>> It's been great. >> Robert Herjavec. >> I mean, you guys are excited where you are, no? >> Dancing with the Stars, of course. >> His CUBE alumni. (techno music) Live from Seattle, Washington, it's theCUBE covering KubeCon and CloudNativeCon North America 2018 brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. (crowd talking) >> And welcome back to our live coverage here in Seattle for KubeCon and CloudNativeCon 2018. I'm John Furrier, Stu Miniman, here for three days of wall to wall coverage, 8,000 people up from 4,000 last year. Growing Kubernetes and the Cloud Native ecosystem around KubeCon. Next two guests, John Morello, CTO of Twistlock, hot start-up to the news. And Nanda Kumar, who's a Fellow Systems engineer at Verizon's Global Technology Service. Guys, welcome to theCUBE. >> Thank you. Thanks for having us. >> Congratulations on your news and Kelsey wearing your shirt on theCUBE earlier. (they laugh) >> Thanks for having us. >> So take a minute to explain what you guys do, your story, you guys got to lot of hot things happening. Take a minute to talk about the company's value-- >> Yeah, sure, so we've been around for about four years now or going on four years. We're kind of the first company in this space that's really focused on cloud native cybersecurity. So, the idea is not just to take the existing capabilities that you've had on traditional systems and kind of retrofit them onto this new platform. But really to leverage the way that the cloud native space works, to be able to do security in a different and hopefully a more effective way. Cloud native has this notion of immutability and being able to take the same artifact from development to staging to production. And that enables us to do things in a security fashion that you really haven't been able to do in the past. Like actually be able to enforce security controls at the very beginning of the life cycle of the app. To be able to ensure consistency in your compliance posture all the way through production. And then as we learn things at runtime, to be able to signal that knowledge back to the developer, so they can actually improve the security application in the beginning. We basically have a platform that gives you those capabilities, vulnerability management, compliance, runtime defense, and firewalling across VMs, containers, and serverless across any clouds you have. We're not specific to any one cloud provider-- >> Is like telemetry coming back to the developer in real time? >> Yeah, basically as an example, when you have an application that's deployed, in the old world you as the developer would give the app to an operator, they would deploy it, and maybe weeks later, somebody would scan it, and they'd say you've got these vulnerabilities and then they have to go back and tell somebody to go and fix them. There's a lot of time where you're exposed, there's a lot of cost with that operation. The way that we're able to do it for the vulnerability case is as the developer builds the application, every build they do, Twistlock can scan that and see the vulnerabilities and actually enforce that as a quality gate and say if you've got critical vulnerabilities, you have to fix 'em before you progress. And then as you take that application and move that into test and staging and production, we create this dynamic runtime model that describes basically an implicit allow list of what's normal behaviors. So you don't have to tell us that my web server normally runs in Gen X and listens on port 80, we learn that automatically. We create this reference model where you can understand what's normal and then we automatically prevent anomalies. So unlike that traditional world of security where you had to have a whole bunch of manual rules that try to blacklist every thing that was bad, (John Furrier laughs) we just say, we learn what's good and only allow that. >> It's predictive and prescriptive in one. >> Yeah, exactly. >> What's the role here with Kubernetes, how do you fit into the Kubernetes standardization, momentum? >> For us, we've kind of pre-dated the rise of Kubernetes in some ways, and really supported Kubernetes from the very beginning when the project became popular. Our platform is designed to work as a native cloud native app itself, so when you deploy Twistlock, you run the Twistlock console, our management service and API controller. All that's run just as a cloud native app. You deploy as a replication controller. When you deploy Twistlock defender, our agent effective error, containerized agents to all the nodes where you're writing compute jobs, you run that as a Damon set. So for us, not only do we protect the platform, but we just are a part of the platform. There's nothing abnormal that you have to do. You deploy it and manage it like you would any other Kubernetes application. >> All right, Nanda, let's pull you into the conversation here. >> Sure. Verizon, obviously most people know, explain what your group does, how cloud native fits into what you're doing. >> I'm part of the Global Technology Services organization. Verizon, as you probably know, is a mixed bag of different types of businesses brought together, wireless being the most prominent one that most of you know about it. But we also have other solutions, like our file solutions. And recently with our acquisition of Yahoo, which is gold, and so forth. Verizon is actually on a major transformation journey. Our transformation journey spans around a five year program. We are in year number three of this transformation and cloud native and cloud technology is a very foundational aspect for us as part of this transformation. I was just chatting with John earlier. Opportunity like this doesn't come that often because we are in a perfect intersection of where automation and Verizon is doing a cloud migration and then you have these cloud native technologies that have been made available. Where it's Kubernetes, container, and so forth. So that mesh of the opportunity to migrate. And as you migrate, you're taking advantage of these technologies, and modernizing your application stack is a big win. >> Okay, can you connect for us the intersection of what you were just talking about and 5G, which is you know, really going to be a huge impact on everything happening in telecommunications. >> Yeah, the whole idea about 5G for us is it's not just the next generation of technology. It's all about the human element ability of it. Basically it means we want to make sure that the technology is used to solve real human problems and the technology is capable of doing that. Be it whether it's a life science or be it in transportation and so forth. We really want to make sure that the technology is being used to solve real human problems and to enable the consumption of this technology. We won't take advantage of cloud native services to support it. >> Help boil it down for us because, just in general, you say even domestically, I think it's like 40% of the U.S. population doesn't have access to broadband. Those of us at the conference here understand that wireless isn't always reliable. 