►
From YouTube: OpenShift Operator Hour: Partner Chat with Zettaset: Data - Protecting Data in OpenShift
Description
In this monthly series, learn how Red Hat weaves together DevOps and Security to master the force called DevSecOps. This show brings you Red Hat products and our security ecosystem partners to aid in your journey. [July] is [Data] month! In this episode, [Protecting Data in OpenShift Environments, you’ll see how you can keep data protected at-rest or in-motion in real time]. Bring your lightsaber and be prepared to train hard... may the DevSecOps be with you!
A
A
And
and
and
we're
rolling
hello
and
happy
wednesday
to
everybody
out
there,
my
name
is
michael
wait.
This
is
the
open
shift.
Commons
briefings,
operator
hours
show
this
week.
We
are
fortunate
enough
to
have
with
us
two
really
fantastic
people
from
our
good
friends
at
zettaset,
so
we've
got
tim
riley
who's,
the
chief
executive
officer
of
zetta
set
and
maxim
jankovitsky.
A
B
A
C
A
They
said
they
said
yesterday
I
was
driving
home
from
getting
some
some
food
for
my
chickens
at
the
at
the
grain
store
and
I
looked
at
the
moon
and
it
was
orange
and
I
haven't
seen
an
orange
moon.
Probably
since
the
last
time
there
were
a
huge
fire,
so
I
guess
I
guess
the
smoke
from
all
these
fires
is
all
the
way
out
here
up
in
the
in
the
stratosphere
and
making
the
moon
orange.
It
is
crazy.
A
Exciting,
but
talk
about
exciting,
I'm
excited
to
have
you
guys
on
here.
You
know:
zettaset
is
one
of
our
software
partners
that
we
work
with
on
a
regular
basis.
You
folks
have
a
a
really
important
security
play.
That's
super
important
for
our
our
joint
customers,
who
are
looking
to
modernize
their
it
infrastructure
running
you
know,
openshift
and
kubernetes
to
to
you,
know,
try
and
get
their
business
apps
into
multi-cloud
environments.
A
Tell
us
a
little
bit
about
zettaset
it
it
it.
It's
kind
of
an
interesting
name
can
probably
be
misinterpreted
a
little
bit
based
on
the
name,
I
think
tim.
When
we
were
talking
the
other
day,
you
were
kind
of
explaining
to
me
some
of
the
some
of
the
rationale
behind
the
name.
Why
don't
you
share
that
with
everyone
here.
C
Yeah
thanks
it
zetta
said
when
we
in
the
first
iteration
of
zetaset,
we
were
dealing
with
hadoop,
another
open
source
and
wrapping
our
security
around
that
and
what
we
decided
was.
We
would
show
that
we
can
deal
with
encryption
and
security
around
zettabytes
of
data
and
a
data
set,
so
you
can
see
it
fused
together
and
we
became
zetta
set,
not
zeta
set
zetta
said
I
know
some
people
tend
to
do
that
and
I
believe
that's
a
trillion
gigabytes.
So
it's
a
lot
of
it's
a
lot
of
data.
A
A
C
We
really
pivoted
the
company
about
two
years
ago
and
really
started
to
focus
on
what
we
saw
as
the
future,
which
is
devsecops
where
we
needed
to
migrate
everyone-
and
I
think,
that's
probably
when
that
whole
industry
was
starting
to
gain
steam,
but
we
also
realized
there
was
a
legacy
that
still
needed
encryption
and
any
way
we
can
help
rel
and
that
make
lux
better.
We
want
to
help
there
as
well.
So
when
it
comes
to
red
hat,
we
have
embraced
you
guys
as
great
partners.
You've
been
just
as
supportive
to
us.
C
We
just
got
partner
of
the
year
very
excited
about
that,
and
it's
been
a
journey
of
understanding
how
best
to
protect
data.
I
think
that
changes,
it
seems
like
it
changes
every
other
day,
especially
with
the
headlines
that
we
have
now
and
we
at
zetta
said,
look
at
it
and
say
how
can
we
help
protect
the
data?
We
know.
C
The
only
piece
we're
not
the
end-all
be-all,
but
we
are,
I
would
say,
the
next
generation
of
data
protection,
that,
with
the
other
pieces
of
security,
will
help
extend
openshift
will
help
have
devops
turn
into
devsecops,
will
hopefully
help
more
production
environments
and,
at
the
same
time,
we
can
still
leverage
our
technology
with
a
good,
old-fashioned
rel
and
help
nodes
further
reach
out
to
the
edge
or
off
the
planet.
If
we've
heard
a
couple
different
ones
about
that
too,
but
very
excited
to
be
the
future
of
data
protection.
