Image Title

Search Results for Rafa:

Haseeb Budhani, Rafay & Santhosh Pasula, MassMutual | KubeCon + CloudNativeCon NA 2022


 

>>Hey guys. Welcome back to Detroit, Michigan. Lisa Martin and John Furrier here live with the cube at Coan Cloud Native Con North America. John, it's been a great day. This is day one of our coverage of three days of coverage. Kubernetes is growing up. Yeah, it's maturing. >>Yeah. We got three days of wall to wall coverage, all about Kubernetes. We about security, large scale, cloud native at scale. That's the big focus. This next segment's gonna be really awesome. You have a fast growing private company and a practitioner, big name, blue chip practitioner, building out next NextGen Cloud first, transforming, then building out the next level. This is classic of what we call super cloud-like, like interview. It's gonna be great. I'm looking forward >>To this anytime we can talk about Super Cloud. All right, please welcome back. One of our alumni, Bani is here, the CEO of Rafe. Great to see you Santos. Ula also joins us, the global head of Cloud SRE at Mass Mutual. Ge. Great to have you on the program. Thanks >>For having us. Thank you for having me. >>So Steve, you've been on the queue many times. You were on just recently with the momentum that that's around us today with the maturation of Kubernetes, the collaboration of the community, the recognition of the community. What are some of the things that you're excited about with on, on day one of the show? >>Wow, so many new companies. I mean, there are companies that I don't know who are here. And I, I, I live in this industry and I'm seeing companies that I don't know, which is a good thing. I mean, it means that the, the community's growing. But at the same time, I'm also seeing another thing, which is I have met more enterprise representatives at this show than other coupons. Like when we hung out at, you know, in Valencia for example, or even, you know, other places. It hasn't been this many people, which means, and this is, this is a good thing that enterprises are now taking Kubernetes seriously. It's not a toy. It's not just for developers. It's enterprises who are now investing in Kubernetes as a foundational component, right. For their applications going forward. And that to me is very, very good. >>Definitely becoming foundational. >>Yep. Well, you guys got a great traction. We had many interviews at the Cube and you got a practitioner here with you. You guys are both pioneering kind of what I call the next gen cloud. First you gotta get through gen one, which you guys done at Mass Mutual, extremely well, take us through the story of your transformation. Cause you're on the, at the front end now of that next inflection point. But take us through how you got here. You had a lot of transformation success at Mass Mutual. >>So I was actually talking about this topic few, few minutes back, right? And, and the whole cloud journey in big companies, large financial institutions, healthcare industry or, or our insurance sector. It takes generations of leadership to get, to get to that perfection level. And, and ideally the, the, the cloud for strategy starts in, and then, and then how do you, how do you standardize and optimize cloud, right? You know, that that's, that's the second gen altogether. And then operationalization of the cloud. And especially if, you know, if you're talking about Kubernetes, you know, in the traditional world, you know, almost every company is running middleware and their applications in middleware. And then containerization is a topic that come, that came in. And docker is, is you know, basically the runtime containerization. So that came in first and from Docker, you know, eventually when companies started adopting Docker, Docker Swarm is one of the technologies that they adopted. And eventually when, when, when we were taking it to a more complicated application implementations or modernization efforts, that's when Kubernetes played a key role. And, and Hasi was pointing out, you know, like you never saw so many companies working on Kubernetes. So that should tell you one story, right? How fast Kubernetes is growing and how important it is for your cloud strategy. So, >>And your success now, and what are you thinking about now? What's on your agenda now as you look forward? What's on your plate? What are you guys doing right now? >>So we are, we are past the stage of, you know, proof of concepts, proof of technologies, pilot implementations. We are actually playing it, you know, the real game now. So in the past I used the quote, you know, like, hello world to real world. So we are actually playing in the real world, not, not in the hello world anymore. Now, now this is where the real time challenges will, will pop up, right? So if you're talking about standardizing it and then optimizing the cloud and how do you put your governance structure in place? How do you make sure your regulations are met? You know, the, the, the demands that come out of regulations are met and, and how, how are you going to scale it and, and, and while scaling, however you wanna to keep up with all the governance and regulations that come with it. So we are in that stage today. >>Has Steve talked about, you talked about the great evolution of what's going on at Mass Mutual has talked a little bit about who, you mentioned one of the things that's surprising you about this Coan and Detroit is that you're seeing a lot more enterprise folks here who, who's deciding in the organization and your customer conversations, Who are the deci decision makers in terms of adoption of Kubernetes these days? Is that elevating? >>Hmm. Well this guy, >>It's usually, you know, one of the things I'm seeing here, and John and I have talked about this in the past, this idea of a platform organization and enterprises. So consistently what I'm seeing is, you know, somebody, a cto, CIO level, you know, individual is making a determin decision. I have multiple internal buss who are now modernizing applications. They're individually investing in DevOps. And this is not a good investment for my business. I'm going to centralize some of this capability so that we can all benefit together. And that team is essentially a platform organization and they're making Kubernetes a shared services platform so that everybody else can come and, and, and sort of, you know, consume it. So what that means to us is our customer is a platform organization and their customer is a developer. So we have to make two constituencies successful. Our customer who's providing a multi-tenant platform, and then their customer who's a developer, both have to be happy. If you don't solve for both, you know, constituencies, you're not gonna be >>Successful. You're targeting the builder of the infrastructure and the consumer of that infrastructure. >>Yes sir. It has to be both. Exactly. Right. Right. So, so that look, honestly, that it, it, you know, it takes iterations to figure these things out, right? But this is a consistent theme that I am seeing. In fact, what I would argue now is that every enterprise should be really stepping back and thinking about what is my platform strategy. Cuz if you don't have a platform strategy, you're gonna have a bunch of different teams who are doing different things and some will be successful and look, some will not be. And that is not good for business. >>Yeah. And, and stage, I wanna get to you, you mentioned that your transformation was what you look forward and your title, global head of cloud sre. Okay, so sre, we all know came from Google, right? Everyone wants to be like Google, but no one wants to be like Google, right? And no one is Google, Google's a unique thing. It's only one Google. But they had the dynamic and the power dynamic of one person to large scale set of servers or infrastructure. But concept is, is, is can be portable, but, but the situation isn't. So board became Kubernetes, that's inside baseball. So you're doing essentially what Google did at their scale you're doing for Mass Mutual. That's kind of what's happening. Is that kind of how I see it? And you guys are playing in there partnering. >>So I I totally agree. Google introduce, sorry, Ty engineering. And, and if you take, you know, the traditional transformation of the roles, right? In the past it was called operations and then DevOps ops came in and then SRE is is the new buzzword. And the future could be something like product engineering, right? And, and, and in this journey, you know, here is what I tell, you know, folks on my side like what worked for Google might not work for a financial company, might not work for an insurance company. So, so, so it's, it's okay to use the word sre, but but the end of the day that SRE has to be tailored down to, to your requirements and and, and the customers that you serve and the technology that you serve. Yep. >>And this is, this is why I'm coming back, this platform engineering. At the end of the day, I think SRE just translates to, you're gonna have a platform engineering team cuz you gotta enable developers to be producing more code faster, better, cheaper guardrails policy. So this, it's kind of becoming the, you serve the business, which is now the developers it used to serve the business Yep. Back in the old days. Hey, the, it serves the business. Yep. Which is a terminal, >>Which is actually true >>Now it the new, it serves the developers, which is the business. Which is the business. Because if digital transformation goes to completion, the company is the app. Yep. >>And the, you know, the, the hard line between development and operations, right? So, so that's thining down over the time, you know, like that that line might disappear. And, and, and that's where asari is fitting in. >>Yeah. And they're building platforms to scale the enablement up that what is, so what is the key challenges you guys are, are both building out together this new transformational direction? What's new and what's the same, The same is probably the business results, but what's the new dynamic involved in rolling it out and making people successful? You got the two constituents, the builders of the infrastructures and the consumers of the services on the other side. What's the new thing? >>So the new thing if, if I may go fast these, so the faster market to, you know, value, right? That we are bringing to the table. That's, that's very important. You know, business has an idea. How do you get that idea implemented in terms of technology and, and take it into real time. So that journey