>>Hey guys and girls, welcome back to Motor City, Lisa Martin here with John Furrier on the Cube's third day of coverage of Coon Cloud Native Con North America. John, we've had some great conversations over the last two and a half days. We've been talking about identity and security management as a critical need for enterprises within the cloud native space. We're gonna have another quick conversation >>On that. Yeah, we got a great segment coming up from someone who's been in the industry, a long time expert, running a great company. Now it's gonna be one of those pieces that fits into what we call super cloud. Others are calling cloud operating system. Some are calling just Cloud 2.0, 3.0. But there's definitely a major trend happening around how cloud is going Next generation. We've been covering it. So this segment should be >>Great. Let's unpack those trends. One of our alumni is back with us, O Rika Zi, co-founder and CEO of Aerio. Omri. Great to have you back on the >>Cube. Thank you. Great to be here. >>So identity move to the cloud, Access authorization did not talk to us about why you found it assertive, what you guys are doing and how you're flipping that script. >>Yeah, so back 15 years ago, I helped start Azure at Microsoft. You know, one of the first few folks that you know, really focused on enterprise services within the Azure family. And at the time I was working for the guy who ran all of Windows server and you know, active directory. He called it the linchpin workload for the Windows Server franchise, like big words. But what he meant was we had 95% market share and all of these new SAS applications like ServiceNow and you know, Workday and salesforce.com, they had to invent login and they had to invent access control. And so we were like, well, we're gonna lose it unless we figure out how to replace active directory. And that's how Azure Active Directory was born. And the first thing that we had to do as an industry was fix identity, right? Yeah. So, you know, we worked on things like oof Two and Open, Id Connect and SAML and Jot as an industry and now 15 years later, no one has to go build login if you don't want to, right? You have companies like Odd Zero and Okta and one login Ping ID that solve that problem solve single sign-on, on the web. But access Control hasn't really moved forward at all in the last 15 years. And so my co-founder and I who were both involved in the early beginnings of Azure Active directory, wanted to go back to that problem. And that problem is even bigger than identity and it's far from >>Solved. Yeah, this is huge. I think, you know, self-service has been a developer thing that's, everyone knows developer productivity, we've all experienced click sign in with your LinkedIn or Twitter or Google or Apple handle. So that's single sign on check. Now the security conversation kicks in. If you look at with this no perimeter and cloud, now you've got multi-cloud or super cloud on the horizon. You've got all kinds of opportunities to innovate on the security paradigm. I think this is kind of where I'm hearing the most conversation around access control as well as operationally eliminating a lot of potential problems. So there's one clean up the siloed or fragmented access and two streamlined for security. What's your reaction to that? Do you agree? And if not, where, where am I missing that? >>Yeah, absolutely. If you look at the life of an IT pro, you know, back in the two thousands they had, you know, l d or active directory, they add in one place to configure groups and they'd map users to groups. And groups typically corresponded to roles and business applications. And it was clunky, but life was pretty simple. And now they live in dozens or hundreds of different admin consoles. So misconfigurations are rampant and over provisioning is a real problem. If you look at zero trust and the principle of lease privilege, you know, all these applications have these course grained permissions. And so when you have a breach, and it's not a matter of if, it's a matter of when you wanna limit the blast radius of you know what happened, and you can't do that unless you have fine grained access control. So all those, you know, all those reasons together are forcing us as an industry to come to terms with the fact that we really need to revisit access control and bring it to the age of cloud. >>You guys recently, just this week I saw the blog on Topaz. Congratulations. Thank you. Talk to us about what that is and some of the gaps that's gonna help sarto to fill for what's out there in the marketplace. >>Yeah, so right now there really isn't a way to go build fine grains policy based real time access control based on open source, right? We have the open policy agent, which is a great decision engine, but really optimized for infrastructure scenarios like Kubernetes admission control. And then on the other hand, you have this new, you know, generation of access control ideas. This model called relationship based access control that was popularized by Google Zanzibar system. So Zanzibar is how they do access control for Google Docs and Google Drive. If you've ever kind of looked at a Google Doc and you know you're a viewer or an owner or a commenter, Zanzibar is the system behind it. And so what we've done is we've married these two things together. We have a policy based system, OPPA based system, and at the same time we've brought together a directory, an embedded directory in Topaz that allows you to answer questions like, does this user have this