>>Hello everyone and welcome back to Las Vegas. I've got my jazz hands because I am very jazzed to be here at AWS Reinvent Live from the show floor all week. My name is Savannah Peterson, joined with the infamous John Farer. John, how you feeling >>After feeling great? Love? What's going on here? The vibe is a cloud, cloud native. Lot of security conversation, data, stuff we love Cloud Native, >>M I >>A L, I mean big news. Security, security, data lake. I mean, who would've thought Amazon have a security data lake? You know, e k s, I mean >>You might have with that tweet you had out >>Inside outside the containers. Reminds me, it feels like coan here. >>It honestly, and there's a lot of overlap and it's interesting that you mention CubeCon because we talked to the next company when we were in Detroit just a couple weeks ago. Teleport E is the CEO and founder F Welcome to the show. How you doing? >>I'm doing well. Thank you for having me today. >>We feel very lucky to have you. We hosted Drew who works on the product marketing side of Teleport. Yeah, we got to talk caddies and golf last time on the show. We'll talk about some of your hobbies a little bit later, but just in case someone's tuning in, unfamiliar with Teleport, you're all about identity. Give us a little bit of a pitch, >>Little bit of our pitch. Teleport is the first identity native infrastructure access platform. It's used by engineers and it's used by machines. So notice that I used very specific choice of words first identity native, what does it mean? Identity native? It consists of three things and we're writing a book about those, but I'll let you know. Stay >>Tuned on that front. >>Exactly, yes, but I can talk about 'em today. So the first component of identity, native access is moving away from secrets towards true identity. The secrets, I mean things like passwords, private keys, browser cookies, session tokens, API keys, all of these things is secrets and they make you vulnerable. The point is, as you scale, it's absolutely impossible to protect all of the seekers because they keep growing and multiplying. So the probability of you getting hacked over time is high. So you need to get rid of secrets altogether that that's the first thing that we do. We use something called True Identity. It's a combination of your biometrics as well as identity of your machines. That's tpms, HSMs, Ubikes and so on, so forth. >>Go >>Ahead. The second component is Zero Trust. Like Teleport is built to not trust the network. So every resource inside of your data center automatically gets configured as if there is no perimeter it, it's as safe as it was on the public network. So that's the second thing. Don't trust the network. And the third one is that we keep access policy in one place. So Kubernetes clusters, databases on stage, rdp, all of these protocols, the access policy will be in one place. That's identity. Okay, >>So I'm, I'm a hacker. Pretend I'm a hacker. >>Easy. That sounds, >>That sounds really good to me. Yeah, I'm supposed to tell 'em you're hacker. Okay. I can go to one place and hack that. >>I get this question a lot. The thing is, you want centralization when it comes to security, think about your house being your AWS account. Okay? Everything inside your furniture, your valuable, like you'll watch collection, like that's your data, that's your servers, paper clusters, so and so forth. Right Now I have a choice and your house is in a really bad neighborhood. Okay, that's the bad internet. Do you wanna have 20 different doors or do you want to have one? But like amazing one, extremely secure, very modern. So it's very easy for you to actually maintain it and enforce policy. So the answer is, oh, you probably need to have >>One. And so you're designing security identity from a perspective of what's best for the security posture. Exactly. Sounds like, okay, so now that's not against the conventional wisdom of the perimeter's dead, the cloud's everywhere. So in a way kind of brings perimeter concepts into the posture because you know, the old model of the firewall, the moat >>It Yeah. Just doesn't scale. >>It doesn't scale. You guys bring the different solution. How do you fit into the new perimeters dead cloud paradigm? >>So the, the way it works that if you are, if you are using Teleport to access your infrastructure, let's just use for example, like a server access perspective. Like that machine that you're accessing doesn't listen on a network if it runs in Teleport. So instead Teleport creates this trusted outbound tunnels to the proxy. So essentially you are managing devices using out going connection. It's kind of like how your phone runs. Yeah. Like your phone is actually ultimate, it's like a teleport like, like I It's >>Like teleporting into your environment. >>Yeah, well play >>Journal. But >>Think about actually like one example of an amazing company that's true Zero trust that we're all familiar with would be Apple. Because every time you get a new iOS on your phone, the how is it different from Apple running massive software deployment into enormous cloud with billions of servers sprinkle all over the world without perimeter. How is it possible That's exactly the kind of technology that Teleports >>Gives you. I'm glad you clarified. I really wanted to get that out on the table. Cuz Savannah, this is, this is the paradigm shift around what an environment is Exactly. Did the Apple example, so, okay, tell 'em about customer traction. Are people like getting it right away? Are their teams ready? Are they go, oh my god this is >>Great. Pretty much you see we kinda lucky like in a, in a, like in this business and I'm walking around looking at all these successful startups, like every single one of them has a story about launching the right thing at just the right like moment. Like in technology, like the window to launch something is extremely short. Like months. I'm literally talking months. So we built Teleport started to work on it in like 2015. It was internal project, I believe it or not, also a famous example. It's really popular like internal project, put it on GitHub and it sat there relatively unnoticed for a while and then it just like took off around 2000 >>Because people start to feel the pain. They needed it. Exactly, >>Exactly. >>Yeah. The timing. Well and And what a great way to figure out when the timing is right? When you do something like that, put it on GitHub. Yeah. >>People >>Tell you what's up >>Yeah's Like a basketball player who can just like be suspended in the air over the hoop for like half the game and then finally his score and wins >>The game. Or video gamer who's lagged, everyone else is lagging and they got the latency thing. Exactly. Thing air. Okay. Talk about the engineering side. Cause I, I like this at co con, you mentioned it at the opening of this segment