we have cut down, right? Technology is like Kubernetes. It makes, it makes, you know, an IT person's life so easy that, that they can, they can speed up the process in, in, in a traditional way. What used to take like an year or six months can be done in a month today or or less than that, right? So, so there's definitely the losses, speed, velocity, agility in general, and then flexibility. And then the automation that we put in, especially if you have to maintain like thousands of clusters, you know, these, these are today like, you know, it is possible to, to make that happen with a click off a button. In the past it used to take like, you know, probably, you know, a hundred, a hundred percent team and operational team to do it. And a lot of time. But, but, but that automation is happening. You know, and we can get into the technology as much as possible. But, but, you know, blueprinting and all that stuff made >>It possible. Well say that for another interview, we'll do it take time. >>But the, the end user on the other end, the consumer doesn't have the patience that they once had. Right? Right. It's, I want this in my lab now. Now, how does the culture of Mass Mutual, how is it evolv to be able to deliver the velocity that your customers are demanding? >>So if once in a while, you know, it's important to step yourself into the customer's shoes and think it from their, from their, from their perspective, business does not care how you're running your IT shop. What they care about is your stability of the product and the efficiencies of the product and, and, and how, how, how easy it is to reach out to the customers and how well we are serving the customers, right? So whether I'm implementing Docker in the background, Dr. Swam or es you know, business doesn't even care about it. What they really care about it is if your environment goes down, it's a problem. And, and, and if you, if your environment or if your solution is not as efficient as the business needs, that's the problem, right? So, so at that point, the business will step in. So our job is to make sure, you know, from an, from a technology perspective, how fast you can make implement it and how efficiently you can implement it. And at the same time, how do you play within the guardrails of security and compliance. >>So I was gonna ask you if you have VMware in your environment, cause a lot of clients compare what vCenter does for Kubernetes is really needed. And I think that's what you guys got going on. I I can say that you're the v center of Kubernetes. I mean, as a, as an as an metaphor, a place to manage it all is all 1, 1 1 paint of glass, so to speak. Is that how you see success in your environment? >>So virtualization has gone a long way, you know where we started, what we call bare metal servers, and then we virtualized operating systems. Now we are virtualizing applications and, and we are virtualizing platforms as well, right? So that's where Kubernetes basically got. >>So you see the need for a vCenter like thing for Uber, >>Definitely a need in the market in the way you need to think is like, you know, let's say there is, there is an insurance company who actually mented it and, and they gain the market advantage. Right? Now the, the the competition wants to do it as well, right? So, so, so there's definitely a virtualization of application layer that, that, that's very critical and it's, it's a critical component of cloud strategy as >>A whole. See, you're too humble to say it. I'll say you like the V center of Kubernetes, Explain what that means and your turn. If I said that to you, what would you react? How would you react to that? Would say bs or would you say on point, >>Maybe we should think about what does vCenter do today? Right? It's, it's so in my opinion, by the way, well vCenter in my opinion is one of the best platforms ever built. Like ha it's the best platform in my opinion ever built. It's, VMware did an amazing job because they took an IT engineer and they made him now be able to do storage management, networking management, VMs, multitenancy, access management audit, everything that you need to run a data center, you can do from a single, essentially single >>Platform, from a utility standpoint home >>Run. It's amazing, right? Yeah, it is because you are now able to empower people to do way more. Well why are we not doing that for Kubernetes? So the, the premise man Rafa was, well, oh, bless, I should have IT engineers, same engineers now they should be able to run fleets of clusters. That's what people that mass major are able to do now, right? So to that end, now you need cluster management, you need access management, you need blueprinting, you need policy management, you need ac, you know, all of these things that have happened before chargebacks, they used to have it in, in V center. Now they need to happen in other platforms. But for es so should do we do many of the things that vCenter does? Yes. >>Kind >>Of. Yeah. Are we a vCenter for es? Yeah, that is a John Forer question. >>All right, well, I, I'll, the speculation really goes back down to the earlier speed question. If you can take away the, the complexity and not make it more steps or change a tool chain or do something, then the devs move faster and the service layer that serves the business, the new organization has to enable speed. So this, this is becoming a, a real discussion point in the industry is that, oh yeah, we've got new tool, look at the shiny new toy. But if it doesn't move the needle, does it help productivity for developers? And does it actually scale up the enablement? That's the question. So I'm sure you guys are thinking about this a lot, what's your reaction? >>Yeah, absolutely. And one thing that just, you know, hit my mind is think about, you know, the hoteling industry before Airbnb and after Airbnb, right? Or, or, or the taxi industry, you know, before Uber and after Uber, right? So if I'm providing a platform, a Kubernetes platform for my application folks or for my application partners, they have everything ready. All they need to do is like, you know, build their application and deployed and running, right? They, they, they don't have to worry about provisioning of the servers and then building the middleware on top of it and then, you know, do a bunch of testing to make sure, you know, they, they, they iron out all the, all the compatible issues and whatnot. Yeah. Now, now, today, all I, all I say is like, hey, you have, we have a platform built for you. You just build your application and then deploy it in a development environment. That's where you put all the pieces of puzzle together, make sure you see your application working, and then the next thing that, that you do is like, you know, you know, build >>Production, chip, build production, go and chip release it. Yeah, that's the nirvana. But then we're there. I mean, we're there now we're there. So we see the future. Because if you, if that's the case, then the developers are the business. They have to be coding more features, they have to react to customers. They might see new business opportunities from a revenue standpoint that could be creatively built, got low code, no code, headless systems. These things are happening where this I call the architectural list environment where it's like, you don't need architecture, it's already happening. >>Yeah. And, and on top of it, you know, if, if someone has an idea, they want to implement an idea real quick, right? So how do you do it? Right? And, and, and you don't have to struggle building an environment to implement your idea and testers in real time, right? So, so from an innovation perspective, you know, agility plays a key role. And, and that, that's where the Kubernetes platforms or platforms like Kubernetes >>Plays. You know, Lisa, when we talked to Andy Chasy, when he was the CEO of aws, either one on one or on the cube, he always said, and this is kind of happening, companies are gonna be builders where it's not just utility. You need that table stakes to enable that new business idea. And so he, this last keynote, he did this big thing like, you know, think like your developers are the next entrepreneurial revenue generators. And I think that, I think starting to see that, what do you think about that? You see that coming sooner than later? Or is that in, in sight or is that still ways away? >>I, I think it's already happening at a level, at a certain level now. Now the question comes back to, you know, taking it to the reality, right? Yeah. I mean, you can, you can do your proof of concept, proof of technologies, and then, and then prove it out. Like, Hey, I got a new idea. This idea is great. Yeah. And, and it's to the business advantage, right? But we really want to see it in production live where your customers are actually >>Using it and the board meetings, Hey, we got a new idea that came in, generating more revenue, where'd that come from? Agile developer. Again, this is real. Yeah, >>Yeah. >>Absolutely agree. Yeah. I think, think both of you gentlemen said a word in, in your, as you were talking, you used the word guardrails, right? I think, you know, we're talking about rigidity, but you know, the really important thing is, look, these are enterprises, right? They have certain expectations. Guardrails is key, right? So it's automation with the guardrails. Yeah. Guardrails are like children, you know, you know, shouldn't be hurt. You know, they're seen but not hurt. Developers don't care about guard rails. They just wanna go fast. They also bounce >>Around a little bit. Yeah. Off the guardrails. >>One thing we know that's not gonna slow down is, is the expectations, right? Of all the consumers of this, the Ds the business, the, the business top line, and of course the customers. So the ability to, to really, as your website says, let's see, make life easy for platform teams is not trivial. And clearly what you guys are talking about here is you're, you're really an enabler of those platform teams, it sounds like to me. Yep. So, great work, guys. Thank you so much for both coming on the program, talking about what you're doing together, how you're seeing the, the evolution of Kubernetes, why, and really what the focus should be on those platform games. We appreciate all your time and your insights. >>Thank you so much for having us. Thanks >>For our pleasure. For our guests and for John Furrier, I'm Lisa Martin. You're watching The Cube Live, Cobe Con, Cloud Native con from Detroit. We've out with our next guest in just a minute, so stick around.