permission on this object? And bringing it all together, making it open sources a real game changer from our perspective, real >>Game changer. That's good to hear. What are some of the key use cases that it's gonna help your customers address? >>So a lot of our customers really like the idea of policy based access management, but they don't know how to bring data to that decision engine. And so we basically have a, you know, a, a very opinionated way of how to model that data. So you import data out of your identity providers. So you connect us to Okta or oze or Azure, Azure Active directory. And so now you have the user data, you can define groups and then you can define, you know, your object hierarchy, your domain model. So let's say you have an applicant tracking system, you have nouns like job, you know, know job descriptions or candidates. And so you wanna model these things and you want to be able to say who has access to, you know, the candidates for this job, for example. Those are the kinds of rules that people can express really easily in Topaz and in assertive. >>What are some of the challenges that are happening right now that dissolve? What, what are you looking at to solve? Is it complexity, sprawl, logic problems? What's the main problem set you guys >>See? Yeah, so as organizations grow and they have more and more microservices, each one of these microservices does authorization differently. And so it's impossible to reason about the full surface area of, you know, permissions in your application. And more and more of these organizations are saying, You know what, we need a standard layer for this. So it's not just Google with Zanzibar, it's Intuit with Oddy, it's Carta with their own oddy system, it's Netflix, you know, it's Airbnb with heed. All of them are now talking about how they solve access control extracted into its own service to basically manage complexity and regain agility. The other thing is all about, you know, time to market and, and tco. >>So, so how do you work with those services? Do you replace them, you unify them? What is the approach that you're taking? >>So basically these organizations are saying, you know what? We want one access control service. We want all of our microservices to call that thing instead of having to roll out our own. And so we, you know, give you the guts for that service, right? Topaz is basically the way that you're gonna go implement an access control service without having to go build it the same way that you know, large companies like Airbnb or Google or, or a car to >>Have. What's the competition look like for you guys? I'm not really seeing a lot of competition out there. Are there competitors? Are there different approaches? What makes you different? >>Yeah, so I would say that, you know, the biggest competitor is roll your own. So a lot of these companies that find us, they say, We're sick and tired of investing 2, 3, 4 engineers, five engineers on this thing. You know, it's the gift that keeps on giving. We have to maintain this thing and so we can, we can use your solution at a fraction of the cost a, a fifth, a 10th of what it would cost us to maintain it locally. There are others like Sty for example, you know, they are in the space, but more in on the infrastructure side. So they solve the problem of Kubernetes submission control or things like that. So >>Rolling your own, there's a couple problems there. One is do they get all the corner cases who built a they still, it's a company. Exactly. It's heavy lifting, it's undifferentiated, you just gotta check the box. So probably will be not optimized. >>That's right. As Bezo says, only focus on the things that make your beer taste better. And access control is one of those things. It's part of your security, you know, posture, it's a critical thing to get right, but you know, I wanna work on access control, said no developer ever, right? So it's kind of like this boring, you know, like back office thing that you need to do. And so we give you the mechanisms to be able to build it securely and robustly. >>Do you have a, a customer story example that is one of your go-tos that really highlights how you're improving developer productivity? >>Yeah, so we have a couple of them actually. So there's the largest third party B2B marketplace in the us. Free retail. Instead of building their own, they actually brought in aer. And what they wanted to do with AER was be the authorization layer for both their externally facing applications as well as their internal apps. So basically every one of their applications now hooks up to AER to do authorization. They define users and groups and roles and permissions in one place and then every application can actually plug into that instead of having to roll out their own. >>I'd like to switch gears if you don't mind. I get first of all, great update on the company and progress. I'd like to get your thoughts on the cloud computing market. Obviously you were your legendary position, Azure, I mean look at the, look at the progress over the past few years. Just been spectacular from Microsoft and you set the table there. Amazon web service is still, you know, thundering away even though earnings came out, the market's kind of soft still. You know, you see the cloud hyperscalers just continuing to differentiate from software to chips. Yep. Across the board. So the hyperscalers kicking ass taking names, doing great Microsoft right up there. What's the future? Cuz you now have the conversation where, okay, we're calling it super