that you guys are for engineers, not it >>Business people. That's right. >>Explain that. Interesting. This is super important. Explain why and why that's resonating. >>So there is this ongoing shift on more and more responsibilities going to engineers. Like remember back in the day before we even had clouds, we had people actually racking servers, sticking cables into them, cutting their fingers, like trying to get 'em in. So those were not engineers, they were different teams. Yeah. But then you had system administrators who would maintain these machines for you. Now all of these things are done with code. And when these things are done with code and with APIs, that shifts to engineers. That is what Teleport does with policy. So if you want to have a set of rules that govern who or what and when under what circumstances can access what data like on Kubernetes, on databases, on, on servers wouldn't be nice to use code for it. So then you could use like a version control and you can keep track of changes. That's what teleport enables. Traditionally it preferred more kind of clicky graphical things like clicking buttons. And so it's just a different world, different way of doing it. So essentially if you want security as code, that's what Teleport provides and naturally this language resonates with this persona. >>Love that. Security is coding. It's >>A great term. Yeah. Love it. I wanna, I wanna, >>Okay. We coined it, someone else uses it on the show. >>We borrow it >>To use credit. When did you, when did you coin that? Just now? >>No, >>I think I coined it before >>You wanted it to be a scoop. I love that. >>I wish I had this story when I, I was like a, like a poor little 14 year old kid was dreaming about security code but >>Well Dave Ante will testify that I coined data as code before anyone else but it got 10 years ago. You >>Didn't hear it this morning. Jimmy actually brought it back up. Aws, you're about startups and he's >>Whoever came up with lisp programming language that had this concept that data and code are exact same thing, >>Right? We could debate nerd lexicon all day on the cube. In fact, that could even be a segment first >>Of we do. First of all, the fact that Lisp came up on the cube is actually a milestone because Lisp is a very popular language for object-oriented >>Grandfather of everything. >>Yes, yes, grandfather. Good, good. Good catch there. Yeah, well done. >>All right. I'm gonna bring us back. I wanna ask you a question >>Talking about nerd this LIS is really >>No, I think it's great. You know how nerdy we can get here though. I mean we can just hang out in the weeds the whole time. All right. I wanna ask you a question that I asked Drew when we were in Detroit just because I think for some folks and especially the audience, they may not have as distinctive a definition as y'all do. How do you define identity? >>Oh, that's a great question. So identity as a term was, it was always used for security purposes. But most people probably use identity in the context of single signon sso. Meaning that if your company uses identity for access, which instead of having each application have an account for you, like a data entry with your first name, last name emails and your role. Yeah. You instead have a central database, let's say Okta or something like that. Yep. And then you, you use that to access everything that's kind of identity based access because there is a single source of identity. What we say is that we, that needs to be extended because it it no longer enough because that identity can be stolen. So if someone gets access to your Okta account using your credentials, then they can become you. So in order for identity to be attached to you and become your true identity, you have to rely on physical world objects. That's biometrics your facial fingerprint, like your facial print, your fingerprints as well as biometric of your machine. Like your laptops have PPM modules on it. They're absolutely unique. They cannot be cloned stolen. So that is your identity as well. So if you combine whatever is in Octa with the biker chip in this laptop and with your finger that collectively is your true identity, which cannot be stolen. So it's can't be hacked. >>And someone can take my finger like they did in the movies. >>So they would have to do that. And they would also have to They'd >>Steal your match. Exactly, exactly. Yeah. And they'd have to have your eyes >>And they have to, and you have >>Whatever the figure that far, they meant what >>They want. So that is what Drew identity is from telecom and >>Biometric. I mean it's, we're so there right now it's, it's really not an issue. It's only getting faster and better to >>Market. There is one important thing I said earlier that I want to go back to that I said that teleport is not just for engineers, it's also for machines. Cuz machines they also need the identity. So when we talk about access silos and that there are many different doors into your apartment, there are many different ways to access your data. So on the infrastructure side, machines are doing more and more. So we are offloading more and more tasks to them. That's a really good, what do machines use to access each other? Biome? They use API keys, they use private keys, they use basically passwords. Yeah. Like they're secrets and we already know that that's bad, right? Yeah. So how do you extend biometrics to machines? So this is why AWS offers cloud HSM service. HSM is secure hardware security module. That's a unique private key for the machine that is not accessible by anyone. And Teleport uses that to give identities to machines. Does do >>Customers have to enable that themselves or they have that part of a Amazon, the that >>Special. So it's available on aws. It's available actually in good old, like old bare metal machines that have HSMs on them on the motherboard. And it's optional by the way Teleport can work even if you don't have that capability. But the point is that we tried, you >>Have a biometric equivalent for the machines with >>Take advantage of it. Yeah. It's a hardware thing that you have to have and we all have it. Amazon sells it. AWS sells it to us. Yeah. And Teleport allows you to leverage that to enhance security of the infrastructure. >>So that classic hardware software play on that we're always talking about here on the cube. It's all, it's all important. I think this is really fascinating though. So I had an on the way to the show, I just enrolled in Clear and I had used a different email. I enrolled for the second time and my eyes wouldn't let me have two accounts. And this was the first time I had tried to sort of hack my own digital identity. And the girl, I think she was humoring me that was, was kindly helping me, the clear employee. But I think she could tell I was trying to mess with it and I wanted to