(rousing music) >> Hello everyone. Welcome back to "theCUBE's" day one coverage of Cloud Native Security Con 23. This is going to be an exciting panel. I've got three great guests. I'm Lisa Martin, you know our esteemed analysts, John Furrier, and Dave Vellante well. And we're excited to welcome to "theCUBE" for the first time, Yves Sandfort, the CEO of Comdivision Group, who's coming to us from Germany. As you know, Cloud Native Security Con is a global event. Everyone welcome Yves, great to have you in particular. Welcome to "theCUBE." >> Great to be here. >> Thank you for inviting me. >> Yves, tell us a little bit, before we dig into really wanting to understand your perspectives on the event and get Dave and John's feedback as well, tell us a little bit about you. >> So yeah, talking about me, or talking about Comdivision real quick. We are in the business for over 27 years already. We started as a SaaS company, then became more like an architecture and, and Cloud Native company over the last few years. But what's interesting is, and I think that's, that's, that's really interesting when we look at our industry. It hasn't really, the requirements haven't really changed over the years. It's still security. We still have to figure out how we deal with security. We still have to figure out how we deal with compliance and everything else. And I think therefore, it's more and more important that we take these items more seriously. Also, based on the fact that when we look at it, how development and other things happen nowadays, it's, it's, everybody says it's like open source. It's great because everybody can look into the code. We, I think the last few years have shown us enough example that that's not necessarily solving all the issues, but it's also code and development has changed rapidly when we look at the Cloud Native approach, where it's far more about gluing the pieces together, versus the development pieces. When I was actually doing software development 25 years ago, and had to basically build my code because I didn't have that much internet access for it. So it has evolved, but even back then we had to deal with security and everything. >> Right. The focus on security is, is incredibly important, and the focus keeps growing as you mentioned. This is, guys, and I want to get your perspectives on this. We're going to start with John. This is the first time Cloud Native Security Con is its own event being extracted from, and amplified from KubeCon. John, I want to understand from your perspective, break down the event, what you see, what you've heard, and Cloud Native Security in general. What does this mean to companies? What does it mean to customers? Is this a reality? >> Well, I think that's the topic we want to discuss, and I think Yves background, you see the VMware certification, I love that. Because what VMware did with virtualization, was abstract that from server virtualization, kind of really changed the game on things, and you start to see Cloud Native kind of go that next level of how companies will be operating their business, not just digital transformation, as digital transformation goes to completion, it's total business transformation where IT is everywhere. And so you're starting to see the trends where, "Okay, that's happening." Now you're starting to see, that's Cloud Native Con, or KubeCon, AWS re:Invent, or whatever show, or whatever way you want to look at it. But in, in the past decade, past five years, security has always been front and center as almost a separate thing, and, in and of itself, but the same thing. So you're starting to see the breakout of security conversations around how to make things work. So a lot of operational conversations around what used to be DevOps makes infrastructure as code, and that was great, that fueled that. Then DevSecOps came. So the Cloud Native next level, is more application development at scale, developers driving the standards with developer first thinking, shifting left, I get all that. But down in the lower ends of the stack, you got real operational issues. DNS we've heard in the keynote, we heard about the Colonel, the Lennox Colonel. Things that need to be managed and taken care of at a security level. These are like, seem like in the weeds, but you're starting to see that happen. And the other thing that I think's real about Cloud Native Security Con that's going to be interesting to watch, is Amazon has pretty much canceled all their re:Invent like shows except for two; Re:Invent, which is their annual conference, and Re:Inforce, which is dedicated to securities. So Cloud Native, Linux, the Linux Foundation has now breaking out Cloud Native Con and KubeCon, and now Cloud Native Security Con. They can't call it KubeCon because it's not Kubernetes, but it's like security focus. I think this is the beginning of starting to see this new developer driving, developers driving the standards, and it has it implications, what used to be called IT ops, and that's like the VMwares of the world. You saw all the stuff that was not at developer focus, but more ops, becoming much more in the application. So I think, I think it's real. The question is where does it go? How fast does it develop? So to me, I think it's a real trend, and it's worthy of a breakout, but it's not yet clear of where the landing zone is for people to start doing it, how they get started, what are the best practices. Machine learning's going to be a big part of this. So to me it's totally cool, but I'm not yet seeing the beachhead. So that's kind of my take. >> Dave, our inventor and host of breaking analysis, what's your take? >> So when you, I think when you zoom out, there's some, there's a big macro change that's been going on. I think when you look back, let's say 10, 12 years ago, the, the need for speed far trumped the, the, the security aspect, the governance, the data privacy. It was like, "Yeah, the risks, they're not that great compared to our opportunity." That has completely changed because the risks are now so much higher. And so what's happening, I think there's a, there's a major effort amongst CIOs and CISOs to try to make security not a blocker because it use to be, it still is. "Okay, I got this great initiative." Eh, give it to the SecOps pros, and let them take it for a while before we can go to market. And so a huge challenge now is to simplify, automate, AI comes in, the whole supply chain security, so the, so the companies can not be facing so much friction. And that is non-trivial. I don't think we're anywhere close there, but I think the goal is by, within the next several years, we're going to be in a position, that security, we heard today, is, wasn't designed in to the initial internet protocols. It was bolted on. And so increasingly, the fundamental architecture of the internet, the Cloud, et cetera, is, is seeing designed in security, and, and that is an imperative, or else business is going to come to a grinding halt. >> Right. It's no longer, the bolt no longer works. Yves, what's your perspective on Cloud Native Security, where it stands today? What's in it for customers, whether we're talking about banks, or hospitals, or retailers, what do you think? >> I think when we, when we look at security in the, in the modern world, is we need to as, as Dave mentioned, we need to rethink how we apply it. Very often, security in the past has been always bolted on in the end. If we continue to do that, it'll become more and more difficult, because as companies evolve, and as companies want to bring products and software to market in a much faster and faster way, it's getting more and more difficult if we bolt on the security process at the end. It's like, developers build something and then someone checks security. That's not going to work any longer. Especially if we also consider now the changes in the industry. We had Stack Overflow over the last 10 years. If I would've had Stack Overflow 15, 20, what, 25 years ago when I was a developer, it would've changed a hell lot. Looking at it now, and looking at it what we had in the last few weeks, it's like where nearly all of my team members say is like finally I don't need any script kiddies anymore because I can't go to (indistinct) who writes the code for me. Which is on one end great, because it enables us to solve certain problems in a much higher pace. But the challenge with that is, if the people who just copy and past that code, don't understand the implications of that code, we have a much higher risk continuously. And what people thought was, is challenging with Stack Overflow. Imagine that something in one of these AI engines, is actually going ballistic, and it creates holes in nearly every one of these applications. And trust me, there will be enough developers who are going to use these tools to develop codes, the same as students in university are going to take this to write their essays and everything else. And so it's really important that every developer team basically has a security person within their team, and not a security at the end. So we build something, we check it, go through QA, and then it goes to security. Security needs to be at the forefront. And I think that's where we see Cloud Native Security Con, where we see AWS. I saw it during re:Invent already where they said is like, we have reinforced next year. I think this becomes more and more of a topic, and I think companies, as much as it is become a norm that you have a firewall and everything else, it needs to become a norm that when you are doing software development, and every development team needs to have a security person on that needs to be trained. >> I love that chat comment Dave, 'cause you and I were talking about this. And I think that is going to be the issue. Do we need security chat for the chat bot? And there's like a, like a recursive model there. The biases are built in. I think, and I think our interview with the Palo Alto Network's co-founder, Dave, when he talked about zero trust as a structured way to start things, but he was referencing that with Cloud, there's a chance to rethink or do a do-over in security. So, I think this is kind of to me, where this is all going. And I think you asked Pat Gelsinger what, year 2013, 2014, can, is security a do over? I think we're in that do over time. >> He said yes. >> He said yes. (laughing) He was right. But yeah, eight years later... But this is, how do you, zero trust gives you some structure, but how do you organize and redo security? Because to me, I think that's what's happening here. >> And John you heard, Zuk at Palo Alto Network said, "Yeah, the, the words security and architecture, they don't go together historically." And so it is a total, total retake. >> Well is that because there's too many tools out there and- >> Yeah. For sure. >> Yeah, well, first of all, a lot of hardware. And then yeah, a lot of tools. You even see IIOT and industry 40, you see IOT security coming up as another stove pipe, and that's not the right approach. And, and so- >> Well let me, let me ask you a question Dave, and Yves, if you don't mind. 'Cause I was just riffing on this yesterday about this. In the ML space, you're seeing the ML models, you're seeing proprietary models versus open source. Is security going to go down this proprietary security methods and open source? Because that's interesting, because the CNCF is run by the the Linux Foundation. So you can almost maybe see a model where there's more proprietary security methods than open source. Or is it, is that a non-issue? >> I would, I would, let me, if I, if I jump in here first, I think the last, especially last five or 10 years have clearly shown the, the whole and, and I invested early on in the, in the end 90s in several open source startups in the Bay area. So, I'm well behind the whole open source idea and, and mid (indistinct) and others back then several times. But the point is, I think what we have seen is open source is not in general, more secure or less secure, because code is too complex nowadays. You have millions of lines of code, and it's not that either one way or the other is going to solve it. The ways I think we are going to look at it is more is what's the role to market, because only because something is open source doesn't necessarily mean it's going to be available for everyone. And the same for proprietary source from that perspective, even though everybody mixes licensing and payments and all that all the time, but it doesn't necessarily have anything to do with it. But I think as we are going through it, and when we also look at the industry, security industry over the last 10 plus years has been primarily hardware focused. And a lot of these vendors have done a good business out of selling hardware boxes, putting software on top of it. Whereas in reality, those were still X86 standard boxes in the end. So it was not that we had specific security ethics or anything like that in there anymore. And so overall, the question of the market is going to change. And as we are looking into Cloud Native, think about someone like an AWS, do you really envision them to have a hardware box of every supplier in their data center, and that in every availability zone in every region? Same for Microsoft, same for Google, etc? So we need to have new ways on how we can apply security. And that applies both on the backend services, but also on the front end side. >> And if I, and if I could chime in, I think the, the good, I think the answer is, is, is no and yes. And what I mean by that is if you take, antivirus and known malware, I mean pretty much anybody today can, can solve that problem, it's the unknown malware. So I think the yes part of the answer is yes, it's, it's going to be proprietary, but in the sense we're going to use open source tooling, and then apply that in a proprietary way with, with specific algorithms and unique architectures that are going to solve problems. For example, XDR with, with unknown malware. So, and that's the, that's the hard part. As somebody said, I think this morning at the keynote, it's, it's all the stuff that, that the SecOps team couldn't find. That's the really hard part. >> (laughs) Well the question will be will, is the new IP, the ability to feed ChatGPT some magical spelled insertion query string that does the job, that's unique, that might be the new IP, the the question to ask. >> Well, that's what the hackers are going to do. And I, they're on offense. (John laughs) And the offense knows what play is coming. So, they're going to start. >> So guys, let's take this conversation up a level. I want to get your perspectives on what's in this for me as a customer? We know security is a board level conversation. We talk about this all the time. We also know that they're based on, I think David, was the conversations that you and I had, with Palo Alto Networks at Ignite in December. There's a, there's a lack of alignment between the executives and the board from a security perspective. When we talk about Cloud Native Security, we all talked about the value in that, what's in it for customers? I want to get your perspectives on should this be a board level conversation, and if so, how do you advise organizations, whether it is a hospital, or a bank, or an organization that is really affected by things like ransomware? How should they be thinking about this from an organizational perspective? >> Well, I'll start first, because we had this conversation during our Super Cloud event last month, and this comes up a lot. And this is, the CEO board level. Yes it is a board level conversation for security, as is application development as in terms of transforming their business to be competitive, not to be on the wrong side of history with this wave coming. So I think that's more of a management. But the issue is, they tell their people, "Go do it." And they're like, 'cause they get sold on the idea of, "Hey, won't you transform your business, and everything's going to be data driven, and machine learning's going to power your apps, get new customers, be profitable." "Oh, sign me up for that." When you have to implement this, it's really hard. And I think the core issue is, where are companies in their life cycle of the ability to execute and architect this thing properly as Dave said, Nick Zuk said, "You can't have architecture and security, you need platforms." So, I think the re-platforming, and the re-factoring of business is a big factor, and that's got to get down into the, the organizational shifts and the people to do it. So are there skills? Do I do a managed service? How do I architect it? Are there more services? Are there developers doing applications that are going to be more agile? So, this is not an easy thing. And to move a business from IT operations that is proven, to be positioned for this enablement, is just really difficult. And it's expensive. And if you screw it up, you could be, could be on the wrong side of things. So, to me, that's the big issue is, you sell the dream and then you got to implement it. And that's really difficult. >> Yves, give us your perspective on, based on John's comments, how do organizations shift so dramatically? There's a cultural element there as well, but there's also organizations that are, have competitive competitors in the rear view mirror, and there's time to waste. What are your thoughts on that? >> I think that's exactly the point. It's like, as an organization, you need to take the decision between the time, the risk, and all the other elements we have into this game. Because you can try to achieve 100% security, but that's exactly the same as trying to, to protect gold or anything else 100%. It's most likely not going to be from a risk perspective anyway sensible. And that's the same from a corporational perspective. When you look at building new internet services, or IOT services, or any kind of new shopping experience or whatever else, you need to balance out between the risks and the advantages out of it. And you also need to be accepting that you potentially on the way make mistakes, but then it's more important than ever that you are able to quickly fix any mistakes, and to adjust to anything what's happening in the market. Because as we are building all these new Cloud Native applications, and build up all these skill sets, one of the big scenarios is we are far more depending on individual building blocks. These building blocks come out of open source communities, which have a much different way. When we look back in software development, back then we had application servers from Oracle, Web Logic, whatsoever, they had a release cycles of every three to six months. As now we have to deal with open source, where sometimes release cycles are on a four week schedule, in between security patches. So you need to be much faster in adopting that, checking that, implementing that, getting things to work. So there is a security stretch from that perspective. There is a speech stretch on the other thing companies have to deal with, and on the other side it's always a measurement between the risk, and the security you can afford. Because reality is, you will not be 100% protected no matter what you do. So, you need to balance out what you as an organization can actually build on. But I think, coming back also to the point, it's on the bot level nowadays. It's like nearly every discussion we have with companies nowadays as they move into the Cloud, especially also here in Europe where for the last five years, it was always, it's like "It's data privacy." Data privacy is no longer, I mean, yes, for certain people, it's still the point, but for many more people it's like, "How protected is my data?" "What do we do in case of ransomware attack?" "What do we do in case of a denial of service?" All of these things become more vulnerable, where in the past you were discussing these things with a becking page, or, or like a stock exchange. They were, it's like, "What the hell is going to happen if we have a denial of service?" Now all of the sudden, this now affects nearly everyone in their storefronts and everything else, because everything is depending on it. >> Yeah, I think you're right on. You think about how cultural change occurs, it's bottom ups or, bottom up, top down or middle out. And what, what's happened with security is the people in the security team cared about it, they were the, everybody said, "Oh, it's their problem." And then it just did an end run to the board, kind of mid, early last decade. And then the board sort of pushed that down. And the line of business is realizing, "Holy cow. My business, my EBIT can be dramatically affected by this, so I care." Now it's this whole house, cultural team sport. I know it's sort of a, a cliche, but it, it's true. Everybody actually is beginning to care about security because the risks are now so high, and it's going to affect not only the bottom line of the company, the bottom line of the business, their job, it's, it's, it's virtually everywhere. It's a huge cultural shift that we're seeing. >> And that's a big challenge for organizations in any industry. And Yves, you talked about ransomware service. Every industry across the globe is vulnerable to this. But how can, maybe John, we'll start with you. How can Cloud Native Security help organizations if they're able to embrace it, operationally, culturally, dial down some of the vulnerabilities that just seem to keep growing? >> Well, I mean that's the big question. The breaches are, are critical. The governances also could be a way that anchors down growth. So I think the balance between the governance compliance piece of it is key, but making the developers faster and more productive is the key to me. And I think having the security paradigm where they're not blockers, as Dave said, is critical. So I love the whole shift left, but now that we have more data focused initiatives around how that, you can use data to understand the security issues, I think data and security are together, and I think there's a going to be a data operating system model emerging, where data and security will be almost one thing. And that will be set up by the security teams, and the data teams together. And that will feed guardrails into the developer environment. So the developer should feel no pain at all in doing this. So I think the best practice will end up being what we're seeing with supply chain, security, with making sure code's verified. And you're going to see the container, security side completely address has been, and KubeCon, we just, I asked Scott Johnson, the CEO of Docker, and I asked him directly, "Are you guys all tight on container security?" He said, yes, but other people are suggesting that's not true. There's a lot of issues with the container security. So, there's all kinds of areas where there's holes. So Cloud Native is cool on one hand, and very relevant, but if it's not shored up, it's going to be a problem. But I, so I think that's where the action will be, at the developer pipeline, in the containers, and the data. So, that will be very relevant, and if companies nail that, they'll be faster, they'll have better apps, and that'll be the differentiator. And again, if they don't on this next wave, they're going to be driftwood. >> Dave, how do they prevent becoming driftwood? >> Well, I think Cloud has had a huge impact. And a Cloud's by no means a panacea, but let's face it, it's dramatically improved a lot of companies security posture. Now there's still that shared responsibility. Even though an S3 bucket is encrypted, it's still your responsibility to make sure that it doesn't get decrypted by somebody who has access to it. So there are things like that, but to Yve's earlier point, that can be, that's done through software now, it's done through best practices. Those best practices can be shared. So the way you, you don't become driftwood, is you start to, you step back, rethink that security architecture as we were talking about earlier, take advantage of the Cloud, take advantage of Cloud Native, and all the, the rapid pace of innovation that's occurring there, and you don't use, it's called before, The audit is the last line of defense. That's no longer a check box item. "Oh yeah, we're in compliance." It's, this is a business imperative, and because we're going to reduce our expected loss and reduce our business risk. That's part of the business case today. >> Yeah. >> It's a huge, critically important part of the business case. Yves, question for you. If you're in an elevator with a CEO, a CFO, and a CISO, and they're talking about security and Cloud Native Security, what's your value proposition to them on a, on a say a 32nd elevator ride? >> Difficult story. I think at the moment, the most important part is, we need to get people to work together, and we need to train people to work more much better together. I think that's the overall most important part for all of these solutions, because in the end, security is always a person issue. If, we can have the best tools in the industry, as long as we don't get all of these teams to work together, then we have a problem. If the security team is always seen as the end of the solution to fix everything, that's not going to work because they always are the bad guys in the game. And so we need to bring the teams together. And once we have the teams work together, I think we have a far better track on, on maintaining security. >> John and Dave, I want to get your perspectives on what Yves just said. In all the experience that the two of you have as industry analysts here on "theCUBE," Wikibon, Siliconangle Media. How do you advise organizations to get those teams together? As Eve said, that alignment is critical, but John, we'll start with you, then Dave go to you. What's your advice for organizations that need to align those teams and really don't have a lot of time to wait to do it? >> (chuckling) That's a great question. I think, I think that's everyone pays hundreds of thousands of millions of dollars to get that advice from these consultants, organizations out there doing the transformations. But I think it comes down to personnel and commitment. I think if there's a C-level commitment to the effort, you'll see the institutional structure change. So you can see really getting behind it with their, with their wallet and their, and their support of either getting more personnel to support and assist, or manage services, or giving the power to the teams to execute and doing it in a way that, that's, that's well known and best practices. Start small, build out the pilots, build the platform, and then start getting it right. And I think that's the key. Not the magic wand, the old model of rolling out stuff in, in six month cycles. It's really, get the proof points, double down and change the culture, but also execute and have real metrics. And changing the architecture, like having more penetration tests as a service. Doing pen tests is like a joke now. So that doesn't make any sense. You got to have that built in almost every day, and every minute. So, these kinds of new techniques have to be implemented and have to be tried. So that's why these communities are growing. That's why I like what open source has been doing, and I like the open source as the place to have these conversations, because that's where the action will be for new stuff. And I think people will implement open source like they did before, but with different ways, better testing, better supply chain on the software side, verifying code. So, I see open source actually getting a tailwind from this, not a headwind. So, I'm bullish on the open source piece here on, on all levels, machine learning- >> Lisa, my answer is intramural sports. And it's 'cause I think it's cultural. And what I mean by that, is you take your your best and brightest security, and this is what frankly, a lot of CISOs do, an examples is Lena Smart, MongoDB. Take your best and brightest security pros, make them captains of the intramural teams, and pair them up with pods of individuals across the organization, which is most people who don't know anything about security, and put them together, so that they can, they, so that the folks that understand security can, can realize how little people know, what, what, what, how, what the worst practices that are out there in the reverse, how they can cross pollinate. And they do that on a regular basis, I know at Mongo and other companies. And that kind of cultural assimilation is a starting point for how you get security awareness up to your question around making it a team sport. >> Absolutely critical. Yves, I want to kind of wrap things with you. We've got a couple of minutes left. When you're really looking at the Cloud Native community, the growth of it, we talked about earlier in the program, Cloud Native Security Con being now extracted and elevated out of KubeCon, what are your thoughts on the groundswell that this community is generating around Cloud Native Security, the benefits that organizations will achieve from it? >> I think overall, when we have these securities conferences, or these security arms a bit spread out and separated out of the main conference, it helps to a certain degree, because especially in the security space, when you look at at other like black hat or white hat conferences and things like that in the past, although they were not focused on Cloud Native, a lot of these security folks didn't feel well taken care of in any of the other conferences because they were always these, it's like they are always blocking us, they're always making us problems, and all these kinds of things. Now that we really take the Cloud Native piece and the security piece together, or like AWS does it with re:Inforce, I think we will see more and more that people understand is that security is a permanent topic we need to cover, but we need to bring different people together, because security also has compliance and a lot of other components in there. So we will see at these conferences moving forward, also a different audience. It's not going to be only the Cloud Native developers. And if I see some of these security audiences, I can't really imagine them to really be at KubeCon because there is too much other things going on. And you couldn't really see much of that at re:Invent because re:Invent by itself has become a complete monster of a conference. It covers too many topics. And so having this very, very important security piece separated, also gives the opportunity, I think, that we can bring in the security people, but also have the type of board level discussions potentially, between the leaders of the industry, to also discuss on how we can evolve, how we can make things better, and how, how we can actually, yeah, evolve our industry for it. Because let's face it, that threat is not going to go away. It's, it's a business. And one of the last security conferences I was on, on the ransomware part, it was one of the topics someone said is like, "Look, currently on average, it takes a hacker group roughly around they said 15 to 20 K to break into a company, and they on average make 100K. It's a business, let's face it. And it's a business we don't like. And ethically, it's no discussion that this is not good, but that's something which is happening. People are making money with it. And as long as that's going to go on, and we have enough countries where these people can hide, it's going to stay and survive. And so, with that being said, it's important for us to really build an industry around this. But I also think it's good that we have separate conferences. In the past we had more the RSA conference, which tried to cover all of these areas. But that is not really fitting Cloud Native and everything else. So I think it's good that we have these new opportunities, the Cloud Native one, but also what AWS brings up for someone. >> Yves, you just nailed it. It just comes down to simple math. It's a fraction. Revenue over cost. And if you could increase the hacker's cost, increase the denominator, their ROI will go down. And that is the game. >> Great point, Dave. What I'm hearing guys, and we can talk about technology for days and days. I know all of you. But there's, there's a big component that, that the elevation of Cloud Native Security, on its own as standalone is critical, as is the people component. You guys all talked about that. We talked about the cultural change necessary for that. Hopefully what we're seeing with Cloud Native Security Con 23, this first event is going to give us more insight over the next couple of days, and the next months or so, as to how this elevation, and how the people can come together to really help organizations from a math perspective as, as Dave talked about, really dial down the risks there, understand more of the vulnerabilities so that ransomware as a service is not as lucrative as it is today. Guys, so much appreciate your time, really breaking down Cloud Native Security, the value in it from different perspectives, and what your thoughts are on where it's going. Thanks so much for your time. >> All right. Thanks. >> Thanks, Lisa. >> Thank you. >> Thanks, Yves. >> All right. For my guests, I'm Lisa Martin. You're watching theCUBE's day one coverage of Cloud Native Security Con 23. Thanks for watching. (rousing music)

