>>Live from San Diego, California at the cube covering to clock in cloud native con brought to you by red hat, the cloud native computing foundation and its ecosystem Marsh. >>Welcome back. This is the cubes coverage of CubeCon cloud native con 2019 in San Diego, 12,000 in attendance. I'm zoomin and my co host is John Troyer and welcome to the program, the co founder and CTO of Lacework. Vikrum. Kapore's yeah. Thank you so much for joining us that to be here. So we had your CEO on at the first cloud security show, uh, earlier this year. A security definitely, you know, it's a board level discussion from center. I can never pass up the opportunity when I have a founder on the program. Just step us back for a second kind of book. The why of Lacework. Yeah, yeah. So I think if you look at the cloud ecosystem and communities now with containers, it's very clear that it requires like a new kind of way to look at security. Like all the traditional security tools for the data center were really built for like, you know, based on network. >>And then since they can know and as you move to the cloud, you know it's very hard to take 100 bucks to the cloud. You know, even with the virtual, you know boxes, it's really not that clean and good architecture. So what we found was that, you know, you really need a new way to think about it and me think about it as really a big data problem that you collect a lot of data, you process it, you analyze it, you get people to come with compliance and governance and breach protection automatically without having them light necessarily a lot of rules. Yeah. There's a term that this show cloud native and the maturity I've heard this year is some people say when I do cloud data, that means I like bake it into Kubernetes and that means you know, I can take my database across all the environments, I can take them there. >>Does that line up with how we should think about cloud security or is it more a little bit different than that? It's a little bit different than that. And the reason being that if you do all that, then what cloud native typically would also bring with itself would be things like your VMs and containers are not long than English short learning. And like in my world, in the old world, like I've been developing for 20 years, I knew the IP address on my airways and it didn't change and I knew the port number. But now if you ask me on cloud native environments, where is my database? Like I don't know there a five instances that ain't gonna hit their head in there. So there's a lot of elasticity, dynamic stuff that comes along with a network layer is not relevant at all to like what the applications are doing. >>So you need to get into the application layer and therefore particularly becomes a little bit different in that environment. So it's kind of, you know, the fact that I can run like thousand containers for no GS in like an instance which allows me to do that also means that, you know, I have no idea where they're running and what the IPS are. And I don't know, security on IP, I do it on, no Jess, like that's really what it is. So with Lacework though, you're, you're really monitoring this a, it's a platform. It's watching in real time. All this data is coming in. So it's both analyzing the history and it's got the stuff coming in. So you have a multiple layers. I mean we're here, uh, we're here at CubeCon. Coobernetti's is kind of the engine of what's going on, but there are other layers going on here. >>There's, yeah, there's all the application code and the pods. There's a, there's a cloud underneath and you all support, you know, different public clouds and on parameter and things like that. Yeah. Can you talk a little bit about maybe what's con some of the patterns of things you are dealing with, with all those different layers and those environments? >> Yeah, so I think it's actually a very relevant question. Like if you're going to think about like, you know, Coobernetti's you know, and as you said, like nothing really guns in isolation, right? Governance has to use containers. At some level. It has to run in either, even if it's managed, it's nothing in some VM somewhere. And the VM is basically the cloud native on VMware or it's hosted on some AWS cloud account and the cloud account probably has an API access to you to be able to set these things up or unset them if an attacker gets access to that. >>So we kind of think of security as comprehensively doing across the board. Like starting from like you know, build environments to run environments where before a developer does a build, you want to do one everyday analysis and make sure you're not building something with known problems in there. So you fix them as you go. Once you deploy them you need to look at like cloud configuration and you know, buckets on Autobahn or security groups are not, you know, incorrect. And then beyond that you actually really need a breach detection system, which kind of tells you when something does go wrong. And that can't be just inside Kubernetes or just containers. You kind of have to go look at every layer because you know, I've seen it personally, like, you know, as an, you know, having to look at some of the attacks, like when an attacker gets into one layer, he'll move into any layer he wants. Like there is really no