Published Date : Oct 27 2022

SUMMARY :

the cube at Coan Cloud Native Con North America. That's the big focus. Ge. Great to have you on the program. Thank you for having me. What are some of the things that you're excited about with on, Like when we hung out at, you know, in Valencia for example, First you gotta get through gen one, which you guys done at Mass Mutual, extremely well, in the traditional world, you know, almost every company is running middleware and their applications So we are, we are past the stage of, you know, It's usually, you know, one of the things I'm seeing here, and John and I have talked about this in the past, You're targeting the builder of the infrastructure and the consumer of that infrastructure. it, you know, it takes iterations to figure these things out, right? And you guys are playing in there partnering. and and, and the customers that you serve and the technology that you serve. So this, it's kind of becoming the, you serve the business, Now it the new, it serves the developers, which is the business. And the, you know, the, the hard line between development and operations, so what is the key challenges you guys are, are both building out together this new transformational direction? In the past it used to take like, you know, probably, you know, a hundred, a hundred percent team and operational Well say that for another interview, we'll do it take time. Mass Mutual, how is it evolv to be able to deliver the velocity that your customers are demanding? So our job is to make sure, you know, So I was gonna ask you if you have VMware in your environment, cause a lot of clients compare So virtualization has gone a long way, you know where we started, you need to think is like, you know, let's say there is, there is an insurance company who actually mented it and, I'll say you like the V center of Kubernetes, networking management, VMs, multitenancy, access management audit, everything that you need to So to that end, now you need cluster management, Yeah, that is a John Forer question. So I'm sure you guys are thinking about this a lot, what's your reaction? Or, or, or the taxi industry, you know, before Uber and after Uber, I call the architectural list environment where it's like, you don't need architecture, it's already happening. So, so from an innovation perspective, you know, agility plays a key role. And I think that, I think starting to see that, what do you think about that? Now the question comes back to, you know, taking it to the reality, Using it and the board meetings, Hey, we got a new idea that came in, generating more revenue, where'd that come from? you know, you know, shouldn't be hurt. Around a little bit. And clearly what you guys are Thank you so much for having us. For our pleasure.

SENTIMENT ANALYSIS :

ENTITIES

EntityCategoryConfidence
JohnPERSON

0.99+

StevePERSON

0.99+

Lisa MartinPERSON

0.99+

Andy ChasyPERSON

0.99+

ValenciaLOCATION

0.99+

Mass MutualORGANIZATION

0.99+

GoogleORGANIZATION

0.99+

John FurrierPERSON

0.99+

RafayPERSON

0.99+

LisaPERSON

0.99+

John ForerPERSON

0.99+

UlaPERSON

0.99+

Haseeb BudhaniPERSON

0.99+

BaniPERSON

0.99+

six monthsQUANTITY

0.99+

DetroitLOCATION

0.99+

bothQUANTITY

0.99+

three daysQUANTITY

0.99+

UberORGANIZATION

0.99+

Santhosh PasulaPERSON

0.99+

second genQUANTITY

0.99+

todayDATE

0.99+

an yearQUANTITY

0.99+

FirstQUANTITY

0.98+

firstQUANTITY

0.98+

Detroit, MichiganLOCATION

0.98+

thousandsQUANTITY

0.98+

one storyQUANTITY

0.98+

RafaPERSON

0.98+

oneQUANTITY

0.98+

CloudNativeConEVENT

0.98+

OneQUANTITY

0.98+

AirbnbORGANIZATION

0.98+

KubernetesTITLE

0.98+

two constituenciesQUANTITY

0.97+

SwamPERSON

0.97+

KubeConEVENT

0.97+

asariORGANIZATION

0.97+

one personQUANTITY

0.97+

a monthQUANTITY

0.97+

SantosPERSON

0.97+

singleQUANTITY

0.96+

vCenterTITLE

0.96+

CubeORGANIZATION

0.96+

DockerORGANIZATION

0.95+

two constituentsQUANTITY

0.95+

HasiPERSON

0.94+

CoanORGANIZATION

0.93+

awsORGANIZATION

0.92+

Cobe ConEVENT

0.92+

Coan Cloud Native Con North AmericaORGANIZATION

0.91+

gen oneQUANTITY

0.91+

SREORGANIZATION

0.9+

a hundredQUANTITY

0.89+

KubernetesPERSON

0.89+

clustersQUANTITY

0.88+

Cloud Native conEVENT

0.88+

one thingQUANTITY

0.86+

NA 2022EVENT

0.85+

Haseeb Budhani, Rafay & Adnan Khan, MoneyGram | Kubecon + Cloudnativecon Europe 2022


 