see what would happen. I wanted to see if I could have two different accounts linked to my biometric data and I couldn't it, it picked it up right away. >>That's your true >>Identity. Yeah, my true identity. So, and forgive me cuz this is kind of just a personal question. It might be a little bit finger finger to the wind, but how, just how much more secure if you could, if you could give us a, a rating or a percentage or a a number. How much more secure is leveraging biometric data for identity than the secrets we've been using historically? >>Look, I could, I played this game with you and I can answer like infinitely more secure, right? Like but you know how security works that it all depends on implementation. So let's say you, you can deploy teleport, you can put us on your infrastructure, but if you're running, let's say like a compromised old copy of WordPress that has vulnerability, you're gonna get a hack through that angle. But >>Happens happens to my personal website all the time. You just touched Yeah, >>But the fact is that we, I I don't see how your credentials will be stolen in this system simply because your TPM on your laptop and your fingerprint, they cannot be downloaded. They like a lot of people actually ask us a slightly different question. It's almost the opposite of it. Like how can I trust you with my biometrics? When I use my fingerprint? That's my information. I don't want the company I work at to get my fingerprint people. I think it's a legit question to ask. >>Yeah. And it's >>What you, the answer to that question is your fingerprint doesn't really leave your laptop teleport doesn't see your fingerprint. What happens is when your fingerprint gets validated, it's it's your laptop is matching what's on the tpm. Basically Apple does it and then Apple simply tells teleport, yep that's F or whoever. And that's what we are really using. So when you are using this form authentication, you're not sharing your biometric with the company you work at. >>It's a machine to human confirmation first and >>Then it's it. It's basically you and the laptop agreeing that my fingerprint matches your TPM and if your laptop agrees, it's basically hardware does validation. So, and teleport simply gets that signal. >>So Ed, my final question for you is here at the show coupon, great conversations there for your company. What's your conversations here like at reinvent? Are you meeting with Amazon people, customers? What are some of the conversations? Because this is a much broader, I mean it's still technical. Yep. But you know, a lot of business kind of discussions, architectural refactoring of organizations. What are some of the things that you're talking about here with Telepo? What are, >>So I will mention maybe two trends I observed. The first one is not even security related. It's basically how like as a cloud becomes more mature, people now actually at different organizations develop their own internal ways of doing cloud properly. And they're not the same. Because when cloud was earlier, like there were this like best practices that everyone was trying to follow and there was like, there was just a maybe lack of expertise in the world and and now finding that different organizations just do things completely different. Like one, like for example, yeah, like some companies love having handful, ideally just one enormous Kubernetes cluster with a bunch of applications on it. And the other companies, they create Kubernetes clusters for different workloads and it's just like all over the map and both of them are believed that they're doing it properly. >>Great example of bringing in, that's Kubernetes with the complexity. And >>That's kind of one trend I'm noticing. And the second one is security related. Is that everyone is struggling with the access silos is that ideally every organization is dreaming about a day, but they have like one place which is which with great user experience that simply spells out this is what policy is to access this particular data. And it gets a automatically enforced by every single cloud provider, but every single application, but every single protocol, but every single resource. But we don't have that unfortunately Teleport is slowly becoming that, of course. Excuse me for plugging >>TelePro. No, no worries. >>But it is this ongoing theme that everyone is can't wait to have that single source of truth for accessing their data. >>The second person to say single source of truth on this stage in the last 24 >>Hours or nerds will love that. I >>Know I feel well, but it's all, it all comes back to that. I keep using this tab analogy, but we all want everything in one place. We don't wanna, we don't wanna have to be going all over the place and to look for >>Both. Because if it's and everything else places, it means that different teams are responsible for it. Yeah. So it becomes this kind of internal information silo as well. So you not even, >>And the risks and liabilities there, depending on who's overseeing everything. That's awesome. Right? So we have a new challenge on the cube specific to this show thing of this as your 30 minute or 30 minute that would be bold. 32nd sizzle reel, Instagram highlight. What is your hot take? Most important thing, biggest theme of the show this year. >>This year. Okay, so here's my thing. Like I want cloud to become something I want it to be. And every time I come here and I'm like, are we closer? Are we closer? So here's what I want. I want all cloud providers collectively to kind of merge. So then when we use them, it feels like we are programming one giant machine. Kind of like in the matrix, right? The movie. So like I want cloud to feel like a computer, like to have this almost intimate experience you have with your laptop. Like you can like, like do this and the laptop like performs the instructions. So, and it feels to me that we are getting closer. So like walking around here and seeing how everything works now, like on the single signon on from a security perspective, there is so that consolidation is finally happening. So it's >>The software mainframe we used to call it back in 2010. >>Yeah, yeah. Just kind of planetary scale thing. Yes. It's not the Zuckerberg that who's building metaverse, it's people here at reinvent. >>Unlimited resource for developers. Just call in. Yeah, yeah. Give me some resource, spin me up some, some compute. >>I would like alter that slightly. I would just basically go and do this and you shouldn't even worry about how it gets done. Just put instructions into this planetary mainframe and mainframe will go and figure this out. Okay. >>We gotta take blue or blue or red pill. I >>Know. I was just gonna say y'all, we are this, this, this, this segment is lit. >>We got made tricks. We got brilliant. We didn't get super cloud in here but we, we can weave that in. We got >>List. We just said it. So >>We got lisp. Oh great con, great conversation. Cloud native. >>Outstanding conversation. And thank you so much for being here. We love having teleport on the show. Obviously we hope to see you back again soon and and Drew as well. And thank all of you for tuning in this afternoon. Live from Las Vegas, Nevada, where we are hanging out at AWS Reinvent with John Furrier. I'm Savannah Peterson. This is the Cube. We are the source for high tech coverage.