cloud, somebody calling multi-cloud, somebody calling it distributed computing, whatever you wanna call it. The old is now new again, it just looks different as cloud becomes now the next computer industry, >>You got an operating system, you got applications, you got hardware, I mean it's all kind of playing out just on a massive global scale, but you got regions, you got all kinds of connected systems edge. What's your vision on how this plays out? Because things are starting to fall into place. Web assembly to me just points to, you know, app servers are coming back, middleware, Kubernetes containers, VMs are gonna still be there. So you got the progression. What's your, what's your take on this? How would you share, share your thoughts to a friend or the industry, the audience? So what's going on? What's, what's happening right now? What's, what's going on? >>Yeah, it's funny because you know, I remember doing this quite a few years ago with you probably in, you know, 2015 and we were talking about, back then we called it hybrid cloud, right? And it was a vision, but it is actually what's going on. It just took longer for it to get here, right? So back then, you know, the big debate was public cloud or private cloud and you know, back when we were, you know, talking about these ideas, you know, we said, well you know, some applications will always stay on-prem and some applications will move to the cloud. I was just talking to a big bank and they basically said, look, our stated objective now is to move everything we can to the public cloud and we still have a large private cloud investment that will never go away. And so now we have essentially this big operating system that can, you know, abstract all of this stuff. So we have developer platforms that can, you know, sit on top of all these different pieces of infrastructure and you know, kind of based on policy decide where these applications are gonna be scheduled. So, you know, the >>Operating schedule shows like an operating system function. >>Exactly. I mean like we now, we used to have schedulers for one CPU or you know, one box, then we had schedulers for, you know, kind of like a whole cluster and now we have schedulers across the world. >>Yeah. My final question before we kind of get run outta time is what's your thoughts on web assembly? Cuz that's getting a lot of hype here again to kind of look at this next evolution again that's lighter weight kind of feels like an app server kind of direction. What's your, what's your, it's hyped up now, what's your take on that? >>Yeah, it's interesting. I mean back, you know, what's, what's old is new again, right? So, you know, I remember back in the late nineties we got really excited about, you know, JVMs and you know, this notion of right once run anywhere and yeah, you know, I would say that web assembly provides a pretty exciting, you know, window into that where you can take the, you know, sandboxing technology from the JavaScript world, from the browser essentially. And you can, you know, compile an application down to web assembly and have it real, really truly portable. So, you know, we see for example, policies in our world, you know, with opa, one of the hottest things is to take these policies and can compile them to web assemblies so you can actually execute them at the edge, you know, wherever it is that you have a web assembly runtime. >>And so, you know, I was just talking to Scott over at Docker and you know, they're excited about kind of bringing Docker packaging, OCI packaging to web assemblies. So we're gonna see a convergence of all these technologies right now. They're kind of each, each of our, each of them are in a silo, but you know, like we'll see a lot of the patterns, like for example, OCI is gonna become the packaging format for web assemblies as it is becoming the packaging format for policies. So we did the same thing. We basically said, you know what, we want these policies to be packaged as OCI assembly so that you can sign them with cosign and bring the entire ecosystem of tools to bear on OCI packages. So convergence is I think what >>We're, and love, I love your attitude too because it's the open source community and the developers who are actually voting on the quote defacto standard. Yes. You know, if it doesn't work, right, know people know about it. Exactly. It's actually a great new production system. >>So great momentum going on to the press released earlier this week, clearly filling the gaps there that, that you and your, your co-founder saw a long time ago. What's next for the assertive business? Are you hiring? What's going on there? >>Yeah, we are really excited about launching commercially at the end of this year. So one of the things that we were, we wanted to do that we had a promise around and we delivered on our promise was open sourcing our edge authorizer. That was a huge thing for us. And we've now completed, you know, pretty much all the big pieces for AER and now it's time to commercially launch launch. We already have customers in production, you know, design partners, and you know, next year is gonna be the year to really drive commercialization. >>All right. We will be watching this space ery. Thank you so much for joining John and me on the keep. Great to have you back on the program. >>Thank you so much. It was a pleasure. >>Our pleasure as well For our guest and John Furrier, I'm Lisa Martin, you're watching The Cube Live. Michelle floor of Con Cloud Native Con 22. This is day three of our coverage. We will be back with more coverage after a short break. See that.