>>The cube presents, Coon and cloud native con Europe 22, brought to you by the cloud native computing foundation. >>Welcome to the cube coverage of CubeCon 2022 EU. I'm here with my cohost Paul Gill. Please work with you, Keith. Nice to work with you, Paul. And we have our first two guests. The cube is hot. I'm telling you we are having interviews before the start of even the show floor I have with me. We gotta start with the customers first enterprise architect, a non-con Aon con. Welcome to the show. >>Thank you so >>Much. Cube time cube time. First now you're at cube alumni. Yep. <laugh> and, and, uh, has Havani CEO. Arai welcome back. Nice to, >>Uh, >>Talk to you again today. So we're talking all things Kubernetes and we're super excited to talk to MoneyGram about their journey to Kubernetes. First question I have for Anon. Talk to us about what your pre Kubernetes landscape looked like. >>Yeah, certainly. Uh, Keith, so, um, we had a, uh, you know, a traditional mix of legacy applications and modern applications. Uh, you know, a few years ago we made the decision to move to a microservices architecture. Um, and this was all happening while we were still on prem. Right? So your traditional VMs, um, and you know, we started 20, 30 microservices, but with the microservices packing, you know, you quickly expand to hundreds of microservices. Um, and we started getting to that stage where managing them without sort of an orchestration platform, uh, and just as traditional VMs was getting to be really challenging, right. Uh, especially from a day two operational, uh, you know, you can manage 10, 15 microservices, but when you start having 50 and so forth, um, all those concerns around, uh, you know, high availability, operational performance. Um, so we started looking at some open source projects, you know, spring cloud. Uh, we are predominantly a Java, um, shop. So we looked at the spring cloud projects. Uh, they give you a number, uh, you know, of initiatives, um, for doing some of those, um, management and what we realized again, to manage those components, um, without sort of a platform was really challenging. So that, that kind of led us to sort of Kubernetes where, um, along with our journey cloud, uh, it was the platform that could help us with a lot of those management operational concerns. >>So as you talk about some of those challenges, pre Kubernetes, what were some of the operational issues that you folks experienced? >>Yeah. You know, uh, certain things like auto scaling is, is number one, right? I mean, that's a fundamental concept of cloud native, right. Is, um, how do you auto scale VMs? Right. Uh, you can put in some old methods and stuff, but, uh, it was really hard to do that automatically. Right. So, uh, Kubernetes with like HPA gives you those out of the box, right? Provided you set the right policies. Uh, you can have auto scaling, uh, where it can scale up and scale back. So we were doing that manually. Right. So before, uh, you know, MoneyGram, obviously, you know, holiday season, people are sending more money mother's day. Um, our ops team would go in basically manually scale, uh, VMs. Right. So we'd go from four instances to maybe eight instances. Right. Uh, but, but that entailed outages. Right. Um, and just to plan around doing that manually and then sort of scale them back was a lot of overhead, a lot of administration overhead. Right. So, uh, we wanted something that could help us do that automatically right. In a, in an efficient, uh, unintrusive way. So, so, you know, that was one of the things, uh, monitoring, um, and, and management, uh, operations, you know, just kind of visibility into how those applications were during, what were the status of your, um, workloads was also a challenge, right. Uh, to do that. >>So, cause see, I gotta ask the question. If someone would've came to me with that problem, I'd just say, you know, what, go to the plug, the cloud, what, how does, uh, your group help solve some of these challenges? What do you guys do? >>Yeah. What, what do we do? So here's my perspective on the market as it's playing out. So I see a bifurcation happening in the Kubernetes space, but there's the Kubernetes run time. So Amazon is EKS Azure as EKS, you know, there's enough of these available. They're not managed services. They're actually really good, frankly. Right? In fact, retail customers, if you're an Amazon, why would you spin up your own? Just use EK. It's awesome. But then there's an operational layer that is needed to run Kubernetes. Uh, my perspective is that, you know, 50,000 enterprises are adopting Kubernetes over the next five to 10 years. And they're all gonna go through the same exact journey and they're all gonna end up, you know, potentially making the same mistake, which is, they're gonna assume that Kubernetes is easy. <laugh> they're gonna say, well, this is not hard. I got this up and running on my laptop. >>This is so easy. No worries. Right. I can do key gas, but then, okay. Can you consistently spin up these things? Can you scale them consistently? Do you have the right blueprints in place? Do you have the right access management in place? Do you have the right policies in place? Can you deploy applications consistently? Do you have monitoring and visibility into those things? Do your developers have access to when they need it? Do you have the right networking layer in place? Do you have the right chargebacks in place? Remember you have multiple teams and by the way, nobody has a single cluster. So you gotta do this across multiple clusters. And some of them have multiple clouds, not because they wanna be multiple clouds because, but sometimes you buy a company and they happen to be in Azure. How many dashboards do you have now across all the open source technologies that you have identified to solve these problems? >>This is where pain lies. So I think that Kubernetes is fundamentally a solve problem. Like our friends at AWS and Azure they've solved this problem. It's like a KSKS et cetera, GK for that matter. They're they're great. And you should use them and don't even think about spinning up Q B and a best clusters. Don't do it. Use the platforms that exist and commensurately on premises. OpenShift is pretty awesome, right? If you like it, use it. But then when it comes to the operations layer, right, that's where today we end up investing in a DevOps team and then an SRE organization that need to become experts in Kubernetes. And that is not tenable, right? Can you let's say unlimited capital unlimited budgets. Can you hire 20 people to do Kubernetes today? >>If you could find them, if >>You can find 'em right. So even if you could, the point is that see, five years ago, when your competitors were not doing Kubernetes, it was a competitive advantage to go build a team to do Kubernetes. So you could move faster today. You know, there's a high chance that your competitors are already buying from a Rafa or somebody like Rafa. So now it's better to take these really, really sharp engineers and have them work on things that make the company money, writing operations for Kubernetes. This is a commodity. Now >>How confident are you that the cloud providers won't get in and do what you do and put you out of business? >>Yeah, I mean, absolutely. I think, I mean, in fact, I, I had a conversation with somebody from HBS this morning and I was telling them, I don't think you have a choice. You have to do this right. Competition is not a bad thing. Right? This, the, >>If we are the only company in a space, this is not a space, right. The bet we are making is that every enterprise has, you know, they have an on-prem strategy. They have at least a handful of, everybody's got at least two clouds that they're thinking about. Everybody starts with one cloud and then they have some other cloud that they're also thinking about, um, for them to only rely on one cloud's tools to solve for on-prem plus that second cloud, they potentially, they may have, that's a tough thing to do. Um, and at the same time we as a vendor, I mean the only real reason why startups survive is because you have technology that is truly differentiated, right. Otherwise, right. I mean, you gotta build something that is materially. Interesting. Right. We seem to have, sorry, go ahead. >>No, I was gonna ask you, you actually had me thinking about something, a non yes. MoneyGram big, well known company, a startup, adding, working in a space with Google, VMware, all the biggest names. What brought you to Rafi to solve this operational challenge? >>Yeah. Good question. So when we started out sort of in our Kubernetes, um, you know, we had heard about EKS, uh, and, and we are an AWS shop. So, uh, that was the most natural path. And, and we looked at, um, EKS and, and used that to, you know, create our clusters. Um, but then we realized very quickly that yes, toe's point AWS manages the control plane for you. It gives you the high availability. So you're not managing those components, which is some really heavy lifting. Right. Uh, but then what about all the other things like, you know, centralized dashboard, what about, we need to provision, uh, Kubernetes clusters on multi-cloud right. We have other clouds that we use, uh, or also on prem. Right. Um, how do you do some of that stuff? Right. Um, we, we also, at that time were looking at, uh, other, uh, tools also. >>And I had, I remember come up with an MVP list that we needed to have in place for day one or day two, uh, operations, right. To before we even launch any single applications into production. Um, and my ops team looked at that list. Um, and literally there was only one or two items that they could check, check off with S you know, they they've got the control plane, they've got the cluster provision, but what about all those other components? Uh, and some of that kind of led us down the path of, uh, you know, looking at, Hey, what's out there in this space. And, and we realized pretty quickly that there weren't too many, there were some large providers and capabilities like Antos, but we felt that it was, uh, a little too much for what we were trying to