way to say, I'll isolate him in this day only. So you have to going to protect everything and you're to Derbyshire Christian across the board. Yeah, I remember >>felt like it was a couple of years ago there was a security issue inside a Coobernetti's community freaked out a little bit, but you know, ended up moving past that. What are really kind of those security risks inside where does, where does Lacework fit fit into that discussion? >>Yeah, so I think it's really around like, you know, thinking like, you know, not companies as an isolated platform but actually part of the tech stack and ecosystem and looking at holistic lacrosse. It so fundamentally some of the security concepts haven't changed. You need to make sure you don't leave those open. Right. So if I have a door open on my uh, you know, API level, well it doesn't really matter if I close it on coronaries it's going to get exploded. Whoever is also comes with its own API SOA so that you have to monitor that. Also it has its own pod and it has its own port policies. So we're going to have to figure that too. So fundamentally I think at some level it boils down to making sure you kind of work with our tech security and dev ops. You need to work together to make sure that before the deploy it, it's kind of architected the right way. >>It has the correct VPCs and the port policies and the product texture and at the same time at run time, make sure you're monitoring it so that if something happens, you know about it early versus like six months later when the data is leaving your data center and then somebody tells you it's leaving it like it's too late at that point with your customers, then you're still seeing a role for the security team in the enterprise as well. The dev ops team better not be a better be coordinated with a platform like Lacework. Can you maybe talk a little bit about the enterprise situation and I'm guessing versus a startup? There's a lot more, there's a few other requirements that are coming up. >> We see that a lot across our customers. Like fundamentally DevOps and security really have to be on the same page because at the end of the day, like you know, the way the cloud happened in the has happened, it's a very API centric world. >>Like everything I do on AWS or GCP or Azure or is to an API. So it's a developer kind of centric world. And then if I have to set up a VPC, I have to work with the dev ops for Saturday and if I have to set up security groups, I have to work for dev ops, etc. So fundamentally, if they're not on the same page, you end up in like, you know, having problems. So the way we help in that environment is that we are able to get security on the DevOps team on the same page where they know security can understand what applications they can look at the behavior, they can understand, you know, what the architecture is and when they go tell dev ops to kind of, you know, there is something going on, can you help me? They can have a shared vocabulary and a language and they can talk about like things like on this part I saw access to, or you know, this website or DNS name, not that somebody in our data center went to the IP and like okay, but what does that mean the container is gone and the part's gone. >>Like what do I do with it? So I think we see that and I see, I feel longterm is really a collaboration where security brings to the table a lot of the knowhow and how to secure something. But at the same time, an actual implementation of it probably belongs in DevOps where like if you want to enforce something, you probably have to work with Kubernetes and Kubernetes API has to actually enforce it. So it kind of goes both ways. >> All right Vikram, talk to us about scale. We've talked to everything from broad scale to small scale in this environment. Give us the security aspect of that. So scale has been one of my favorite topics in the last 20 years. I've worked on this for systems and big data like at Oracle for a long time. And fundamentally what happens is that when you, when you do something on 10 PMs, you know, and you look at some alert, it's actually you know, one problem. >>But when you scale that up to like 10,000 VMs or you know, 10,000 containers and lots of users and developers doing multiple changes a day and like a billion connections now or like some of our customers do, it's no longer possible to look at like, you know, connections. It's no longer possible to look at every process. You've got to have to figure out how to deal with that problem by doing, you know, not operator processing and clustering. And that's what we do well. But at some point, scalability basically comes up when you end up having to, on any of the dimensions, having to deal with the problem where I can't, you know, as a human, I can't look at everything. So you have to kind of at that point, start investing in anomaly detection and figuring needle in the haystack problems so we can focus on them versus like, you know, one VM, something happened. All right, Vikram, really appreciate the updates. We know we're going to see lace Lacework at many of >>the cloud shows. Appreciate all the updates, everything in the Kubernetes environment. They kept doing it for John Troyer OMSU amendment back with more coverage here in just a little bit. Thanks as always for watching the cube.