>> Narrator: theCUBE presents KubeCon, and CloudNativeCon Europe, 2022, brought to you by Red Hat, the Cloud Native Computing Foundation, and its ecosystem partners. >> Welcome to Valencia, Spain and KubeCon, CloudNativeCon Europe, 2022. I'm Keith Townsend, and we're continuing the conversation with builders, startups, large enterprise, customers, small customers, the whole community. Just got a interesting stat earlier in the day, 7.1 million community members in the CNCF foundation, and we're been interacting with 7,500 of them. But we're bringing the signal, separating the signal from the noise. We have a Kube alum who's been on both sides of the table, Omri Gazitt co-founder and CEO of Aserto. Welcome to the show. >> Thank you so much, Keith. >> So identity management, you know it's, it's critical need to the enterprise cloud native but there's plenty of solutions on the market, what unique problem are you solving you know how are you solving the problem in a unique way that we don't go to some of the big named vendors in this space? >> Yeah, we, my co-founder and I, were veterans of large clouds. We helped start Azure at Microsoft. We in fact helped build what became Azure Active Directory and those solutions entirely focus on one part, the "I" part, the identity part of the problem. They completely ignore the access management part and you could argue that is a larger problem and it is far from solved. So we completely agree. Identity management, a problem that's been solved over the last 15 years and solved well by great companies like Microsoft and Okta and Auth0. And we're best friends with them. We basically pick up where they leave off. We do the access management part. >> So the access management part, what specifically, what what am I getting when I engage with your team and your product? >> Yep. So basically I, authentication is all about proving that you are, who you say you are through a password or something else, you know, biometric. And that part is done. We basically pick up where that leaves off. So once you know who you are, once you've proven to a system that you are Keith. Now, what can Keith do? What roles, what permissions, , what operations can Keith perform on what resources? That's a harder problem. And that's the problem that we focus on. So for example, if you have a SaaS app - let's say you're building, you know an applicant tracking system and you Keith are an owner of some job descriptions and you have some candidates, but  somebody else has a different set of candidates and an admin, maybe has visibility at everything. How do you build that system? That actually is a pretty hard problem. And how do you build it to enterprise grade? That's where we come in. We basically have an end-to-end solution that gives you cloud native, end-to-end authorization that's built to enterprise grade. >> So when I think of this capability, I can't help but to think of AWS IAM and I'm in AWS IAM, I get my security role, and now I can assign to an EC2 instance, the ability to access some other AWS service or identity. So role based identity - are you giving me that type of capability? >> For everything else. So AWS IAM for AWS resources right? Google IAM for Google Resources. Azure has a similar system but they're all infrastructure focused. And what we're trying to do is bring that to your domain specific resources, right? So you, as an application builder, you have the things that correspond  you're not doing VMs, you're not doing storage arrays, you're not doing networks. You have higher level constructs, right. You know, like I said, if you're building Lever or Greenhouse, you have candidates and jobs and reports and things like that. So we basically allow you to create this fine grained access control, but for your own objects. >> So where's the boundaries? Let's say that I have a container or microservice that is a service and it has a role, it has an identity on my network. And there is a cloud based service, let's say a, a cloud SQL. And I want to do authentication across the two or can I only have the boundaries within my private infrastructure or does that boundary extend to the public cloud as well? >> It extends everywhere, right. So basically, you know, if you think about all the different hops here, you know, Zero Trust is the, the rage, right? And that encourages defense in depth. So you have an access proxy that does some type of authorization. Then you have an API Gateway that has a little bit more context, a little bit more authorization. For us we live inside of the application. So the application calls us, we give you a sidecar, you deploy it right next to your application. It gives you, you know, sub-millisecond response time, a hundred percent availability, all the authorization decisions are done with full context about who the user is and what resource they're trying to access. And so our sidecar will give you a response back, allow or deny, and then downstream from us, you could basically talk to another microservice. And at that point you're doing machine identities, right? So you may have a different authorization policy for those, only you know these particular services, are allowed to talk to these other services. And so we solve both the, you know authorization for machine identities as well as authorization for human identities. >> All right Omri are you ready for Q Clock? >> I sure am! >> Oh, I like the energy. >> Bring it on. >> You know, there have been many before you, they have