>>The cube presents Koon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and CubeCon cloud native con Europe, 2022 I'm cube Townsend, along with Paul Gill, senior editor, enterprise architecture at Silicon angle. We are talking to some incredible folks this week, continuing the conversation around enabling developers to do their work. Paul you've said that this conference is about developers. What are you finding key as a theme running throughout the show >>That that developers really need a whole set of special tools. You know, it's not the end user, the end user tools, the end user access controls the authentication it's developers need a need their own to live their in their own environment. They need their own workflow tools, their own collaboration and their own security. And that's where teleport comes in. >>So speaking of teleport, we have Michael fork, chief marking our officer at teleport new world role for you. First, tell me about how long have you been at teleport now >>Going on seven or eight months now, >>Seven or eight months in this fast moving market. I'm I'm going to tell you a painful experience I've had in this new world. We've built applications. We've moved fast audits come in. The auditors have come in and they said, you know what, who authorized this change to the cluster? And we'll go into the change ticket and say, this person authorized the changes and the change ticket. And then they'll ask for trace back. Okay. Show me the change. What do it mean? Show you the changes. It just happened. >>Yeah. Check, check GitHub. >>Yeah, check GI, get, see, we, we, we, we said we were gonna make the changes, the change happen. That's not enough. What are CU, how are you helping customers solve this access control and audit problem? >>Yeah, that's a great question. There're kind of, there're kind of two, two sides to the puzzle. And actually I think that the intro hits it. Well, you you've talked about kind of developer experience needing needing tools to more efficiently do the job as a practitioner. And you're coming at it from kind of a security and compliance angle. And there's a tension between both of those teams. It's like, you know, there's, there's a tension between dev and ops before we created DevOps. There's also a tension between kind of security teams and developers. So we've created dev SecOps. What that means is you need an easy way for developers to get access, access to the resources they needed through their jobs. That's, you know, Linux hosts and databases and Kubernetes clusters and, you know, monitoring dashboards and managing all of those credentials is quite cumbersome. If I need to access a dozen systems, then you know, I'm using SSH keys to access this. >>I have admin credentials for my database. I I'm going through a VPN to access an internal dashboard, teleport, consolidates, all of that access into a single login via your identity provider, Okta active directory, but then on the security and compliance side, we make it really easy for that compliance officer. When they say, show me that change, we have all of the audit logs. That's that show exactly what changes Keith made when he logged into, into that system. And in fact, one of the booths behind here is talking about E B P F a modern way to get that kind of kernel level grade granularity. We build all of that observability into teleport to make the security and compliance teams happy. And the engineering teams a lot more productive. >>Where do the, the access control tools like Okta, you mentioned fall short. I mean, why, why is there a need for your level of, of control at the control plane? >>Yeah. When you, when you start to talk about authorization, authentication, audit at the infrastructure level, each of these technologies has its own way of managing what kind of in, in the jargon often and Ze, right? Authentication authorization. So you have SSH for, for Linux. Kubernetes has its own way of doing authorization. All of the database providers have their own way and it's quite complicated, right? It's, it's much different. So, you know, if I'm gonna access office 365 or I'm gonna a access Salesforce, right. I'm really talking about the HTTP protocol. It's relatively trivial to implement single sign on for web-based applications. But when we start talking about things that are happening at the Linux kernel level, or with Kubernetes, it's quite complicated to build those integrations. And that's where teleport extends what you have with your IDP. So for instance, Okta, lots of our customers use Okta as their identity provider, but then teleport takes those roles and applies them and enforces them at the actual infrastructure level. >>So if I'm a lay developer, I'm looking at this thinking, you know, I, I have service mesh, I've implemented link D SEO or something to that level. And I also have Ansible and Ansible has security, etcetera. What, what role, or how does that integrate to all together from a big picture perspective? >>Yeah. So >>What, one of the, kind of the meta themes at teleport is we, we like to, we like to say that we are fighting complexity cuz as we build new technologies, we tend to run the new tech on top of the old tech. Whereas for instance, when you buy a new car, you typically don't, you know, hook the old car to the back and then pull it around with you. Right? We, we replace old technology with new technology, but in infrastructure that doesn't happen as