5G silver bullet, everybody's going to have infinite bandwidth everywhere, right? >> Absolutely. (Stu laughs) And that's the valued proposition of the technology that it brings to the table. I know the spread of the technology is going to vary depending upon the commercialization of the product, the solution, and so forth. But the reality is in the new world that we live in, it is not just one piece of technology that's going to make it. It's going to be a mesh of the new technologies like 5G with a combination of WiFi and so forth. All of this coming together. It all comes down to fundamentally what are the use cases or what type of solutions are you going to go after and how it's going to make sense. >> How has cloud native in this transformation changed how you guys make investments? Obviously, the security equation's paramount. Central to the that, lot of data. How is the investments and how you guys are building out changed? Obviously you're looking at re-imagining operations, security, et cetera et cetera. How's that going to shape for you guys-- >> One of the things that Nanda and I were talking about earlier that not because of cloud native but it's enabled by cloud native. I think you look at almost all organizations today, and to reuse that phrase that Andreessen quoted about softwaring the world. It really is a true thing. Unlike in the past where IT had been this cost center that most organizations sought to strangle out and reduce as much as possible, I think most, at least modern companies that will be successful in the future, realize that that's part of their competitive advantage. It's not just about providing an app because your competitor has an app, it's about providing a better experience so that you're driving more revenue, having a better relationship, a longer term deeper relationship with that customer. Like we were talking about, in his case, if they build kind of a minimal application or minimal experience for their customers, their customers may choose to go to AT&T or whomever else if they can feel like hey, it's easier for me to work with them. I get better data, I can use my systems more easily. If you have that inflection point where people are having to really invest in building better software, better industry specific software, you need those tools of mass innovation to do that. And that's what cloud native really is. It's about being able to take and innovate and iterate on those innovations much more rapidly than you've been able to do in the past. And so it's really this confluence of those two trends that make this space as big as it is. That's why we have so many people here at KubeCon. >> Oh, you go faster too. The investment in apps, your applications, faster. And your talking about your security solution replaces the old way of hey, is there a problem, we'll patch it. >> It also has to get away from that approach where people took in the past where security was always this friction. It was this impediment, you know, you wanted to deploy something and you had to go through the security review and create all this rules and it was a hassle and slowed things down. If that's your approach to security, you're going to be at a fundamental conflict to this new approach. >> I think you'll be out of business personally, I think that ship has sailed, that's dead. We see the breaches every day, you see on all the dark webs who've been harvesting all that. IoT though is a different kind of animal. How are you guys looking at the IoT equation because that's a good use case for cloud? You can push now compute to the edge, you don't have to move data around. Certainly you guys are in the telecom business, you know what that means, so latency matters. How are you looking at the edge, IoT, and where does security fit into that? >> In terms of IoT, I think as you mentioned, there are going to be use cases where IoT's going to be very critical. There are two paradigms to the concept of the mobile edge compute. One is for the IoT use cases, the other could be even for like AR/VR is a good example. You want the compute to be so fast where you want responses immediately based on the location you are and so forth. So that's a very important foundation that we're working on and making that a reality for our organization to come use it. And of course any solution that we provide, security needs to be baked into it, because that's going to be foundation for how to-- >> Back to your 5G point, that's great back haul too for those devices. That one at least. If they want to send data back or interface with the edge, and power and compute, you need power and connectivity. >> Yep, exactly, very true. >> What's next, I guess? If you look forward, where's this journey going? How does this partnership help solve things? >> I think the key to any successful transformation is you got to take into consideration your current landscape. You certainly can have a broad vision of where the future is and so forth, but if you can't build the bridge between where we are and where we need to go, that's going to be a very challenging space so when you look at the cloud native technologies, we look at making it operational efficiency for us. In terms of how do we do our operations, like the earlier question we talked about, what is changing for us? Our operation's getting better. Our security portion is getting better because we're now shifting more of this