>> 10, nine, eight, (clears throat) four, three. >> Good afternoon, fellow cloud nerds and welcome back to AWS Reinvent 2022. We are live here from fabulous Las Vegas, Nevada. My name is Savannah Peterson, joined by Lisa Martin. So excited to be here Lisa, it's my first reinvent. >> Is it really? >> Yeah. >> I think it's only like my fourth or fifth. >> Only your fourth or fifth. >> Only. >> You're such a pro here. >> There's some serious veterans here in attendance that have been to all 11. >> I love that. >> Yeah. Wow, go them. I know, maybe we'll be at that level sooner. >> One day we will. >> Are you enjoying the show so far? >> Absolutely, it is. I cannot believe how many people are here. We've had 70,000 and we're only seeing what's at the foundation Expo Hall, not at the other hotel. So, I can only imagine. >> I mean, there's a world outside of this. >> Yes, and there's sunlight. There's actual sunlight outside of this room. >> Nobel idea. Well, Lisa, I'm very excited to be sitting here next to you and to welcome our fabulous guests, from TEKsystems, we have Brandon and Srini. Thank you so much for being here. How is the show going for you gentlemen so far? >> It's great. Lot of new insights and the customers are going to love what AWS is releasing in this reinvent. >> There is such a community here, and I love that vibe. It's similar to what we had at Cloud Native con in Detroit. So much collaboration going on. I assume most folks know a lot about TEKsystems who are watching, but just in case they don't, Brandon, give us the pitch. >> You bet. So full stack IT solutions firm, been in business for over 40 years, 80,000 global employees, really specializing in digital transformation, enterprise modernization services. We have partners in One Strategy, which is an an acquisition we made, but a well known premier partner in the Amazon partner ecosystem, as well as One North Interactive, who is our boutique brand, creative and digital strategy firm. So together, we really feel like we can bring full end-to-end solutions for digital and modernization initiatives. >> So, I saw some notes where TEKsystems are saying organizations need experienced AWS partners that are not afraid doing the dirty work of digital transformation, who really can advise and execute. Brandon, talk to us about how TEKsystems and AWS are working together to help customers on that journey which is nebulous of digital transformation. >> So, our real hallmark is the ability to scale. We partner with AWS in a lot of different ways. In fact, we just signed our strategic collaboration agreement. So, we're in the one percenter group in the whole partner network. >> Savanna: That's a pretty casual flex there. >> Not bad. >> I love that, top 1%, that no wonder you're wearing that partner pin so proud today. (speaking indistinctly) >> But we're working all the way on the advisory and working with their pro serve organization and then transforming that into large scale mass migration services, a lot of data modernization that Srini is an absolute expert in. I'm sure he can add some context too, but it's been a great partnership for many years now. >> In the keynote, Adam spent almost 52 minutes on data, right? So, it emphasizes how organizations are ready to take data to cloud and actually make meaningful insights and help their own customers come out of it by making meaningful decisions. So, we are glad to be part of this entire ecosystem. >> I love that you quantified how many minutes. >> I know. >> Talked about it, that was impressive. There's a little bit of data driven thinking going on here. >> I think so. >> Yeah. >> Well, we can't be at an event like this without talking about data for copious amounts of time, 52 minutes, has just used this morning. >> Right, absolutely. >> But every company these days has to be a data company. There's no choice to be successful, to thrive, to survive. I mean, even to thrive and grow, if it's a grocery store or your local gas station or what? You name it, that company has to be a data company. But the challenge of the data volume, the explosion in data is huge for organizations to really try to figure out and sift through what they have, where is all of it? How do we make sense of it? How do we act on it and get insights? That's a big challenge. How is TEKsystems helping customers tackle that challenge? >> Yeah, that's a great question because that's the whole fun of handling data. You need to ensure its meaning is first understood. So, we are not just dumping data into a storage place, but rather assign a meaningful context. In today's announcement, again, the data zone was unveiled to give meaning to data. And I think those are key concrete steps that we take to our customers as well with some good blueprints, methodical ways of approaching data and ultimately gaining business insights. >> And maybe I'll add just something real quick to that. The theme we're seeing and hearing a lot about is data monetization. So, technology companies have figured it out and used techniques to personalize things and get you ads, probably that you don't want half the time. But now all industries are really looking to do that. Looking at ways to open new revenue channels, looking at ways to drive a better customer experience, a better employee experience. We've got a ton of examples of that, Big Oil and Gas leveraging like well and machine data, coming in to be more efficient when they're pumping and moving commodities around. We work a lot in the medium entertainment space and so obviously, getting targeted ads to consumers during the right periods of TV or movies or et cetera. Especially with the advert on Netflix and all your streaming videos. So, it's been really interesting but we really see the future in leveraging data as one of your biggest corporate assets. >> Brilliant. >> So, I'm just curious on the ad thing, just real quick and I'll let you go, Lisa. So, do you still fall victim to falling for the advertising even though you know it's been strategically put there for you to consume in that moment? >> Most of the time. >> I mean, I think we all do. We're all, (indistinct), you're behind the curtain so to speak. >> The Amazon Truck shows up every day at my house, which is great, right? >> Hello again >> Same. >> But I think the power of it is you are giving the customer what they're looking for. >> That's it. >> And you know... >> Exactly. We have that expectation, we want it. >> 100%. >> We know that. >> Agree. >> We don't need to buy it. But technology has made it so easy to transact. That's like when developers started going to the cloud years ago, it was just, it was a swipe. It was so simple. Brandon, talk about the changes in cloud and cloud migration that TEKsystems has seen, particularly in the last couple of years as every company was rushing to go digital because they had to. >> So several years ago, we kind of pushed away that cloud first mentality to the side and we use more of a cloud smart kind of fashion, right? Does everything need to go to the cloud? No. Do applications, data, need to go to the cloud in a way that's modern and takes advantages of what the cloud can provide and all the new services that are being released this week and ongoing. So, the other thing we're seeing is initiatives that have traditionally been in the CTO, CIO organization aren't necessarily all that successful because we're seeing a complete misalignment between business goals and IT achievements, outcomes, et cetera. You can automate things, you can move it to the cloud, but if you didn't solve a core business problem or challenge, what'd you really do? >> Yeah, just to add on that, it's all about putting data and people together. And then how we can actually ensure the workforce is equally brought up to speed on these new technologies. That has been something that we have seen tremendous improvement in the last 24 months where customers are ready to take up new challenges and the end users are ready to learn something new and not just stick onto that status quo mindset. >> Where do you guys factor in to bringing in AWS in the customer's cloud journeys? What is that partnership like? >> We always first look for where the customer is in their cloud journey path and make sure we advise them with the right next steps. And AWS having its services across the spectrum makes it even easier for us to look at what business problem they're solving and then align it according to the process and technology so that at the end of the day, we want end user adoption. We don't want to build a fancy new gadget that no one uses. >> Just because you built it doesn't mean they'll come. And I think that's the classic engineering marketing dilemma as well as balance to healthy tension. I would say between both. You mentioned Srini, you mentioned workforce just a second ago. What sort of trends are you seeing in workforce development? >> Generally speaking, there are a lot of services now that can quantify your code for errors and then make sure that the code that you're pushing into production is well tested. So what we are trying to make sure is a healthy mix of trying to solve a business problem and asking the right questions. Like today, even in the keynote, it was all about how QuickSight, for example, has additional features now that tells why something happened. And that's the kind of mindset we want our end users to adopt. Not just restricting themselves to a reactive analytics, but rather ask the question why, why did it happen? Why did my sales go down? And I think those technologies and mindset shift is happening across the workforce. >> From a workforce development standpoint, we're seeing there's not enough workforce and the core skills of data, DevOps, standard cloud type work. So, we're actually an ATP advanced training partner, one of the few within the AWS network. So, we've developed programs like our Rising Talent Program that are allowing us to bring the workforce up to the skills that are necessary in this new world. So, it's a more build versus buy strategy because we're on talents real, though it may start to wane a little bit as we change the macroeconomic outlook in 2023, but it's still there. And we still believe that building those workforce and investing in your people is the right thing to do. >> It is, and I think there's a strong alignment there with AWS and their focus on that as well. I wanted to ask you, Brandon. >> Brandon: Absolutely. >> One of the things, so our boss, John Furrier, the co CEO of theCUBE, talked with Adam Selipsky just a week or maybe 10 days ago. He always gets an exclusive interview with the CEO of AWS before reinvent, and one of the things that Adam shared with him is that customers, CEOs and CIOs are not coming to Adam, to this head of AWS to talk about technology, they want to talk about transformation. He's talking about... >> The topic this year. >> Moving away from amorphous topic of digital transformation to business transformation. Are you seeing the same thing in your customer? >> 100%, and if you're not starting at the business level, these initiatives are going to fail. We see it all the time. Again, it's about that misalignment and there's no good answer to that. But digital, I think is amorphous to some degree. We play a lot with the One North partnership that I mentioned earlier, really focusing on that strategy element because consumer dollars are shrinking via inflation, via what we're heading into, and we have to create the best experience possible. We have to create an omnichannel experience to get our products or services to market. And if we're not looking at those as our core goals and we're looking at them as IT or technology challenges, we're not looking in the right place. >> Well, and businesses aren't going to be successful if they're looking at it in those siloed organizations. Data has to be democratizing and we've spent same data democratization for so long, but really, we're seeing that it has to be moving out into the lines of business because another thing Adam shared with John Furrier is that he sees and I'm curious what your thoughts are on this, the title of data analysts going away because everybody in different functions and different lines of business within an organization are going to have to be data analysts to some degree, to use data whether it's marketing, ops, sales, finance, are you seeing the same? >> That is true. I mean, at this point, we are all in the connected world, right? Every data point is connected in some form or shape to another data point. >> Savanna: There are many data points, just sitting here, yeah. >> Absolutely, so I think if you are strategizing, data needs to be right in the center of it. And then your business problems need to be addressed with reliable data. >> No, I mean, advertising, supply chain, marketing, they're all interconnected now, and we're looking at ways to bring a lot of that siloed data into one place so we can make use to it. It goes back to that monetization element of our data. >> That's a lot about context and situational awareness. We want what we want, when we want it, even before we knew we needed it then. I think I said that right. But you know, it's always more faster, quicker and then scaling things up. You see a lot of different customers across verticals, you have an absolutely massive team. Give us a sneak peek into 2023. What does the future hold? >> 2023 is again, to today's keynote, I'm bringing it back because it was a keynote filled with vision and limitless possibilities. And that's what we see. Right now, our customers, they are no longer scared to go and take the plunge into the cloud. And as Brandon said, it's all about being smart about those decisions. So, we are very excited that together with the partnership that we recently acquired and the services and the depth, along with the horizontal domain expertise, we can actually help customers make meaningful message out of their data points. And that keeps us really excited for next year. >> Love that, Brandon, what about you? >> I think the obvious one is DevOps and a focus on optimization, financially, security, et cetera, just for the changing times. The other one is, I still think that digital is going to continue to be a big push in 2023, namely making sure that experience is at its best, whether that's employee and combating the war on talent, keeping your people or opening new revenue streams, enhancing existing revenue streams. You got to keep working on that. >> We got to keep the people happy with the machines and the systems that we are building as we all know. But it's very nice, it's been a lot of human-centric focus and a lot of customer obsession here at the show. We know it's a big thing for you all, for Amazon, for pretty much everyone who sat here. Hopefully it is in general. Hopefully there's nobody who doesn't care about their community, we're not talking to them, if that's the case, we have a new challenge on theCUBE for the show, this year as we kind of prepped you for and can call it a bumper sticker, you can call it a 30 second sizzle reel. But this is sort of your Instagram moment, your TikTok, your thought of leadership highlight. What's the most important story coming out of the show? Srini, you've been quoting the keynotes very well, so, I'm going to you first on this one. >> I think overall, it's all about owning the change. In our TEKsystems culture, it's all about striving for excellence through serving others and owning the change. And so it makes me very excited that when we get that kind of keynote resonating the same message that we invite culturally, that's a big win-win for all the companies. >> It's all about the shared vision. A lot of people with similar vision in this room right now, in this room, like it's a room, it's a massive expo center, just to be clear, I'm sure everyone can see in the background. Brandon >> I would say partnership, continuing to enhance our strategic partnership with AWS, continuing to be our customers' partners in transformation. And bringing those two things together here has been a predominance of my time this week. And we'll continue throughout the week, but we're in it together with our customers and with AWS and looking forward to the future. >> Yeah, that's a beautiful note to end on there. Brandon, Srini, thank you both so much for being here with us. Fantastic to learn from your insights and to continue to emphasize on this theme of collaboration. We look forward to the next conversation with you. Thank all of you for tuning in wherever you happen to be hanging out and watching this fabulous live stream or the replay. We are here at AWS Reinvent 2022 in wonderful sunny Las Vegas, Nevada with Lisa Martin. My name is Savannah Peterson, we are theCUBE, the leading source for high tech coverage.

>>Good afternoon and welcome back to Detroit, Lisa Martin here with John Furrier. We are live day two of our coverage of Coan Cloud Native Con North America. John, we've had great conversations. Yeah. All day yesterday. Half a day today. So far we're talking all things, Well, not all things Kubernetes so much more than that. We also have to talk about storage and data management solutions for Kubernetes projects, cuz that's obviously critical. >>Yeah, I mean the big trend here is Kubernetes going mainstream has been for a while. The adopt is crossing over, it's crossing the CADs and with that you're seeing security concerns. You're seeing things being gaps being filled. But enterprise grade is really the, the, the story. It's going enterprise, that's managed services, that's professional service, that's basically making things work at scale. This next segment hits that part and we are gonna talk about it in grade length >>With one of our alumni. Moral morale to Molly is back DP and GM of Port Work's Peer Storage. Great to have you back really? >>Yeah, absolutely. Delightful >>To be here. So I was looking on the website, number one in Kubernetes storage. Three years in a row. Yep. Awesome. What's Coworks doing here at KU Con? >>Well, I'll tell you, we, our engineering crew has been so productive and hard at work that I almost can't decide what to kind of tell you. But I thought what, what, what I thought I would do is kind of tell you that we are in forefront of two major trends in the world of Kubernetes. Right? And the, the two trends that I see are one is as a service, so is trend number one. So it's not software eating the world anymore. That's, that's old, old, old news. It's as a service unifying the world. The world wants easy, We all are, you know, subscribers to things like Netflix. We've been using Salesforce or other HR functions. Everything is as a service. And in the world of Kubernetes, it's a sign of that maturity that John was talking about as a platform that now as a service is the big trend. >>And so headline number one, if you will, is that Port Works is leading in the data management world for Kubernetes by providing, we're going all in on easy on as a service. So everything we do, we are satisfying it, right? So if you think, if you think about, if you think about this, that, that there are really, most of the people who are consuming Kubernetes are people who are building platforms for their dev users. And dev users want self service. That's one of the advantages of, of, of Kubernetes. And the more it is service size and made as a service, the more ready to consume it is. And so we are announcing at the show that we have, you know, the basic Kubernetes data management as a service, ha d r as a service. We have backup as a service and we have database as a service. So these are the three major components of data. And all of those are being made available as a service. And in fact, we're offering and announcing at the show our backup as a service freemium version where you can get free forever a terabyte of, of, you know, stuff to do for Kubernetes for forever. >>Congratulations on the announcement. Totally. In line with what the market wants. Developers want Selfer, they wanna also want simplicity by the way they'll leave if they don't like the service. Correct. So that you, you know that before we get into some more specifics, I want Yeah. Ask you on the industry and some of the point solutions you have, what, it's been two years since the acquisition with Pure Storage. Can you just give an update on how it's gone? Obviously as a service, you guys are hitting all your Marks, developers love it. Storage are big part of the game right now as well as these environments. Yeah. What's the update post acquisition two years. You had a great offering Stay right In >>Point Works. Yeah. So look, John, you're, you're, you're a veteran of the industry and have seen lots of acquisitions, right? And I've been acquired twice before myself. So, you know, there's, there's always best practices and poor practices in terms of acquisitions and I'm, you know, really delighted to say I think this, this acquisition has had some of the best practices. Let me just name a couple of them, right? One of them is just cultural fit, right? Cultural fit is great. Entrepreneurs, anybody, it's not just entrepreneurs. Everybody loves to work in a place they enjoy working with, with people that they, you know, thrive when they, when they interact with. And so the cultural fit with, with Pure is fantastic. The other one is the strategic intent that Pure had when they acquired us is still true. And so that goes a long way, you know, in terms of an investment profile, in terms of the ability to kind of leverage assets within the company. So Pure had kind of disrupted the world of storage using Flash and they wanted to disrupt higher up the stack using Kubernetes. And that's kind of been our role inside their strategy. And it's, it's still true. >>So culture, strategic intent. Yeah. Product market fit as well. You were, you weren't just an asset for customers or acquisition and then let the founders go through their next thing. You are part of their growth play. >>Absolutely. Right. The, the beauty of, of the kind of product market fit is, let's talk about the market is we have been always focused on the global two k and that is at the heart of, you know, purest 10,000 strong customer base, right? They have very strong presence in the, in the global two k. And we, we allow them to kind of go to those same folks with, with the offering. >>So satisfying everything that you do. What's for me as a business, whether I'm a financial services organization, I'm a hospital, I'm a retailer, what's in it for me >>As a customer? Yeah. So the, the what's in it for, for me is two things. It's speed and ease of use, which in a way are related. But, but, but you know, one is when something is provided as a service, it's much more consumable. It's instantly ready. It's like instant oatmeal, right? You just get it just ad hot water and it's there. Yep. So the world of of it has moved from owning large data centers, right? That used to be like 25 years ago and running those data centers better than everybody else to move to let me just consume a data center in the form of a cloud, right? So satisfying the cloud part of the data center. Now people are saying, well I expect that for software and services and I don't want it just from the public cloud, I want it from my own IT department. >>This is old news. And so the, the, the big news here is how fast Kubernetes has kind of moved everything. You know, you take a lot of these changes, Kubernetes is a poster child for things happening faster than the last wave. And in the last couple of years I would say that as a service model has really kind of thrived in the world of Kubernetes. And developers want to be able to get it fast. And the second thing is they want to be able to operate it fast. Self-service is the other benefit. Yeah. So speed and self-service are both benefits of, of >>This. Yeah. And, and the thing that's come up clearly in the cube, this is gonna be part of the headlines we'll probably end up getting a lot of highlights from telling my team to make a note of this, is that developers are gonna be be the, the business if you, if you take digital transformation to its conclusion, they're not a department that serves the business, they are the business that means Exactly. They have to be more productive. So developer productivity has been the top story. Yes. Security as a serves all these things. These are, these are examples to make developers more productive. But one of the things that came up and I wanna get your reaction to is, is that when you have disruption and, and the storage vision, you know what disruption it means. Cuz there's been a whole discussion around disruptive operations. When storage goes down, you have back m dr and failover. If there's a disruption that changes the nature of invisible infrastructure, developers want invisible infrastructure. That's the future steady state. So if there's a disruption in storage >>Yeah. It >>Can't affect the productivity and the tool chains and the workflows of developers. Yep. Right? So how do you guys look at that? Cuz you're a critical component. Storage is a service is a huge thing. Yeah. Storage has to, has to work seamlessly. And let's keep the developers out of the weeds. >>John. I think what, what what you put your finger on is another huge trend in the world of Kubernetes where at Cube Con, after all, which is really where, where all the leading practitioners both come and the leading vendors are. So here's the second trend that we are leading and, and actually I think it's happening not just with us, but with other, for folks in the industry. And that is, you know, the world of DevOps. Like DevOps has been such a catchphrase for all, all of us in the industry last five years. And it's been both a combination of cultural change as well as technology change. Here's what the latest is on the, in the world of DevOps. DevOps is now crystallized. It's not some kind of mysterious art form that you read about how people are practicing. DevOps is, it's broken into two, two things now. >>There is the platform part. So DevOps is now a bunch of platforms. And the other part of DevOps is a bunch of practices. So a little bit on both these, the platforms in the world of es there's only three platforms, right? There's the orchestration platforms, the, you know, eks, the open ships of the world and so on. There are the data management platforms, pro people like Port Works. And the third is security platforms, right? You know, Palo Alto Networks, others Aqua or all in this. So these are the three platforms and there are platform engineering teams now that many of our largest customers, some of the largest banks, the largest service providers, they're all operating as a ES platform engineering team. And then now developers, to your point, developers are in the practice of being able to use these platforms to launch new services. So the, the actual IT ops, the ops are run by developers now and they can do it on these platforms. And the platform engineering team provide that as an ease of use and they're there to troubleshoot when problems happen. So the idea of DevOps as a ops practice and a platform is the newest thing. E and, and ports and pure storage leading in the world of data management platforms >>There. Talk about a customer example that you think really articulates the value that Port Works and Pure Storage delivers from a data management perspective. >>Yeah, so there's so many examples. One of the, one of the longest running examples we have is a very, very large service provider that, you know, you all know and probably use, and they have been using us in the cable kinda set box or cable box business. They get streams of data from, from cable boxes all over the world. They collected all in a centralized large kind of thing and run elastic search and analytics on it. Now what they have done is they couldn't keep up with this at the scale and the depth, right? The speed of, of activity and the distributed nature of the activity. The only way to solve this was to use something like Kubernetes manage with Spark coming, bringing all the data in to deep, deep, deep silos of storage, which are all running not even on a sand, but on kind of, you know, very deep terabytes and terabytes of, of storage. So all of this is orchestrated with the Heco coworks and there's a platform engineering team. We are building that platform for them with some of these other components that allows them to kind of do analytics and, and make some changes in real time. Huge kind of setup for, for >>That. Yeah. Well, you guys have the right architecture. I love the vision. I love what you guys are doing. I think this is right in line with Pures. They've always been disruptors. I remember when we first interviewed the CEO when they started Yep. They, they stayed on path. They didn't waiver. EMC was the big player. They ended up taking their lunch and dinner as well and they beat 'em in the marketplace. But now you got this traction here. So I have to ask you, how's the business, what's the results look like? Either GM cloud native business unit of a storage company that's transformed and transforming? >>Yeah, you know, it's interesting, we just hit the two year anniversary, right John? And so what we did was just kind of like step back and hey, you know, we're running so hard, you just take a step back. And we've tripled the business in the two years since the acquisition, the two years before and, and we were growing through proven. So, you know, that that's quite a fe and we've tripled the number of people, the amount of engineering investments we have, the number of go to market investments have, have been, have been awesome. So business is going really well though, I will say. But I think, you know, we have, we can't be, we we're watching the market closely. You know, as a former ceo, I, you have to kind of learn to read the tea leaves when you invest. And I think, you know, what I would say is we're proceeding with caution in the next two quarters. I view business transformation as not a cancelable activity. So that's the, that's the good news, right? Our customers are large, it's, >>It's >>Right. All they're gonna do is say, Hey, they're gonna put their hand, their hand was always going right on the dial. Now they're kind of putting their hand on the dial going, hey, where, what is happening? But my, my own sense of this is that people will continue to invest through it. The question is at what level? And I also think that this is a six month kind of watch, the watch where, where we put the dial. So Q4 and q1 I think are kind of, you know, we have our, our watch kind of watch the market sign. But I have the highest confidence. What >>Does your gut tell you? You're an entrepreneur, >>Which my, my gut says that we'll go through a little bit of a cautious investment period in the next six months. And after that I think we're gonna be back in, back full, full in the crazy growth that we've always been. We're gonna grow by the way, in the next think >>It's core style. I think I'm, I'm more bullish. I think there's gonna be some, you know, weeding out of some overinvestment pre C or pre bubble. But I think tech's gonna continue to grow. I don't see >>It's stopping. Yeah. And, and the investment is gonna be on these core platforms. See, back to the platform story, it's gonna be in these core platforms and on unifying everything, let's consume it better rather than let's go kind of experiment with a whole bunch of things all over the map, right? So you'll see less experimentation and more kind of, let's harvest some of the investments we've made in the last couple >>Of years and actually be able to, to enable companies in any industry to truly be data companies. Because absolutely. We talked about as a service, we all have these expectations that any service we want, we can get it. Yes. There's no delay because patients has gone Yeah. From the pandemic. >>So it is kind of, you know, tightening up the screws on what they've built. They, you know, adding some polish to it, adding some more capability, like I said, a a a, a combination of harvesting and new investing. It's a combination I think is what we're gonna see. >>Yeah. What are some of the things that you're looking forward to? You talked about some of the, the growth things in the investment, but as we round out Q4 and head into a new year, what are you excited about? >>Yeah, so you know, I mentioned our, as a service kind of platform, the global two K for us has been a set of customers who we co-create stuff with. And so one of the other set of things that we are very excited about and announcing is because we're deployed at scale, we're, we're, we have upgraded our backend. So we have now the ability to go to million IOPS and more and, and for, for the right backends. And so Kubernetes is a add-on which will not slow down your, your core base infrastructure. Second thing that that we, we have is added a bunch of capability in the disaster recovery business continuity front, you know, we always had like metro kind of distance dr. We had long distance dr. We've added a near sync Dr. So now we can provide disaster recovery and business continuity for metro distances across continents and across the planet. Right? That's kind of a major change that we've done. The third thing is we've added the capability for file block and Object. So now by adding object, we're really a complete solution. So it is really that maturity of the business Yeah. That you start seeing as enterprises move to embracing a platform approach, deploying it much more widely. You talked about the early majority. Yeah. Right. And so what they require is more enterprise class capability and those are all the things that we've been adding and we're really looking forward >>To it. Well it sounds like tremendous evolution and maturation of Port Works in the two years since it's been with Pure Storage. You talked about the cultural alignment, great stuff that you're achieving. Congratulations on that. Yeah. Great stuff >>Ahead and having fun. Let's not forget that, that's too life's too short to do. It is right. >>You're right. Thank you. We will definitely, as always on the cube, keep our eyes on this space. Mur. Meley, it's been great to have you back on the program. Thank you for joining, John. >>Thank you so much. It's pleasure. Our, >>For our guests and John Furrier, Lisa Martin here live in Detroit with the cube about Coan Cloud Native Con at 22. We'll be back after a short break.