>>Good afternoon, friends. My name is Savannah Peterson here in the Cube Studios live from Detroit, Michigan, where we're at Cuban and Cloud Native Foundation, Cloud Native Con all week. Our last interview of the day served me a real treat and one that I wasn't expecting. It turns out that I am in the presence of two caddies. It's a literal episode of Caddy Shack up here on Cube. John Furrier. I don't think the audience knows that you were a caddy. Tell us about your caddy days. >>I used to caddy when I was a kid at the local country club every weekend. This is amazing. Double loops every weekend. Make some bang, two bags on each shoulder. Caddying for the members where you're going. Now I'm >>On show. Just, just really impressive >>Now. Now I'm caddying for the cube where I caddy all this great content out to the audience. >>He's carrying the story of emerging brands and established companies on their cloud journey. I love it. John, well played. I don't wanna waste any more of this really wonderful individual's time, but since we now have a new trend of talking about everyone's Twitter handle here on the cube, this may be my favorite one of the day, if not Q4 so far. Drew, not reply. AKA Drew ne Drew Nielsen, excuse me, there is here with us from Teleport. Drew, thanks so much for being here. >>Oh, thanks for having me. It's great to be here. >>And so you were a caddy on a whole different level. Can you tell us >>About that? Yeah, so I was in university and I got tired after two years and didn't have a car in LA and met a pro golfer at a golf course and took two years off and traveled around caddying for him and tried to get 'em through Q School. >>This is, this is fantastic. So if you're in school and your parents are telling you to continue going to school, know that you can drop out and be a caddy and still be a very successful television personality. Like both of the gentlemen at some point. >>Well, I never said my parents like >>That decision, but we'll keep our day jobs. Yeah, exactly. And one of them is Cloud Native Security. The hottest topic here at the show. Yep. I want to get into it. You guys are doing some really cool things. Are we? We hear Zero Trust, you know, ransomware and we even, I even talked with the CEO of Dockets morning about container security issues. Sure. There's a lot going on. So you guys are in the middle of teleport. You guys have a unique solution. Tell us what you guys got going on. What do you guys do? What's the solution and what's the problem you solve? >>So Teleport is the first and only identity native infrastructure access solution in the market. So breaking that down, what that really means is identity native being the combination of secret list, getting rid of passwords, Pam Vaults, Key Vaults, Yeah. Passwords written down. Basically the number one source of breach. And 50 to 80% of breaches, depending on whose numbers you want to believe are how organizations get hacked. >>But it's not password 1 23 isn't protecting >>Cisco >>Right >>Now. Well, if you think about when you're securing infrastructure and the second component being zero trust, which assumes the network is completely insecure, right? But everything is validated. Resource to resource security is validated, You know, it assumes work from anywhere. It assumes the security comes back to that resource. And we take the combination of those two into identity, native access where we cryptographically ev, validate identity, but more importantly, we make an absolutely frictionless experience. So engineers can access infrastructure from anywhere at any time. >>I'm just flashing on my roommates, checking their little code, changing Bob login, you know, dongle essentially, and how frustrating that always was. I mean, talk about interrupting workflow was something that's obviously necessary, but >>Well, I mean, talk about frustration if I'm an engineer. Yeah, absolutely. You know, back in the day when you had these three tier monolithic applications, it was kind of simple. But now as you've got modern application development environments Yeah, multi-cloud, hybrid cloud, whatever marketing term around how you talk about this, expanding sort of disparate infrastructure. Engineers are sitting there going from system to system to machine to database to application. I mean, not even a conversation on Kubernetes yet. Yeah. And it's just, you know, every time you pull an engineer or a developer to go to a vault to pull something out, you're pulling them out for 10 minutes. Now, applications today have hundreds of systems, hundreds of microservices. I mean 30 of these a day and nine minutes, 270 minutes times 60. And they also >>Do the math. Well, there's not only that, there's also the breach from manual error. I forgot to change the password. What is that password? I left it open, I left it on >>Cognitive load. >>I mean, it's the manual piece. But even think about it, TR security has to be transparent and engineers are really smart people. And I've talked to a number of organizations who are like, yeah, we've tried to implement security solutions and they fail. Why? They're too disruptive. They're not transparent. And engineers will work their way around them. They'll write it down, they'll do a workaround, they'll backdoor it something. >>All right. So talk about how it works. But I, I mean, I'm getting the big picture here. I love this. Breaking down the silos, making engineers lives easier, more productive. Clearly the theme, everyone they want, they be gonna need. Whoever does that will win it all. How's it work? I mean, you deploying something, is it code, is it in line? It's, >>It's two binaries that you download and really it starts with the core being the identity native access proxy. Okay. So that proxy, I mean, if you look at like the zero trust principles, it all starts with a proxy. Everything connects into that proxy where all the access is gated, it's validated. And you know, from there we have an authorization engine. So we will be the single source of truth for all access across your entire infrastructure. So we bring machines, engineers, databases, applications, Kubernetes, Linux, Windows, we don't care. And we basically take that into a single architecture and single access platform that essentially secures your entire infrastructure. But more importantly, you can do audit. So for all