to left. Which means as the workloads are being built and so forth. We're taking into consideration how it's going to run, where it's going to run and so forth. So that's going to create the savings and operational efficiency, which then allows us to take that and transform it into how do we focus on more modern technologies and modern solutions and so forth. >> Customer satisfaction. >> And customer satisfaction. >> Those are the top line business for every new model. >> So I got to ask, how is it going with Twistlock? Where's their role in your transformation? It's on the security side? >> Mm-hmm. >> Where do they play into your mix? >> So when we rolled out our solution for our Kubernetes platform, we certainly want to make sure that, to John's earlier point, where we can shift left and really look at security wholistically. And the only way you could do that is you need to capture the essence or integrate security as the project's being built. Because today we do have a security portion, but it's kind of where you have it during the development phase or during operations or doing it on time. You're not able to stitch it together. But with container and Kubernetes, you now have the advantage of really knowing what is end to end. And that is where our partnership with Twistlock has to be able to oversee that and provide that insight on what is running, where it's running, what levels exist, and how do we fix it. >> It kind of makes sense too. We've talked for years, the perimeter is dead. You guys are addressing security upfront at the application level where it's coding. This is working out for you guys well? >> Yep, and that's been a big shift in fact for why they've been successful with this transformation. Because we know have inside steward and everybody in the organization has a line off-site to what's going on, where things are running and so forth. It's been a great partnership. >> John, talk about this dynamic 'cause this is really kind of compelling because we've heard, "Oh, yeah, we're throwing everything "against the wall in security." And everyone always says, "Hey, the perimeter is dead "and you got to start with security in mind from day one." Well, I mean, what is day one? The minute you start coding, right? >> I get your overall point about the perimeter being dead. I would actually rephrase it a bit and say, "The perimeter being dissolved." And I think that's really a more probably accurate way to look at it. What used to be this very tightly defined like, we deploy things in this network or even VPC and it's got this control around it. Whereas a lot of customers today we see choosing an intentional multi-cloud strategy. They want to preserve the ability to have some leverage, not just with Amazon, but with Azure, or with Google, or whomever it may be on-premises. And when you have that model where you've got infrastructure and multiple regions, multiple different providers, you no longer have that very clean separation between what's yours and what's kind of out on the outside. And so one of the things that we really think is important is to be able to bring the perimeter to the application. So the way that we look at protecting the application is around the app itself, regardless of what the underlying compute platform is, the cloud, the region, it's really about protecting the app. You learn how those different microservices normally communicate with each other. You only allow that normal good communication unless you can really constrain a blast radius if you do have some kind of compromise in the future. And the minute you really try to mitigate that compromise is to again find those vulnerabilities as you develop the app, and prevent them in development before they ever get out to production. >> And that's a super smart approach, I love that. I think it's a winner, congratulations. Final question, what's the prediction for multi-cloud in 2019? Since you brought it up, multi-cloud seems to be the hot thing. What's your prediction 2019? It becomes a conversation? It becomes practice? >> I would say at this point, it already is practice in most organizations. And I would say that in 2019, you'll see that become something that's accepted not just as an option but as really the preferred, the better operational model. So you're able to choose technology platforms and operational approaches that are designed to work in a model in which you have multiple providers. Because you have a dependency layer that you can take now with Kubernetes and containers that's universal across those. Theoretically, you could have always taken a VM you put in ager and moved it to AWS, but it was really difficult and painful and hard to do that. If you do that well with Kubernetes, it's really pretty straightforward to deploy an application across multiple providers or multiple regions of the same provider even. And I think you'll see that become a more real thing in 2019 because it gives you as a company, or you as a customer, more leverage to be able to choose the services and negotiate the rates that you want with your provider. >> And if you move security to the app level like you guys are doing, you take away all that extra work around how to send policy and make it dynamic. >> Exactly. Our customers may have one Twistlock environment that manages things in Azure and AWS and GCP and on-premises and that's fine because we care about protecting the app not the interlying infrastructure. >> You agree? >> Absolutely, I think that's going to be the case even from our perspective. You're always going to look for where is the best place around these workloads and in a cost-effective way and secure manner. And as long as you're a single-controlled plane that you can manage it, I think the multi-cloud is going to be the ideal-- >> Make it easier to operate, standard language for developers, lock in security at the front end. >> That's right. >> Good stuff. Guys thanks for coming out. >> Sure. >> Appreciate the insight. Smart commentary here on security, cloud native, Kubernetes, I'll break it down here on theCUBE. I'm John Furrier, Stu Miniman, stay with us. More day one coverage of three days of live coverage here in Seattle for KubeCon and CloudNativeCon. We'll be right back. (upbeat music)