failed the test. >> All right. I mean, they brought, they've brought the energy. You have the energy but do you have the ability to survive the clock? >> I'm going to do my best. >> So I'm going to say start the clock. I haven't said, said start cube clock yet, but when I say it, you have 60 seconds. There's no start overs. There's no repeats. The pressure's on, you ready? >> All right. I'm ready. >> Ready? Start Cube Clock. >> All right. If you are a VP of Engineering or a CTO or run a security or engineering organization what are you doing for roles and permissions? You're building it on your own, right? >> Tough times never last, tough people always do, and you're, you're delaying, you're letting me break you up. >> All right, I'm not going to let you break me up. Great. So you don't want to build it yourself. You don't want to build it yourself. Why would you spend engineering time? Why would you spend, you know, the- >> You deserve a seat at the table. >> No but look, why would you ever spend your time building something that is not differentiating your application? Instead use something like Aserto, just dear God use something, use a developer API. Don't build it yourself because what are you doing? You're reinventing the wheel, you know. You want to get out of the business of reinventing the wheel. >> Crawl before you walk. (Omri laughs) >> You think so? I think, I think you have to go you know, make sure that you spend your engineering resources on the things that matter and the things that matter are. >> Time up. >> Yep. >> You know what? You threw three great curve balls and struck me out. Great job. (Omri laughs) You, you, you just knocked it out the park. Great job Omri, I appreciate you coming in, stopping by, sharing your company's journey about authorization and authorization services and getting kind of this cloud capability, the cloud native. >> I appreciate your time as well Keith, always a pleasure. >> From Valencia Spain, I'm Keith Townsend, and you're watching theCUBE, the leader in high tech coverage. (soft instrumental music)

>> Narrator: Live from Austin, Texas, it's theCUBE, covering DockerCon 2017, brought to you by Docker and support from it's ecosystem partners. >> Welcome back to theCUBE, I'm Stu Miniman, we're here at DockerCon 2017 in beautiful Austin, Texas, had a great party down on Rainy Street last night, 5500 people and many of them, a good majority of them made it to keynote this morning, but we're checking in with a lot of guests here, happy to welcome onto the program. I've got a returning guest in a new role and I have a new guest, so both of you from Puppet, Deepak Giridharagopal, who's the CTO and Omari Gazitt, who's the Chief Product Officer. We caught up with you at a previous cloud role that you had had. Deepak, since it's your first time on the program, you've been with Puppet for awhile now, can you give our audience a little bit about your background and your role? >> Sure, so, I've, software guy, I've been programming forever, done a bunch of different start-ups, actually lived in Austin and was part of the Austin start-up scene for quite some time, so I went to school here. So, I've been here for maybe 15 years, something like that. >> Is that a Hook'em Horns or is that a? >> It's Hook'em Horns, yeah, absolutely. So, UT computer science and also, fellow Texan, not UT but from Rice so, there you go. >> That's right. >> Owl's are okay too. But yeah, I've been working here for awhile, previous start-up I was at did a lot of email archival and stuff like that, so I was an early engineer there. We ended up getting acquired by Dell, but that was during an era where we charged people based on storage, so the more we could store, the more money we could make, but that was really early on into how you use software to scale out a bunch of systems and things like that, so that's how I got involved with Puppet the project before I actually joined the company, so I ended up using a lot of that stuff to build out all the systems that we had, maintained a lot of relationships with the community, have a lot of patches inside of Puppet core, so eventually joined the company. So now I've been there for about six years, I'm CTO and Chief Architect, so I'm responsible for all the ones and zeros, I guess and overall technical strategy. >> Alright, so Omri, how long ago did you find Puppet and tell us about your role. >> Absolutely, seven weeks ago, so, you know, fresh, brand new but very excited about this new role, as Deepak said, I'm also a fellow Texan. I went to school at the cross-town rival, maybe the different city rival at Rice but, I don't think we've ever beat UT in football, maybe once. So, I don't even know what the Rice equivalent of Hook'em Horns is. I spent many years at bit companies like Microsoft where I helped start .NET and was really deeply involved in Azure as well as well as HP where I ended up being the General Manager and Vice President for the Helium platform. For that I did a number of start-ups, including one here in Texas, in Houston that ended up going public and the fun thing about coming back to Texas. The last time I was here was Open Stack Summit in Austin. It's always going to get great Tex Mex, so really enjoyed that last night as well. >> Alright, so Deepak, you've been with Puppet long enough that you know, there was no Docker in there. >> That's true. >> Containers did exist, can you walk us through, you have an architect role, how does containers impact your product and how your customers are using you? >> I