>>Hey guys and girls, welcome back to Motor City, Lisa Martin here with John Furrier on the Cube's third day of coverage of Coon Cloud Native Con North America. John, we've had some great conversations over the last two and a half days. We've been talking about identity and security management as a critical need for enterprises within the cloud native space. We're gonna have another quick conversation >>On that. Yeah, we got a great segment coming up from someone who's been in the industry, a long time expert, running a great company. Now it's gonna be one of those pieces that fits into what we call super cloud. Others are calling cloud operating system. Some are calling just Cloud 2.0, 3.0. But there's definitely a major trend happening around how cloud is going Next generation. We've been covering it. So this segment should be >>Great. Let's unpack those trends. One of our alumni is back with us, O Rika Zi, co-founder and CEO of Aerio. Omri. Great to have you back on the >>Cube. Thank you. Great to be here. >>So identity move to the cloud, Access authorization did not talk to us about why you found it assertive, what you guys are doing and how you're flipping that script. >>Yeah, so back 15 years ago, I helped start Azure at Microsoft. You know, one of the first few folks that you know, really focused on enterprise services within the Azure family. And at the time I was working for the guy who ran all of Windows server and you know, active directory. He called it the linchpin workload for the Windows Server franchise, like big words. But what he meant was we had 95% market share and all of these new SAS applications like ServiceNow and you know, Workday and salesforce.com, they had to invent login and they had to invent access control. And so we were like, well, we're gonna lose it unless we figure out how to replace active directory. And that's how Azure Active Directory was born. And the first thing that we had to do as an industry was fix identity, right? Yeah. So, you know, we worked on things like oof Two and Open, Id Connect and SAML and Jot as an industry and now 15 years later, no one has to go build login if you don't want to, right? You have companies like Odd Zero and Okta and one login Ping ID that solve that problem solve single sign-on, on the web. But access Control hasn't really moved forward at all in the last 15 years. And so my co-founder and I who were both involved in the early beginnings of Azure Active directory, wanted to go back to that problem. And that problem is even bigger than identity and it's far from >>Solved. Yeah, this is huge. I think, you know, self-service has been a developer thing that's, everyone knows developer productivity, we've all experienced click sign in with your LinkedIn or Twitter or Google or Apple handle. So that's single sign on check. Now the security conversation kicks in. If you look at with this no perimeter and cloud, now you've got multi-cloud or super cloud on the horizon. You've got all kinds of opportunities to innovate on the security paradigm. I think this is kind of where I'm hearing the most conversation around access control as well as operationally eliminating a lot of potential problems. So there's one clean up the siloed or fragmented access and two streamlined for security. What's your reaction to that? Do you agree? And if not, where, where am I missing that? >>Yeah, absolutely. If you look at the life of an IT pro, you know, back in the two thousands they had, you know, l d or active directory, they add in one place to configure groups and they'd map users to groups. And groups typically corresponded to roles and business applications. And it was clunky, but life was pretty simple. And now they live in dozens or hundreds of different admin consoles. So misconfigurations are rampant and over provisioning is a real problem. If you look at zero trust and the principle of lease privilege, you know, all these applications have these course grained permissions. And so when you have a breach, and it's not a matter of if, it's a matter of when you wanna limit the blast radius of you know what happened, and you can't do that unless you have fine grained access control. So all those, you know, all those reasons together are forcing us as an industry to come to terms with the fact that we really need to revisit access control and bring it to the age of cloud. >>You guys recently, just this week I saw the blog on Topaz. Congratulations. Thank you. Talk to us about what that is and some of the gaps that's gonna help sarto to fill for what's out there in the marketplace. >>Yeah, so right now there really isn't a way to go build fine grains policy based real time access control based on open source, right? We have the open policy agent, which is a great decision engine, but really optimized for infrastructure scenarios like Kubernetes admission control. And then on the other hand, you have this new, you know, generation of access control ideas. This model called relationship based access control that was popularized by Google Zanzibar system. So Zanzibar is how they do access control for Google Docs and Google Drive. If you've ever kind of looked at a Google Doc and you know you're a viewer or an owner or a commenter, Zanzibar is the system behind it. And so what we've done is we've married these two things together. We have a policy based system, OPPA based system, and at the same time we've brought together a directory, an embedded directory in Topaz that allows you to answer questions like, does this user have this permission on this object? And bringing it all together, making it open sources a real game changer from our perspective, real >>Game changer. That's good to hear. What are some of the key use cases that it's gonna help your customers address? >>So a lot of our customers really like the idea of policy based access management, but they don't know how to bring data to that decision engine. And so we basically have a, you know, a, a very opinionated way of how to model that data. So you import data out of your identity providers. So you connect us to Okta or oze or Azure, Azure Active directory. And so now you have the user data, you can define groups and then you can define, you know, your object hierarchy, your domain model. So let's say you have an applicant tracking system, you have nouns like job, you know, know job descriptions or candidates. And so you wanna model these things and you want to be able to say who has access to, you know, the candidates for this job, for example. Those are the kinds of rules that people can express really easily in Topaz and in assertive. >>What are some of the challenges that are happening right now that dissolve? What, what are you looking at to solve? Is it complexity, sprawl, logic problems? What's the main problem set you guys >>See? Yeah, so as organizations grow and they have more and more microservices, each one of these microservices does authorization differently. And so it's impossible to reason about the full surface area of, you know, permissions in your application. And more and more of these organizations are saying, You know what, we need a standard layer for this. So it's not just Google with Zanzibar, it's Intuit with Oddy, it's Carta with their own oddy system, it's Netflix, you know, it's Airbnb with heed. All of them are now talking about how they solve access control extracted into its own service to basically manage complexity and regain agility. The other thing is all about, you know, time to market and, and tco. >>So, so how do you work with those services? Do you replace them, you unify them? What is the approach that you're taking? >>So basically these organizations are saying, you know what? We want one access control service. We want all of our microservices to call that thing instead of having to roll out our own. And so we, you know, give you the guts for that service, right? Topaz is basically the way that you're gonna go implement an access control service without having to go build it the same way that you know, large companies like Airbnb or Google or, or a car to >>Have. What's the competition look like for you guys? I'm not really seeing a lot of competition out there. Are there competitors? Are there different approaches? What makes you different? >>Yeah, so I would say that, you know, the biggest competitor is roll your own. So a lot of these companies that find us, they say, We're sick and tired of investing 2, 3, 4 engineers, five engineers on this thing. You know, it's the gift that keeps on giving. We have to maintain this thing and so we can, we can use your solution at a fraction of the cost a, a fifth, a 10th of what it would cost us to maintain it locally. There are others like Sty for example, you know, they are in the space, but more in on the infrastructure side. So they solve the problem of Kubernetes submission control or things like that. So >>Rolling your own, there's a couple problems there. One is do they get all the corner cases who built a they still, it's a company. Exactly. It's heavy lifting, it's undifferentiated, you just gotta check the box. So probably will be not optimized. >>That's right. As Bezo says, only focus on the things that make your beer taste better. And access control is one of those things. It's part of your security, you know, posture, it's a critical thing to get right, but you know, I wanna work on access control, said no developer ever, right? So it's kind of like this boring, you know, like back office thing that you need to do. And so we give you the mechanisms to be able to build it securely and robustly. >>Do you have a, a customer story example that is one of your go-tos that really highlights how you're improving developer productivity? >>Yeah, so we have a couple of them actually. So there's the largest third party B2B marketplace in the us. Free retail. Instead of building their own, they actually brought in aer. And what they wanted to do with AER was be the authorization layer for both their externally facing applications as well as their internal apps. So basically every one of their applications now hooks up to AER to do authorization. They define users and groups and roles and permissions in one place and then every application can actually plug into that instead of having to roll out their own. >>I'd like to switch gears if you don't mind. I get first of all, great update on the company and progress. I'd like to get your thoughts on the cloud computing market. Obviously you were your legendary position, Azure, I mean look at the, look at the progress over the past few years. Just been spectacular from Microsoft and you set the table there. Amazon web service is still, you know, thundering away even though earnings came out, the market's kind of soft still. You know, you see the cloud hyperscalers just continuing to differentiate from software to chips. Yep. Across the board. So the hyperscalers kicking ass taking names, doing great Microsoft right up there. What's the future? Cuz you now have the conversation where, okay, we're calling it super cloud, somebody calling multi-cloud, somebody calling it distributed computing, whatever you wanna call it. The old is now new again, it just looks different as cloud becomes now the next computer industry, >>You got an operating system, you got applications, you got hardware, I mean it's all kind of playing out just on a massive global scale, but you got regions, you got all kinds of connected systems edge. What's your vision on how this plays out? Because things are starting to fall into place. Web assembly to me just points to, you know, app servers are coming back, middleware, Kubernetes containers, VMs are gonna still be there. So you got the progression. What's your, what's your take on this? How would you share, share your thoughts to a friend or the industry, the audience? So what's going on? What's, what's happening right now? What's, what's going on? >>Yeah, it's funny because you know, I remember doing this quite a few years ago with you probably in, you know, 2015 and we were talking about, back then we called it hybrid cloud, right? And it was a vision, but it is actually what's going on. It just took longer for it to get here, right? So back then, you know, the big debate was public cloud or private cloud and you know, back when we were, you know, talking about these ideas, you know, we said, well you know, some applications will always stay on-prem and some applications will move to the cloud. I was just talking to a big bank and they basically said, look, our stated objective now is to move everything we can to the public cloud and we still have a large private cloud investment that will never go away. And so now we have essentially this big operating system that can, you know, abstract all of this stuff. So we have developer platforms that can, you know, sit on top of all these different pieces of infrastructure and you know, kind of based on policy decide where these applications are gonna be scheduled. So, you know, the >>Operating schedule shows like an operating system function. >>Exactly. I mean like we now, we used to have schedulers for one CPU or you know, one box, then we had schedulers for, you know, kind of like a whole cluster and now we have schedulers across the world. >>Yeah. My final question before we kind of get run outta time is what's your thoughts on web assembly? Cuz that's getting a lot of hype here again to kind of look at this next evolution again that's lighter weight kind of feels like an app server kind of direction. What's your, what's your, it's hyped up now, what's your take on that? >>Yeah, it's interesting. I mean back, you know, what's, what's old is new again, right? So, you know, I remember back in the late nineties we got really excited about, you know, JVMs and you know, this notion of right once run anywhere and yeah, you know, I would say that web assembly provides a pretty exciting, you know, window into that where you can take the, you know, sandboxing technology from the JavaScript world, from the browser essentially. And you can, you know, compile an application down to web assembly and have it real, really truly portable. So, you know, we see for example, policies in our world, you know, with opa, one of the hottest things is to take these policies and can compile them to web assemblies so you can actually execute them at the edge, you know, wherever it is that you have a web assembly runtime. >>And so, you know, I was just talking to Scott over at Docker and you know, they're excited about kind of bringing Docker packaging, OCI packaging to web assemblies. So we're gonna see a convergence of all these technologies right now. They're kind of each, each of our, each of them are in a silo, but you know, like we'll see a lot of the patterns, like for example, OCI is gonna become the packaging format for web assemblies as it is becoming the packaging format for policies. So we did the same thing. We basically said, you know what, we want these policies to be packaged as OCI assembly so that you can sign them with cosign and bring the entire ecosystem of tools to bear on OCI packages. So convergence is I think what >>We're, and love, I love your attitude too because it's the open source community and the developers who are actually voting on the quote defacto standard. Yes. You know, if it doesn't work, right, know people know about it. Exactly. It's actually a great new production system. >>So great momentum going on to the press released earlier this week, clearly filling the gaps there that, that you and your, your co-founder saw a long time ago. What's next for the assertive business? Are you hiring? What's going on there? >>Yeah, we are really excited about launching commercially at the end of this year. So one of the things that we were, we wanted to do that we had a promise around and we delivered on our promise was open sourcing our edge authorizer. That was a huge thing for us. And we've now completed, you know, pretty much all the big pieces for AER and now it's time to commercially launch launch. We already have customers in production, you know, design partners, and you know, next year is gonna be the year to really drive commercialization. >>All right. We will be watching this space ery. Thank you so much for joining John and me on the keep. Great to have you back on the program. >>Thank you so much. It was a pleasure. >>Our pleasure as well For our guest and John Furrier, I'm Lisa Martin, you're watching The Cube Live. Michelle floor of Con Cloud Native Con 22. This is day three of our coverage. We will be back with more coverage after a short break. See that.

>>Hey everybody. Welcome back. Good afternoon. Lisa Martin here with John Feer live in Detroit, Michigan. We are at Coon Cloud Native Con 2020s North America. John Thank is who. This is nearing the end of our second day of coverage and one of the things that has been breaking all day on this show is news. News. We have more news to >>Break next. Yeah, this next segment is a company we've been following. They got some news we're gonna get into. Managing Kubernetes life cycle has been a huge challenge when you've got large organizations, whether you're spinning up and scaling scale is the big story. Kubernetes is the center of the conversation. This next segment's gonna be great. It >>Is. We've got two guests from Specter Cloud here. Please welcome. It's CEO Chenery Fu and co-founder and it's c g a co-founder Sta Mallek. Guys, great to have you on the program. Thank >>You for having us. My pleasure. >>So Timary, what's going on? What's the big news? >>Yeah, so we just announced our Palace three this morning. So we add a bunch, a new functionality. So first of all we have a Nest cluster. So enable enterprise to easily provide Kubernete service even on top of their existing clusters. And secondly, we also support seamlessly migration for their existing cluster. We enable them to be able to migrate their cluster into our CNC for upstream Kubernete distro called Pallet extended Kubernetes, GX K without any downtime. And lastly, we also add a lot of focus on developer experience. Those additional capability enable developer to easily onboard and and deploy the application for. They have test and troubleshooting without, they have to have a steep Kubernetes lending curve. >>So big breaking news this morning, pallet 3.0. So you got the, you got the product. This is a big theme here. Developer productivity, ease of use is the top story here. As developers are gonna increase their code velocity cuz they're under a lot of pressure. This infrastructure's getting smarter. This is a big part of managing it. So the toil is now moving to the ops. Steves are now dev teams. Security, you gotta enable faster deployment of apps and code. This is what you guys solve while you getting this right. Is that, take us through that specific value proposition. What's the, what are the key things on in this news release? Yeah, >>You're exactly right. Right. So we basically provide our solution to platform engineering ship so that they can use our platform to enable Kubernetes service to serve their developers and their application ship. And then in the meantime, the developers will be able to easily use Kubernetes or without, They have to learn a lot of what Kubernetes specific things like. So maybe you can get in some >>Detail. Yeah. And absolutely the detail about it is there's a big separation between what operations team does and the development teams that are using the actual capabilities. The development teams don't necessarily to know the internals of Kubernetes. There's so much complexity when it comes, comes into it. How do I do things like deployment pause manifests just too much. So what our platform does, it makes it really simple for them to say, I have a containerized application, I wanna be able to model it. It's a really simple profile and from there, being able to say, I have a database service. I wanna attach to it. I have a specific service. Go run it behind the scenes. Does it run inside of a Nest cluster? Which we'll talk into a little bit. Does it run into a host cluster? Those are happen transparently for >>The developer. You know what I love about this? What you guys are doing in the news, it really points out what I love about DevOps. Because cloud, let's face a cloud early adopters, we're all the hardcore cloud folks as it goes mainstream. With Kubernetes, you start to see like words like platform engineering. I mean I love that term. That means as a platform, it's been around for a while. For people who are building their own stuff, that means it's gonna scale and enable people to enable value, build on top of it, move faster. This platform engineering is becoming now standard in enterprises. It wasn't like that before. What's your eyes reactions that, How do you see that evolving faster? Or do you believe that or what's your take on >>It? Yeah, so I think it's starting from the DevOps op team, right? That every application team, they all try to deploy and manage their application under their own ING infrastructure. But very soon all these each application team, they start realize they have to repeatedly do the same thing. So these will need to have a platform engineering team to basically bring some of common practice to >>That. >>And some people call them SREs like and that's really platform >>Engineering. It is, it is. I mean, you think about like Esther ability to deploy your applications at scale and monitoring and observability. I think what platform engineering does is codify all those best practices. Everything when it comes about how you monitor the actual applications. How do you do c i CD your backups? Instead of not having every single individual development team figuring how to do it themselves. Platform engineer is saying, why don't we actually build policy that we can provide as a service to different development teams so that they can operate their own applications at scale. >>So launching Pellet 3.0 today, you also had a launch in September, so just a few weeks ago. Talk about what these two announcements mean from Specter Cloud's perspective in terms of proof points, what you're delivering to the end users and the value that they're getting from that. >>Yeah, so our goal is really to help enterprise to deploy and around Kubernetes anywhere, right? Whether it's in cloud data center or even at Edge locations. So in September we also announce our HV two capabilities, which enable very easy deployment of Edge Kubernetes, right at at at any any location, like a retail stores restaurant, so on and so forth. So as you know, at Edge location, there's no cloud endpoint there. It's not easy to directly deploy and manage Kubernetes. And also at Edge location there's not, it's not as secure as as cloud or data center environment. So how to make the end to end system more secure, right? That it's temper proof, that is also very, very important. >>Right. Great, great take there. Thanks for explaining that. I gotta ask cuz I'm curious, what's the secret sauce? Is it nested clusters? What's, what's the core under the hood here on 3.0 that people should know about it's news? It's what's, what's the, what's that post important >>To? To be honest, it's about enabling developer velocity. Now how do you enable developer velocity? It's gonna be able for them to think about deploying applications without worrying about Kubernetes being able to build this application profiles. This NEA cluster that we're talking about enables them, they get access to it in complete cluster within seconds. They're essentially having access to be able to add any operations, any capabilities without having the ability to provision a cluster on inside of infrastructure. Whether it's Amazon, Google, or OnPrem. >>So, and you get the dev engine too, right? That that, that's a self-service provisioning in for environments. Is that, Yeah, >>So the dev engine itself are the capabilities that we offer to developers so that they can build these application profiles. What the application profiles, again they define aspects about, my application is gonna be a container, it's gonna be a database service, it's gonna be a helm chart. They define that entire structure inside of it. From there they can choose to say, I wanna deploy this. The target environment, whether it becomes an actual host cluster or a cluster itself is irrelevant to them. For them it's complete transparent. >>So transparency, enabling developer velocity. What's been some of the feedback so far? >>Oh, all developer love that. And also same for all >>The ops team. If it's easy and goods faster and the steps >>Win-win team. Yeah, Ops team, they need a consistency. They need a governance, they need visibility, but in the meantime, developers, they need the flexibility then theys or without a steep learning curve. So this really, >>So So I hear a lot of people say, I got a lot of sprawl, cluster sprawl. Yeah, let's get outta hand does, let's solve that. How do you guys solve that problem? Yeah, >>So the Neste cluster is a profit answer for that. So before you nest cluster, for a lot of enterprise to serving developers, they have to either create a very large TED cluster and then isolated by namespace, which not ideal for a lot of situation because name stay namespace is not a hard isolation and also a lot of global resource like CID and operator does not work in space. But the other way is you give each developer a separate, a separate ADE cluster, but that very quickly become too costly. Cause not every developer is working for four, seven, and half of the time your, your cluster is is a sit there idol and that costs a lot of money. So you cluster, you'll be able to basically do all these inside the your wholesale cluster, bring the >>Efficiency there. That is huge. Yeah. Saves a lot of time. Reduces the steps it takes. So I take, take a minute, my last question to you to explain what's in it for the developer, if they work with Spec Cloud, what is your value? What's the pitch? Not the sales pitch, but like what's the value pitch that >>You give them? Yeah, yeah. And the value for us is again, develop their number of different services and teams people are using today are so many, there are so many different languages or so many different libraries there so many different capabilities. It's too hard for developers to have to understand not only the internal development tools, but also the Kubernetes, the containers of technologies. There's too much for it. Our value prop is making it really easy for them to get access to all these different integrations and tooling without having to learn it. Right? And then being able to very easily say, I wanna deploy this into a cluster. Again, whether it's a Nest cluster or a host cluster. But the next layer on top of that is how do we also share those abilities with other teams. If I build my application profile, I'm developing an application, I should be able to share it with my team members. But Henry saying, Hey Tanner, why don't you also take a look at my app profile and let's build and collaborate together on that. So it's about collaboration and be able to move >>Really fast. I mean, more develops gotta be more productive. That's number one. Number one hit here. Great job. >>Exactly. Last question before we run out Time. Is this ga now? Can folks get their hands on it where >>Yes. Yeah. It is GA and available both as a, as a SaaS and also the store. >>Awesome guys, thank you so much for joining us. Congratulations on the announcement and the momentum that Specter Cloud is empowering itself with. We appreciate your insights on your time. >>Thank you. Thank you so much. Right, pleasure. >>Thanks for having us. For our guest and John Furrier, Lisa Martin here live in Michigan at Co con Cloud native PON 22. Our next guests join us in just a minute. So stick around.