do. You know, at that point in time, we wanted to scale slowly. We wanted to minimize our footprint. Um, and, and Rafa seemed to sort of, uh, was, was a nice mix, uh, you know, uh, from all those different angles, how >>Was, how was the situation affecting your developer experience? >>So, um, so that's a really good question also. So operations was one aspect of, to it, right? The other part is the application development, right? We've got, uh, you know, Moneygrams when a lot of organizations have a plethora of technologies, right? From, from Java to.net to no GS, what have you, right. Um, now as you start saying, okay, now we're going cloud native, and we're gonna start deploying to Kubernetes. Um, there's a fair amount of overhead because a tech stack, all of a sudden goes from, you know, just being Java or just being.net to things like Docker, right? All these container orchestration and deployment concerns, Kubernetes, uh, deployment artifacts, right. I gotta write all this YAML, uh, as my developer say, YAML, hell right. <laugh>, uh, I gotta learn Docker files. I need to figure out, um, a package manager like helm, uh, on top of learning all the Kubernetes artifacts. >>Right. So, um, initially we went with sort of, okay, you know, we can just train our developers. Right. Um, and that was wrong. Right. I mean, you can't assume that everyone is gonna sort of learn all these deployment concerns, uh, and we'll adopt them. Right. Um, uh, there's a lot of stuff that's outside of their sort of core dev domain, uh, that you're putting all this burden on them. Right. So, um, we could not rely on them and to be sort of cube cuddle experts, right. That that's a fair amount, overhead learning curve there. Um, so Rafa again, from their dashboard perspective, right? So the managed cube cuddle gives you that easy access for devs, right. Where they can go and monitor the status of their workloads. Um, they can, they don't have to figure out, you know, configuring all these tools locally just to get it to work. >>Uh, we did some things from a DevOps perspective to basically streamline and automate that process. But then also office order came in and helped us out, uh, on kind of that providing that dashboard. They don't have to worry. They can basically get on through single sign on and have visibility into the status of their deployment. Uh, they can do troubleshooting diagnostics all through a single pane of glass. Right. Which was a key key item. Uh, initially before Rafa, we were doing that command line. Right. And again, just getting some of the tools configured was, was huge. Right. Took us days just to get that. And then the learning curve for development teams, right? Oh, now you gotta, you got the tools now you gotta figure out how to use it. Right. Um, so >>See, talk to me about the, the cloud native infrastructure. When I look at that entire landscaping number, I'm just overwhelmed by it. As a customer, I look at it, I'm like, I, I don't know where to start I'm sure. Or not, you, you folks looked at it and said, wow, there's so many solutions. How do you engage with the ecosystem? You have to be at some level opinionated, but flexible enough to, uh, meet every customer's needs. How, how do you approach that? >>Yeah. So it's a, it's a really tough problem to solve because, so, so the thing about abstraction layers, you know, we all know how that plays out, right? So abstraction layers are fundamentally never the right answer because they will never catch up. Right. Because you're trying to write and layer on top. So then we had to solve the problem, which was, well, we can't be an abstraction layer, but then at the same time, we need to provide some sort of, sort of like centralization standardization. Right. So, so we sort of have this, the following dissonance in our platform, which is actually really important to solve the problem. So we think of a, of a stack as sort of four things. There's the, there's the Kubernetes layer infrastructure layer, um, and EKS is different from ES and it's okay. Mm-hmm <affirmative>, if we try to now bring them all together and make them behave as one, our customers are gonna suffer because there are features in ESS that I really want. >>But then if you write an AB obsession layer, I'm not gonna get 'em so not. Okay. So treat them as individual things. And we logic that we now curate. So every time S for example, goes from 1 22 to 1 23, rewrite a new product, just so my customer can press a button and upgrade these clusters. Similarly, we do this fors, we do this for GK. We it's a really, really hard job, but that's the job. We gotta do it on top of that, you have these things called. Add-ons like my network policy, my access management policy, my et cetera. Right. These things are all actually the same. So whether I'm Anek or a Ks, I want the same access for Keith versus a none. Right. So then those components are sort of the same across doesn't matter how many clusters does money clouds on top of that? You have applications. And when it comes to the developer, in fact, I do the following demo a lot of times because people ask the question, right? Mean, I, I, I, people say things like, I wanna run the same Kubernetes distribution everywhere, because this is like Linux, actually, it's not. So I, I do a demo where I spin up a access to an OpenShift cluster and an EKS cluster and an AKs cluster. And I say, log in, show me which one is, which they're all the same. >>So Anan get, put, make that real for me, I'm sure after this amount of time, developers groups have come to you with things that are snowflakes and you, and as a enterprise architect, you have to make it work within your framework. How has working with RAI made that possible? >>Yeah. So, um, you know, I think one of the very common concerns is right. The whole deployment, right. Uh, toe's point, right. Is you are from an, from a deployment perspective. Uh, it's still using helm. It's still using some of the same tooling, um, right. But, um, how do you Rafa gives us, uh, some tools, you know, they have a, a command line, art cuddle API that essentially we use. Um, we wanted parody, um, across all our different environments, different clusters, you know, it doesn't matter where you're running. Um, so that gives us basically a consistent API for deployment. Um, we've also had, um, challenges, uh, with just some of the tooling in general, that we worked with RA actually to actually extend their, our cuddle API for us, so that we have a better deployment experience for our developers. So, >>Uh Huie how long does this opportunity exist for you? At some point, do the cloud providers figure this out or does the open source community figure out how to do what you've done and, and this opportunity is gone. >>So, so I think back to a platform that I, I think very highly of, which is a highly off, which has been around a long time and continues to live vCenter, I think vCenter is awesome. And it's, it's beautiful. VMware did an incredible job. Uh, what is the job? Its job is to manage VMs, right? But then it's for access. It's also storage. It's also networking and a sex, right? All these things got done because to solve a real problem, you have to think about all the things that come together to solve, help you solve that problem from an operations perspective. Right? My view is that this market needs essentially a vCenter, but for Kubernetes, right. Um, and that is a very broad problem, right. And it's gonna spend, it's not about a cloud, right? I mean, every cloud should build this. I mean, why would they not? It makes sense, Anto success, right. Everybody should have one. But then, you know, the clarity in thinking that the Rafa team seems to have exhibited till date seems to merit an independent company. In my opinion, I think like, I mean, from a technical perspective, this products awesome. Right? I mean, you know, we seem to have, you know, no real competition when it comes to this broad breadth of capabilities, will it last, we'll see, right. I mean, I keep doing Q shows, right? So every year you can ask me that question again. Well, you're >>You make a good point though. I mean, you're up against VMware, you're up against Google. They're both trying to do sort of the same thing you're doing. What's why are you succeeding? >>Maybe it's focus. Maybe it's because of the right experience. I think startups only in hindsight, can one tell why a startup was successful? In all honesty. I, I, I've been in a one or two service in the past. Um, and there's a lot of luck to this. There's a lot of timing to this. I think this timing for a com product like this is perfect. Like three, four years ago, nobody would've cared. Like honestly, nobody would've cared. This is the right time to have a product like this in the market because so many enterprises are now thinking of modernization. And because everybody's doing this, this is like the boots storm problem in HCI. Everybody's doing it. But there's only so many people in the industry who actually understand this problem. So they can't even hire the people. And the CTO said, I gotta go. I don't have the people. I can't fill the, the seats. And then they look for solutions and we are that solution that we're gonna get embedded. And when you have infrastructure software like this embedded in your solution, we're gonna be around with the assuming, obviously we don't score up, right. We're gonna be around with these companies for some time. We're gonna have strong partners for the long term. >>Well, vCenter for Kubernetes, I love to end on that note, intriguing conversation. We could go on forever on this topic, cuz there's a lot of work to do. I think, uh, I don't think this will over be a solve problem for the Kubernetes of cloud native solution. So I think there's a lot of opportunity in that space. Hi, thank you for rejoining the cube. I non con welcome becoming a cube alum. <laugh> I awesome. Thank you. Get your much your profile on the, on the Ken's. Website's really cool from Valencia Spain. I'm Keith Townsend, along with my whole Paul Gillon and you're watching the cube, the leader in high tech coverage.