mean, I think it's, there's a lot of interest, I think. There's almost, I don't think there's a single customer or really user that I go and talk to and I talk to a lot of them that are unaware of containerization. They know it's a thing. I do think though that a lot of them are trying to fit it into their brains and I think that's kind of the main role that we kind of play because the products that we build and all the projects that we have, the open source or commercial stuff, it's all about helping people automate, deploy, manage all the software that they've got, no matter what kind of software it is. So containerization to a lot of these folks, they come to us kind of asking, okay, well, I've heard a lot about it or I'm getting a lot of pressure from development teams to start deploying stuff using it, how do we adopt that kind of technology in a way that comports with all the rest of our practices for managing our software, which for a lot of customers, they're still in the process of evolving because a lot of the people we talk to, they come to us to kind of move from more of the older way of managing deploying and automating their stuff into more of a DevOps kind of mindset where rapid iteration, continuous delivery, so the technology is definitely a big part of it, the processes are also a big part of it, but ultimately I think they come to us saying, this is really cool, it seems very different than virtualization, you know, so how do we actually deal with that? How do we enforce security policies on all these things? How do we deploy it? Can we share code? How do we stand up the container infrastructure itself? I don't know anything about software defined networking, now I have to. How do I get that expertise and how do I configure that, manage it and the applications themselves that are containerized now, they're just architected and built, and in many cases, fundamentally different ways than software of previous generations and that requires a lot of uplift of the rest of an organization in order to make that stuff possible. So it's happening, but I think there's definitely a gulf between the, you know, kind of leading edge and a lot of the stuff that we've seen here in the keynotes today, which have been awesome, there's a ton of great stuff they've announced for systems builders and things like that. I can build custom kernels and all kinds of stuff, that's great, but there's a huge gulf between the leading edge tech like that and that tool chain and what I think most enterprises can fit into their heads. What they understand, what they have established practices around and you know, we have to meet in the middle. Obviously we can't bring all the new tech and make it snap to this line of how we used to do things, 'cause that's not going to work, but simultaneously, we can't just shift everybody over to doing absolutely everything brand new because they have this thing called paying customers and revenue generating software that's already running, so, how do you bridge that gap and that's where I view our role is, being that bridge to the future. >> Actually one of the things I liked in the keynote, they said it would be great if we just had this kind of easy button, that we do things but I think, as you said, you help customers take what they have, move them forward, help make it easier. You joined the company, why is it exciting at Puppet these days, how do things like containerization fit into your thoughts going forward? >> Absolutely, I'm super excited to be at the company. I've worked most of my career really serving the developer customer, the developer constinuency, and one of the things that I saw working in the container ecostystem over the last few years is that there really is a lot of excitement from development in organizations around effectively packaging microservices in a new way and the advantages here are real. There is a lot of acceleration that you get but the larger movement of DevOps is actually how you get that agility, that velocity, that Ben was talking about in his keynote today. There's only one mode and that is quick, right, and that resonated strongly with me because we saw, we saw that exactly in large companies like HP and obviously at Puppet now where, at the core of the value that we bring to our customers is helping them transform, helping them do things in a more cross-functional way, in a way where they can accelerate delivery from taking months to taking days or even hours and Puppet's point of view largely comes from the Ops part of DevOps and our customers are asking us, what's our role, what's our evolving role in this new world and that's exactly why it's so exciting to be part of a company that is actually bringing that unique point of view and most of our customers are asking, great, containers, now what? What about all the things that we have to worry about? What about security? What about compliance? What about reporting? What about kind of having visibility into my entire estate of things? That doesn't change just because you go from running things on bare metal to running things in VM's, with containers, we have another order of magnitude increase of the number of things you're managing and so, the management challenges just become larger and our job, the way that we see our job is to really help our customers transition, employ these accelerate technologies like Docker, like containerization, and the container platforms, but do it in a way that, make sure that these operators continue to be able to their jobs, to get