>>Hey guys. Welcome back to Detroit, Michigan. Lisa Martin and John Furrier here live with the cube at Coan Cloud Native Con North America. John, it's been a great day. This is day one of our coverage of three days of coverage. Kubernetes is growing up. Yeah, it's maturing. >>Yeah. We got three days of wall to wall coverage, all about Kubernetes. We about security, large scale, cloud native at scale. That's the big focus. This next segment's gonna be really awesome. You have a fast growing private company and a practitioner, big name, blue chip practitioner, building out next NextGen Cloud first, transforming, then building out the next level. This is classic of what we call super cloud-like, like interview. It's gonna be great. I'm looking forward >>To this anytime we can talk about Super Cloud. All right, please welcome back. One of our alumni, Bani is here, the CEO of Rafe. Great to see you Santos. Ula also joins us, the global head of Cloud SRE at Mass Mutual. Ge. Great to have you on the program. Thanks >>For having us. Thank you for having me. >>So Steve, you've been on the queue many times. You were on just recently with the momentum that that's around us today with the maturation of Kubernetes, the collaboration of the community, the recognition of the community. What are some of the things that you're excited about with on, on day one of the show? >>Wow, so many new companies. I mean, there are companies that I don't know who are here. And I, I, I live in this industry and I'm seeing companies that I don't know, which is a good thing. I mean, it means that the, the community's growing. But at the same time, I'm also seeing another thing, which is I have met more enterprise representatives at this show than other coupons. Like when we hung out at, you know, in Valencia for example, or even, you know, other places. It hasn't been this many people, which means, and this is, this is a good thing that enterprises are now taking Kubernetes seriously. It's not a toy. It's not just for developers. It's enterprises who are now investing in Kubernetes as a foundational component, right. For their applications going forward. And that to me is very, very good. >>Definitely becoming foundational. >>Yep. Well, you guys got a great traction. We had many interviews at the Cube and you got a practitioner here with you. You guys are both pioneering kind of what I call the next gen cloud. First you gotta get through gen one, which you guys done at Mass Mutual, extremely well, take us through the story of your transformation. Cause you're on the, at the front end now of that next inflection point. But take us through how you got here. You had a lot of transformation success at Mass Mutual. >>So I was actually talking about this topic few, few minutes back, right? And, and the whole cloud journey in big companies, large financial institutions, healthcare industry or, or our insurance sector. It takes generations of leadership to get, to get to that perfection level. And, and ideally the, the, the cloud for strategy starts in, and then, and then how do you, how do you standardize and optimize cloud, right? You know, that that's, that's the second gen altogether. And then operationalization of the cloud. And especially if, you know, if you're talking about Kubernetes, you know, in the traditional world, you know, almost every company is running middleware and their applications in middleware. And then containerization is a topic that come, that came in. And docker is, is you know, basically the runtime containerization. So that came in first and from Docker, you know, eventually when companies started adopting Docker, Docker Swarm is one of the technologies that they adopted. And eventually when, when, when we were taking it to a more complicated application implementations or modernization efforts, that's when Kubernetes played a key role. And, and Hasi was pointing out, you know, like you never saw so many companies working on Kubernetes. So that should tell you one story, right? How fast Kubernetes is growing and how important it is for your cloud strategy. So, >>And your success now, and what are you thinking about now? What's on your agenda now as you look forward? What's on your plate? What are you guys doing right now? >>So we are, we are past the stage of, you know, proof of concepts, proof of technologies, pilot implementations. We are actually playing it, you know, the real game now. So in the past I used the quote, you know, like, hello world to real world. So we are actually playing in the real world, not, not in the hello world anymore. Now, now this is where the real time challenges will, will pop up, right? So if you're talking about standardizing it and then optimizing the cloud and how do you put your governance structure in place? How do you make sure your regulations are met? You know, the, the, the demands that come out of regulations are met and, and how, how are you going to scale it and, and, and while scaling, however you wanna to keep up with all the governance and regulations that come with it. So we are in that stage today. >>Has Steve talked about, you talked about the great evolution of what's going on at Mass Mutual has talked a little bit about who, you mentioned one of the things that's surprising you about this Coan and Detroit is that you're seeing a lot more enterprise folks here who, who's deciding in the organization and your customer conversations, Who are the deci decision makers in terms of adoption of Kubernetes these days? Is that elevating? >>Hmm. Well this guy, >>It's usually, you know, one of the things I'm seeing here, and John and I have talked about this in the past, this idea of a platform organization and enterprises. So consistently what I'm seeing is, you know, somebody, a cto, CIO level, you know, individual is making a determin decision. I have multiple internal buss who are now modernizing applications. They're individually investing in DevOps. And this is not a good investment for my business. I'm going to centralize some of this capability so that we can all benefit together. And that team is essentially a platform organization and they're making Kubernetes a shared services platform so that everybody else can come and, and, and sort of, you know, consume it. So what that means to us is our customer is a platform organization and their customer is a developer. So we have to make two constituencies successful. Our customer who's providing a multi-tenant platform, and then their customer who's a developer, both have to be happy. If you don't solve for both, you know, constituencies, you're not gonna be >>Successful. You're targeting the builder of the infrastructure and the consumer of that infrastructure. >>Yes sir. It has to be both. Exactly. Right. Right. So, so that look, honestly, that it, it, you know, it takes iterations to figure these things out, right? But this is a consistent theme that I am seeing. In fact, what I would argue now is that every enterprise should be really stepping back and thinking about what is my platform strategy. Cuz if you don't have a platform strategy, you're gonna have a bunch of different teams who are doing different things and some will be successful and look, some will not be. And that is not good for business. >>Yeah. And, and stage, I wanna get to you, you mentioned that your transformation was what you look forward and your title, global head of cloud sre. Okay, so sre, we all know came from Google, right? Everyone wants to be like Google, but no one wants to be like Google, right? And no one is Google, Google's a unique thing. It's only one Google. But they had the dynamic and the power dynamic of one person to large scale set of servers or infrastructure. But concept is, is, is can be portable, but, but the situation isn't. So board became Kubernetes, that's inside baseball. So you're doing essentially what Google did at their scale you're doing for Mass Mutual. That's kind of what's happening. Is that kind of how I see it? And you guys are playing in there partnering. >>So I I totally agree. Google introduce, sorry, Ty engineering. And, and if you take, you know, the traditional transformation of the roles, right? In the past it was called operations and then DevOps ops came in and then SRE is is the new buzzword. And the future could be something like product engineering, right? And, and, and in this journey, you know, here is what I tell, you know, folks on my side like what worked for Google might not work for a financial company, might not work for an insurance company. So, so, so it's, it's okay to use the word sre, but but the end of the day that SRE has to be tailored down to, to your requirements and and, and the customers that you serve and the technology that you serve. Yep. >>And this is, this is why I'm coming back, this platform engineering. At the end of the day, I think SRE just translates to, you're gonna have a platform engineering team cuz you gotta enable developers to be producing more code faster, better, cheaper guardrails policy. So this, it's kind of becoming the, you serve the business, which is now the developers it used to serve the business Yep. Back in the old days. Hey, the, it serves the business. Yep. Which is a terminal, >>Which is actually true >>Now it the new, it serves the developers, which is the business. Which is the business. Because if digital transformation goes to completion, the company is the app. Yep. >>And the, you know, the, the hard line between development and operations, right? So, so that's thining down over the time, you know, like that that line might disappear. And, and, and that's where asari is fitting in. >>Yeah. And they're building platforms to scale the enablement up that what is, so what is the key challenges you guys are, are both building out together this new transformational direction? What's new and what's the same, The same is probably the business results, but what's the new dynamic involved in rolling it out and making people successful? You got the two constituents, the builders of the infrastructures and the consumers of the services on the other side. What's the new thing? >>So the new thing if, if I may go fast these, so the faster market to, you know, value, right? That we are bringing to the table. That's, that's very important. You know, business has an idea. How do you get that idea implemented in terms of technology and, and take it into real time. So that journey we have cut down, right? Technology is like Kubernetes. It makes, it makes, you know, an IT person's life so easy that, that they can, they can speed up the process in, in, in a traditional way. What used to take like an year or six months can be done in a month today or or less than that, right? So, so there's definitely the losses, speed, velocity, agility in general, and then flexibility. And then the automation that we put in, especially if you have to maintain like thousands of clusters, you know, these, these are today like, you know, it is possible to, to make that happen with a click off a button. In the past it used to take like, you know, probably, you know, a hundred, a hundred percent team and operational team to do it. And a lot of time. But, but, but that automation is happening. You know, and we can get into the technology as much as possible. But, but, you know, blueprinting and all that stuff made >>It possible. Well say that for another interview, we'll do it take time. >>But the, the end user on the other end, the consumer doesn't have the patience that they once had. Right? Right. It's, I want this in my lab now. Now, how does the culture of Mass Mutual, how is it evolv to be able to deliver the velocity that your customers are demanding? >>So if once in a while, you know, it's important to step yourself into the customer's shoes and think it from their, from their, from their perspective, business does not care how you're running your IT shop. What they care about is your stability of the product and the efficiencies of the product and, and, and how, how, how easy it is to reach out to the customers and how well we are serving the customers, right? So whether I'm implementing Docker in the background, Dr. Swam or es you know, business doesn't even care about it. What they really care about it is if your environment goes down, it's a problem. And, and, and if you, if your environment or if your solution is not as efficient as the business needs, that's the problem, right? So, so at that point, the business will step in. So our job is to make sure, you know, from an, from a technology perspective, how fast you can make implement it and how efficiently you can implement it. And at the same time, how do you play within the guardrails of security and compliance. >>So I was gonna ask you if you have VMware in your environment, cause a lot of clients compare what vCenter does for Kubernetes is really needed. And I think that's what you guys got going on. I I can say that you're the v center of Kubernetes. I mean, as a, as an as an metaphor, a place to manage it all is all 1, 1 1 paint of glass, so to speak. Is that how you see success in your environment? >>So virtualization has gone a long way, you know where we started, what we call bare metal servers, and then we virtualized operating systems. Now we are virtualizing applications and, and we are virtualizing platforms as well, right? So that's where Kubernetes basically got. >>So you see the need for a vCenter like thing for Uber, >>Definitely a need in the market in the way you need to think is like, you know, let's say there is, there is an insurance company who actually mented it and, and they gain the market advantage. Right? Now the, the the competition wants to do it as well, right? So, so, so there's definitely a virtualization of application layer that, that, that's very critical and it's, it's a critical component of cloud strategy as >>A whole. See, you're too humble to say it. I'll say you like the V center of Kubernetes, Explain what that means and your turn. If I said that to you, what would you react? How would you react to that? Would say bs or would you say on point, >>Maybe we should think about what does vCenter do today? Right? It's, it's so in my opinion, by the way, well vCenter in my opinion is one of the best platforms ever built. Like ha it's the best platform in my opinion ever built. It's, VMware did an amazing job because they took an IT engineer and they made him now be able to do storage management, networking management, VMs, multitenancy, access management audit, everything that you need to run a data center, you can do from a single, essentially single >>Platform, from a utility standpoint home >>Run. It's amazing, right? Yeah, it is because you are now able to empower people to do way more. Well why are we not doing that for Kubernetes? So the, the premise man Rafa was, well, oh, bless, I should have IT engineers, same engineers now they should be able to run fleets of clusters. That's what people that mass major are able to do now, right? So to that end, now you need cluster management, you need access management, you need blueprinting, you need policy management, you need ac, you know, all of these things that have happened before chargebacks, they used to have it in, in V center. Now they need to happen in other platforms. But for es so should do we do many of the things that vCenter does? Yes. >>Kind >>Of. Yeah. Are we a vCenter for es? Yeah, that is a John Forer question. >>All right, well, I, I'll, the speculation really goes back down to the earlier speed question. If you can take away the, the complexity and not make it more steps or change a tool chain or do something, then the devs move faster and the service layer that serves the business, the new organization has to enable speed. So this, this is becoming a, a real discussion point in the industry is that, oh yeah, we've got new tool, look at the shiny new toy. But if it doesn't move the needle, does it help productivity for developers? And does it actually scale up the enablement? That's the question. So I'm sure you guys are thinking about this a lot, what's your reaction? >>Yeah, absolutely. And one thing that just, you know, hit my mind is think about, you know, the hoteling industry before Airbnb and after Airbnb, right? Or, or, or the taxi industry, you know, before Uber and after Uber, right? So if I'm providing a platform, a Kubernetes platform for my application folks or for my application partners, they have everything ready. All they need to do is like, you know, build their application and deployed and running, right? They, they, they don't have to worry about provisioning of the servers and then building the middleware on top of it and then, you know, do a bunch of testing to make sure, you know, they, they, they iron out all the, all the compatible issues and whatnot. Yeah. Now, now, today, all I, all I say is like, hey, you have, we have a platform built for you. You just build your application and then deploy it in a development environment. That's where you put all the pieces of puzzle together, make sure you see your application working, and then the next thing that, that you do is like, you know, you know, build >>Production, chip, build production, go and chip release it. Yeah, that's the nirvana. But then we're there. I mean, we're there now we're there. So we see the future. Because if you, if that's the case, then the developers are the business. They have to be coding more features, they have to react to customers. They might see new business opportunities from a revenue standpoint that could be creatively built, got low code, no code, headless systems. These things are happening where this I call the architectural list environment where it's like, you don't need architecture, it's already happening. >>Yeah. And, and on top of it, you know, if, if someone has an idea, they want to implement an idea real quick, right? So how do you do it? Right? And, and, and you don't have to struggle building an environment to implement your idea and testers in real time, right? So, so from an innovation perspective, you know, agility plays a key role. And, and that, that's where the Kubernetes platforms or platforms like Kubernetes >>Plays. You know, Lisa, when we talked to Andy Chasy, when he was the CEO of aws, either one on one or on the cube, he always said, and this is kind of happening, companies are gonna be builders where it's not just utility. You need that table stakes to enable that new business idea. And so he, this last keynote, he did this big thing like, you know, think like your developers are the next entrepreneurial revenue generators. And I think that, I think starting to see that, what do you think about that? You see that coming sooner than later? Or is that in, in sight or is that still ways away? >>I, I think it's already happening at a level, at a certain level now. Now the question comes back to, you know, taking it to the reality, right? Yeah. I mean, you can, you can do your proof of concept, proof of technologies, and then, and then prove it out. Like, Hey, I got a new idea. This idea is great. Yeah. And, and it's to the business advantage, right? But we really want to see it in production live where your customers are actually >>Using it and the board meetings, Hey, we got a new idea that came in, generating more revenue, where'd that come from? Agile developer. Again, this is real. Yeah, >>Yeah. >>Absolutely agree. Yeah. I think, think both of you gentlemen said a word in, in your, as you were talking, you used the word guardrails, right? I think, you know, we're talking about rigidity, but you know, the really important thing is, look, these are enterprises, right? They have certain expectations. Guardrails is key, right? So it's automation with the guardrails. Yeah. Guardrails are like children, you know, you know, shouldn't be hurt. You know, they're seen but not hurt. Developers don't care about guard rails. They just wanna go fast. They also bounce >>Around a little bit. Yeah. Off the guardrails. >>One thing we know that's not gonna slow down is, is the expectations, right? Of all the consumers of this, the Ds the business, the, the business top line, and of course the customers. So the ability to, to really, as your website says, let's see, make life easy for platform teams is not trivial. And clearly what you guys are talking about here is you're, you're really an enabler of those platform teams, it sounds like to me. Yep. So, great work, guys. Thank you so much for both coming on the program, talking about what you're doing together, how you're seeing the, the evolution of Kubernetes, why, and really what the focus should be on those platform games. We appreciate all your time and your insights. >>Thank you so much for having us. Thanks >>For our pleasure. For our guests and for John Furrier, I'm Lisa Martin. You're watching The Cube Live, Cobe Con, Cloud Native con from Detroit. We've out with our next guest in just a minute, so stick around.

>>Good afternoon and welcome back to Detroit, Lisa Martin here with John Furrier. We are live day two of our coverage of Coan Cloud Native, Con North America. John, we've had great conversations. Yeah. All day yesterday. Half a day today. So far we're talking all things, Well, not all things Kubernetes so much more than that. We also have to talk about storage and data management solutions for Kubernetes projects, cuz that's obviously critical. >>Yeah, I mean the big trend here is Kubernetes going mainstream has been for a while. The adopt is crossing over, it's crossing the CADs and with that you're seeing security concerns. You're seeing things being gaps being filled. But enterprise grade is really the, the, the story. It's going enterprise, that's managed services, that's professional service, that's basically making things work at scale. This next segment hits that, that part, and we're gonna talk about it in grade length >>With one of our alumni morale to Molly is back VP and GM of Port Work's peer Storage. Great to have you back really? >>Yeah, absolutely. Delightful to >>Be here. So I was looking on the website, number one in Kubernetes storage. Three years in a row. Yep. Awesome. What's Coworks doing here at KU Con? >>Well, I'll tell you, we, our engineering crew has been so productive and hard at work that I almost can't decide what to kind of tell you. But I thought what, what, what I thought I would do is kind of tell you that we are in forefront of two major trends in the world of es. Right? And the, the two trends that I see are one is as a service, so is trend number one. So it's not software eating the world anymore. That's, that's old, old, old news. It's as a service, unifying the world. The world wants easy, We all are, you know, subscribers to things like Netflix. We've been using Salesforce or other HR functions. Everything is as a service. And in the world of Kubernetes, it's a sign of that maturity that John was talking about as a platform that now as a service is the big trend. >>And so headline number one, if you will, is that Port Works is leading in the data management world for the Kubernetes by providing, we're going all in on easy on as a service. So everything we do, we are satisfying it, right? So if you think, if you think about, if you think about this, that, that there are really, most of the people who are consuming Kubernetes are people who are building platforms for their dev users and their users want self service. That's one of the advantages of, of, of Kubernetes. And the more it is service size and made as a service, the more ready to consume it is. And so we are announcing at the show that we have, you know, the basic Kubernetes data management as a service, ha d r as a service. We have backup as a service and we have database as a service. So these are the three major components of data. And all of those are being made available as a service. And in fact, we're offering and announcing at the show our backup as a service freemium version where you can get free forever a terabyte of, of, you know, stuff to do for Kubernetes for forever. >>Congratulations on the announcement. Totally. In line with what the market wants. Developers want self serve, they wanna also want simplicity by the way they'll leave if they don't like the service. Correct. So that you, you know, that before we get into some more specifics, I want to Yeah. Ask you on the industry and some of the point solutions you have, what, it's been two years since the acquisition with Pure Storage. Can you just give an update on how it's gone? Obviously as a service, you guys are hitting all your Marks, developers love it. Storage a big part of the game right now as well as these environments. Yeah. What's the update post acquisition two years, You had a great offering Stay >>Right In Point Works. Yeah. So look, John, you're, you're, you're a veteran of the industry and have seen lots of acquisitions, right? And I've been acquired twice before myself. So, you know, there's, there's always best practices and poor practices in terms of acquisitions and I'm, you know, really delighted to say I think this, this acquisition has had some of the best practices. Let me just name a couple of them, right? One of them is just cultural fit, right? Cultural fit is great. Entrepreneurs, anybody, it's not just entrepreneurs. Everybody loves to work in a place they enjoy working with, with people that they, you know, thrive when they, when they interact with. And so the cultural fit with, with Pure is fantastic. The other one is the strategic intent that Pure had when they acquired us is still true. And so that goes a long way, you know, in terms of an investment profile, in terms of the ability to kind of leverage assets within the company. So Pure had kind of disrupted the world of storage using Flash and they wanted to disrupt higher up the stack using Kubernetes. And that's kind of been our role inside their strategy. And it's, it's still true. >>So culture, strategic intent. Yeah. Product market fit as well. You were, you weren't just an asset for customers or acquisition and then let the founders go through their next thing. You are part of their growth play. >>Absolutely. Right. The, the beauty of, of the kind of product market fit is, let's talk about the market is we have been always focused on the global two k and that is at the heart of, you know, purest 10,000 strong customer base, right? They have very strong presence in the, in the global two k. And we, we allow them to kind of go to those same folks with, with the offering. >>So satisfying everything that you do. What's for me as a business, whether I'm a financial services organization, I'm a hospital, I'm a retailer, what's in it for me >>As a customer? Yeah. So the, the what's in it for, for me is two things. It's speed and ease of use, which in a way are related. But, but, but you know, one is when something is provided as a service, it's much more consumable. It's instantly ready. It's like instant oatmeal, right? You just get it just adho water and it's there. Yep. So the world of of IT has moved from owning large data centers, right? That used to be like 25 years ago and running those data centers better than everybody else to move to let me just consume a data center in the form of a cloud, right? So satisfying the cloud part of the data center. Now people are saying, well I expect that for software and services and I don't want it just from the public cloud, I want it from my own IT department. >>This is old news. And so the, the, the big news here is how fast Kubernetes has kind of moved everything. You know, you take a lot of these changes, Kubernetes is a poster child for things happening faster than the last wave. And in the last couple of years I would say that as a service model has really kind of thrived in the world of Kubernetes. And developers want to be able to get it fast. And the second thing is they wanna be able to operate it fast. Self-service is the other benefit. Yeah. So speed and self-service are both benefits of, of >>This. Yeah. And, and the thing that's come up clearly in the cube, and this is gonna be part of the headlines, we'll probably end up getting a lot of highlights from telling my team to make a note of this, is that developers are gonna be be the business if you, if you take digital transformation to its conclusion, they're not a department that serves the business, they are the business that means Exactly. They have to be more productive. So developer productivity has been the top story. Yes. Security as a services, all these things. These are, these are examples to make developers more productive. But one of the things that came up and I wanna get your reaction to Yeah. Is, is that when you have disruption and, and the storage vision, you know what disruption it means. Cuz there's been a whole discussion around disruptive operations. When storage goes down, you have back DR. And failover. If there's a disruption that changes the nature of invisible infrastructure, developers want invisible infrastructure. That's the future steady state. So if there's a disruption in storage >>Yeah. It >>Can't affect the productivity and the tool chains and the workflows of developers. Yep. Right? So how do you guys look at that? Cause you're a critical component. Storage is a service, it's a huge thing. Yeah. Storage has to, has to work seamlessly. And let's keep the developers out of the weeds. >>John. I think what, what what you put your finger on is another huge trend in the world of Kubernetes where Atan after all, which is really where, where all the leading practitioners both come and the leading vendors are. So here's the second trend that we are leading and, and actually I think it's happening not just with us, but with other, for folks in the industry. And that is, you know, the world of DevOps. Like DevOps has been such a catchphrase for all of of us in the industry last five years. And it's been both a combination of cultural change as well as technology change. Here's what the latest is on the, in the world of DevOps. DevOps is now crystallized. It's not some kind of mysterious art form that you read about. Okay. How people are practicing. DevOps is, it's broken into two, two things now. >>There is the platform part. So DevOps is now a bunch of platforms. And the other part of DevOps is a bunch of practices. So a little bit on both these, the platforms in the world of es there's only three platforms, right? There's the orchestration platforms, the, you know, eks, the open ships of the world and so on. There are the data management platforms, pro people like Port Works. And the third is security platforms, right? You know, Palo Alto Networks, others Aqua are all in this. So these are the three platforms and there are platform engineering teams now that many of our largest customers, some of the largest banks, the largest service providers, they're all operating as a ES platform engineering team. And then now developers, to your point, developers are in the practice of being able to use these platforms to launch new services. So the, the actual IT ops, the ops are run by developers now and they can do it on these platforms. And the platform engineering team provide that as an ease of use and they're there to troubleshoot when problems happen. So the idea of DevOps as a ops practice and a platform is the newest thing. And, and ports and pure storage leading in the world of data management >>Platforms there. Talk about a customer example that you think really articulates the value that Port Works and Pure Storage delivers from a data management >>Perspective. Yeah, so there's so many examples. One of the, one of the longest running examples we have is a very, very large service provider that, you know, you all know and probably use, and they have been using us in the cable kind of set box or cable box business. They get streams of data from, from cable boxes all over the world. They collected all in a centralized large kind of thing and run elastic search and analytics on it. Now what they have done is they couldn't keep up with this at the scale and the depth, right? The speed of, of activity and the distributed nature of the activity. The only way to solve this was to use something like Kubernetes manage with Spark coming, bringing all the data in into deep, deep, deep silos of storage, which are all running not even on a sand, but on kind of, you know, very deep terabytes and terabytes of, of storage. So all of this is orchestrated with the he of Coworks and there's a platform engineering team. We are building that platform for them, them with some of these other components that allows them to kind of do analytics and, and make some changes in real time. Huge kind of setup for, for >>That. Yeah. Well, you guys have the right architecture. I love the vision. I love what you guys are doing. I think this is right in line with Pures. They've always been disruptors. I remember when we first interviewed the CEO and they started Yep. They, they stayed on path. They didn't waver. EMC was the big player. They ended up taking their lunch and dinner as well and they beat 'em in the marketplace. But now you got this traction here. So I have to ask you, how's the business, what's the results look like? You're a GM cloud native business unit of a storage company that's transformed and transforming. >>Yeah, you know, it's interesting, we just hit the two year anniversary, right John? And so what we did was just kind of like step back and hey to, you know, we're running so hard, you just take a step back and we've tripled the business in the two years since the acquisition, the two years before and, and we were growing through proven. So, you know, that that's quite a fee. And we've tripled the number of people, the amount of engineering investments we have, the number of go to market investments have been, have been awesome. So business is going really well though, I will say. But I think, you know, we have, we can't be, we're watching the market closely. You know, as a former ceo, I, you have to kind of learn to read the tea leaves when you invest. And I think, you know, what I would say is we're proceeding with caution in the next two quarters. I view business transformation as not a cancelable activity. So that's the, that's the good news, right? Our customers are large, >>It's >>Right. Never gonna stop prices, right? All they're gonna do is say, Hey, they're gonna put their hand, their hand was always going right on the dial. Now they're kind of putting their hand on the dial going, hey, where, what is happening? But my, my own sense of this is that people who continue to invest through it, the question is at what level? And I also think that this is a six month kind of watch, the watch where, where we put the dial. So Q4 and q1 I think are kind of, you know, we have our, our watch kind of watch the market sign. But I have the highest confidence. What >>Does your gut tell you? You're an >>Entrepreneur. My, my gut says that we'll go through a little bit of a cautious investment period in the next six months. And after that I think we're gonna be back in, back full, full in the crazy growth that we've always been. Yeah. We're gonna grow by the way, in the next, I think >>It's corn style. I think I'm, I'm more bullish. I think it's gonna be some, you know, weeding out of some overinvestment, pre covid or pre bubble. But I think tech's gonna continue to grow. I don't see >>It's stopping. Yeah. And, and the investment is gonna be on these core platforms. See, back to the platform story, it's gonna be in these lower platforms and on unifying everything, let's consume it better rather than let's go kind of experiment with a whole bunch of things all over the map, right? So you'll see less experimentation and more kind of, let's harvest some of the investments we've made in the last couple >>Of years and actually be able to, to enable companies in, in the industry to truly be data companies because absolutely. We talked about as a service, we all have these expectations that any service we want, we can get it. Yes. There's no delay because patients has gone Yeah. From the pandemic. >>So it is kind of, you know, tightening up the screws on what they've built. They, you know, adding some polish to it, adding some more capability, like I said, a, a a, a combination of harvesting and new investing. It's a combination I think is what we're gonna see. >>Yeah. What are some of the things that you're looking forward to? You talked about some of the, the growth things in the investment, but as we round out Q4 and head into a new year, what are you excited about? >>Yeah, so, you know, I mentioned our, as a service kind of platform. The global two K for us has been a set of customers who we co-create stuff with. And so one of the other set of things that we are very excited about and announcing is because we're deployed at scale, we're, we're, we have upgraded our backend. So we have now the ability to go to million IOPS and more and, and for, for the right backends. And so Kubernetes is a add-on, which will not slow down your, your core base infrastructure. Second thing that that we, we have is added a bunch of capability in the disaster recovery business continuity front, you know, we always had like metro kind of distance Dr. We had long distance dr. We've added a near sync Dr. So now we can provide disaster recovery and business continuity for metro distances across continents and across the planet. Right? That's kind of a major change that we've done. The third thing is we've added the capability for file block and Object. So now by adding object, we're really a complete solution. So it is really that maturity of the business Yeah. That you start seeing as enterprises move to embracing a platform approach, deploying it much more widely. You talked about the early majority. Yeah. Right. And so what they require is more enterprise class capability and those are all the things that we've been adding and we're really looking forward to it. >>Well it sounds like tremendous evolution and maturation of Port Works in the two years since it's been with Pure Storage. You talked about the cultural alignment, Great stuff that you are achieving. Congratulations on that. Great stuff >>Ahead and having fun. Let's not forget that that's too life's too short to do. It is. You're right. >>Right. Thank you. We will definitely, as always on the cube, keep our eyes on this space. Mur. Meley, it's been great to have you back on the program. Thank you for joining, John. >>Great. Thank you so much. It's a pleasure. Our, >>For our guests and John Furrier, Lisa Martin here live in Detroit with the cube about Cob Con Cloud native Con at 22. We'll be back after a short break.