Published Date : May 18 2022

SUMMARY :

brought to you by the cloud native computing foundation. I'm telling you we are having interviews before the start of even the <laugh> and, and, uh, has Havani CEO. Talk to you again today. Uh, Keith, so, um, we had a, uh, you know, So before, uh, you know, MoneyGram, obviously, you know, that problem, I'd just say, you know, what, go to the plug, the cloud, what, how does, So Amazon is EKS Azure as EKS, you know, How many dashboards do you have now across all the open source technologies that you have identified to And you should use them and don't even think about spinning up Q B and a best clusters. So even if you could, the point is that see, five years ago, I don't think you have a choice. we as a vendor, I mean the only real reason why startups survive is because you have technology that is truly What brought you to Rafi to solve Uh, but then what about all the other things like, you know, centralized dashboard, that they could check, check off with S you know, they they've got the control plane, they've got the cluster provision, you know, just being Java or just being.net to things like Docker, right? So, um, initially we went with sort of, okay, you know, we can just Oh, now you gotta, you got the tools now you gotta figure out how to use it. How do you engage with the ecosystem? so the thing about abstraction layers, you know, we all know how that plays out, We gotta do it on top of that, you have these things called. developers groups have come to you with things that are snowflakes and you, some tools, you know, they have a, a command line, art cuddle API that essentially we use. does the open source community figure out how to do what you've done and, and this opportunity is gone. you know, the clarity in thinking that the Rafa team seems to have exhibited till date seems What's why are you succeeding? And when you have infrastructure software like this embedded in your solution, we're thank you for rejoining the cube.

SENTIMENT ANALYSIS :

ENTITIES

EntityCategoryConfidence
Paul GillPERSON

0.99+

Keith TownsendPERSON

0.99+

Paul GillonPERSON

0.99+

PaulPERSON

0.99+

oneQUANTITY

0.99+

KeithPERSON

0.99+

GoogleORGANIZATION

0.99+

20QUANTITY

0.99+

HBSORGANIZATION

0.99+

RafayPERSON

0.99+

10QUANTITY

0.99+

AWSORGANIZATION

0.99+

Adnan KhanPERSON

0.99+

AmazonORGANIZATION

0.99+

JavaTITLE

0.99+

20 peopleQUANTITY

0.99+

Haseeb BudhaniPERSON

0.99+

RafaPERSON

0.99+

eight instancesQUANTITY

0.99+

Valencia SpainLOCATION

0.99+

AraiPERSON

0.99+

50QUANTITY

0.99+

FirstQUANTITY

0.99+

50,000 enterprisesQUANTITY

0.99+

second cloudQUANTITY

0.99+

15 microservicesQUANTITY

0.99+

LinuxTITLE

0.98+

one cloudQUANTITY

0.98+

vCenterTITLE

0.98+

todayDATE

0.98+

mother's dayEVENT

0.98+

firstQUANTITY

0.98+

First questionQUANTITY

0.98+

bothQUANTITY

0.98+

five years agoDATE

0.98+

four instancesQUANTITY

0.98+

ESTITLE

0.98+

AnanPERSON

0.97+

RafiPERSON

0.97+

MoneyGramORGANIZATION

0.97+

first two guestsQUANTITY

0.97+

HPAORGANIZATION

0.97+

four years agoDATE

0.96+

KubernetesTITLE

0.96+

single clusterQUANTITY

0.95+

1 23OTHER

0.95+

hundreds of microservicesQUANTITY

0.95+

30 microservicesQUANTITY

0.95+

singleQUANTITY

0.95+

OpenShiftTITLE

0.95+

one aspectQUANTITY

0.95+

single paneQUANTITY

0.94+

VMwareORGANIZATION

0.94+

two itemsQUANTITY

0.94+

day twoQUANTITY

0.93+

CoonORGANIZATION

0.93+

ESSTITLE

0.9+

10 yearsQUANTITY

0.89+

AzureORGANIZATION

0.89+

day oneQUANTITY

0.89+

RafaORGANIZATION

0.88+

KubernetesORGANIZATION

0.88+

this morningDATE

0.88+

DockerTITLE

0.87+

CloudnativeconORGANIZATION

0.86+

KenPERSON

0.86+

Andrew Rafla & Ravi Dhaval, Deloitte & Touche LLP | AWS re:Invent 2020


 