often. And so you end up with kind of layers of complexity with one protocol sitting on top of another protocol on top of another protocol. And what teleport does is for the access control plane, we, we kind of replace the legacy ways of doing authentication authorization and audit with a new modern experience. But we allow you to continue to use the existing tools. >>So we don't replace, for instance, you know, your configuration management system, you can keep using Ansible or, or salt or Jenkins, but teleport now is gonna give those, those scripts or those pipelines in identity that you can define. What, what should Ansible be able to do? Right? If, cuz people are worried about supply chain attacks, if a, if a vulnerable dependency gets introduced into your supply chain pipeline and your kind of Ansible playbook goes crazy and starts deploying that vulnerability everywhere, that's probably something you wanna limit with teleport. You can limit that with an identity, but you can still use the tools that you're, that you're used to. >>So how do I guarantee something like an ex-employee doesn't come in and, and initiate Ansible script that was sitting in the background just waiting to happen until, you know, they left. >>Yeah. Great question. It's there's kind of the, the, the great resignation that's happening. We did a survey where actually we asked the question kind of, you know, can you guarantee that X employees can no longer access your infrastructure? And shockingly like 89% of companies could not guarantee that it's like, wow, that's like that should, that should be a headline somewhere. And we actually just learned that there are on the dark web, there are people that are targeting current employees of Netflix and Uber and trying to buy credentials of those employees to the infrastructure. So it's a big problem with teleport. We solve this in a really easy, transparent way for developers. Everything that we do is based on short lift certificates. So unlike a SSH key, which exists until you decommission it, shortlist certificates by, by default expire. And if you don't reissue them based on a new login based on the identity, then, then you can't do anything. So even a stolen credential kind of the it's value decreases dramatically over time. >>So that statistic or four out of five companies can't guarantee X employees can't access infrastructure. Why is simply removing the employee from the, you know, from the L app or directory decommissioning their login credentials. Why is that not sufficient? >>Well, it, it depends on if everything is integrated into your identity provider and because of the complexities of accessing infrastructure, we know that developers are creative people. And by, by kind of by definition, they're able to create systems to make their lives easier. So one thing that we see developers doing is kind of copying an SSH key to a local notepad on, on their computer. So they essentially can take that credential out of a vault. They can put it somewhere that's easier for them to access. And if you're not rotating that credential, then I can also, you know, copy it to a, to a personal device as well. Same thing for shared admin credentials. So the, the, the issue is that those credentials are not completely managed in a unified way that enables the developer to not go around the system in order to make their lives easier. >>But rather to actually use the system, there's a, there's a market called privilege access management that a lot of enterprises are using to kind of manage credentials for their developers, but it's notoriously disruptive to developer workflows. And so developers kind of go around the system in order to make their jobs easier. What teleport does is we obviate the need to go around the system, cuz the simplest thing is just to come in in the morning, log in one time to my identity provider. And now I have access to all of my servers, all of my databases, all of my Kubernetes clusters with a short lift certificate, that's completely transparent. And does >>This apply to, to your, both your local and your cloud accounts? >>Yes. Yes, exactly. >>So as a security company, what's driving the increase in security breaches. Is it the lack of developer hygiene? Is it this ex-employee great resignation bill. Is it external intruders? What's driving security breaches today. >>Yes. >>It's you know, it's, it's all of those things. I think if I had to put, give you a one word answer, I would say complexity. The systems that we are building are just massively complex, right? Look at how many vendors there are at this show in order to make Kubernetes easy to use, to do what its promises. It's just, we're building very complex systems. When you build complex systems, there's a lot of back doors, we call it kind of a tax surface. And that's why for every new thing that we introduce, we also need to think about how do we remove old layers of the stack so that we can simplify so that we can consolidate and take advantage of the power of something like Kubernetes without introducing security vulnerabilities. >>One of the problems or challenges with security solutions is, you know, you there's this complexity versus flexibility knob that you, you need to be careful of. What's the deployment experience in integration experience for deploying teleport. >>Yeah, it's it, we built it to be cloud native to feel like any other kind of cloud native or Kubernetes like solution. So