the visibility and the control they need to make sure that they deliver on the Dev of the business as well. >> Yeah, I had an interesting conversation with Soloman Hikes earlier on theCUBE here and he said his background was actually on the operations side and when they built Docker it was the developers as their customer, want to throw it out to the both of you, is to kind of that, that developer operator and then kind of your enterprise buyer, how's that dynamic changing? We've watched the whole DevOps discussion for many years as to kind of, who do you sell to, who's actually got budget, who makes decisions? Is it some c-level management that said, oh, I read about this and do it or the developers bubbling things up? Where are things today, what are you seeing? >> Well, I definitely think the sort of, the era of, you have one of two really high level buyers that make all these decisions about everything is going to be architected. It's all going to be built in this way, it's all going to work in this way, this is how, operationally, it's going to work, security is going to be enforced this way mostly by just saying no to things, the way we make things stable in production is to say no to making changes. If IT of the late '90's was a political party or the 2000's was a political party, it would be no, we can't, which doesn't make any sense anymore. So I think in 2017, I view, especially with respect to containerization, I think the big change is around empowerment and I think the DevOps movement, in many ways is about fostering collaboration and empowerment, so you don't want to have a separate security function that just puts, I'm going to secure this application at the very end of the assembly line, that doesn't work, just like it never worked for quality assurance or anything like that. We'll make it work, we'll put QA in at the very end, ideally you want all of that baked in as early as possible and I think stuff like containers, I think the rise of containerization has enabled developers to feel more empowered over a large swath of the staff then they previously maybe had the ability to be. So, if you believe in the idea of a container as being the unit of delivery of software in the future, I mean, that's a pretty powerful abstraction. So if I'm a developer at my laptop, I could put all kinds of stuff into this black box and the power is, I have all the autonomy inside that box. I can do whatever I want with it and that's very empowering, that's a lot of responsibility. I think the flip side though and I think something that we learned as part of the DevOps movement as well is that it can just be about developer empowerment. It has to also be about operation empowerment. It has to be about security empowerment. If you think about it, I think there's a future, I hope this isn't the one that we actually get, but I think there's a future where, for example, all developers are building everything with containers are like great, I can put all the stuff I want in this black box and then, here you go, here you go operations team, here's this black box that you can do anything you want with it, I mean, that's kind of a 2017 tech version of throwing it over the wall, right, because the people with the pager still have to care about what's inside that black box and now, if you have a hundred development teams doing thousands of containers all the time, that's way more black boxes that you have to manage. So if you're an IT director or a CIO or something like that and you have to deal with your entire estate of stuff, that's a pretty gnarly problem and then you have to combine that with all the previous generations of software that you still have and you still have to maintain. So, I understand why our customers come to us a lot of times and ask us, is there a unified way that we can kind of model and manage all the stuff that we've got? How do we see inside a lot of these things that are opaque and they are black boxes so, I'm aiming more for a future where the containers uses that unit of delivery for software but it's used as a coordination point where it's not just developers putting whatever they want in a Docker file, it's developers and Op staff coordinating to figure out, how do we stitch these containers together into a proper application? How do we secure it? Does it meet all of our standards and things like that and that's pretty great. I'm very optimistic about that. That's a place I want to be in. >> I, just to amplify a little bit, it's great to be at a company where the users love the software. Our selling motion typically is a bunch of practitioners at a company really love using our software and then we get a call from the CIO saying, hey, we have thousands of nodes under management, we would like to have a deeper relationship with you, let's go have a conversation about that, so that's a fantastic validation of the value of the product as a tool of empowerment and I would say that, just to echo Deepak's point, it's all about end to end velocity. If you're just making the dev's go faster, you're not necessarily relieving the right bottlenecks and we've seen that, even in our own development. As I've come up to speed on how Puppet does things, some of the impressive pieces of focus really are on our own value steam, how the technology, value stream, in terms of how we get ideas to our customers. We always think about inserting operations folks, security folks, QA, development, product management, project management altogether and collaborating from the beginning of a