>>from around the globe. It's the Cube with digital coverage of AWS reinvent 2020 sponsored by Intel, AWS and our community partners. >>Hey, welcome back already, Jeffrey here with the Cube coming to you from Palo Alto studios today for our ongoing coverage of aws reinvent 2020. It's a digital event like everything else in 2020. We're excited for our next segment, so let's jump into it. We're joined in our next segment by Andrew Rafa. He is the principal and zero trust offering lead at the Light and Touche LLP. Andrew, great to see you. >>Thanks for having me. >>Absolutely. And joining him is Robbie Deval. He is the AWS cyber risk lead for Deloitte and Touche LLP. Robbie, Good to see you as well. >>Hey, Jeff, good to see you as well. >>Absolutely. So let's jump into it. You guys are all about zero trust and I know a little bit about zero trust I've been going to are safe for a number of years and I think one of the people that you like to quote analysts chase Cunningham from Forrester, who's been doing a lot of work around zero trust. But for folks that aren't really familiar with it. Andrew, why don't you give us kind of the 101? About zero trust. What is it? What's it all about? And why is it important? >>Sure thing. So is your trust is, um, it's a conceptual framework that helps organizations deal with kind of the ubiquitous nature of modern enterprise environments. Um, and then its course. Your trust commits to a risk based approach to enforcing the concept of least privileged across five key pillars those being users, workloads, data networks and devices. And the reason we're seeing is your trust really come to the forefront is because modern enterprise environments have shifted dramatically right. There is no longer a defined, clearly defined perimeter where everything on the outside is inherently considered, considered untrusted, and everything on the inside could be considered inherently trusted. There's a couple what I call macro level drivers that are, you know, changing the need for organizations to think about securing their enterprises in a more modern way. Um, the first macro level driver is really the evolving business models. So as organizations are pushing to the cloud, um, maybe expanding into into what they were considered high risk geography is dealing with M and A transactions and and further relying on 3rd and 4th parties to maintain some of their critical business operations. Um, the data and the assets by which the organization, um transact are no longer within the walls of the data center. Right? So, again, the perimeter is very much dissolved. The second, you know, macro level driver is really the shifting and evolving workforce. Um, especially given the pandemic and the need for organizations to support almost an entirely remote workforce nowadays, um, organizations, they're trying to think about how they revamp their traditional VPN technologies in order to provide connectivity to their employees into other third parties that need to get access to, uh, the enterprise. So how do we do so in a secure, scalable and reliable way and then the last kind of macro level driver is really the complexity of the I t landscape. So, you know, in legacy environment organizations on Lee had to support managed devices, and today you're seeing the proliferation of unmanaged devices, whether it be you know, B y o d devices, um, Internet of things, devices or other smart connected devices. So organizations are now, you know, have the need to provide connectivity to some of these other types of devices. But how do you do so in a way that, you know limits the risk of the expanding threat surface that you might be exposing your organization to by supporting from these connected devices? So those are some three kind of macro level drivers that are really, you know, constituting the need to think about security in a different >>way. Right? Well, I love I downloaded. You guys have, ah zero trust point of view document that that I downloaded. And I like the way that you you put real specificity around those five pillars again users, workloads, data networks and devices. And as you said, you have to take this kind of approach that it's kind of on a need to know basis. The less, you know, at kind of the minimum they need to know. But then, to do that across all of those five pillars, how hard is that to put in place? I mean, there's a There's a lot of pieces of this puzzle. Um, and I'm sure you know, we talk all the time about baking security and throughout the entire stack. How hard is it to go into a large enterprise and get them started or get them down the road on this zero trust journey? >>Yeah. So you mentioned the five pillars. And one thing that we do in our framework because we put data at the center of our framework and we do that on purpose because at the end of the day, you know, data is the center of all things. It's important for an organization to understand. You know what data it has, what the criticality of that data is, how that data should be classified and the governance around who and what should access it from a no users workloads, uh, networks and devices perspective. Um, I think one misconception is that if an organization wants to go down the path of zero trust, there's a misconception that they have to rip out and replace everything that they have today. Um, it's likely that most organizations are already doing something that fundamentally aligned to the concept of these privilege as it relates to zero trust. So it's important to kind of step back, you know, set a vision and strategy as faras What it is you're trying to protect, why you're trying to protect it. And what capability do you have in place today and take more of an incremental and iterative approach towards adoption, starting with some of your kind of lower risk use cases or lower risk parts of your environment and then implementing lessons learned along the way along the journey? Um, before enforcing, you know more of those robust controls around your critical assets or your crown jewels, if you >>will. Right? So, Robbie, I want to follow up with you, you know? And you just talked about a lot of the kind of macro trends that are driving this and clearly covert and work from anywhere is a big one. But one of the ones that you didn't mention that's coming right around the pike is five g and I o t. Right, so five g and and I o. T. We're going to see, you know, the scale and the volume and the mass of machine generated data, which is really what five g is all about, grow again exponentially. We've seen enough curves up into the right on the data growth, but we've barely scratched the surface and what's coming on? Five G and I o t. How does that work into your plans? And how should people be thinking about security around this kind of new paradigm? >>Yeah, I think that's a great question, Jeff. And as you said, you know, I UT continues to accelerate, especially with the recent investments and five G that you know pushing, pushing more and more industries and companies to adopt a coyote. Deloitte has been and, you know, helping our customers leverage a combination of these technologies cloud, Iot, TML and AI to solve their problems in the industry. For instance, uh, we've been helping restaurants automate their operations. Uh, we've helped automate some of the food safety audit processes they have, especially given the code situation that's been helping them a lot. We are currently working with companies to connect smart, wearable devices that that send the patient vital information back to the cloud. And once it's in the cloud, it goes through further processing upstream through applications and data. Let's etcetera. The way we've been implementing these solutions is largely leveraging a lot of the native services that AWS provides, like device manager that helps you onboard hundreds of devices and group them into different categories. Uh, we leveraged device Defender. That's a monitoring service for making sure that the devices are adhering to a particular security baseline. We also have implemented AWS green grass on the edge, where the device actually resides. Eso that it acts as a central gateway and a secure gateway so that all the devices are able to connect to this gateway and then ultimately connect to the cloud. One common problem we run into is ah, lot of the legacy i o t devices. They tend to communicate using insecure protocols and in clear text eso we actually had to leverage AWS lambda Function on the edge to convert these legacy protocols. Think of very secure and Q t t protocol that ultimately, you know, sense data encrypted to the cloud eso the key thing to recognize. And then the transformational shift here is, um, Cloud has the ability today to impact security off the device and the edge from the cloud using cloud native services, and that continues to grow. And that's one of the key reasons we're seeing accelerated growth and adoption of Iot devices on did you brought up a point about five G and and that's really interesting. And a recent set of investments that eight of us, for example, has been making. And they launched their AWS Waveland zones that allows you to deploy compute and storage infrastructure at the five G edge. So millions of devices they can connect securely to the computer infrastructure without ever having to leave the five g network Our go over the Internet insecurely talking to the cloud infrastructure. Uh, that allows us to actually enable our customers to process large volumes of data in a short, near real time. And also it increases the security of the architectures. Andi, I think truly, uh, this this five g combination with I o t and cloudy, I m l the are the technologies of the future that are collectively pushing us towards a a future where we're gonna Seymour smart cities that come into play driverless connected cars, etcetera. >>That's great. Now I wanna impact that a little bit more because we are here in aws re invent and I was just looking up. We had Glenn Goran 2015, introducing a W S s I O T Cloud. And it was a funny little demo. They had a little greenhouse, and you could turn on the water and open up the windows. But it's but it's a huge suite of services that you guys have at your disposal. Leveraging aws. I wonder, I guess, Andrew, if you could speak a little bit more suite of tools that you can now bring to bear when you're helping your customers go to the zero trust journey. >>Yeah, sure thing. So, um, obviously there's a significant partnership in place, and, uh, we work together, uh, pretty tremendously in the market, one of the service are one of solution offering that we've built out which we dub Delight Fortress, um is a is a concept that plays very nicely into our zero trust framework. More along the kind of horizontal components of our framework, which is really the fabric that ties it all together. Um s o the two horizontal than our framework around telemetry and analytics. A swell the automation orchestration. If I peel back the automation orchestration capability just a little bit, um, we we built this avoid fortress capability in order for organizations to kind of streamline um, some of the vulnerability management aspect of the enterprise. And so we're able through integration through AWS, Lambda and other functions, um, quickly identify cloud configuration issues and drift eso that, um, organizations cannot only, uh, quickly identify some of those issues that open up risk to the enterprise, but also in real time. Um, take some action to close down those vulnerabilities and ultimately re mediate them. Right? So it's way for, um, to have, um or kind of proactive approach to security rather than a reactive approach. Everyone knows that cloud configuration issues are likely the number one kind of threat factor for Attackers. And so we're able to not only help organizations identify those, but then closed them down in real time. >>Yeah, it's interesting because we hear that all the time. If there's a breach and if if they w s involved often it's a it's a configuration. You know, somebody left the door open basically, and and it really drives something you were talking about. Ravi is the increasing important of automation, um, and and using big data. And you talked about this kind of horizontal tele metrics and analytics because without automation, these systems are just getting too big and and crazy for people Thio manage by themselves. But more importantly, it's kind of a signal to noise issue when you just have so much traffic, right? You really need help surfacing. That signals you said so that your pro actively going after the things that matter and not being just drowned in the things that don't matter. Ravi, you're shaking your head up and down. I think you probably agree with this point. >>Yeah, yeah, Jeff and definitely agree with you. And what you're saying is truly automation is a way off dealing with problems at scale. When when you have hundreds of accounts and that spans across, you know, multiple cloud service providers, it truly becomes a challenge to establish a particular security baseline and continue to adhere to it. And you wanna have some automation capabilities in place to be able to react, you know, and respond to it in real time versus it goes down to a ticketing system and some person is having to do you know, some triaging and then somebody else is bringing in this, you know, solution that they implement. And eventually, by the time you're systems could be compromised. So ah, good way of doing this and is leveraging automation and orchestration is just a capability that enhances your operational efficiency by streamlining summed Emmanuel in repetitive tasks, there's numerous examples off what automation and orchestration could do, but from a security context. Some of the key examples are automated security operations, automated identity provisioning, automated incident response, etcetera. One particular use case that Deloitte identified and built a solution around is the identification and also the automated remediation of Cloud security. Miss Consideration. This is a common occurrence and use case we see across all our customers. So the way in the context of a double as the way we did this is we built a event driven architectures that's leveraging eight of us contribute config service that monitors the baselines of these different services. Azzan. When it detects address from the baseline, it fires often alert. That's picked up by the Cloudwatch event service that's ultimately feeding it upstream into our workflow that leverages event bridge service. From there, the workflow goes into our policy engine, which is a database that has a collection off hundreds of rules that we put together uh, compliance activities. It also matched maps back to, ah, large set of controls frameworks so that this is applicable to any industry and customer, and then, based on the violation that has occurred, are based on the mis configuration and the service. The appropriate lambda function is deployed and that Lambda is actually, uh, performing the corrective actions or the remediation actions while, you know, it might seem like a lot. But all this is happening in near real time because it is leveraging native services. And some of the key benefits that our customers see is truly the ease of implementation because it's all native services on either worse and then it can scale and, uh, cover any additional eight of those accounts as the organization continues to scale on. One key benefit is we also provide a dashboard that provides visibility into one of the top violations that are occurring in your ecosystem. How many times a particular lambda function was set off to go correct that situation. Ultimately, that that kind of view is informing. Thea Outfront processes off developing secure infrastructure as code and then also, you know, correcting the security guard rails that that might have drifted over time. Eso That's how we've been helping our customers and this particular solution that we developed. It's called the Lloyd Fortress, and it provides coverage across all the major cloud service providers. >>Yeah, that's a great summary. And I'm sure you have huge demand for that because he's mis configuration things. We hear about him all the time and I want to give you the last word for we sign off. You know, it's easy to sit on the side of the desk and say, Yeah, we got a big security and everything and you got to be thinking about security from from the time you're in, in development all the way through, obviously deployment and production and all the minutes I wonder if you could share. You know, you're on that side of the glass and you're out there doing this every day. Just a couple of you know, kind of high level thoughts about how people need to make sure they're thinking about security not only in 2020 but but really looking down the like another road. >>Yeah, yeah, sure thing. So, you know, first and foremost, it's important to align. Uh, any transformation initiative, including your trust to business objectives. Right? Don't Don't let this come off as another I t. Security project, right? Make sure that, um, you're aligning to business priorities, whether it be, you know, pushing to the cloud, uh, for scalability and efficiency, whether it's digital transformation initiative, whether it be a new consumer identity, Uh uh, an authorization, um, capability of china built. Make sure that you're aligning to those business objectives and baking in and aligning to those guiding principles of zero trust from the start. Right, Because that will ultimately help drive consensus across the various stakeholder groups within the organization. Uh, and build trust, if you will, in the zero trust journey. Um, one other thing I would say is focus on the fundamentals. Very often, organizations struggle with some. You know what we call general cyber hygiene capabilities. That being, you know, I t asset management and data classifications, data governance. Um, to really fully appreciate the benefits of zero trust. It's important to kind of get some of those table six, right? Right. So you have to understand, you know what assets you have, what the criticality of those assets are? What business processes air driven by those assets. Um, what your data criticality is how it should be classified intact throughout the ecosystem so that you could really enforce, you know, tag based policy, uh, decisions within, within the control stack. Right. And then finally, in order to really push the needle on automation orchestration, make sure that you're using technology that integrate with each other, right? So taken a p I driven approach so that you have the ability to integrate some of these heterogeneous, um, security controls and drive some level of automation and orchestration in order to enhance your your efficiency along the journey. Right. So those were just some kind of lessons learned about some of the things that we would, uh, you know, tell our clients to keep in mind as they go down the adoption journey. >>That's a great That's a great summary s So we're gonna have to leave it there. But Andrew Robbie, thank you very much for sharing your insight and and again, you know, supporting this This move to zero trust because that's really the way it's got to be as we continue to go forward. So thanks again and enjoy the rest of your reinvent. >>Yeah, absolutely. Thanks for your time. >>All right. He's Andrew. He's Robbie. I'm Jeff. You're watching the Cube from AWS reinvent 2020. Thanks for watching. See you next time.