you basically, you deploy it using helm chart, you deploy it using containers and we take care of all of the auto configuration and auto update. So that it's just, it's, it's part of your stack and you manage it using the same automation that you use to manage everything else. That's a, that's a big kind of installation and developer experience. Part of it. If it's complex to use, then not only are developers not gonna use it. Operations teams are not gonna want to have to deal with it. And then you're left with doing things the old way, which is very unsatisfactory for everybody. >>How does Kubernetes change the security equation? Are there vulnerabilities? It introduces to the, to the stack that maybe companies aren't aware of >>Almost by definition. Yes. Kind of any new technology is gonna introduce new security vulnerabilities. That's the that's that is the result of the complexity, which is, there are things that you just don't know when you introduce new components. I think kind of all of the supply chain vulnerabilities are our way of looking at that, which is we have, you know, Kubernetes is itself built on a lot of dependencies. Those dependencies themselves could have security vulnerabilities. You might have a package that's maintained by one kind of hobbyist developer, but that's actually deployed across hundreds of thousands of applications across, across the internet. So again, it's about one understanding that that complexity exists and then saying, is there a way that we can kind of layer on a solution that provides a common layer to let us kind of avoid that complexity and say, okay, every critical action needs to be authorized with an identity that way if it's automated or if it's human, I have that level of assurance that a hacked Ansible pipeline is not going to be able to introduce vulnerabilities across my entire infrastructure. >>So one of the challenges for CIOs and CTOs, it's the lack of developer resources and another resulting pain point that compounds that issue is rework due to security audits is teleport a source of truth that when a auditor comes in to audit a, a, a, a C I C D pipeline that the developer or, or operations team can just say, Hey, here's, self-service get what you need. And come back to us with any questions or is there a second set of tools we have to use to get that audit and compliance reporting? >>Yeah, it's teleport can be that single source of truth. We can also integrate with your other systems so you can export all of the, what we call access logs. So every, every behavior that took place, every query that was run on a database, every, you know, curl command that was run on a Lennox, host, teleport is creating a log of that. And so you can go in and you can filter and you can view those, those actions within teleport. But we also integrate with other systems that, that people are using, you have its Splunk or Datadog or whatever other tool chain it's really important that we integrate, but you can also use teleport as that single source. So >>You can work with the observability suites that are now being >>Installed. Yeah, there, the, the wonderful thing about kind of an ecosystem like Kubernetes is there's a lot of standardization. You can pick your preferred tool, but under the hood, the protocols for taking a log and putting it in another system are standardized. And so we can integrate with any of the tools that developers are already using. >>So how big is teleport when I'm thinking about a, from a couple of things big as in what's the footprint and then from a developer operations team overhead, is this kind of a set and forget it, how much care feed and maintenance does it >>Need? So it's very lightweight. We basically have kind of two components. There's the, the access proxy that sits in front of your infrastructure. And that's what enables us to, you know, regardless of the complexity that sits across your multi data center footprint, your traditional applications, running on windows, your, your, your modern applications running on, you know, Linux and Kubernetes, we provide seamless access to all of that. And then there's an agent that runs on all of your hosts. And this is the part that can be deployed using yo helm or any other kind of cloud native deployment methodology that enables us to do the, the granular application level audit. For instance, what queries are actually being run on CockroachDB or on, on Postgres, you know, what, what CIS calls are running on Linnux kernel, very lightweight automation can be used to install, manage, upgrade all of it. And so from an operations perspective, kind of bringing in teleport shouldn't be any more complicated than running any application on a container. That's, that's the design goal and what we built for our customers. >>If I'm in a hybrid environment, I'm transitioning, I'm making the migration to teleport. Is this a team? Is this a solution that sits only on the Kubernetes cloud native side? Or is this something that I can trans transition to initially, and then migrate all of my applications to, as I transition to cloud native? >>Yeah. We, there are kind of, no, there are no cloud native dependencies for teleport. Meaning if you are, you're a hundred percent windows shop, then we support for instance, RDP. That's the way in which windows handles room access. If you have some applications that are running on Linux, we can support that as well. If you've got kind of the, you know, the complete opposite in the spectrum, you're doing everything, cloud native containers, Kubernetes, everything. We also support that. >>Well, Michael, I really appreciate you stopping by and sharing the teleport story. Security is becoming an obvious pain point for cloud native and container management. And teleport has a really good story around ensuring compliance and security from Licia Spain. I'm Keith towns, along with Paul Gillon and you're watching the cue, the, the leader, not the, the leader two, the high take tech coverage.