>> Good afternoon everyone, and welcome back to theCUBE where we're coming to you live from Detroit, Michigan at KubeCon and Cloud Native Con. We're going to keep theCUBE puns coming this afternoon because we have the pleasure of being joined by not one but two guests from Kubiya. John Furrier, my wonderful co-host. You're familiar with these guys. You just chatted with them last week. >> We broke the story of their launch and featured them on theCUBE in our studio conversation. This is a great segment. Real innovative company with lofty goals, and they're really good ones. Looking forward to it. >> If that's not a tease to keep watching I don't know what is. (John laughs) Without further ado, on that note, allow me to introduce Amit and Shaked who are here to tell us all about Kubiya. And I'm going to blow the pitch for you a little bit just because this gets me excited. (all laugh) They're essentially the Siri of DevOps, but that means you can, you can create using voice or chat or any medium. Am I right? Is this? Yeah? >> You're hired. >> Excellent. (all laugh) >> Okay. >> We'll take it. >> Who knows what I'll tell the chat to do or what I'll, what I will control with my voice, but I love where you're. >> Absolutely. I'll just give the high level. Conversational AI for the world of DevOps. Kind of redefining how self-service DevOps is supposed to be essentially accessed, right? As opposed to just having siloed information. You know, having different platforms that require an operator or somebody who's using it to know exactly how they're accessing what they're doing and so forth. Essentially, the ability to express your intent in natural language, English, or any language I use. >> It's quite literally the language barrier sometimes. >> Precisely. >> Both from the spoken as well as code language. And it sounds like you're eliminating that as an obstacle. >> We're essentially saying, turn simple, complex cast into simple conversations. That's, that's really what we're saying here. >> So let's get into the launch. You just launched a fresh startup. >> Yeah, yeah, yeah. >> Yeah. >> So you guys are going to take on the world. Lofty goals if that. I had the briefing. Where's the origination story come from? What, how did you guys get here? Was it a problem that you saw, you were experiencing, an itch you were scratching? What was the motivation and what's the origination story? >> Shaked: So. >> Amit: Okay, go first please. >> Essentially everything started with my experience as being an operator. I used to be a DevOps engineer for a few years for a large (indistinct) company. On later stages I even managed an SRE team. So all of these access requires Q and A staff is something that I experience nonstop on Slack or Teams, all of these communication channels. And usually I find out that everything happens from the chat. So essentially back then I created a chat bot. I connect this chat bot to the different organizational tools, and instead of the developers approaching to me or the team using the on call channel or directly they will just approach the bot. But essentially the bot was very naive, and they still needed to know what they, they want to do inside the bot. But it's still managed to solve 70% of the complexity and the toil on us as a team so we could focus on innovation. So Kubiya's a more advanced version of it. Basically with Kubiya you can define what we call workflows, and we convert all of these complexity of access request into simple conversations that the end users, which could be developers, but not only, are having with a DevOps team. So that's essentially how it works, and we're very excited about it. >> So you were up all night answering the same question over and over again. (all laugh) And you said, Hey, screw it. I'm going to just create a bot, bot myself up. (Shaked laughs) But it gets at something important. I mean, I'm not just joking. It probably happened, right? That was probably the case. You were up all night telling. >> Yeah, I mean it was usually stuff that we didn't need to maintain. It was training requests and questions that just keep on repeating themselves. And actually we were in Israel, but we sell three different time zones of developers. So all of these developers, as soon as the day finishes in Israel, the day in the US started. So they will approach us from the US. So we didn't really sleep. (all laugh) As with these requests non-stop. >> It's that 24 hour. >> Yeah, yeah. 24 hours for a single team. >> So the world clock global (indistinct) catches you a little sometimes. Yeah. >> Yeah, exactly. >> So you basically take all the things that you know that are common and then make a chat bot answering as if you're you. But this brings up the whole question of chat bot utilization. There's been a lot of debate in the AI circles that chat bots really haven't made it. They're not, they haven't been good enough. So 'cause NLP and other trivial, >> Amit: Sure. or things that haven't really clicked. What's different now? How do you guys see your approach cracking the code to go that kind of reasoning level? Bots can reason? Now we're in business. >> Yeah. Most of the chat bots are general purpose, right? We're coming with the domain expertise. We know the pain from the inside. We know how the operators want to define such conversations that users might have with the virtual assistant. So we combined all of the technical tools that are needed in order to get it going. So we have a a DSL, domain specific language, where the operators can define these easy conversations and combine all of the different organizational tools which can be done using DSDK. Besides this fact, we have a no code, for less technical people to create such workflows even with no code interface. And we have a CLI, which you could use to leverage the power of the virtual assist even right from your terminal. So that's how I see the domain expertise coming in that we have different communication channels for everyone that needs to be inside the loop. >> That's awesome. >> And I, and I can add to that. So that's one element, which is the domain expertise. The other one is really our huge differentiator, the ability to let the end users influence the system itself. So essentially. >> John: Like how? Give me an example. >> Sure. We call it teach me feature, but essentially if you have any type of a request and the system hasn't created an automation or hasn't, doesn't recognize it, you can go ahead and bind that into your intent and next time, and you can define the scope for yourself only, for the team, or even for the entire organization that actually has to have permission to access the request and control and so on. >> Savannah: That's something. Yeah, I love that as a knowledge base. I mean a custom tool kit. >> Absolutely. >> And I like that you just said for the individual. So let's say I have some crazy workflows that I don't need anybody else to know about. >> 100 percent. >> I can customize my experience. >> Mm hmm. >> Do you see your, this is really interesting, and I'm, it's surprising to me we haven't seen a lot of players in this space before because what you're doing makes a lot of sense to me, especially as someone who is less technical. >> Yeah. >> Do you view yourselves as a gateway tool for more folks to be involved in more complex technology? >> So, so I'll take that. It's not that we haven't seen advanced virtual assistants. They've existed in different worlds. >> Savannah: Right. >> Up until now they've existed more in CRM tools. >> Savannah: Right. >> Call centers, right? >> Shaked: Yeah. >> You go on to Ralph Lauren, Calvin Klein, you go and chat with. Now imagine you can bring that into a world of dev tools that has high domain expertise, high technical amplitude, and now you can go and combine the domain expertise with the accessibility of conversational AI. That's, that's a unique feature here. >> What's the biggest thing that's surprised you with the launch so far? The reaction to the name, Kubiya, which is Cube in Hebrew. >> Amit: Yes. >> Apparently. >> Savannah: Which I love. >> Which by the way, you know, we have a TM and R on our Cube. (all laugh) So we can talk, you know, license rights. >> Let's drop the trademark rules today, John, here. We're here to share information. Confuse the audience. Sorry about that, by the way. (all laugh) >> We're an open source, inclusive culture. We'll let it slide this time. >> The KubeCon, theCUBE, and Kubiya. (John laughs) In the Hebrew we have this saying, third time we all have ice cream. So. (all laugh) >> I think there's some ice cream over there actually. >> There is. >> Yeah, yeah. There you go. >> All kidding aside, all fun. What's, what's been the reaction? Got some press coverage. We had the launch. You guys launched with theCUBE in here, big reception. What's been the common feedback? >> And really, I think I expected this, but I didn't expect this much. Really, the fact that people really believe in our thesis, really expect great things from us, right? We've starting to working with. >> Savannah: Now the pressure's on. >> Rolling out dozens of POCs, but even that requires obviously a lot of attention to the detail, which we're rolling out. This is effectively what we're seeing. People love the fact that you have a unique and fresh way to approaching the self-service which really has been stalled for a while. And we've recognized that. I think our thesis is where we. >> Okay, so as a startup you have lofty goals, you have investors now. >> Amit: Yeah. >> Congratulations. >> Amit: Thank you. >> They're going to want to keep the traction going, but as a north star, what's your, what are you going to, what are you going to take? What territory are you going to take? Is it new territory? Are you eating someone's lunch? Who are you going to be competing with? What's the target? What's the, what's the? >> Sure, sure. >> I'm sure you guys have it. Who are you takin' over? >> I think the gateway, the entry point to every organization is a bottleneck. You solve the hard problem first. That's where you can go into other directions, and you can imagine where other operational workflows and pains that we can help solve once we have essentially the DevOps. >> John: So you see this as greenfield, new opportunity? >> I believe so. >> Is there any incumbent you see out there? An old stodgy? >> Today we're on internal developer platform service catalog type of, you know, use cases. >> John: Yeah. >> But that's kind of where we can grow from there and have the ecosystem essentially embrace us. >> John: How about the technology platform? >> Amit: Yeah. >> What's the vision for the innovation? >> Essentially want to be able to integrate with all of the different cloud providers, cloud solutions, SaaS platforms, and take the atlas approach that they were using right to the chats from everywhere to anywhere. So essentially we want in the end that users will be able to do anything that they need inside all of these complicated platforms, which some of them are totally complicated, with plain English. >> So what's the biggest challenge for you then on that front leading the technology side of the team? >> So I would say that the conversational AI part is truly complicated because it requires to extract many types of intentions from different types of users and also integrate with so many tools and solutions. >> Savannah: Yeah. So it requires a lot of thinking, a lot of architecture, but we are doing it just fine. >> Awesome. What do you guys think about KubeCon this week? What's, what's the top story that you see emerging out of this? Just generally as an industry observer, what's the most important? >> Savannah: Maybe it's them. Announcement halo. >> What's the cover story that you see? (all laugh) I mean you guys are in the innovation intent-based infrastructure. I get that. >> So obviously everyone's looking to diversify their engineering, diversify their platforms to make sure they're as decoupled from the main CSPs as possible. So being able to build their own, and we're really helping enable a lot of that in there. We're really helping improve upon that open source together with managed platforms can really play a very nice game together. So. >> Awesome. So are you guys hiring, recruiting? Tell us about the team DNA. Now you're in Tel Aviv. You're in the bay. >> Shaked: Check our openings on LinkedIn. (all laugh) >> We have a dozen job postings on our website. Obviously engineering and sales then go to market. >> So when theCUBE comes to Tel Aviv, and we have a location there. >> Yeah. >> Will you be, share some space? >> Savannah: Is this our Tel Aviv office happening right now? I love this. >> Amit: We will be hosting you. >> John: theCube with a C and Kube with a K over there. >> Yeah. >> All one happy family. >> Would love that. >> Get some ice cream. >> Would love that. >> All right, so last question for you all. You just had a very big exciting announcement. It's a bit of a coming out party for you. What do you hope to be able to say in a year that you can't currently say right now? When you join us on theCUBE next time? >> No, no, it's absolutely. I think our thesis that you can turn conversations into operations. It's, it sounds obvious to you when you think about it, but it's not trivial when you look into the workflows, into the operations. The fact that we can actually go a year from today and say we got hundreds of customers, happy customers who've proven the thesis or sharing knowledge between themselves, that would be euphoric for us. >> All right. >> You really are about helping people. >> Absolutely. >> It doesn't seem like it's a lip service from both of you. >> No. (all laugh) >> Is there going to be levels of bot, like level one bot level two, level three, and then finally the SRE gets on the phone? Is that like some point? >> Is there going to be bot singularity? Is that, is that what we're exploring right now? (overlapping chatter) >> Some kind of escalation bot. >> Enlightenment with bots. >> We actually planning a feature we want to call a handoff where a human in the loop is required, which often is needed. Machine cannot do it alone. We'll just. >> Yeah, I think it makes total sense for geos, ops at the same. >> Shaked: Yeah. >> But not exactly the same. Really good, good solution. I love the direction. Congratulations on the launch. >> Shaked: Thank you so much. >> Amit: Thank you very much. >> Yeah, that's very exciting. You can obviously look, check out that news on Silicon Angle since we had the pleasure of breaking it. >> Absolutely. >> If people would like to say hi, stalk you on the internet, where's the best place for them to do that? >> Be on our Twitter and LinkedIn handles of course. So we have kubiya.ai. We also have a free trial until the end of the year, and we also have free forever tier, that people can sign up, play, and come say hi. I mean, we'd love to chat. >> I love it. Well, Amit, Shaked, thank you so much for being with us. >> Shaked: Thank you so much. >> John, thanks for sitting to my left for the entire day. I sincerely appreciate it. >> Just glad I can help out. >> And thank you all for tuning in to this wonderful edition of theCUBE Live from Detroit at KubeCon. Who knows what my voice will be controlling next, but either way, I hope you are there to find out. >> Amit: Love it.