Published Date : Dec 8 2020

SUMMARY :

It's the Cube with digital coverage He is the principal and zero trust offering lead at the Light Robbie, Good to see you as well. Andrew, why don't you give us kind of the 101? So organizations are now, you know, have the need to provide connectivity And I like the way that you you put real specificity around those five pillars to kind of step back, you know, set a vision and strategy as faras What it is you're trying to protect, Right, so five g and and I o. T. We're going to see, you know, the scale and the volume so that all the devices are able to connect to this gateway and then ultimately connect to the cloud. that you can now bring to bear when you're helping your customers go to the zero trust journey. Everyone knows that cloud configuration issues are likely the number But more importantly, it's kind of a signal to noise issue when you just have so much traffic, some person is having to do you know, some triaging and then somebody else is bringing in this, You know, it's easy to sit on the side of the desk and say, Yeah, we got a big security and everything and you got to be thinking so that you have the ability to integrate some of these heterogeneous, um, thank you very much for sharing your insight and and again, you know, supporting this This move to Thanks for your time. See you next time.

SENTIMENT ANALYSIS :

ENTITIES

EntityCategoryConfidence
JeffPERSON

0.99+

JeffreyPERSON

0.99+

AndrewPERSON

0.99+

AWSORGANIZATION

0.99+

Robbie DevalPERSON

0.99+

Andrew RafaPERSON

0.99+

RobbiePERSON

0.99+

2020DATE

0.99+

Andrew RaflaPERSON

0.99+

Andrew RobbiePERSON

0.99+

DeloitteORGANIZATION

0.99+

Palo AltoLOCATION

0.99+

RaviPERSON

0.99+

five key pillarsQUANTITY

0.99+

3rdQUANTITY

0.99+

secondQUANTITY

0.99+

chase CunninghamPERSON

0.98+

five pillarsQUANTITY

0.98+

todayDATE

0.98+

Ravi DhavalPERSON

0.98+

Lloyd FortressORGANIZATION

0.98+

oneQUANTITY

0.98+

one thingQUANTITY

0.98+

eightQUANTITY

0.98+

IntelORGANIZATION

0.98+

EmmanuelPERSON

0.98+

One key benefitQUANTITY

0.97+

twoQUANTITY

0.97+

zero trustQUANTITY

0.97+

threeQUANTITY

0.97+

OneQUANTITY

0.97+

2015DATE

0.97+

awsORGANIZATION

0.96+

IotTITLE

0.96+

one misconceptionQUANTITY

0.96+

4th partiesQUANTITY

0.96+

pandemicEVENT

0.95+

Light and Touche LLPORGANIZATION

0.95+

Glenn GoranPERSON

0.95+

Deloitte & Touche LLPORGANIZATION

0.95+

hundreds of devicesQUANTITY

0.94+

hundreds of accountsQUANTITY

0.94+

table sixQUANTITY

0.94+

millions of devicesQUANTITY

0.94+

Deloitte and Touche LLPORGANIZATION

0.91+

CubeCOMMERCIAL_ITEM

0.91+

CloudwatchTITLE

0.9+

LambdaTITLE

0.9+

hundreds of rulesQUANTITY

0.9+

101QUANTITY

0.9+

chinaLOCATION

0.89+

Delight FortressTITLE

0.88+

firstQUANTITY

0.86+

doubleQUANTITY

0.85+

zeroQUANTITY

0.83+

One particular use caseQUANTITY

0.78+

SeymourORGANIZATION

0.77+

EsoORGANIZATION

0.77+

five GTITLE

0.77+