well as needs from the customer where now we're looking at Ops and DevSecOps. >> I want you to bring us inside a little bit, that container security discussion. Remember back, kinda two years ago, it was like, oh, containers aren't secure, shove 'em in a VM, no, you don't want to do that. Oh, maybe the isolation of containers actually will give us an opportunity. So what is the state of security? What is your company doing? What's special about the offering you have? And how does that fit in with kind of what Amazon's doing, the open source piece, I mean it's a big, hairy ball there, but yeah? >> It's interesting, so what we're seeing on the container side, the reason why the industry is using containers is because it simplifies deployment. You build your application, mostly images, and it becomes easier to deploy them. Doesn't matter where you're deploying them, which infrastructure it is, who owns it, doesn't really matter. But from a security standpoint, there's a huge benefit that Docker provides as well, which is the whole name space operation across processes, networks, so on and so forth. But the key challenge that we see is because Docker has inherent security, it's not still good enough. So, if you look at the images themselves that the developers are building, the images could have embedded secrets in them. They could have vulnerable packages in them. And you could have images that are getting deployed in production that are not authorized images. So you have to be kind of watchful of those things. You look at the container run time, you have to be aware of the configurations the container has. Are they privileged? Are they read-only? Are there configuration drifts happening on the containers? At the same time, you have to look at the third pillar, which is the Docker host on which the container is running, because containers are only as secure as the underlying operating system, the host. >> Where does the container strategy fit in with the holistic security that companies need to look at? >> Alok: As I said earlier, our customers are looking for one platform where they can secure the host, the virtual machines, and the containers, and our strategy is solely focused on that. Going from VMs to containers and you're also looking at supporting several less end services. >> I was kind of kidding there off the top when I said, we're talking about gaming, we're talking about all kinds of things here. We were talking about that, but on a different plane, about generations. You said, yeah, as a parent, we have different problems, but they're the same problems. So in the security world, you have the same nature of problems, but the magnitudes may be changed. So what do you think the next generation of security issues, what is that going to be? And how do you think your colleagues and you at CloudPassage are going to have to address that? >> That's a great question. The trend that we are seeing, and I think a couple of years from now what's gonna happen is the IT security organization is gonna go through a major transformation, right? Software is eating the world, and as a result, DevOps is going to become front and center of what's gonna happen. If I'm a VPO for application development, I would like to have both DevOps and security part of the entire process because I, as a business owner, I am accountable for the brand, the use case and the problems I'm solving for my customers, but at the same time, meeting security and compliance requirements. So security and compliance as a problem is still the same, but how people are building and delivering software, where they're doing it, what infrastructure they're actually running on, as to complexity, as to scalability problems, and last but not least, because you're looking at big-scale, automation is key. >> Look, I'm curious how IOT fits into this. I hear surface area, magnitude, you know, huge kind of threat when it comes to security. >> So we don't do much in the IOT space. But I think what's happening is customers who are looking at using IOT for their infrastructure, they're using more and more of microservices and containers to deliver that service, which is where we come in. We are seeing, as they're adopting IOT and delivering services using IOT, tracking trucks, devices, and those pieces across their network, we are the vendor of choice when it comes to securing those pieces of infrastructure as well as virtual machines and hosts they are running on. >> What kind of customer interactions are you having here? What are kind of some of the top issues that are driving customers to your booth and challenges that they're looking to solve? >> Customers are coming to us, saying, hey, we have a mandate, the IOT security guys and the DevOps guys are saying, from the business perspective, we have a mandate to deliver software fast, we have to meet our customer needs and stay ahead and up our game every day. In order to do that, you have to look at how you move security to the left of the DevOps pipeline. So customers are coming to us and asking, how do you fix that? How do you help us meet those needs that we have? How do I secure my workload? How do I move security to the left on the DevOps pipeline? And while doing all of that, be continuously compliant? And we're having so many conversations on these topics with our customers and containers happens to be front and center of that. >> You said you've been five months at CloudPassage? What was, in your mind, the most attractive element that pulled you in, and what do you see then, as you've created this business from scratch, what little bumps are you hitting along the way in your work, forget your clients, I mean for you, what you have to handle when you are trying to create this whole new enterprise within a system? >> It's a great question, so when I looked at CloudPassage, I was looking for two things. One from a market perspective, I clearly believed in what CloudPassage was doing back then when I was looking at them, and they still continue to do that, which is enterprise IT is going through a significant change and DevOps and DevSecOps is becoming front and center. And CloudPassage is solely focused on that. So it's a big check for me, from a market trend standpoint. At the same time, it's a great team, great people. So I came in with a mandate to actually build and define the container security product which we announced yesterday. Moving forward, I think in terms of bumps, it's interesting as a start-up, which areas do we focus on? Because you look at containers, customers are talking about a very broad spectrum. I mean security container run time, but they're also talking about microsegmentation and different pieces, but what we're finding in general, is that customers are still figuring out how to use Docker, how to containerize their application. And the challenge that we are facing and we are focused is you have to solve the problem across visibility, you know, use cases across the platform, be it VMs or containers, instead of going too deep vertically on the container side alone. So we are going broad, helping meet the needs of our customers as they're deploying it today. >> I'd love to hear your viewpoint, what's it like being in the AWS ecosystem these days? >> It's amazing, I mean the rate at which these guys are innovating, developers are adapting, they have the eyes and the ears of the developers. What that means is DevOps is going to speed up. What is also means is the use of infrastructures is going to speed up. What it means for us is our customers are going to be requiring means to secure and be compliant with the various regulations as they're deploying the software and containerizing different applications as they're deploying ECS, well moving forward maybe ETS, and we are the vendor of choice to help them get there. >> I think it means good news. >> Great news, yes. >> Well, congratulations on the news yesterday. And we certainly wish you all the well, all the continued success down the road. >> Thank you. >> John: I know five months probably felt like five days, right it's been flying by for ya? >> Of course. >> John: Good luck. >> Thank you. >> Thanks Alok, we're back with more here from re:Invent. AWS putting on the show here in Las Vegas. We're in The Sands and we're live here on theCUBE. Back with more in a bit. (techno music)