of the organizations that are dealing with FedRAMP, pci, hipaa, we have a complete audit trail down to a YouTube style playback. >>Oh, interesting. We're we're California and ccpa. >>Oh, gdpr. >>Yeah, exactly. It, it, it's, it's a whole shebang. So I, I love, and John, maybe you've heard this term a lot more than I have, but identity native is relatively new to me as as a term. And I suspect you have a very distinct way of defining identity. How do you guys define identity internally? >>So identity is something that is cryptographically validated. It is something you have. So it's not enough. If you look at, you know, credentials today, everyone's like, Oh, I log into my computer, but that's my identity. No, it's not. Right. Those are attributes. Those are something that is secret for a period of time until you write it down. But I can't change my fingerprint. Right. And now I >>Was just >>Thinking of, well no, perfect case in point with touch ID on your meth there. Yeah. It's like when we deliver that cryptographically validated identity, we use these secure modules in like modern laptops or servers. Yeah. To store that identity so that even if you're sitting in front of your computer, you can't get to it. But more importantly, if somebody were to take that and try to be you and try to log in with your fingerprint, it's >>Not, I'm not gonna lie, I love the apple finger thing, you know, it's like, you know, space recognition, like it's really awesome. >>It save me a lot of time. I mean, even when you go through customs and they do the face scan now it actually knows who you are, which is pretty wild in the last time you wanna provide ones. But it just shifted over like maybe three months ago. Well, >>As long as no one chops your finger off like they do in the James Bond movies. >>I mean, we try and keep it a light and fluffy here on the queue, but you know, do a finger teams, we can talk about that >>Too. >>Gabby, I was thinking more minority report, >>But you >>Knows that's exactly what I, what I think of >>Hit that one outta bounds. So I gotta ask, because you said you're targeting engineers, not IT departments. What's, is that, because I in your mind it is now the engineers or what's the, is always the solution more >>Targeted? Well, if you really look at who's dealing with infrastructure on a day-to-day basis, those are DevOps individuals. Those are infrastructure teams, Those are site reliability engineering. And when it, they're the ones who are not only managing the infrastructure, but they're also dealing with the code on it and everything else. And for us, that is who is our primary customer and that's who's doing >>It. What's the biggest problem that you're solving in this use case? Because you guys are nailing it. What's the problem that your identity native solution solves? >>You know, right out of the backs we remove the number one source of breach. And that is taking passwords, secrets and, and keys off the board. That deals with most of the problem right there. But there are really two problems that organizations face. One is scaling. So as you scale, you get more secrets, you get more keys, you get all these things that is all increasing your attack vector in real time. Oh >>Yeah. Across teams locations. I can't even >>Take your pick. Yeah, it's across clouds, right? Any of it >>On-prem doesn't. >>Yeah. Any of it. We, and we allow you to scale, but do it securely and the security is transparent and your engineers will absolutely love it. What's the most important thing about this product Engineers. Absolutely. >>What are they saying? What are some of those examples? Anecdotally, pull boats out from engineering. >>You're too, we should have invent, we should have invented this ourselves. Or you know, we have run into a lot of customers who have tried to home brew this and they're like, you know, we spend an in nor not of hours on it >>And IT or they got legacy from like Microsoft or other solutions. >>Sure, yeah. Any, but a lot of 'em is just like, I wish I had done it myself. Or you know, this is what security should be. >>It makes so much sense and it gives that the team such a peace of mind. I mean, you never know when a breach is gonna come, especially >>It's peace of mind. But I think for engineers, a lot of times it deals with the security problem. Yeah. Takes it off the table so they can do their jobs. Yeah. With zero friction. Yeah. And you know, it's all about speed. It's all about velocity. You know, go fast, go fast, go fast. And that's what we enable >>Some of the benefits to them is they get to save time, focus more on, on task that they need to work on. >>Exactly. >>And get the >>Job done. And on top of it, they answer the audit and compliance mail every time it comes. >>Yeah. Why are people huge? Honestly, why are people doing this? Because, I mean, identity is just such an hard nut to crack. Everyone's got their silos, Vendors having clouds have 'em. Identity is the most fragmented thing on >>The planet. And it has been fragmented ever since my first RSA conference. >>I know. So will we ever get this do over? Is there a driver? Is there a market force? Is this the time? >>I think the move to modern applications and to multi-cloud is driving this because as those application stacks get more verticalized, you just, you cannot deal with the productivity >>Here. And of course the next big thing is super cloud and that's coming fast. Savannah, you know, You know that's Rocket. >>John is gonna be the thought leader and keyword leader of the word super cloud. >>Super Cloud is enabling super services as the cloud cast. Brian Gracely pointed out on his Sunday podcast of which if that happens, Super Cloud will enable super apps in a new architectural >>List. Please don't, and it'll be super, just don't. >>Okay. Right. So what are you guys up to next? What's the big hot spot for the company? What are you guys doing? What are you guys, What's the idea guys hiring? You put the plug in. >>You know, right now we are focused on delivering the best identity, native access platform that we can. And we will continue to support our customers that want to use Kubernetes, that want to use any different type of infrastructure. Whether that's Linux, Windows applications or databases. Wherever they are. >>Are, are your customers all of a similar DNA or are you >>No, they're all over the map. They range everything from tech companies to financial services to, you know, fractional property. >>You seem like someone everyone would need. >>Absolutely. >>And I'm not just saying that to be a really clean endorsement from the Cube, but >>If you were doing DevOps Yeah. And any type of forward-leaning shift, left engineering, you need us because we are basically making security as code a reality across your entire infrastructure. >>Love this. What about the team dna? Are