>> Announcer: Live from Nassau in the Bahamas it's The Cube covering Polycon 18 brought to you Polymath. >> Hello, welcome to The Cube for a special Cube event, our first kick off for our cryptocurrency, Blockchain, decentralized computing world that we know as Bitcoin, Ethereum, Blockchain and all the rest. I'm John Furrier, Dave Vellante. We're here previewing the conference/\. We'll be live tomorrow and Friday but were here down getting ready for the big festivities which is tonight's opening keynotes. We had the co-founder of Ethereum, Anthony Diiorio, and then Brock Pierce coming on. He also is a chairman of the Bitcoin Foundation. Luminaries as well as a bunch of other great guests, Bill Tai from California, a friend of The Cube's. This is a game changing event, Dave. You and I have talked about this on The Cube many times. The waves of innovation come, you know, this big once in a generation, maybe centuries. We're seeing one that I think is not as even big as the other ones, bigger. You combine the PC Revolution. I was just texting Michael Dell earlier today and said, "This feels like the PC Revolution." A bunch of pioneers coming together but it's got a different vibe. It's bigger. It's like the combination of the internet and PC Revolution all rolled into one with a community vibe on it. So, and we're going to have tons of coverage on this. What I want to ask you, Dave, directly is you've seen many waves and we work with and we cover some of the old guard, older companies like Dell EMC, HPE, Oracle, IBM, Microsoft and they're doing really good work pivoting and trying to be ready for this new wave. It's just on Blockchain, it's just how the world works, Cloud, you know, IoT but decentralized cannot be ignored. So, some think this is a blind spot to these legacy and emerging vendors changing vendors like Oracle and IBM and HPE and Dell Technologies. Are they ready? Do you think they're ready? Do you think they even understand what's coming? And people squabble over Cloud market share and it's just funny, right? It's like there's a bigger thing coming over the top. >> Well, first thing I got to say is I got to give you props as my partner because you've been covering, you know, Blockchain, Bitcoin on SiliconANGLE since I don't know -- >> John: 2010. >> 2010, when I first met you, right. And so once again you are sort of ahead of the curve. I feel like we're at our first Hadoop World, you know, back in 2010. And so, props to you and the SiliconeANGLE team. To answer your question, no. No, they're not ready and to me it's not even about just Blockchain. I mean, Blockchain technology they can adopt. The bigger issue is digital disruption. And digital disruption is all about the data at the core of the organization and business models that are built around data. And if you think about the history of companies, it's human expertise and data's bolted on. We've seen this time and time again but if you look at the top five market cap companies, Facebook, Amazon, Google, et cetera, they're data companies. Data is at the center and they take human expertise and wrap it around there. So, the future is going to be about innovation with data, with artificial intelligence and Cloud economics and the old guard doesn't have those things. Blockchain fits in there. To me Blockchain is about building out a new distributed web and on top of the old web and rewarding those who were building it. So, it's a new form open-source where the builders get paid. >> But it's also decentralized and you have a value store, value creation capture model that has all the wrappings of what we traditionally see in a centralized database or even Cloud. You need networks, you need storage, you need databases, you need tokens, which is a form of data. So token economics, I mean, it's a new value economy, Dave. I mean, I just don't, I feel like the, I just, from my perspective, I just don't think those guys are seeing it. >> No and so it's not only those guys. It's the most of the world. I mean, you turn on CNBC and Buffet's on there saying this is going to end badly and there's negative, you know, trade press about, you know, Bitcoin and Silk Road and all that stuff. What most of the world is missing, and that makes people run away, but this is happening, it's real. It's going be the foundation for a next generation internet. It's happening, you see it all the time. Developers built the internet. Developers are going to rebuild the internet on top of this. So, I would suggest that people just try to squint through or squint passed the negative press and try to really understand what this trend is all about and how it's going to fundamentally change the internet and change the world. >> Well, there's negative press that's worthy. There's a lot of scams out there. There's security issues >> Sure >> but these are evolutionary problem spaces that can be solved. One, the