A
C
Yeah
correct
it's
l-u-k-s,
yes,
and
for
those
of
you
maximum,
if
I
get
it
right
linux,
is
it
unified,
key
services,
service
setup
all
right,
give
me
three
out
of
four:
that's
pretty
good
yep
mike.
If
I
may,
a
lot
of
people
ask
because
this
is
one
of
the
fundamental
pieces
that
goes
from
rel
to
openshift
and
how
we
really
help
protect
the
data
and
what,
over
the
years,
we've
heard.
Well,
you
guys
just
replacing
lux.
I
mean
lux
comes
with
rel.
C
B
A
B
Yeah
I
I
started
in
silicon
valley
in
1996
working
on
enterprise
databases
in
2004.
I
was
interviewed
and
invited
to
join
a
company
called
ingrian
networks
where
we
built
and
designed
and
built
enterprise.
Key
managers-
hardware
based
at
the
time.
Encryption
and
key
management
were
just
ramping
up
and
it
was
all
hardware
based
because
performance
impact
was
pretty
dramatic.
B
So
we
built
that
ingredient
later
that
acquired
by
safenet
a
couple
years
into
my
safenet
tenure.
I
got
a
call
from
my
old
faucet
in
ingrid
and
said
we
have
this
exciting
company
focusing
on
hadoop
and
big
data
and
if
you've
driven
highway
101
north
through
the
silicon
valley,
you
probably
saw
a
hadoop
billboard
saying
is
gonna
the
the
little
white
elephant
is
gonna,
take
over
the
big
data
market
and
so
come
over
and
and
hadoop
is
a
core
to
deploy
we're
trying
to
make
it
enterprise
we're
trying
to
make
it
human-friendly.
B
So
november
2012
it's
been
a
while,
as
team
said,
with
people
at
the
company,
we
focused
on
encryption
for
legacy
environment
and,
more
recently
for
the
devsecops
and
microservice
oriented
environments,
and
you
know,
what's
better
to
run
microservices
than
than
kubernetes
and
android
had
openshift
until
we
started
we're
we're
kind
of
in
that
in
that
space.
Right
now,.
B
A
C
No,
no
problem
yep,
I
I
just
I
love
how
brilliant
he
is.
So
I
jumped
right
over
that,
but
you're,
absolutely
right,
I'm
the
guy.
That
knows
it,
and
everyone
should
know
how
smart
he's
right
to
the
point
of
when
we
I
want
to
just
make
a
point
about
hadoop,
because
it
was
open
source
and
then
the
other
guys
put
a
wrap
around
it.
Like
a
cloud
era
like
a
hortonworks
and
we
were
going
to
put
encryption
on
it.
C
Pan
out-
and
we
all
know
it
just
didn't
pan
out
well
in
version
2.0,
so
we
are
doing
open
source
with
another
enterprise
company.
That
company
just
happens
to
be
called
red
hat
and
I
think,
there's
a
better
breadth
of
integration,
a
more
of
a
value
prop
and
just
how
we
can
help
red
hat
grow,
how
we
can
protect
data
in
red
hat
environments,
openshift
and
rel.
Now
I
say
that,
and
everybody
will
tell
you
well
there's
open
source
answers
to
data
protection.
C
B
You
think
encryption,
you
start
thinking.
Key
management
logs
brings
super
basic.
Well,
I
wouldn't
even
call
it
key
management.
It
brings
an
ability
to
pass
keys
over
to
dm
crypt.
So
you
have
an
encryption
system.
You
have
the
key
management
quarter.
Code
system
in
the
form
of
blocks
and
locks
can
pass
the
keys
over
to
jam
creep.
Well.
This
is
all
great.
If
I'm
encrypting
a
laptop,
this
is
variable.
B
If
an
encryption
is
server,
if
I
run
a
server
farm
or
or
a
5g,
you
know
set
of
micro
data
centers
and
I
need
to
protect
them.
I
need
to
establish
some
blocks
passwords.
How
am
I
going
to
reboot
the
server
ever?
Am
I
going
to
have
to
work
around
the
building
and
you
know
type
in
the
password
every
time
logs
boots?
B
There
are
tools
for
that,
but
the
point
is:
don't
keep
the
keys
next
to
the
data,
make
the
system
manageable
and
understand
that
in
no
scenario
that
it
will
be
a
standalone
server,
it'll
always
be
hundreds,
if
not
thousands,
if
not
tens
of
thousands
of
servers.
This
is
where
zetas
actually
brings
value
to
lots
kind
of
like
what
redhead
does
to
linux
is
to
make
it
manageable
to
make
it
scalable
and
to
make
it
run
in
in
an
enterprise.