you in a scale growth stage right now? What's going on? Absolutely. Sounds I was gonna say, but I feel like you would have >>To be. Yeah, we're doing, we're, we have a very positive outlook and you know, even though the economic time is what it is, we're doing very well meeting. >>How's the location? Where's the location of the headquarters now? With remote work is pretty much virtual. >>Probably. We're based in downtown Oakland, California. >>Woohoo. Bay area representing on this stage right now. >>Nice. Yeah, we have a beautiful office right in downtown Oakland and yeah, it's been great. Awesome. >>Love that. And are you hiring right now? I bet people might be. I feel like some of our cube watchers are here waiting to figure out their next big play. So love to hear that. Absolutely love to hear that. Besides Drew, not reply, if people want to join your team or say hello to you and tell you how brilliant you looked up here, or ask about your caddy days and maybe venture a guest to who that golfer may have been that you were CAD Inc. For, what are the best ways for them to get in touch with you? >>You can find me on LinkedIn. >>Great. Fantastic. John, anything else >>From you? Yeah, I mean, I just think security is paramount. This is just another example of where the innovation has to kind of break through without good identity, everything could cripple. Then you start getting into the silos and you can start getting into, you know, tracking it. You got error user errors, you got, you know, one of the biggest security risks. People just leave systems open, they don't even know it's there. So like, I mean this is just, just identity is the critical linchpin to, to solve for in security to me. And that's totally >>Agree. We even have a lot of customers who use us just to access basic cloud consoles. Yeah. >>So I was actually just gonna drive there a little bit because I think that, I'm curious, it feels like a solution for obviously complex systems and stacks, but given the utility and what sounds like an extreme ease of use, I would imagine people use this for day-to-day stuff within their, >>We have customers who use it to access their AWS consoles. We have customers who use it to access Grafana dashboards. You know, for, since we're sitting here at coupon accessing a Lens Rancher, all of the amazing DevOps tools that are out there. >>Well, I mean true. I mean, you think about all the reasons why people don't adopt this new federated approach or is because the IT guys did it and the world we're moving into, the developers are in charge. And so we're seeing the trend where developers are taking the DevOps and the data and the security teams are now starting to reset the guardrails. What's your >>Reaction to that? Well, you know, I would say that >>Over the top, >>Well I would say that you know, your DevOps teams and your infrastructure teams and your engineers, they are the new king makers. Yeah. Straight up. Full stop. >>You heard it first folks. >>And that's >>A headline right >>There. That is a headline. I mean, they are the new king makers and, but they are being forced to do it as securely as possible. And our job is really to make that as easy and as frictionless as possible. >>Awesome. >>And it sounds like you're absolutely nailing it. Drew, thank you so much for being on the show. Thanks for having today. This has been an absolute pleasure, John, as usual a joy. And thank all of you for tuning in to the Cube Live here at CU Con from Detroit, Michigan. We look forward to catching you for day two tomorrow.

>>The cube presents Koon and cloud native con Europe, 2022, brought to you by red hat, the cloud native computing foundation and its ecosystem partners. >>Welcome to Valencia Spain and CubeCon cloud native con Europe, 2022 I'm cube Townsend, along with Paul Gill, senior editor, enterprise architecture at Silicon angle. We are talking to some incredible folks this week, continuing the conversation around enabling developers to do their work. Paul you've said that this conference is about developers. What are you finding key as a theme running throughout the show >>That that developers really need a whole set of special tools. You know, it's not the end user, the end user tools, the end user access controls the authentication it's developers need a need their own to live their in their own environment. They need their own workflow tools, their own collaboration and their own security. And that's where teleport comes in. >>So speaking of teleport, we have Michael fork, chief marking our officer at teleport new world role for you. First, tell me about how long have you been at teleport now >>Going on seven or eight months now, >>Seven or eight months in this fast moving market. I'm I'm going to tell you a painful experience I've had in this new world. We've built applications. We've moved fast audits come in. The auditors have come in and they said, you know what, who authorized this change to the cluster? And we'll go into the change ticket and say, this person authorized the changes and the change ticket. And then they'll ask for trace back. Okay. Show me the change. What do it mean? Show you the changes. It just happened. >>Yeah. Check, check GitHub. >>Yeah, check GI, get, see, we, we, we, we said we were gonna make the changes, the change happen. That's not enough. What are CU, how are you helping customers solve this access control and audit problem? >>Yeah, that's a great question. There're kind of, there're kind of two, two sides to the puzzle. And actually I think that the intro hits it. Well, you you've talked about kind of developer experience needing needing tools to more efficiently do the job as a practitioner. And you're coming at it from kind of a security and compliance angle. And there's a tension between both of those teams. It's like, you know, there's, there's a tension between dev and ops before we created DevOps. There's also a tension between kind of security teams and developers. So we've created dev SecOps. What that means is you need an easy way for developers to get access, access to the resources they needed through their jobs. That's, you know, Linux hosts and databases and Kubernetes clusters and, you know, monitoring dashboards and managing all of those credentials is quite cumbersome. If I need to access a dozen systems, then you know, I'm using SSH keys to access this. >>I have admin credentials for my database. I I'm going through a VPN to access an internal dashboard, teleport, consolidates, all of that access into a single login via your identity provider, Okta active directory, but then on the security and compliance side, we make it really easy for that compliance officer. When they say, show me that change, we have all of the audit logs. That's that show exactly what changes Keith made when he logged into, into that system. And