scammers are going to be vetted out, the bubble bursting but the real value, creation is going to come from developers and that, to me, is what I hear you saying as your main point. >> No question about it. And I think that that, you know, there's lots of challenges. This stuff is not easy. First of all, who would've ever thought that something like Ethereum could even have been built, this kind of distributed infrastructure? I mean, it's very, very challenging. Of course we know about the scaling problems, the latency issues, all that stuff but these are problems that smart people are going to go attack and solve. And again I emphasize, it's the new form of, remember the old open systems, right? Unix and open systems. Well fast forward passed open-source, which the internet was built on open-source. Think about Linnux, everything's built on Linnux. But today developers who are building these new protocols are actually going to get paid to that. Guys like Anthony, you know, who made hundreds of millions -- >> Anthony Diiorio, co-founder of Ethereum, doing Jaxx wallet as part of Decentral. Great use case. He's paying it forward and I think the community here is a real dynamic and I think what we learned at The Cube, Dave, is the communities matter and now, more than ever they're actually having an input. Look what open-source has done to the software business over the past three decades, okay? Completely revolutionized the world we live in. So if you take the open-source apply those principals to, whether it's content media or decentralized infrastructure and applications, it's going to be a haven of innovation. >> Well and if you think about this, too, folks. Is that, you know, the centralized model has essentially co-opted all this innovation in the last 15 years, right? They've won. Closed won, Facebook won, they killed RSS. >> Well, Facebook's not winning now. They're under a lot of pressure because they screwed the election over and the data that they're using, some will argue, that, when I use Facebook, okay? Facebook's great, I get a free app, I let them have my data 'cause I want to connect with my friends but they're throwing elections off. I didn't bargain for that. The context has changed. So, to me, the shift of user data is going to move into the hands of the users. Do you agree with that statement? >> Yes, no question. And the other thing, just to finish my thought -- >> That's not good for Facebook. >> And we've talked about this, John. Protocol and development has stagnated, you know? Gmail is built on SMTP, you know, HTTP, DNS, these are all protocols that were developed by governments, and academia and the big guys just co-opted them and so, protocol development stagnated. What you need to understand about Blockchain is it bring back innovation -- >> Well, Anthony Diiorio said on my interview with him, one-on-one, that protocol developers are the most in demand role because those big guys take in co-oping those protocols, Dave, as you pointed out, is causing a revolution. It's almost like the 60s for tech. It's like there is a ground swell. I see it, I feel it. Not just a wave of innovation but the actors and the people involved look at this as a liberating opportunity to free the centralized forces that are quite frankly holding the world back. >> And I want to, this is very important and it was really epiphany when it hit me, is if you wanted to invest in TCP/IP, back in the day, how would you do that? You couldn't invest in TCP/IP. You could maybe invest in companies -- >> John: Cisco. (laughs) >> Yeah, can invest in companies. Okay, but you and I couldn't have gotten in early on Cisco, right? It was all the insiders. Today, developers who are building out these protocols, they can own the protocol. That's a form of investment and they got, essentially, equity in that token. >> Dave, we're going to be doing a lot of crypto shows and Blockchain shows because we're talking about the decentralization of the world. This is the future of our globe and work and play. What are you looking for, as we go down and knock down these shows, as The Cube goes out on this new mission? >> Well, I think Anthony kind of hinted at this. Is he's looking at infrastructure. It's like the early days of the internet with, you know, the pickaxe guys, you know, made all the money. It's the infrastructure that's getting built out. So, I want to see how that develops and how that sets the foundation, the platform for distributed applications, number one. Number two is I want to understand some of these challenges and how they're going to be addressed. The scaling issues, the latency problems, some of the, you know, nitty gritty technical challenges, who's working on those? And the third is, what's the right investment profile? How are the investors at this conference and other conferences going about deciding what to invest in? Right? How do they squint through quality and garbage? >> Well, I'm going to be heading to a special investor event. Dave, I'm going to put my ear to the ground and of course The Cube will go wherever it takes to get the story, whether it's the Bahamas. Not a bad gig here but important. We're going to get the most important stories and share that with you. And continue our mission of getting this content out in the open, shining the light on relevance and the right reputable people. Dave, always great. >> Thanks, John. >> And looking forward to a great week. (techno music)