project or beginning of a sprint and that, in effect, speeds up everything. Again, to echo Deepak's point, if you just make the life of the dev better or faster, you may not actually be solving for total velocity. >> Great point about why you guys are sticky, why your customers love you. Omri, I'm sure you've got great viewpoint, but Deepak, feel free to chime in, the cloud providers themselves, I look at the platforms out there. I mean Docker is a platform provider, Amazon, Microsoft, Google, others out there, some of your previous employers build platforms and they're trying to simplify and add automation and do this thing, why are you guys, is this a big opportunity for you guys, where do you guys become relevant or even more relevant as time goes on with these platforms? You want to start, Omri? >> Absolutely, so, the cloud is the big platform disruption of our time, in our industry and you're either going to ride it or get washed over by it and the most important thing that brought me to a company like Puppet is just this huge opportunity as our customers are moving to cloud platforms with more and more of their workloads, the ability to manage a more heterogeneous set of things becomes even more imperative, right? The more complexity you have, the more you need tools to help you manage through that complexity and so, as we see our customers start managing those in the cloud, our job is to make that friction free for them, so, make it as easy as possible to adopt Puppet in AWS of in Azure or in any of these cloud platforms and on top of that, I would say, we are also moving our entire portfolio to the cloud, to become cloud native. To deliver in a way that again, takes a lot of the burden off of our customer's hands because if you see the move to cloud, one of the most attractive pieces of it for enterprises is that they can give up some or perhaps most of even all of the operations burden to another vendor and that's an incredible kind of efficiency gainer for these enterprises. They don't want to run software anymore. Now, the vast majority of our customers still run software and not just our software, a whole bunch of other software, but their aspiration long term is to be able to hand some of that or maybe most of that management burden to their vendors and that's exactly the journey that we're also on, so that's why it's super exciting to be at a company that sees that opportunity, that vision and the expansion of market that gives us. >> I agree 100%. I think the big change for people that build applications or manage applications if they want to put them on the cloud is like at the amusement park, they have the sign where you have to be this tall to ride, if you want to have your stuff work in the cloud, you have to be this automated to ride. You just have to because otherwise there's no point, I mean, what's the point of putting your stuff on EC2 and I can elastically bring up a zillion instances of something if I have to provision them by hand or if I have to reconfigure them by hand. It just becomes a really expensive, absurdly expensive way to run a traditional workload that isn't ready for something like the cloud so that's way I'm really optimistic about our role and our customers are really, we have a huge amount of coordination and involvement with them trying to get them that automated so that they can take advantage of a lot of this technology. I also think that just the idea of being able to, for a lot of our customers and users, moving stuff onto the cloud itself, that's challenging. I don't think it's as easy. I know there are plenty of people that have tools that do these kinds of things but I just don't find it that easy to simply say, yep, you can just forklift your thing and now it's a cloud app. There's more stuff you've got to do and, in my mind, I think step one, if you have an app and if you have a workload and you want to move it to somewhere else, step one is you got to model what that workload actually looks, how that works. You have to have an understanding of how that's supposed to behave. That way, after you move it, ideally automation helps you move it, that's where our software comes in, but at a minimum, if you've got an understanding of how it worked before, now after you've transplanted it, you can actually validate it works the way that you want it to work. So I think automation is, it's non-negotiable. You have to have that and if you're not using a platform that lets you do that, then, I don't know, you're going to have a really hard time and unless you're planning on having all over infrastructure, 100% of your estate with a single vendor in the cloud, you're going to need a platform that works across everything that you've got, from your mainframe processing all your trillions of dollars of currency transactions or something like that, all the way to the app you built a year ago that you thought was oh current, maybe before you picked up a book on containers and the stuff that you're going to build tomorrow that's going to be cloud native and you don't want 18 different tools for 18 different vendors managing stuff in 18 different ways 'cause that's not really, I don't see that as a path to scaling out what you can do. >> Yeah, it reminds me of another quote that Ben used in a keynote is you need to be past and future proof, so yeah, we're going to have to leave it there, Deepak and Omri, thank you so much for joining us and thank you for watching theCUBE. >> Omri: Thanks. >> Deepak: Thank you very much. (upbeat electronic music)