>>Keon Cloud Native Con kicks off in Detroit on October 24th, and we're pleased to have Stewart Miniman, who's the director of Market Insights, hi, at, for hybrid platforms at Red Hat back in the studio to help us understand the key trends to look for at the events. Do welcome back, like old, old, old >>Home. Thank you, David. It's great to, great to see you and always love doing these previews, even though Dave, come on. How many years have I told you Cloud native con, It's a hoodie crowd. They're gonna totally call you out for where in a tie and things like that. I, I know you want to be an ESPN sportscaster, but you know, I I, I, I still don't think even after, you know, this show's been around for so many years that there's gonna be too many ties into Troy. I >>Know I left the hoodie in my off, I'm sorry folks, but hey, we'll just have to go for it. Okay. Containers generally, and Kubernetes specifically continue to show very strong spending momentum in the ETR survey data. So let's bring up this slide that shows the ETR sectors, all the sectors in the tax taxonomy with net score or spending velocity in the vertical axis and pervasiveness on the horizontal axis. Now, that red dotted line that you see, that marks the elevated 40% mark, anything above that is considered highly elevated in terms of momentum. Now, for years, the big four areas of momentum that shine above all the rest have been cloud containers, rpa, and ML slash ai for the first time in 10 quarters, ML and AI and RPA have dropped below the 40% line, leaving only cloud and containers in rarefied air. Now, Stu, I'm sure this data doesn't surprise you, but what do you make of this? >>Yeah, well, well, Dave, I, I did an interview with at Deepak who owns all the container and open source activity at Amazon earlier this year, and his comment was, the default deployment mechanism in Amazon is containers. So when I look at your data and I see containers and cloud going in sync, yeah, that, that's, that's how we see things. We're helping lots of customers in their overall adoption. And this cloud native ecosystem is still, you know, we're still in that Cambridge explosion of new projects, new opportunities, AI's a great workload for these type type of technologies. So it's really becoming pervasive in the marketplace. >>And, and I feel like the cloud and containers go hand in hand, so it's not surprising to see those two above >>The 40%. You know, there, there's nothing to say that, Look, can I run my containers in my data center and not do the public cloud? Sure. But in the public cloud, the default is the container. And one of the hot discussions we've been having in this ecosystem for a number of years is edge computing. And of course, you know, I want something that that's small and lightweight and can do things really fast. A lot of times it's an AI workload out there, and containers is a great fit at the edge too. So wherever it goes, containers is a good fit, which has been keeping my group at Red Hat pretty busy. >>So let's talk about some of those high level stats that we put together and preview for the event. So it's really around the adoption of open source software and Kubernetes. Here's, you know, a few fun facts. So according to the state of enterprise open source report, which was published by Red Hat, although it was based on a blind survey, nobody knew that that Red Hat was, you know, initiating it. 80% of IT execs expect to increase their use of enterprise open source software. Now, the CNCF community has currently more than 120,000 developers. That's insane when you think about that developer resource. 73% of organizations in the most recent CNCF annual survey are using Kubernetes. Now, despite the momentum, according to that same Red Hat survey, adoption barriers remain for some organizations. Stu, I'd love you to talk about this specifically around skill sets, and then we've highlighted some of the other trends that we expect to see at the event around Stu. I'd love to, again, your, get your thoughts on the preview. You've done a number of these events, automation, security, governance, governance at scale, edge deployments, which you just mentioned among others. Now Kubernetes is eight years old, and I always hear people talking about there's something coming beyond Kubernetes, but it looks like we're just getting started. Yeah, >>Dave, It, it is still relatively early days. The CMC F survey, I think said, you know, 96% of companies when they, when CMC F surveyed them last year, were either deploying Kubernetes or had plans to deploy it. But when I talked to enterprises, nobody has said like, Hey, we've got every group on board and all of our applications are on. It is a multi-year journey for most companies and plenty of them. If you, you look at the general adoption of technology, we're still working through kind of that early majority. We, you know, passed the, the chasm a couple of years ago. But to a point, you and I we're talking about this ecosystem, there are plenty of people in this ecosystem that could care less about containers and Kubernetes. Lots of conversations at this show won't even talk about Kubernetes. You've got, you know, big security group that's in there. >>You've got, you know, certain workloads like we talked about, you know, AI and ml and that are in there. And automation absolutely is playing a, a good role in what's going on here. So in some ways, Kubernetes kind of takes a, a backseat because it is table stakes at this point. So lots of people involved in it, lots of activities still going on. I mean, we're still at a cadence of three times a year now. We slowed it down from four times a year as an industry, but there's, there's still lots of innovation happening, lots of adoption, and oh my gosh, Dave, I mean, there's just no shortage of new projects and new people getting involved. And what's phenomenal about it is there's, you know, end user practitioners that aren't just contributing. But many of the projects were spawned out of work by the likes of Intuit and Spotify and, and many others that created some of the projects that sit alongside or above the, the, you know, the container orchestration itself. >>So before we talked about some of that, it's, it's kind of interesting. It's like Kubernetes is the big dog, right? And it's, it's kind of maturing after, you know, eight years, but it's still important. I wanna share another data point that underscores the traction that containers generally are getting in Kubernetes specifically have, So this is data from the latest ETR survey and shows the spending breakdown for Kubernetes in the ETR data set for it's cut for respondents with 50 or more citations in, in by the IT practitioners that lime green is new adoptions, the forest green is spending 6% or more relative to last year. The gray is flat spending year on year, and those little pink bars, that's 6% or down spending, and the bright red is retirements. So they're leaving the platform. And the blue dots are net score, which is derived by subtracting the reds from the greens. And the yellow dots are pervasiveness in the survey relative to the sector. So the big takeaway here is that there is virtually no red, essentially zero churn across all sectors, large companies, public companies, private firms, telcos, finance, insurance, et cetera. So again, sometimes I hear this things beyond Kubernetes, you've mentioned several, but it feels like Kubernetes is still a driving force, but a lot of other projects around Kubernetes, which we're gonna hear about at the show. >>Yeah. So, so, so Dave, right? First of all, there was for a number of years, like, oh wait, you know, don't waste your time on, on containers because serverless is gonna rule the world. Well, serverless is now a little bit of a broader term. Can I do a serverless viewpoint for my developers that they don't need to think about the infrastructure but still have containers underneath it? Absolutely. So our friends at Amazon have a solution called Fargate, their proprietary offering to kind of hide that piece of it. And in the open source world, there's a project called Can Native, I think it's the second or third can Native Con's gonna happen at the cncf. And even if you use this, I can still call things over on Lambda and use some of those functions. So we know Dave, it is additive and nothing ever dominates the entire world and nothing ever dies. >>So we have, we have a long runway of activities still to go on in containers and Kubernetes. We're always looking for what that next thing is. And what's great about this ecosystem is most of it tends to be additive and plug into the pieces there, there's certain tools that, you know, span beyond what can happen in the container world and aren't limited to it. And there's others that are specific for it. And to talk about the industries, Dave, you know, I love, we we have, we have a community event that we run that's gonna happen at Cubans called OpenShift Commons. And when you look at like, who's speaking there? Oh, we've got, you know, for Lockheed Martin, University of Michigan and I g Bank all speaking there. So you look and it's like, okay, cool, I've got automotive, I've got, you know, public sector, I've got, you know, university education and I've got finance. So all of you know, there is not an industry that is not touched by this. And the general wave of software adoption is the reason why, you know, not just adoption, but the creation of new software is one of the differentiators for companies. And that is what, that's the reason why I do containers, isn't because it's some cool technology and Kubernetes is great to put on my resume, but that it can actually accelerate my developers and help me create technology that makes me respond to my business and my ultimate end users. Well, >>And you know, as you know, we've been talking about the Supercloud a lot and the Kubernetes is clearly enabler to, to Supercloud, but I wanted to go back, you and John Furrier have done so many of, you know, the, the cube cons, but but go back to Docker con before Kubernetes was even a thing. And so you sort of saw this, you know, grow. I think there's what, how many projects are in CNCF now? I mean, hundreds. Hundreds, okay. And so you're, Will we hear things in Detroit, things like, you know, new projects like, you know, Argo and capabilities around SI store and things like that? Well, you're gonna hear a lot about that. Or is it just too much to cover? >>So I, I mean the, the good news, Dave, is that the CNCF really is, is a good steward for this community and new things got in get in. So there's so much going on with the existing projects that some of the new ones sometimes have a little bit of a harder time making a little bit of buzz. One of the more interesting ones is a project that's been around for a while that I think back to the first couple of Cube Cuban that John and I did service Mesh and Istio, which was created by Google, but lived under basically a, I guess you would say a Google dominated governance for a number of years is now finally under the CNCF Foundation. So I talked to a number of companies over the years and definitely many of the contributors over the years that didn't love that it was a Google Run thing, and now it is finally part. >>So just like Kubernetes is, we have SEO and also can Native that I mentioned before also came outta Google and those are all in the cncf. So will there be new projects? Yes. The CNCF is sometimes they, they do matchmaking. So in some of the observability space, there were a couple of projects that they said, Hey, maybe you can go merge down the road. And they ended up doing that. So there's still you, you look at all these projects and if I was an end user saying, Oh my God, there is so much change and so many projects, you know, I can't spend the time in the effort to learn about all of these. And that's one of the challenges and something obviously at Red Hat, we spend a lot of time figuring out, you know, not to make winners, but which are the things that customers need, Where can we help make them run in production for our, our customers and, and help bring some stability and a little bit of security for the overall ecosystem. >>Well, speaking of security, security and, and skill sets, we've talked about those two things and they sort of go hand in hand when I go to security events. I mean, we're at reinforced last summer, we were just recently at the CrowdStrike event. A lot of the discussion is sort of best practice because it's so complicated. And, and, and will you, I presume you're gonna hear a lot of that here because security securing containers now, you know, the whole shift left thing and shield right is, is a complicated matter, especially when you saw with the earlier data from the Red Hat survey, the the gaps are around skill sets. People don't have the skill. So should we expect to hear a lot about that, A lot of sort of how to, how to take advantage of some of these new capabilities? >>Yeah, Dave, absolutely. So, you know, one of the conversations going on in the community right now is, you know, has DevOps maybe played out as we expect to see it? There's a newer term called platform engineering, and how much do I need to do there? Something that I, I know your, your team's written a lot about Dave, is how much do you need to know versus what can you shift to just a platform or a service that I can consume? I've talked a number of times with you since I've been at Red Hat about the cloud services that we offer. So you want to use our offering in the public cloud. Our first recommendation is, hey, we've got cloud services, how much Kubernetes do you really want to learn versus you want to do what you can build on top of it, modernize the pieces and have less running the plumbing and electric and more, you know, taking advantage of the, the technologies there. So that's a big thing we've seen, you know, we've got a big SRE team that can manage that for use so that you have to spend less time worrying about what really is un differentiated heavy lifting and spend more time on what's important to your business and your >>Customers. So, and that's, and that's through a managed service. >>Yeah, absolutely. >>That whole space is just taken off. All right, Stu I'll give you the final word. You know, what are you excited about for, for, for this upcoming event and Detroit? Interesting choice of venue? Yeah, >>Look, first of off, easy flight. I've, I've never been to Detroit, so I'm, I'm willing to give it a shot and hopefully, you know, that awesome airport. There's some, some, some good things there to learn. The show itself is really a choose your own adventure because there's so much going on. The main show of QAN and cloud Native Con is Wednesday through Friday, but a lot of a really interesting stuff happens on Monday and Tuesday. So we talked about things like OpenShift Commons in the security space. There's cloud Native Security Day, which is actually two days and a SIG store event. There, there's a get up show, there's, you know, k native day. There's so many things that if you want to go deep on a topic, you can go spend like a workshop in some of those you can get hands on to. And then at the show itself, there's so much, and again, you can learn from your peers. >>So it was good to see we had, during the pandemic, it tilted a little bit more vendor heavy because I think most practitioners were pretty busy focused on what they could work on and less, okay, hey, I'm gonna put together a presentation and maybe I'm restricted at going to a show. Yeah, not, we definitely saw that last year when I went to LA I was disappointed how few customer sessions there were. It, it's back when I go look through the schedule now there's way more end users sharing their stories and it, it's phenomenal to see that. And the hallway track, Dave, I didn't go to Valencia, but I hear it was really hopping felt way more like it was pre pandemic. And while there's a few people that probably won't come because Detroit, we think there's, what we've heard and what I've heard from the CNCF team is they are expecting a sizable group up there. I know a lot of the hotels right near the, where it's being held are all sold out. So it should be, should be a lot of fun. Good thing I'm speaking on an edge panel. First time I get to be a speaker at the show, Dave, it's kind of interesting to be a little bit of a different role at the show. >>So yeah, Detroit's super convenient, as I said. Awesome. Airports too. Good luck at the show. So it's a full week. The cube will be there for three days, Tuesday, Wednesday, Thursday. Thanks for coming. >>Wednesday, Thursday, Friday, sorry, >>Wednesday, Thursday, Friday is the cube, right? So thank you for that. >>And, and no ties from the host, >>No ties, only hoodies. All right Stu, thanks. Appreciate you coming in. Awesome. And thank you for watching this preview of CubeCon plus cloud Native Con with at Stu, which again starts the 24th of October, three days of broadcasting. Go to the cube.net and you can see all the action. We'll see you there.

>> From theCUBE Studios in Palo Alto in Boston, bringing you data driven insights from theCUBE and ETR. This is Breaking Analysis with Dave Vellante. >> After a two-year epic run in tech, 2022 has been an epically bad year. Through yesterday, The NASDAQ composite is down 30%. The S$P 500 is off 21%. And the Dow Jones Industrial average 16% down. And the poor holders at Bitcoin have had to endure a nearly 60% decline year to date. But judging by the attendance and enthusiasm, in major in-person tech events this spring. You'd never know that tech was in the tank. Moreover, walking around the streets of Las Vegas, where most tech conferences are held these days. One can't help but notice that the good folks of Main Street, don't seem the least bit concerned that the economy is headed for a recession. Hello, and welcome to this weeks Wiki Bond Cube Insights powered by ETR. In this Breaking Analysis we'll share our main takeaways from the first half of 2022. And talk about the outlook for tech going forward, and why despite some pretty concerning headwinds we remain sanguine about tech generally, but especially enterprise tech. Look, here's the bumper sticker on why many folks are really bearish at the moment. Of course, inflation is high, other than last year, the previous inflation high this century was in July of 2008, it was 5.6%. Inflation has proven to be very, very hard to tame. You got gas at $7 dollars a gallon. Energy prices they're not going to suddenly drop. Interest rates are climbing, which will eventually damage housing. Going to have that ripple effect, no doubt. We're seeing layoffs at companies like Tesla and the crypto names are also trimming staff. Workers, however are still in short supply. So wages are going up. Companies in retail are really struggling with the right inventory, and they can't even accurately guide on their earnings. We've seen a version of this movie before. Now, as it pertains to tech, Crawford Del Prete, who's the CEO of IDC explained this on theCUBE this very week. And I thought he did a really good job. He said the following, >> Matt, you have a great statistic that 80% of companies used COVID as their point to pivot into digital transformation. And to invest in a different way. And so what we saw now is that tech is now where I think companies need to focus. They need to invest in tech. They need to make people more productive with tech and it played out in the numbers. Now so this year what's fascinating is we're looking at two vastly different markets. We got gasoline at $7 a gallon. We've got that affecting food prices. Interesting fun fact recently it now costs over $1,000 to fill an 18 wheeler. All right, based on, I mean, this just kind of can't continue. So you think about it. >> Don't put the boat in the water. >> Yeah, yeah, yeah. Good luck if ya, yeah exactly. So a family has kind of this bag of money, and that bag of money goes up by maybe three, 4% every year, depending upon earnings. So that is sort of sloshing around. So if food and fuel and rent is taking up more, gadgets and consumer tech are not, you're going to use that iPhone a little longer. You're going to use that Android phone a little longer. You're going to use that TV a little longer. So consumer tech is getting crushed, really it's very, very, and you saw it immediately in ad spending. You've seen it in Meta, you've seen it in Facebook. Consumer tech is doing very, very, it is tough. Enterprise tech, we haven't been in the office for two and a half years. We haven't upgraded whether that be campus wifi, whether that be servers, whether that be commercial PCs as much as we would have. So enterprise tech, we're seeing double digit order rates. We're seeing strong, strong demand. We have combined that with a component shortage, and you're seeing some enterprise companies with a quarter of backlog, I mean that's really unheard of. >> And higher prices, which also profit. >> And therefore that drives up the prices. >> And this is a theme that we've heard this year at major tech events, they've really come roaring back. Last year, theCUBE had a huge presence at AWS Reinvent. The first Reinvent since 2019, it was really well attended. Now this was before the effects of the omicron variant, before they were really well understood. And in the first quarter of 2022, things were pretty quiet as far as tech events go But theCUBE'a been really busy this spring and early into the summer. We did 12 physical events as we're showing here in the slide. Coupa, did Women in Data Science at Stanford, Coupa Inspire was in Las Vegas. Now these are both smaller events, but they were well attended and beat expectations. San Francisco Summit, the AWS San Francisco Summit was a bit off, frankly 'cause of the COVID concerns. They were on the rise, then we hit Dell Tech World which was packed, it had probably around 7,000 attendees. Now Dockercon was virtual, but we decided to include it here because it was a huge global event with watch parties and many, many tens of thousands of people attending. Now the Red Hat Summit was really interesting. The choice that Red Hat made this year. It was purposefully scaled down and turned into a smaller VIP event in Boston at the Western, a couple thousand people only. It was very intimate with a much larger virtual presence. VeeamON was very well attended, not as large as previous VeeamON events, but again beat expectations. KubeCon and Cloud Native Con was really successful in Spain, Valencia, Spain. PagerDuty Summit was again a smaller intimate event in San Francisco. And then MongoDB World was at the new Javits Center and really well attended over the three day period. There were lots of developers there, lots of business people, lots of ecosystem partners. And then the Snowflake summit in Las Vegas, it was the most vibrant from the standpoint of the ecosystem with nearly 10,000 attendees. And I'll come back to that in a moment. Amazon re:Mars is the Amazon AI robotic event, it's smaller but very, very cool, a lot of innovation. And just last week we were at HPE Discover. They had around 8,000 people attending which was really good. Now I've been to over a dozen HPE or HPE Discover events, within Europe and the United States over the past decade. And this was by far the most vibrant, lot of action. HPE had a little spring in its step because the company's much more focused now but people was really well attended and people were excited to be there, not only to be back at physical events, but also to hear about some of the new innovations that are coming and HPE has a long way to go in terms of building out that ecosystem, but it's starting to form. So we saw that last week. So tech events are back, but they are smaller. And of course now a virtual overlay, they're hybrid. And just to give you some context, theCUBE did, as I said 12 physical events in the first half of 2022. Just to compare that in 2019, through June of that year we had done 35 physical events. Yeah, 35. And what's perhaps more interesting is we had our largest first half ever in our 12 year history because we're doing so much hybrid and virtual to compliment the physical. So that's the new format is CUBE plus digital or sometimes just digital but that's really what's happening in our business. So I think it's a reflection of what's happening in the broader tech community. So everyone's still trying to figure that out but it's clear that events are back and there's no replacing face to face. Or as I like to say, belly to belly, because deals are done at physical events. All these events we've been to, the sales people are so excited. They're saying we're closing business. Pipelines coming out of these events are much stronger, than they are out of the virtual events but the post virtual event continues to deliver that long tail effect. So that's not going to go away. The bottom line is hybrid is the new model. Okay let's look at some of the big themes that we've taken away from the first half of 2022. Now of course, this is all happening under the umbrella of digital transformation. I'm not going to talk about that too much, you've had plenty of DX Kool-Aid injected into your veins over the last 27 months. But one of the first observations I'll share is that the so-called big data ecosystem that was forming during the hoop and around, the hadoop infrastructure days and years. then remember it dispersed, right when the cloud came in and kind of you know, not wiped out but definitely dampened the hadoop enthusiasm for on-prem, the ecosystem dispersed, but now it's reforming. There are large pockets that are obviously seen in the various clouds. And we definitely see a ecosystem forming around MongoDB and the open source community gathering in the data bricks ecosystem. But the most notable momentum is within the Snowflake ecosystem. Snowflake is moving fast to win the day in the data ecosystem. They're providing a single platform that's bringing different data types together. Live data from systems of record, systems of engagement together with so-called systems of insight. These are converging and while others notably, Oracle are architecting for this new reality, Snowflake is leading with the ecosystem momentum and a new stack is emerging that comprises cloud infrastructure at the bottom layer. Data PaaS layer for app dev and is enabling an ecosystem of partners to build data products and data services that can be monetized. That's the key, that's the top of the stack. So let's dig into that further in a moment but you're seeing machine intelligence and data being driven into applications and the data and application stacks they're coming together to support the acceleration of physical into digital. It's happening right before our eyes in every industry. We're also seeing the evolution of cloud. It started with the SaaS-ification of the enterprise where organizations realized that they didn't have to run their own software on-prem and it made sense to move to SaaS for CRM or HR, certainly email and collaboration and certain parts of ERP and early IS was really about getting out of the data center infrastructure management business called that cloud 1.0, and then 2.0 was really about changing the operating model. And now we're seeing that operating model spill into on-prem workloads finally. We're talking about here about initiatives like HPE's Green Lake, which we heard a lot about last week at Discover and Dell's Apex, which we heard about in May, in Las Vegas. John Furrier had a really interesting observation that basically this is HPE's and Dell's version of outposts. And I found that interesting because outpost was kind of a wake up call in 2018 and a shot across the bow at the legacy enterprise infrastructure players. And they initially responded with these flexible financial schemes, but finally we're seeing real platforms emerge. Again, we saw this at Discover and at Dell Tech World, early implementations of the cloud operating model on-prem. I mean, honestly, you're seeing things like consoles and billing, similar to AWS circa 2014, but players like Dell and HPE they have a distinct advantage with respect to their customer bases, their service organizations, their very large portfolios, especially in the case of Dell and the fact that they have more mature stacks and knowhow to run mission critical enterprise applications on-prem. So John's comment was quite interesting that these firms are basically building their own version of outposts. Outposts obviously came into their wheelhouse and now they've finally responded. And this is setting up cloud 3.0 or Supercloud, as we like to call it, an abstraction layer, that sits above the clouds that serves as a unifying experience across a continuum of on-prem across clouds, whether it's AWS, Azure, or Google. And out to both the near and far edge, near edge being a Lowes or a Home Depot, but far edge could be space. And that edge again is fragmented. You've got the examples like the retail stores at the near edge. Outer space maybe is the far edge and IOT devices is perhaps the tiny edge. No one really knows how the tiny edge is going to play out but it's pretty clear that it's not going to comprise traditional X86 systems with a cool name tossed out to the edge. Rather, it's likely going to require a new low cost, low power, high performance architecture, most likely RM based that will enable things like realtime AI inferencing at that edge. Now we've talked about this a lot on Breaking Analysis, so I'm not going to double click on it. But suffice to say that it's very possible that new innovations are going to emerge from the tiny edge that could really disrupt the enterprise in terms of price performance. Okay, two other quick observations. One is that data protection is becoming a much closer cohort to the security stack where data immutability and air gaps and fast recovery are increasingly becoming a fundamental component of the security strategy to combat ransomware and recover from other potential hacks or disasters. And I got to say from our observation, Veeam is leading the pack here. It's now claiming the number one revenue spot in a statistical dead heat with the Dell's data protection business. That's according to Veeam, according to IDC. And so that space continues to be of interest. And finally, Broadcom's acquisition of Dell. It's going to have ripple effects throughout the enterprise technology business. And there of course, there are a lot of questions that remain, but the one other thing that John Furrier and I were discussing last night John looked at me and said, "Dave imagine if VMware runs better on Broadcom components and OEMs that use Broadcom run VMware better, maybe Broadcom doesn't even have to raise prices on on VMware licenses. Maybe they'll just raise prices on the OEMs and let them raise prices to the end customer." Interesting thought, I think because Broadcom is so P&L focused that it's probably not going to be the prevailing model but we'll see what happens to some of the strategic projects rather like Monterey and Capitola and Thunder. We've talked a lot about project Monterey, the others we'll see if they can make the cut. That's one of the big concerns because it's how OEMs like the ones that are building their versions of outposts are going to compete with the cloud vendors, namely AWS in the future. I want to come back to the comment on the data stack for a moment that we were talking about earlier, we talked about how the big data ecosystem that was once coalescing around hadoop dispersed. Well, the data value chain is reforming and we think it looks something like this picture, where cloud infrastructure lives at the bottom. We've said many times the cloud is expanding and evolving. And if companies like Dell and HPE can truly build a super cloud infrastructure experience then they will be in a position to capture more of the data value. If not, then it's going to go to the cloud players. And there's a live data layer that is increasingly being converged into platforms that not only simplify the movement in ELTing of data but also allow organizations to compress the time to value. Now there's a layer above that, we sometimes call it the super PaaS layer if you will, that must comprise open source tooling, partners are going to write applications and leverage platform APIs and build data products and services that can be monetized at the top of the stack. So when you observe the battle for the data future it's unlikely that any one company is going to be able to do this all on their own, which is why I often joke that the 2020s version of a sweaty Steve Bomber running around the stage, screaming, developers, developers developers, and getting the whole audience into it is now about ecosystem ecosystem ecosystem. Because when you need to fill gaps and accelerate features and provide optionality a list of capabilities on the left hand side of this chart, that's going to come from a variety of different companies and places, we're talking about catalogs and AI tools and data science capabilities, data quality, governance tools and it should be of no surprise to followers of Breaking Analysis that on the right hand side of this chart we're including the four principles of data mesh, which of course were popularized by Zhamak Dehghani. So decentralized data ownership, data as products, self-serve platform and automated or computational governance. Now whether this vision becomes a reality via a proprietary platform like Snowflake or somehow is replicated by an open source remains to be seen but history generally shows that a defacto standard for more complex problems like this is often going to emerge prior to an open source alternative. And that would be where I would place my bets. Although even that proprietary platform has to include open source optionality. But it's not a winner take all market. It's plenty of room for multiple players and ecosystem innovators, but winner will definitely take more in my opinion. Okay, let's close with some ETR data that looks at some of those major platform plays who talk a lot about digital transformation and world changing impactful missions. And they have the resources really to compete. This is an XY graphic. It's a view that we often show, it's got net score on the vertical access. That's a measure of spending momentum, and overlap or presence in the ETR survey. That red, that's the horizontal access. The red dotted line at 40% indicates that the platform is among the highest in terms of spending velocity. Which is why I always point out how impressive that makes AWS and Azure because not only are they large on the horizontal axis, the spending momentum on those two platforms rivals even that of Snowflake which continues to lead all on the vertical access. Now, while Google has momentum, given its goals and resources, it's well behind the two leaders. We've added Service Now and Salesforce, two platform names that have become the next great software companies. Joining likes of Oracle, which we show here and SAP not shown along with IBM, you can see them on this chart. We've also plotted MongoDB, which we think has real momentum as a company generally but also with Atlas, it's managed cloud database as a service specifically and Red Hat with trying to become the standard for app dev in Kubernetes environments, which is the hottest trend right now in application development and application modernization. Everybody's doing something with Kubernetes and of course, Red Hat with OpenShift wants to make that a better experience than do it yourself. The DYI brings a lot more complexity. And finally, we've got HPE and Dell both of which we've talked about pretty extensively here and VMware and Cisco. Now Cisco is executing on its portfolio strategy. It's got a lot of diverse components to its company. And it's coming at the cloud of course from a networking and security perspective. And that's their position of strength. And VMware is a staple of the enterprise. Yes, there's some uncertainty with regards to the Broadcom acquisition, but one thing is clear vSphere isn't going anywhere. It's entrenched and will continue to run lots of IT for years to come because it's the best platform on the planet. Now, of course, these are just some of the players in the mix. We expect that numerous non-traditional technology companies this is important to emerge as new cloud players. We've put a lot of emphasis on the data ecosystem because to us that's really going to be the main spring of digital, i.e., a digital company is a data company and that means an ecosystem of data partners that can advance outcomes like better healthcare, faster drug discovery, less fraud, cleaner energy, autonomous vehicles that are safer, smarter, more efficient grids and factories, better government and virtually endless litany of societal improvements that can be addressed. And these companies will be building innovations on top of cloud platforms creating their own super clouds, if you will. And they'll come from non-traditional places, industries, finance that take their data, their software, their tooling bring them to their customers and run them on various clouds. Okay, that's it for today. Thanks to Alex Myerson, who is on production and does the podcast for Breaking Analysis, Kristin Martin and Cheryl Knight, they help get the word out. And Rob Hoofe is our editor and chief over at Silicon Angle who helps edit our posts. Remember all these episodes are available as podcasts wherever you listen. All you got to do is search Breaking Analysis podcast. I publish each week on wikibon.com and siliconangle.com. You can email me directly at david.vellante@siliconangle.com or DM me at dvellante, or comment on my LinkedIn posts. And please do check out etr.ai for the best survey data in the enterprise tech business. This is Dave Vellante for theCUBE's Insights powered by ETR. Thanks for watching be well. And we'll see you next time on Breaking Analysis. (upbeat music)