in fact, one of the booths behind here is talking about E B P F a modern way to get that kind of kernel level grade granularity. We build all of that observability into teleport to make the security and compliance teams happy. And the engineering teams a lot more productive. >>Where do the, the access control tools like Okta, you mentioned fall short. I mean, why, why is there a need for your level of, of control at the control plane? >>Yeah. When you, when you start to talk about authorization, authentication, audit at the infrastructure level, each of these technologies has its own way of managing what kind of in, in the jargon often and Ze, right? Authentication authorization. So you have SSH for, for Linux. Kubernetes has its own way of doing authorization. All of the database providers have their own way and it's quite complicated, right? It's, it's much different. So, you know, if I'm gonna access office 365 or I'm gonna a access Salesforce, right. I'm really talking about the HTTP protocol. It's relatively trivial to implement single sign on for web-based applications. But when we start talking about things that are happening at the Linux kernel level, or with Kubernetes, it's quite complicated to build those integrations. And that's where teleport extends what you have with your IDP. So for instance, Okta, lots of our customers use Okta as their identity provider, but then teleport takes those roles and applies them and enforces them at the actual infrastructure level. >>So if I'm a lay developer, I'm looking at this thinking, you know, I, I have service mesh, I've implemented link D SEO or something to that level. And I also have Ansible and Ansible has security, etcetera. What, what role, or how does that integrate to all together from a big picture perspective? >>Yeah. So >>What, one of the, kind of the meta themes at teleport is we, we like to, we like to say that we are fighting complexity cuz as we build new technologies, we tend to run the new tech on top of the old tech. Whereas for instance, when you buy a new car, you typically don't, you know, hook the old car to the back and then pull it around with you. Right? We, we replace old technology with new technology, but in infrastructure that doesn't happen as often. And so you end up with kind of layers of complexity with one protocol sitting on top of another protocol on top of another protocol. And what teleport does is for the access control plane, we, we kind of replace the legacy ways of doing authentication authorization and audit with a new modern experience. But we allow you to continue to use the existing tools. >>So we don't replace, for instance, you know, your configuration management system, you can keep using Ansible or, or salt or Jenkins, but teleport now is gonna give those, those scripts or those pipelines in identity that you can define. What, what should Ansible be able to do? Right? If, cuz people are worried about supply chain attacks, if a, if a vulnerable dependency gets introduced into your supply chain pipeline and your kind of Ansible playbook goes crazy and starts deploying that vulnerability everywhere, that's probably something you wanna limit with teleport. You can limit that with an identity, but you can still use the tools that you're, that you're used to. >>So how do I guarantee something like an ex-employee doesn't come in and, and initiate Ansible script that was sitting in the background just waiting to happen until, you know, they left. >>Yeah. Great question. It's there's kind of the, the, the great resignation that's happening. We did a survey where actually we asked the question kind of, you know, can you guarantee that X employees can no longer access your infrastructure? And shockingly like 89% of companies could not guarantee that it's like, wow, that's like that should, that should be a headline somewhere. And we actually just learned that there are on the dark web, there are people that are targeting current employees of Netflix and Uber and trying to buy credentials of those employees to the infrastructure. So it's a big problem with teleport. We solve this in a really easy, transparent way for developers. Everything that we do is based on short lift certificates. So unlike a SSH key, which exists until you decommission it, shortlist certificates by, by default expire. And if you don't reissue them based on a new login based on the identity, then, then you can't do anything. So even a stolen credential kind of the it's value decreases dramatically over time. >>So that statistic or four out of five companies can't guarantee X employees can't access infrastructure. Why is simply removing the employee from the, you know, from the L app or directory decommissioning their login credentials. Why is that not sufficient? >>Well, it, it depends on if everything is integrated into your identity provider and because of the complexities of accessing infrastructure, we know that developers are creative people. And by, by kind of by definition, they're able to create systems to make their lives easier. So one thing that we see developers doing is kind of copying an SSH key to a local notepad on, on their computer. So they essentially can take that credential out of a vault. They can put it somewhere that's easier for them to access. And if you're not rotating that credential, then I can also, you know, copy it to a, to a personal device as well. Same thing for shared admin credentials. So the, the, the issue is that those credentials are not completely managed in a unified way that enables the developer to not go around the system in order to make their lives easier. >>But rather to actually use the system, there's a, there's a market called privilege access management that a lot of enterprises are using to kind of manage credentials for their developers, but it's notoriously disruptive to developer workflows. And so developers kind of go around the system in order to make their jobs easier. What teleport does is we obviate the need to go around the system, cuz the simplest thing is just to come in in the morning, log in one time to my identity provider. And now I have access to all of my servers, all of my databases, all of my Kubernetes clusters with a short lift certificate, that's completely transparent. And does >>This apply to, to your, both your local and your cloud accounts? >>Yes. Yes, exactly. >>So as a security company, what's driving the increase in security breaches. Is it the lack of developer hygiene? Is it this ex-employee great resignation bill. Is it external intruders? What's driving security breaches today. >>Yes. >>It's you know, it's, it's all of those things. I think if I had to put, give you a one word answer, I would say complexity. The systems that we are building are just massively complex, right? Look at how many vendors there are at this