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain in Coon and cloud native con Europe, 2022. I'm Keith Townsend, along with my host, Paul Gillon senior editor, enterprise architecture at Silicon angle. We are continuing the conversation here at KU con cloud native con around security app defense. Paul, were you aware it was this many security challenges and, and that were native to like cloud native >>Well there's security challenges with every new technology. And as we heard, uh, today from our, some of our earlier guests, uh, containers and Kubernetes naturally introduce new variables in the landscape and that creates the potential vulnerabilities. So there's a whole industry that's evolving around that. And what we've been looking at today, yesterday, we talked very much about managing Kubernetes today. We're talking about many of the nuances of building a, a Kubernetes based environment and security is clearly one of them. >>So welcome our guests on Garrett, head of products. >>Thank >>You and community at deep fence. You know what I'm going. I'm going to start out the question with a pretty interesting security at scale is one of your taglines. >>Absolutely. >>What does that mean? Exactly. >>So Kubernetes is all about scale securing applications and Kubernetes is a completely different game to securing your traditional monolithic legacy enterprise applications. Kubernetes grows it scales it's elastic, and the perimeter around a Kubernetes application is very, very porous. There are lots of entry points. So you can't think about securing a cloud native application. The way that you might have secured a monolith securing a monolith is like securing a castle. You build a wall around it. You put guards on the gate. You control, who comes in and out, and job is more or less done securing a cloud native application. It's like securing a city. People are roaming through the city without checks and balances. There are lots of services in the city that you've got to check and monitor. It's extremely porous. So sec, all of the security problems in Kubernetes with cloud native applications, they're amplified by scale, the size of the application, the number of nodes and the complexity of the application and the way that it's built and delivered. >>That's, uh, kind of a chilling phrase. The perimeter is porous. Uh, yeah, companies are adopting Kubernetes right now. Evidently bringing in all of these new, these new, uh, vulnerability points. Do they know what they're getting into >>Many don't, there's, there's a huge amount of work around trying to help organizations make the transition from thinking about applications as single components to thinking about them as microservices with multiple little, little components, it's a really essential step because that's what allows businesses to evolve, to digitize, to deliver services, using APIs, mobile, mobile apps. So it's a necessary technical change, but it brings with it. Lots of challenges and security is one of those biggest challenges. >>So as I'm thinking about that poorest nature, I can't help, but think, you know, if I have my, my traditional IPS does a really great job of blocking that centralized data center and access to that centralized data center. As I think about that city example that you gave me, I'm thinking, you know what? I have intruders or not even intruders. I have bad actors within my city. You >>Do you, how >>Do, how does deep defense help protect me from those bad actors that are inside or roaming the city? >>So this is the wonderful, unique technology we have within deep fence. So we install little sensors, little lightweight sensors on each host. That's running your application on Kubernetes nodes as a Damon set against Fargate instances on Docker hosts on bare metal. And those sensors install little taps into the network using E B P F and they monitor the workloads. So it's a little bit like having CCTV cameras throughout your city tracking what's happening. There are a lot of solutions which we'll look at what happens on a workload traditional XDR solutions that look for things like process changes or file system changes. And we gather those signals indicators of compromise, but those alone are too little too late. They tell you that a breach has probably already happened. What deep defense does is we also look at the network. We gather network signals. We can see someone using a, a reconnaissance tool roaming through your application, sending probe traffic to try and find weak points. >>We can see them then elevating the level of attack and trying to weaponize a particular exploit that they might have find, or vulnerability that they find. We can see everything that comes into each of the components, not just at the perimeter, but right inside your application. We see what happens in those components process file, integrity, changes. And we see what comes out, attempt exfiltrate, something that looks like a database file or et cetera password. And we put all of these little subtle signals, the indicators of attack, the network based signals and the indicators of compromise. We put those together and we build a picture of the threats against each of the workloads in your cloud, native application. There's lots and lots of background, recon traffic. We see that you generally don't need to worry about that. It's just noise. But as that elevates and you see evidence of exploits and later spread, we identify that we'll let you know, or we can step in and we can proactively block the behavior that's causing those problems. So we can stop someone from accessing a component, or if a component's compromised, we can, we can freeze it and restart it. And this is a key part of the technology within our threat striker security observability platform, >>Uh, false alerts are the bane of the security ministry's existence. What do you do to protect against those? >>So we use a range of heuristics and a degree, a small degree of machine learning to try and piece together. What's happening. It's a complicated picture. So some of your viewers will have heard of a might attack matrix. So a dictionary of techniques and tactics and, and protocols that attackers might use in order to attack an infrastructure. So we gather the signals, those TTPs, and we then build a model to try and understand how those little signals pieced together. So maybe there's, you know, there's a guy with a striped striped vest that is trying the doors in your city, you know, a low level criminal who isn't getting anywhere. We'll pick that up and that's low risk. But then if we see that person infiltrate a building, because they find an open door, then that raises the level of risk. So we monitor the growing level of risk against each workload. >>And once it hits a level of concern, then we let you know, but you can then forensically go back in time and look at all of the signals that surround that. So we don't just tell you, there was an alert and a file was compromised in your workload, do something about it. We tell you the file was compromised. And prior to that, there were these events, process failures. Those could have been caused by network events that are correlated to a vulnerability that we know. And those in, in turn could have been discovered by recon traffic. So we help you build that entire active picture up. Every application's different. You need to have the context to understand and interpret signals that a solution like threat striker gives you, and we give you that context. >>So I would push back. If I'm a platform team, say, you know what? I have a service mesh. I, I have trusted traffic going to trucked traffic going from trusted sources. I'm, I'm cutting off the problem even before it happens. Why should I use, uh, deep fix? >>So a service mesh won't cut off the problem. It'll just hide the problem because a service mesh will just encrypt the traffic between each of the components. It doesn't stop the bad traffic flowing. If a component is compromised, people can still talk to another component and the service mesh happily encrypts it and hides it. What we do. We love service meshes because we can decrypt the traffic or we can inspect the individual application components before they talk to the mesh side car. So we can pull out and see the plane, text traffic. We can identify things that other tools wouldn't have a hope of, of identifying. >>So, you know, you, you just, uh, triggered something. >>Yeah. >>A lot of companies do not like decrypting that traffic after it's been sent, they don't want anyone else, including security tools to see it. Yeah. How do you ensure, how do you serve those clients? >>So we serve those clients by having an architecture that sits entirely on premise in their infrastructure. Their sensitive data never leaves their network, their VPCs, their, their boundary. They install a threat striker console. So this is the tool that does all of the analysis and make the protection decisions. They run that themselves. They deploy the threat, striker sensors in their production environment. They talk over secure links, authenticated to the console. So everything sits within their power view, their level of their degree of control. >>So if, if they're building a, a, a cloud application though, or, or a hybrid cloud application, how do you connect? How do you deal with the cloud side? >>So whether their production environments are next to the threat striker console, whether they're running on remote clouds, our sensors will run in all of those environments and the console will manage a complex hybrid environment. It will show you traffic running in your Kubernetes cluster and AWS traffic Mon running on your VMs on Google traffic, running in your 4g instances on again, on AWS and on your on-prem instances, it gathers that data securely from each of those remote places, sends it to the console that you own and operate securely. So you have full control over what is captured. It's encrypted, it's authenticated, it's streamed back. So it never leaves your level of control. >>Talk to me about the overhead. How is this deployed and managed with MI environment? >>So there are two components, as we've learned, we have the console. All of the work is done on the console, the any necessary decryption, all the calculation that runs on a Kubernetes cluster, that, that you would deploy, that you would scale. So that's fully in your control. Then you need to install little sensors on each of your production environments to bring the data back to the console. >>Now those on pots, or are those in running inside of, uh, containers themselves. >>So they are container based. They're typically deployed as a demon set. So one instance per node in your Kubernetes cluster, they are, we have put a lot of engineering work into making those as lightweight as possible. They do very little analysis themselves. They do a little bit of pre-filtering of network traffic to reduce the bandwidth, and then they pass the packets back to the management console. So our goal is to have the minimal impact on customers, production environments, so that they can scale and operate without an impact on the performance or availability of their applications. And we have customers who are monitoring services running on literally thousands of Kubernetes nodes and streaming the data back to their management console and using that to analyze from a single point of control what's going on in their applications. >>So we hear time and again, CIOs complaining that they have too many point security products. Yes, I think average of 87 in, in, in the enterprise, according to, to one survey, aren't you just another, >>And that is the big challenge with security. There is no silver bullet product that will secure everything that you have. You have your, the what, you're the, what you're securing scales over space from your infrastructure to the containers and the workloads and the application code. It scales over time. Are you secure? Are you putting security measures in, at shift left development when you deploy or are you securing production? And it scales over the environments. There is no silver bullet that will provide best to breed security across that entire set of dimensions. There are large organizations that will present you with holistic solutions, which are a bunch of different solutions with the same logo on them, bundle together under the same umbrella. Those don't necessarily solve the problem. You need to understand the risks that your organization is faced. And then what are the best to breed solutions for each of those risks and for the life cycle of your application at deep fence, we are about securing your production environment. >>Your developers have built applications. They've secured those applications using tools like SNCC, and they've ticked and signed off saying with this list of documented vulnerabilities, my application is secure. It's now ready to go into production. But when I talk to, to application security people to ops people, and I say, are the applications in your Kubernetes environment? Are they secure? They say, look, honestly, I don't know, the developers have signed off something, but that's not what I'm running. I've had to inject things into the application. So it's different. There could have been issues that were, that were discovered after the developers signed it off. The developers made exceptions, but also 60, 80% of the code I'm running in production. Didn't come from my development team. It's infrastructure, it's third party modules. So when you look at security as a whole, you realize there are so many ax axis that you have to consider. There are so many points along these, a axis, and you need to figure out in a kind of a van diagram fashion, how are you going to address security issues at each of those points? So when it comes to production security, if you want a best breed solution for finding vulnerabilities in your production environment, threat map, open source, we'll do that. And then for monitoring attack behavior threat striker enterprise will do that. Then deep defense is a great set of solutions to look at. >>So on. Thanks for stopping by security at layers is a repetitive thing that we hear security experts talk about. Not one solution will solve every problem when it comes to security from Valencia Spain, I'm Keith Townson, along with Paul Gillon and you're watching the Q the leader in high tech coverage.

>>The cube presents, Coon and cloud native con Europe, 2022. Brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and cuon cloud native con 20 Europe, 2022. I'm your host Keith towns alongside a new hope en Rico, senior reti, senior editor. I'm sorry, senior it analyst at <inaudible> Enrique. Welcome to the program. >>Thank you very much. And thank you for having me. It's exciting. >>So thoughts, high level thoughts of CU con first time in person again in couple years? >>Well, this is amazing for several reasons. And one of the reasons is that yeah, I had the chance to meet, uh, with, uh, you know, people like you again. I mean, we, we met several times over the internet over zoom calls. I, I started to eat these zoom codes. <laugh> because they're really impersonal in the end. And like last night we, we are together group of friends, industry folks. It's just amazing. And a part of that, I mean, the event is, uh, is a really cool, it's really cool. There are a lot from people interviews and, you know, real people doing real stuff, not just, uh, you know, again, in personal calls, you don't even know if they're telling the truth, but when you can, you know, look in their eyes, what they're doing, I, I think that's makes a difference. >>So speaking about real people, meeting people for the first time, new jobs, new roles, Greg Moscarella, enterprise container management and general manager at SUSE. Welcome to the show, welcome back clue belong. >>Thank you very much. It's awesome to be here. It's awesome to be back in person. And I completely agree with you. Like there's a certain fidelity to the conversation and a certain, uh, ability to get to know people a lot more. So it's absolutely fantastic to be here. >>So Greg, tell us about your new role and what SUSE has gone on at KU coupon. >>Sure. So I joined SA about three months ago to lead the rancher business unit, right? So our container management pieces and, you know, it's a, it's a fantastic time. Cause if you look at the transition from virtual machines to containers and to moving to microservices, right alongside that transition from on-prem to cloud, like this is a very exciting time to be in this industry. And rancher has been setting the stage. And again, I'm go back to being here. Rancher's all about the community, right? So this is a very open, independent, uh, community driven product and project. And so this, this is kinda like being back to our people, right. And being able to reconnect here. And so, you know, doing it, digital is great, but, but being here is changes the game for us. So we, we feed off that community. We feed off the energy. So, uh, and again, going back to the space and what's happening in it, great time to be in this space. And you guys have seen the transitions you've seen, I mean, we've seen just massive adoption, uh, of containers and Kubernetes overall and ranchers been been right there with some amazing companies doing really interesting things that I'd never thought of before. Uh, so I'm, I'm still learning on this, but, um, but it's been great so far. >>Yeah. And you know, when we talk about strategy about Kubernetes today, we are talking about very broad strategies. I mean, not just the data center or the cloud with, you know, maybe smaller organization adopting Kubernetes in the cloud, but actually large organization thinking guide and more and more the edge. So what's your opinion on this, you know, expansion of Kubernetes towards the edge. >>So I think you're, I think you're exactly right. And that's actually a lot of meetings I've been having here right now is these are some of these interesting use cases. So people who, uh, whether it be, you know, ones that are easy to understand in the telco space, right? Especially the adoption of 5g and you have all these space stations, new towers, and they have not only the core radio functions or network functions that they're trying to do there, but they have other applications that wanna run on that same environment. Uh, I spoke recently with some of our, our good friends at a major automotive manufacturer, doing things in their factories, right. That can't take the latency of being somewhere else. Right. So they have robots on the factory floor, the latency that they would experience if they tried to run things in the cloud meant that robot would've moved 10 centimeters. >>By the time, you know, the signal got back, it may not seem like a lot to you, but if, if, if you're an employee, you know, there, you know, uh, a big 2000 pound robot being 10 centimeters closer to you may not be what you, you really want. Um, there's, there's just a tremendous amount of activity happening out there on the retail side as well. So it's, it's amazing how people are deploying containers in retail outlets. You know, whether it be fast food and predicting, what, what, how many French fries you need to have going at this time of day with this sort of weather. Right. So you can make sure those queues are actually moving through. It's, it's, it's really exciting and interesting to look at all the different applications that are happening. So yes, on the edge for sure, in the public cloud, for sure. In the data center and we're finding is people want a common platform across those as well. Right? So for the management piece too, but also for security and for policies around these things. So, uh, it really is going everywhere. >>So talk to me, how do, how are we managing that as we think about pushing stuff out of the data center, out of the cloud cloud, closer to the edge security and life cycle management becomes like top of mind thought as, as challenges, how is rancher and sushi addressing >>That? Yeah. So I, I think you're, again, spot on. So it's, it starts off with the think of it as simple, but it's, it's not simple. It's the provisioning piece. How do we just get it installed and running right then to what you just asked the management piece of it, everything from your firmware to your operating system, to the, the cluster, uh, the Kubernetes cluster, that's running on that. And then the workloads on top of that. So with rancher, uh, and with the rest of SUSE, we're actually tacking all those parts of the problems from bare metal on up. Uh, and so we have lots of ways for deploying that operating system. We have operating systems that are, uh, optimized for the edge, very secure and ephemeral container images that you can build on top of. And then we have rancher itself, which is not only managing your ES cluster, but can actually start to manage the operating system components, uh, as well as the workload components. >>So all from your single interface, um, we mentioned policy and security. So we, yeah, we'll probably talk about it more, um, uh, in a little bit, but, but new vector, right? So we acquired a company called new vector, just open sourced, uh, that here in January, that ability to run that level of, of security software everywhere again, is really important. Right? So again, whether I'm running it on, whatever my favorite public cloud providers, uh, managed Kubernetes is, or out at the edge, you still have to have security, you know, in there. And, and you want some consistency across that. If you have to have a different platform for each of your environments, that's just upping the complexity and the opportunity for error. So we really like to eliminate that and simplify our operators and developers' lives as much as possible. >>Yeah. From this point of view, are you implying that even you, you are matching, you know, self, uh, let's say managed clusters at the, at the very edge now with, with, you know, added security, because these are the two big problems lately, you know, so having something that is autonomous somehow easier to manage, especially if you are deploying hundreds of these that's micro clusters. And on the other hand, you need to know a policy based security that is strong enough to be sure again, if you have these huge robots moving too close to you, because somebody act the, the, the class that is managing them, that is, could be a huge problem. So are you, you know, approaching this kind of problems? I mean, is it, uh, the technology that you are acquired, you know, ready to, to do this? >>Yeah. I, I mean, it, it really is. I mean, there's still a lot of innovation happening. Don't, don't get me wrong. We're gonna see a lot of, a lot more, not just from, from SA and ranch here, but from the community, right. There's a lot happening there, but we've come a long way and we solved a lot of problems. Uh, if I think about, you know, how do you have this distributed environment? Uh, well, some of it comes down to not just, you know, all the different environments, but it's also the applications, you know, with microservices, you have very dynamic environment now just with your application space as well. So when we think about security, we really have to evolve from a fairly static policy where like, you might even be able to set an IP address and a port and some configuration on that. >>It's like, well, your workload's now dynamically moving. So not only do you have to have that security capability, like the ability to like, look at a process or look at a network connection and stop it, you have to have that, uh, manageability, right? You can't expect an operator or someone to like go in and manually configure a YAML file, right? Because things are changing too fast. It needs to be that combination of convenient, easy to manage with full function and ability to protect your, your, uh, your resources. And I think that's really one of the key things that new vector really brings is because we have so much intelligence about what's going on there. Like the configuration is pretty high level, and then it just runs, right? So it's used to this dynamic environment. It can actually protect your workloads wherever it's going from pod to pod. Uh, and it's that, that combination, again, that manageability with that high functionality, um, that, that is what's making it so popular. And what brings that security to those edge locations or cloud locations or your data center. >>So one of the challenges you're kind of, uh, touching on is this abstraction on, upon abstraction. When I, I ran my data center, I could put, uh, say this IP address, can't talk to this IP address on this port. Then I got next generation firewalls where I could actually do, uh, some analysis. Where are you seeing the ball moving to when it comes to customers, thinking about all these layers of abstraction IP address doesn't mean anything anymore in cloud native it's yes, I need one, but I'm not, I'm not protecting based on IP address. How are customers approaching security from the name space perspective? >>Well, so it's, you're absolutely right. In fact, even when you go to IPV six, like, I don't even recognize IP addresses anymore. <laugh> yeah. >>That doesn't mean anything like, oh, just a bunch of, yeah. Those are numbers, alpha Ric >>And colons. Right. You know, it's like, I don't even know anymore. Right. So, um, yeah, so it's, it comes back to that, moving from a static, you know, it's the pets versus cattle thing. Right? So this static thing that I can sort of know and, and love and touch and kind of protect to this almost living, breathing thing, which is moving all around, it's a swarm of, you know, pods moving all over the place. And so, uh, it, it is, I mean, that's what Kubernetes has done for the workload side of it is like, how do you get away from, from that, that pet to a declarative approach to, you know, identifying your workload and the components of that workload and what it should be doing. And so if we go on the security side some more like, yeah, it's actually not even namespace namespace. >>Isn't good enough if we wanna get, if we wanna get to zero trust, it's like, just cuz you're running in my namespace doesn't mean I trust you. Right. So, and that's one of the really cool things about new vectors because of the, you know, we're looking at protocol level stuff within the network. So it's pod to pod, every single connection we can look at and it's at the protocol layer. So if you say you're on my SQL database and I have a mye request going into it, I can confirm that that's actually a mye protocol being spoken and it's well formed. Right. And I know that this endpoint, you know, which is a, uh, container image or a pod name or some, or a label, even if it's in the same name, space is allowed to talk to and use this protocol to this other pod that's running in my same name space. >>Right. So I can either allow or deny. And if I can, I can look into the content that request and make sure it's well formed. So I'll give you an example is, um, do you guys remember the log four J challenges from not too long ago, right. It was a huge deal. So if I'm doing something that's IP and port based and name space based, so what are my protections? What are my options for something that's got logged four J embedded in like, I either run the risk of it running or I shut it down. Those are my options. Like those neither one of those are very good. So we can do, because again, we're at the protocol layer. It's like, ah, I can identify any log for J protocol. I can look at whether it's well formed, you know, or if it's malicious and it's malicious, I can block it. If it's well formed, I can let it go through. So I can actually look at those, those, um, those vulnerabilities. I don't have to take my service down. I can run and still be protected. And so that, that extra level, that ability to kind of peek into things and also go pod to pod, you know, not just same space level is one of the key differences. So I talk about the evolution or how we're evolving with, um, with the security. Like we've grown a lot, we've got a lot more coming. >>So let's talk about that a lot more coming what's in the pipeline for SUSE. >>Well, probably before I get to that, we just announced new vector five. So maybe I can catch us up on what was released last week. Uh, and then we can talk a little bit about going, going forward. So new vector five, introduce something called um, well, several things, but one of the things I can talk in more detail about is something called zero drift. So I've been talking about the network security, but we also have run time security, right? So any, any container that's running within your environment has processes that are running that container. What we can do is actually comes back to that manageability and configuration. We can look at the root level of trust of any process that's running. And as long as it has an inheritance, we can let that process run without any extra configuration. If it doesn't have a root level of trust, like it didn't spawn from whatever the, a knit, um, function was in that container. We're not gonna let it run. Uh, so the, the configuration that you have to put in there is, is a lot simpler. Um, so that's something that's in, in new vector five, um, the web application firewall. So this layer seven security inspection has gotten a lot more granular now. So it's that pod Topo security, um, both for ingress egress and internal on the cluster. Right. >>So before we get to what's in the pipeline, one question around new vector, how is that consumed and deployed? >>How is new vector consumed, >>Deployed? And yeah, >>Yeah, yeah. So, uh, again with new vector five and, and also rancher 2 65, which just were released, there's actually some nice integration between them. So if I'm a rancher customer and I'm using 2 65, I can actually deploy that new vector with a couple clicks of the button in our, uh, in our marketplace. And we're actually tied into our role-based access control. So an administrator who has that has the rights can just click they're now in a new vector interface and they can start setting those policies and deploying those things out very easily. Of course, if you aren't using, uh, rancher, you're using some other, uh, container management platform, new vector still works. Awesome. You can deploy it there still in a few clicks. Um, you're just gonna get into, you have to log into your new vector, uh, interface and, and use it from there. >>So that's how it's deployed. It's, it's very, it's very simple to use. Um, I think what's actually really exciting about that too, is we've opensourced it? Um, so it's available for anyone to go download and try, and I would encourage people to give it a go. Uh, and I think there's some compelling reasons to do that now. Right? So we have pause security policies, you know, depreciated and going away, um, pretty soon in, in Kubernetes. And so there's a few things you might look at to make sure you're still able to run a secure environment within Kubernetes. So I think it's a great time to look at what's coming next, uh, for your security within your Kubernetes. >>So Paul, we appreciate chief stopping by from ity of Spain, from Spain, I'm Keith Townsend, along with en Rico Sinte. Thank you. And you're watching the, the leader in high tech coverage.

>>The cube presents, Coon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain in Coon cloud native con 2022 Europe. I'm Keith Townsend, along with my cohot on Rico senior, Etti senior it analyst at gig home. We are talking to amazing people, creators people contributing to all these open source projects. Speaking of open source on Rico. Talk to me about the flavor of this show versus a traditional like vendor show of all these open source projects and open source based companies. >>Well, first of all, I think that the real difference is that this is a real conference. Hmm. So real people talking about, you know, projects about, so the, the open source stuff, the experiences are, you know, on stage and there are not really too many product pitches. It's, it's about, it's about the people. It's about the projects. It's about the, the challenges they had, how they, you know, overcome some of them. And, uh, that's the main difference. I mean, it's very educative informative and the kind of people is different. I mean, developers, you know, SREs, you know, you find ends on people. I mean, people that really do stuff that that's a real difference. I mean, uh, quite challenginghow discussing with them, but really, I mean, because they're really opinionated, but >>So we're gonna get talked to, to a company that has boosts on the ground doing open source since the, almost the start mm-hmm <affirmative> Kirsten newcomer, director of hybrid platform security at red hat and, uh, Connor Gorman, senior principal software engineer at red hat. So Kirsten, we're gonna start with you security and Kubernetes, you know, is Kubernetes. It's a, it's a race car. If I wanted security, I'd drive a minivan. <laugh> >>That's, that's a great frame. I think, I think though, if we stick with your, your car analogy, right, we have seen cars in cars and safety in cars evolve over the years to the point where you have airbags, even in, you know, souped up cars that somebody's driving on the street, a race car, race cars have safety built into, right. They do their best to protect those drivers. So I think while Kubernetes, you know, started as something that was largely, you know, used by Google in their environment, you know, had some perimeter based security as Kubernetes has become adopted throughout enterprises, as people. And especially, you know, we've seen the adoption accelerate during the pandemic, the move to both public cloud, but also private cloud is really accelerated. Security becomes even more important. You can't use Kubernetes in banking without security. You can't use it, uh, in automotive without security telco. >>And Kubernetes is, you know, Telco's adoption, Telco's deploying 5g on Kubernetes on open shift. Um, and, and this is just so the security capabilities have evolved over time to meet the customers and the adopters really red hat because of our enterprise customer base, we've been investing in security capabilities and we make those contributions upstream. We've been doing that really from the beginning of our adoption of Kubernetes, Kubernetes 1.0, and we continue to expand the security capabilities that we provide. And which is one of the reasons, you know, the acquisition of stack rocks was, was so important to us. >>And, and actually we are talking about security at different levels. I mean, so yeah, and different locations. So you are securing an edge location differently than a data center or, or, or maybe, you know, the cloud. So there are application level security. So there are so many angles to take this. >>Yeah. And, and you're right. I mean, I, there are the layers of the stack, which starts, you know, can start at the hardware level, right. And then the operating system, the Kubernetes orchestration all the services, you need to have a complete Kubernetes solution and application platform and then the services themselves. And you're absolutely right. That an edge deployment is different than a deployment, uh, on, you know, uh, AWS or in a private da data center. Um, and, and yet, because there is this, if you, if you're leveraging the heart of Kubernetes, the declarative nature of Kubernetes, you can do Kubernetes security in a way that can be consistent across these environments with the need to do some additions at the edge, right? You may, physical security is more important at the edge hardware based encryption, for example, whereas in a, in a cloud provider, your encryption might be at the cloud provider storage layer rather than hardware. >>So how do you orchestrate, because we are talking about orchestration all day and how do you orchestrate all these security? >>Yep. So one of the things, one of the evolutions that we've seen in our customer base in the last few years is we used to have, um, a small number of large clusters that our customers deployed and they used in a multi-tenant fashion, right? Multiple teams from within the organization. We're now starting to see a larger number of smaller clusters. And those clusters are in different locations. They might be, uh, customers are both deploying in public cloud, as well as private, you know, on premises, um, edge deployments, as you mentioned. And so we've invested in, uh, multi cluster management and, or, you know, sort of that orchestration for orchestrators, right? The, and because again of the declarative nature of Kubernetes, so we offer, uh, advanced cluster management, red hat, advanced cluster management, which we open sourced as the multi cluster engine CE. Um, so that component is now also freely available, open source. We do that with everything. So if you need a way to ensure that you have managed the configuration appropriately across all of these clusters in a declarative fashion, right. It's still YAML, it's written in YAML use ACM use CE in combination with a get ops approach, right. To manage that, uh, to ensure that you've got that environment consistent. And, and then, but then you have to monitor, right. You have to, I'm wearing >>All of these stack rocks >>Fits in. I mean, yeah, sure. >>Yeah. And so, um, you know, we took a Kubernetes native approach to securing all of this. Right. And there's kind of, uh, we have to say, there's like three major life cycles. You have the build life cycle, right. You're building these imutable images to go deployed to production. Right. That should never change that are, you know, locked at a point in time. And so you can do vulnerability scanning, you can do compliance checks at that point right. In the build phase. But then you put those in a registry, then those go and be deployed on top of Kubernetes. And you have the configuration of your application, you know, including any vulnerabilities that may exist in those images, you have the R back permissions, right. How much access does it have to the cluster? Is it exposed on the internet? Right. What can you do there? >>And then finally you have, the runtime perspective of is my pod is my container actually doing what I think it's supposed to do. Is it accessing all the right things? Is it running all the right processes? And then even taking that runtime information and influencing the configuration through things like network policies, where we have a feature called process baselining that you can say exactly what processes are supposed to run in this pod. Um, and then influencing configuration in that way to kind of be like, yeah, this is what it's doing. And let's go stamp this, you know, declaratively so that when you deploy it the next time you already have security built in at the Kubernetes level. >>So as we've talked about a couple of different topics, the abstraction layers, I have security around DevOps. So, you know, I have multi tendency, I have to deal with, think about how am I going to secure the, the, the Kubernetes infrastructure itself. Then I have what seems like you've been talking about here, Connor, which is dev SecOps mm-hmm <affirmative> and the practice of securing the application through policy. Right. Are customers really getting what's under the hood of dev SecOps? >>Do you wanna start or yeah. >>I mean, I think yes and no. I think, um, you know, we've, some organizations are definitely getting it right. And they have teams that are helping build things like network policies, which provide network segmentation. I think this is huge for compliance and multi-tenancy right. Just like containers, you know, one of the main benefits of containers, it provides this isolation between your applications, right? And then everyone's familiar with the network firewall, which is providing network segmentation, but now in between your applications inside Kubernetes, you can create, uh, network segmentation. Right. And so we have some folks that are super, super far along that path and, and creating those. And we have some folks who have no network policies except the ones that get installed with our products. Right. And then we say, okay, how can we help you guys start leveraging these things and, and creating maybe just basic name, space isolation, or things like that. And then trying to push that back into more the declarative approach. >>So some of what I think we hear from, from what Connor just te teed up is that real DevSecOps requires breaking down silos between developers, operations and security, including network security teams. And so the Kubernetes paradigm requires, uh, involvement actually, in some ways, it, it forces involvement of developers in things like network policy for the SDN layer, right? You need to, you know, the application developer knows which, what kinds of communication he or she, his app or her app needs to function. So they need to define, they need to figure out those network policies. Now, some network security teams, they're not familiar with YAML, they're not necessary familiar with software development, software defined networking. So there's this whole kind of, how do we do the network security in collaboration with the engineering team? And when people, one of the things I worry about, so DevSecOps it's technology, but it's people in process too. >>Right. And one of the things I think people are very comfortable adopting vulnerability scanning early on, but they haven't yet started to think about the network security angle. This is one area that not only do we have the ability in ACS stack rocks today to recommend a network policy based on a running deployment, and then make it easy to deploy that. But we're also working to shift that left so that you can actually analyze app deployment data prior to it being deployed, generate a network policy, tested out in staging and, and kind of go from the beginning. But again, people do vulnerability analysis shift left, but they kind of tend to stop there and you need to add app config analysis, network communication analysis, and then we need appropriate security gates at deployment time. We need the right automation that helps inform the developers. Not all developers have security expertise, not all security people understand a C I C D pipeline. Right. So, so how, you know, we need the right set of information to the right people in the place they're used to working in order to really do that infinity loop. >>Do you see this as a natural progression for developers? Do they really hit a wall before, you know, uh, finding out that they need to progress in, in this, uh, methodology? Or I know >>What else? Yeah. So I think, I think initially there's like a period of transition, right? Where there's sometimes there's opinion, oh, I, I ship my application. That's what I get paid for. That's what I do. Right. <laugh> um, and, and, but since, uh, Kubernetes has basically increased the velocity of developers on top, you know, of the platform in order to just deploy their own code. And, you know, we have every, some people have commits going to production, you know, every commitment on the repo goes to production. Right. Um, and so security is even more at the forefront there. So I think initially you hit a little bit of a wall security scans in CI. You could get some failures and some pushback, but as long as these are very informative and actionable, right. Then developers always wanna do the right thing. Right. I mean, we all want to ship secure code. >>Um, and so if you can inform you, Hey, this is why we do this. Or, or here's the information about this? I think it's really important because I'm like, right, okay. Now when I'm sending my next commits, I'm like, okay, these are some constraints that I'm thinking about, and it's sort of like a mindset shift, but I think through the tooling that we like know and love, and we use on top of Kubernetes, that's the best way to kind of convey that information of, you know, honestly significantly smaller security teams than the number of developers that are really pushing all of this code. >>So let's scale out what, talk to me about the larger landscape projects like prime cube, Litner, OPPI different areas of investment in, in, in security. Talk to me about where customers are making investments. >>You wanna start with coup linter. >>Sure. So coup linter was a open source project, uh, when we were still, uh, a private company and it was really around taking some of our functionality on our product and just making it available to everyone, to basically check configuration, um, both bridging DevOps and SecOps, right? There's some things around, uh, privileged containers, right? You usually don't wanna deploy those into your environment unless you really need to, but there's other things around, okay, do I have anti affinity rules, right. Am I running, you know, you can run 10 replicas of a pod on the same node, and now your failure domain is a single node. Now you want them on different nodes, right. And so you can do a bunch of checks just around the configuration DevOps best practices. And so we've actually seen quite a bit of adoption. I think we have like almost 2000 stars on, uh, and super happy to see people just really adopt that and integrate it into their pipelines. It's a single binary. So it's been super easy for people to take it into their C I C D and just, and start running three things through it and get, uh, you know, valuable insights into, to what configurations they should change. Right. >>And then if you're, if you were asking about things like, uh, OPPA, open policy agent and OPPA gatekeeper, so one of the things happening in the community about OPPA has been around for a while. Uh, they added, you know, the OPPA gatekeeper as an admission controller for Cobe. There's also veno another open source project that is doing, uh, admission as the Kubernetes community has, uh, kind of is decided to deprecate pod security policies, um, which had a level of complexity, but is one of the key security capabilities and gates built into Kubernetes itself. Um, OpenShift is gonna continue to have security context constraints, very similar, but it prevents by default on an OpenShift cluster. Uh, not a regular user cannot deploy a privileged pod or a pod that has access to the host network. Um, and there's se Linux configuration on by default also protects against container escapes to the file system or mitigates them. >>So pod security policies were one way to ensure that kind of constraint on what the developer did. Developers might not have had awareness of what was important in terms of the level of security. And so again, the cube and tools like that can help to inform the developer in the tools they use, and then a solution like OPPA, gatekeeper, or SCCs. That's something that runs on the cluster. So if something got through the pipeline or somebody's not using one of these tools, those gates can be leveraged to ensure that the security posture of the deployment is what the organization wants and OPPA gatekeeper. You can do very complex policies with that. And >>Lastly, talk to me about Falco and Claire, about what Falco >>Falco and yep, absolutely. So, um, Falco, great runtime analysis have been and something that stack rocks leveraged early on. So >>Yeah, so yeah, we leveraged, um, some libraries from Falco. Uh, we use either an EB P F pro or a kernel module to detect runtime events. Right. And we, we primarily focus on network and process activity as, um, as angles there. And then for Claire, um, it's, it's now within red hat again, <laugh>, uh, through the acquisition of cores, but, uh, we've forked in added a bunch of things around language vulnerabilities and, and different aspects that we wanted. And, uh, and you know, we're really interested in, I think, you know, the code bases have diversion a little bit Claire's on V4. We, we were based off V2, but I think we've both added a ton of really great features. And so I'm really looking forward to actually combining all of those features and kind of building, um, you know, we have two best of best of breed scanners right now. And I'm like, okay, what can we do when we put them together? And so that's something that, uh, I'm really excited about. >>So you, you somehow are aiming at, you know, your roadmap here now putting everything together. And again, orchestrated well integrated yeah. To, to get, you know, also a simplified experience, because that could be the >>Point. Yeah. And, and as you mentioned, you know, it's sort of that, that orchestration of orchestrators, like leveraging the Kubernetes operator principle to, to deliver an app, an opinionated Kubernetes platform has, has been one of the key things we've done. And we're doing that as well for security out of the box security policies, principles based on best practices with stack rocks that can be leveraged in the community or with red hat, advanced cluster security, combining our two scanners into one clear based scanner, contributing back, contributing back to Falco all of these things. >>Well, that speaks to the complexity of open source projects. There's a lot of overlap in reconciling. That is a very difficult thing. Kirsten Connor, thank you for joining the cube Connor. You're now a cube alone. Welcome to main elite group. Great. From Valencia Spain, I'm Keith Townsend, along with en Rico senior, and you're watching the cue, the leader in high tech coverage.

>>The cube presents Koon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and CubeCon cloud native con Europe, 2022 I'm cube Townsend, along with Paul Gill, senior editor, enterprise architecture at Silicon angle. We are talking to some incredible folks this week, continuing the conversation around enabling developers to do their work. Paul you've said that this conference is about developers. What are you finding key as a theme running throughout the show >>That that developers really need a whole set of special tools. You know, it's not the end user, the end user tools, the end user access controls the authentication it's developers need a need their own to live their in their own environment. They need their own workflow tools, their own collaboration and their own security. And that's where teleport comes in. >>So speaking of teleport, we have Michael fork, chief marking our officer at teleport new world role for you. First, tell me about how long have you been at teleport now >>Going on seven or eight months now, >>Seven or eight months in this fast moving market. I'm I'm going to tell you a painful experience I've had in this new world. We've built applications. We've moved fast audits come in. The auditors have come in and they said, you know what, who authorized this change to the cluster? And we'll go into the change ticket and say, this person authorized the changes and the change ticket. And then they'll ask for trace back. Okay. Show me the change. What do it mean? Show you the changes. It just happened. >>Yeah. Check, check GitHub. >>Yeah, check GI, get, see, we, we, we, we said we were gonna make the changes, the change happen. That's not enough. What are CU, how are you helping customers solve this access control and audit problem? >>Yeah, that's a great question. There're kind of, there're kind of two, two sides to the puzzle. And actually I think that the intro hits it. Well, you you've talked about kind of developer experience needing needing tools to more efficiently do the job as a practitioner. And you're coming at it from kind of a security and compliance angle. And there's a tension between both of those teams. It's like, you know, there's, there's a tension between dev and ops before we created DevOps. There's also a tension between kind of security teams and developers. So we've created dev SecOps. What that means is you need an easy way for developers to get access, access to the resources they needed through their jobs. That's, you know, Linux hosts and databases and Kubernetes clusters and, you know, monitoring dashboards and managing all of those credentials is quite cumbersome. If I need to access a dozen systems, then you know, I'm using SSH keys to access this. >>I have admin credentials for my database. I I'm going through a VPN to access an internal dashboard, teleport, consolidates, all of that access into a single login via your identity provider, Okta active directory, but then on the security and compliance side, we make it really easy for that compliance officer. When they say, show me that change, we have all of the audit logs. That's that show exactly what changes Keith made when he logged into, into that system. And in fact, one of the booths behind here is talking about E B P F a modern way to get that kind of kernel level grade granularity. We build all of that observability into teleport to make the security and compliance teams happy. And the engineering teams a lot more productive. >>Where do the, the access control tools like Okta, you mentioned fall short. I mean, why, why is there a need for your level of, of control at the control plane? >>Yeah. When you, when you start to talk about authorization, authentication, audit at the infrastructure level, each of these technologies has its own way of managing what kind of in, in the jargon often and Ze, right? Authentication authorization. So you have SSH for, for Linux. Kubernetes has its own way of doing authorization. All of the database providers have their own way and it's quite complicated, right? It's, it's much different. So, you know, if I'm gonna access office 365 or I'm gonna a access Salesforce, right. I'm really talking about the HTTP protocol. It's relatively trivial to implement single sign on for web-based applications. But when we start talking about things that are happening at the Linux kernel level, or with Kubernetes, it's quite complicated to build those integrations. And that's where teleport extends what you have with your IDP. So for instance, Okta, lots of our customers use Okta as their identity provider, but then teleport takes those roles and applies them and enforces them at the actual infrastructure level. >>So if I'm a lay developer, I'm looking at this thinking, you know, I, I have service mesh, I've implemented link D SEO or something to that level. And I also have Ansible and Ansible has security, etcetera. What, what role, or how does that integrate to all together from a big picture perspective? >>Yeah. So >>What, one of the, kind of the meta themes at teleport is we, we like to, we like to say that we are fighting complexity cuz as we build new technologies, we tend to run the new tech on top of the old tech. Whereas for instance, when you buy a new car, you typically don't, you know, hook the old car to the back and then pull it around with you. Right? We, we replace old technology with new technology, but in infrastructure that doesn't happen as often. And so you end up with kind of layers of complexity with one protocol sitting on top of another protocol on top of another protocol. And what teleport does is for the access control plane, we, we kind of replace the legacy ways of doing authentication authorization and audit with a new modern experience. But we allow you to continue to use the existing tools. >>So we don't replace, for instance, you know, your configuration management system, you can keep using Ansible or, or salt or Jenkins, but teleport now is gonna give those, those scripts or those pipelines in identity that you can define. What, what should Ansible be able to do? Right? If, cuz people are worried about supply chain attacks, if a, if a vulnerable dependency gets introduced into your supply chain pipeline and your kind of Ansible playbook goes crazy and starts deploying that vulnerability everywhere, that's probably something you wanna limit with teleport. You can limit that with an identity, but you can still use the tools that you're, that you're used to. >>So how do I guarantee something like an ex-employee doesn't come in and, and initiate Ansible script that was sitting in the background just waiting to happen until, you know, they left. >>Yeah. Great question. It's there's kind of the, the, the great resignation that's happening. We did a survey where actually we asked the question kind of, you know, can you guarantee that X employees can no longer access your infrastructure? And shockingly like 89% of companies could not guarantee that it's like, wow, that's like that should, that should be a headline somewhere. And we actually just learned that there are on the dark web, there are people that are targeting current employees of Netflix and Uber and trying to buy credentials of those employees to the infrastructure. So it's a big problem with teleport. We solve this in a really easy, transparent way for developers. Everything that we do is based on short lift certificates. So unlike a SSH key, which exists until you decommission it, shortlist certificates by, by default expire. And if you don't reissue them based on a new login based on the identity, then, then you can't do anything. So even a stolen credential kind of the it's value decreases dramatically over time. >>So that statistic or four out of five companies can't guarantee X employees can't access infrastructure. Why is simply removing the employee from the, you know, from the L app or directory decommissioning their login credentials. Why is that not sufficient? >>Well, it, it depends on if everything is integrated into your identity provider and because of the complexities of accessing infrastructure, we know that developers are creative people. And by, by kind of by definition, they're able to create systems to make their lives easier. So one thing that we see developers doing is kind of copying an SSH key to a local notepad on, on their computer. So they essentially can take that credential out of a vault. They can put it somewhere that's easier for them to access. And if you're not rotating that credential, then I can also, you know, copy it to a, to a personal device as well. Same thing for shared admin credentials. So the, the, the issue is that those credentials are not completely managed in a unified way that enables the developer to not go around the system in order to make their lives easier. >>But rather to actually use the system, there's a, there's a market called privilege access management that a lot of enterprises are using to kind of manage credentials for their developers, but it's notoriously disruptive to developer workflows. And so developers kind of go around the system in order to make their jobs easier. What teleport does is we obviate the need to go around the system, cuz the simplest thing is just to come in in the morning, log in one time to my identity provider. And now I have access to all of my servers, all of my databases, all of my Kubernetes clusters with a short lift certificate, that's completely transparent. And does >>This apply to, to your, both your local and your cloud accounts? >>Yes. Yes, exactly. >>So as a security company, what's driving the increase in security breaches. Is it the lack of developer hygiene? Is it this ex-employee great resignation bill. Is it external intruders? What's driving security breaches today. >>Yes. >>It's you know, it's, it's all of those things. I think if I had to put, give you a one word answer, I would say complexity. The systems that we are building are just massively complex, right? Look at how many vendors there are at this show in order to make Kubernetes easy to use, to do what its promises. It's just, we're building very complex systems. When you build complex systems, there's a lot of back doors, we call it kind of a tax surface. And that's why for every new thing that we introduce, we also need to think about how do we remove old layers of the stack so that we can simplify so that we can consolidate and take advantage of the power of something like Kubernetes without introducing security vulnerabilities. >>One of the problems or challenges with security solutions is, you know, you there's this complexity versus flexibility knob that you, you need to be careful of. What's the deployment experience in integration experience for deploying teleport. >>Yeah, it's it, we built it to be cloud native to feel like any other kind of cloud native or Kubernetes like solution. So you basically, you deploy it using helm chart, you deploy it using containers and we take care of all of the auto configuration and auto update. So that it's just, it's, it's part of your stack and you manage it using the same automation that you use to manage everything else. That's a, that's a big kind of installation and developer experience. Part of it. If it's complex to use, then not only are developers not gonna use it. Operations teams are not gonna want to have to deal with it. And then you're left with doing things the old way, which is very unsatisfactory for everybody. >>How does Kubernetes change the security equation? Are there vulnerabilities? It introduces to the, to the stack that maybe companies aren't aware of >>Almost by definition. Yes. Kind of any new technology is gonna introduce new security vulnerabilities. That's the that's that is the result of the complexity, which is, there are things that you just don't know when you introduce new components. I think kind of all of the supply chain vulnerabilities are our way of looking at that, which is we have, you know, Kubernetes is itself built on a lot of dependencies. Those dependencies themselves could have security vulnerabilities. You might have a package that's maintained by one kind of hobbyist developer, but that's actually deployed across hundreds of thousands of applications across, across the internet. So again, it's about one understanding that that complexity exists and then saying, is there a way that we can kind of layer on a solution that provides a common layer to let us kind of avoid that complexity and say, okay, every critical action needs to be authorized with an identity that way if it's automated or if it's human, I have that level of assurance that a hacked Ansible pipeline is not going to be able to introduce vulnerabilities across my entire infrastructure. >>So one of the challenges for CIOs and CTOs, it's the lack of developer resources and another resulting pain point that compounds that issue is rework due to security audits is teleport a source of truth that when a auditor comes in to audit a, a, a, a C I C D pipeline that the developer or, or operations team can just say, Hey, here's, self-service get what you need. And come back to us with any questions or is there a second set of tools we have to use to get that audit and compliance reporting? >>Yeah, it's teleport can be that single source of truth. We can also integrate with your other systems so you can export all of the, what we call access logs. So every, every behavior that took place, every query that was run on a database, every, you know, curl command that was run on a Lennox, host, teleport is creating a log of that. And so you can go in and you can filter and you can view those, those actions within teleport. But we also integrate with other systems that, that people are using, you have its Splunk or Datadog or whatever other tool chain it's really important that we integrate, but you can also use teleport as that single source. So >>You can work with the observability suites that are now being >>Installed. Yeah, there, the, the wonderful thing about kind of an ecosystem like Kubernetes is there's a lot of standardization. You can pick your preferred tool, but under the hood, the protocols for taking a log and putting it in another system are standardized. And so we can integrate with any of the tools that developers are already using. >>So how big is teleport when I'm thinking about a, from a couple of things big as in what's the footprint and then from a developer operations team overhead, is this kind of a set and forget it, how much care feed and maintenance does it >>Need? So it's very lightweight. We basically have kind of two components. There's the, the access proxy that sits in front of your infrastructure. And that's what enables us to, you know, regardless of the complexity that sits across your multi data center footprint, your traditional applications, running on windows, your, your, your modern applications running on, you know, Linux and Kubernetes, we provide seamless access to all of that. And then there's an agent that runs on all of your hosts. And this is the part that can be deployed using yo helm or any other kind of cloud native deployment methodology that enables us to do the, the granular application level audit. For instance, what queries are actually being run on CockroachDB or on, on Postgres, you know, what, what CIS calls are running on Linnux kernel, very lightweight automation can be used to install, manage, upgrade all of it. And so from an operations perspective, kind of bringing in teleport shouldn't be any more complicated than running any application on a container. That's, that's the design goal and what we built for our customers. >>If I'm in a hybrid environment, I'm transitioning, I'm making the migration to teleport. Is this a team? Is this a solution that sits only on the Kubernetes cloud native side? Or is this something that I can trans transition to initially, and then migrate all of my applications to, as I transition to cloud native? >>Yeah. We, there are kind of, no, there are no cloud native dependencies for teleport. Meaning if you are, you're a hundred percent windows shop, then we support for instance, RDP. That's the way in which windows handles room access. If you have some applications that are running on Linux, we can support that as well. If you've got kind of the, you know, the complete opposite in the spectrum, you're doing everything, cloud native containers, Kubernetes, everything. We also support that. >>Well, Michael, I really appreciate you stopping by and sharing the teleport story. Security is becoming an obvious pain point for cloud native and container management. And teleport has a really good story around ensuring compliance and security from Licia Spain. I'm Keith towns, along with Paul Gillon and you're watching the cue, the, the leader, not the, the leader two, the high take tech coverage.