show in order to make Kubernetes easy to use, to do what its promises. It's just, we're building very complex systems. When you build complex systems, there's a lot of back doors, we call it kind of a tax surface. And that's why for every new thing that we introduce, we also need to think about how do we remove old layers of the stack so that we can simplify so that we can consolidate and take advantage of the power of something like Kubernetes without introducing security vulnerabilities. >>One of the problems or challenges with security solutions is, you know, you there's this complexity versus flexibility knob that you, you need to be careful of. What's the deployment experience in integration experience for deploying teleport. >>Yeah, it's it, we built it to be cloud native to feel like any other kind of cloud native or Kubernetes like solution. So you basically, you deploy it using helm chart, you deploy it using containers and we take care of all of the auto configuration and auto update. So that it's just, it's, it's part of your stack and you manage it using the same automation that you use to manage everything else. That's a, that's a big kind of installation and developer experience. Part of it. If it's complex to use, then not only are developers not gonna use it. Operations teams are not gonna want to have to deal with it. And then you're left with doing things the old way, which is very unsatisfactory for everybody. >>How does Kubernetes change the security equation? Are there vulnerabilities? It introduces to the, to the stack that maybe companies aren't aware of >>Almost by definition. Yes. Kind of any new technology is gonna introduce new security vulnerabilities. That's the that's that is the result of the complexity, which is, there are things that you just don't know when you introduce new components. I think kind of all of the supply chain vulnerabilities are our way of looking at that, which is we have, you know, Kubernetes is itself built on a lot of dependencies. Those dependencies themselves could have security vulnerabilities. You might have a package that's maintained by one kind of hobbyist developer, but that's actually deployed across hundreds of thousands of applications across, across the internet. So again, it's about one understanding that that complexity exists and then saying, is there a way that we can kind of layer on a solution that provides a common layer to let us kind of avoid that complexity and say, okay, every critical action needs to be authorized with an identity that way if it's automated or if it's human, I have that level of assurance that a hacked Ansible pipeline is not going to be able to introduce vulnerabilities across my entire infrastructure. >>So one of the challenges for CIOs and CTOs, it's the lack of developer resources and another resulting pain point that compounds that issue is rework due to security audits is teleport a source of truth that when a auditor comes in to audit a, a, a, a C I C D pipeline that the developer or, or operations team can just say, Hey, here's, self-service get what you need. And come back to us with any questions or is there a second set of tools we have to use to get that audit and compliance reporting? >>Yeah, it's teleport can be that single source of truth. We can also integrate with your other systems so you can export all of the, what we call access logs. So every, every behavior that took place, every query that was run on a database, every, you know, curl command that was run on a Lennox, host, teleport is creating a log of that. And so you can go in and you can filter and you can view those, those actions within teleport. But we also integrate with other systems that, that people are using, you have its Splunk or Datadog or whatever other tool chain it's really important that we integrate, but you can also use teleport as that single source. So >>You can work with the observability suites that are now being >>Installed. Yeah, there, the, the wonderful thing about kind of an ecosystem like Kubernetes is there's a lot of standardization. You can pick your preferred tool, but under the hood, the protocols for taking a log and putting it in another system are standardized. And so we can integrate with any of the tools that developers are already using. >>So how big is teleport when I'm thinking about a, from a couple of things big as in what's the footprint and then from a developer operations team overhead, is this kind of a set and forget it, how much care feed and maintenance does it >>Need? So it's very lightweight. We basically have kind of two components. There's the, the access proxy that sits in front of your infrastructure. And that's what enables us to, you know, regardless of the complexity that sits across your multi data center footprint, your traditional applications, running on windows, your, your, your modern applications running on, you know, Linux and Kubernetes, we provide seamless access to all of that. And then there's an agent that runs on all of your hosts. And this is the part that can be deployed using yo helm or any other kind of cloud native deployment methodology that enables us to do the, the granular application level audit. For instance, what queries are actually being run on CockroachDB or on, on Postgres, you know, what, what CIS calls are running on Linnux kernel, very lightweight automation can be used to install, manage, upgrade all of it. And so from an operations perspective, kind of bringing in teleport shouldn't be any more complicated than running any application on a container. That's, that's the design goal and what we built for our customers. >>If I'm in a hybrid environment, I'm transitioning, I'm making the migration to teleport. Is this a team? Is this a solution that sits only on the Kubernetes cloud native side? Or is this something that I can trans transition to initially, and then migrate all of my applications to, as I transition to cloud native? >>Yeah. We, there are kind of, no, there are no cloud native dependencies for teleport. Meaning if you are, you're a hundred percent windows shop, then we support for instance, RDP. That's the way in which windows handles room access. If you have some applications that are running on Linux, we can support that as well. If you've got kind of the, you know, the complete opposite in the spectrum, you're doing everything, cloud native containers, Kubernetes, everything. We also support that. >>Well, Michael, I really appreciate you stopping by and sharing the teleport story. Security is becoming an obvious pain point for cloud native and container management. And teleport has a really good story around ensuring compliance and security from Licia Spain. I'm Keith towns, along with Paul Gillon and you're watching the cue, the, the leader, not the, the leader two, the high take tech coverage.