That's
what
we
do
to
lots
to
make
it
manageable
and
we'll
make
it
scale.
C
A
A
It
was
like
in
a
cardboard
box,
it
was
in
in
retail
stores
and
we
were
selling
mouse
pads
and
t-shirts,
and-
and
you
know
we
we
actually
red
hat-
wanted
to
figure
out
how
to
build
an
enterprise
business
model
around
all
this
momentum.
This
this
great,
you
know,
as
maximum
said
you
know
all
these
people
bringing
little
pieces
together
to
try
and
put
together
an
airplane,
and
you
know
so.
We
we
ended
up
starting
an
office
here
in
massachusetts,
which
was
our
enterprise
engineering
office.
B
A
Hat
advanced
strawberry.
Remember
it
well
yeah
advanced
server
2.1.
We
made
the
decision
to
call
it
2.1,
because
no
one
was
going
to
buy
version,
1.0
right
and
anyways
it
was
it
was.
It
was
interesting
because
you
know
you
fast,
like
I
used
to
get
on
an
airplane.
I
was
a
sales
engineer
and
you
know
you
sit
on
an
airplane
and
I'm
I
talk
to
people,
you
know
I'm
like
hey.
What
do
you
do?
Hey
I'm
like?
Oh,
I
work
for
red
hat
and
they
were
like.
What's
that
you
know.
B
A
It
was
it's
really
weird
when
I
get
on
an
airplane
these
days
and
like
what
you
know
who
do
you
work
for
I'm
like
I
work
for
red
hat,
you
know
and
they're
like
oh,
the
linux
company,
I'm
like
well,
not
just
the
linux
company.
That's
you
know
we're
now
we're
now
a
cloud
vendor.
We
have
openstack,
we
open
shift,
we
have
answer
all,
but
we
certainly
do
have
a
strong
reputation
as
being
the
linux
company,
which,
I
guess
I
guess
is,
is
a
good
thing.
A
So,
if
you
folks
are
the
red
hat
of
security,
then
I
think
that's
also
a
great
thing
and,
and
hopefully
together,
you
know
when
people
use
zeta
set
with
openshift
and
and
other
you
know,
red
hat
platforms,
we'll
stop
a
lot
of
these
security
breaches
that
are
shutting
down
pipelines
all
over
the
country.
I
I
want
to
get
to
that
for
sure.
But
can
you
tell
us
about
your
technology?
So
zetta
sets
the
company
right.
We
know
who
two
of
the
executives
are
here
right
here
with
tim
and
maxim.
A
C
We
use
xcrypt
xcr
ypt
and
it
is
an
encryption
platform,
the
x-crypt
encryption
platform
and
within
that
we
have
the
management
console
and
we
have
a
monitoring
ability
and
we
then
have
all
the
various
modules
within
it.
They
all
work
together
and
we
also
have
a
virtual
key
manager
that
can
exchange
the
keys
back
and
forth,
and
the
management
console
can
track
that.
B
We
had
this
interesting
conversation
some
time
ago,
where
we
said
we
keep
saying
encrypt
everything
right,
encrypt
everything
and
create
data
in
all
of
your
environments,
and
then
we
sat
down
and
thought.
Well,
if
you
encrypt
everything
how
in
the
world,
do
you
manage
that
now
that
you've
encrypted
everything
now
you've
encrypted
your
servers,
your
containers,
your
openshift
clusters,
your
5g
mini
micro
data
centers?
How
do
you
manage
all
of
those-
and
I
don't
just
mean
key
management?
C
We've
got
a
full
stack
of
integration
across
a
lot
of
the
different
red
hat
offerings
with
ceph
with
the
openshift
platform.
I
believe
you
guys
now
call
it
the
data
foundation,
it's
no
longer
a
storage
container,
but
again
just
to
say
there.
We
understand
that
our
platform
needs
to
have
all
the
different
features
and
pieces
that
touch
everything
within
red
hat
and
we
feel,
like
we've,
really
come
a
long
way
with
the
partnership
to
get
there.
A
B
A
No,
no,
he
he
was.
He
was
in
charge
of
red
hat
satellite,
the
red
it
was
called
the
red
hat
network
and
satellite
was
the
the
product,
but
christian
gaffton.
Anyone
can
probably
look
him
up.
I
don't
know
where
he
is
these
days,
but
the
guy
was
absolutely
brilliant,
but
it
is.
It
is
interesting
that
you
bring
it
up
because
it's
one
thing
to
go
ahead
and
you
know
deploy
linux.
It's
one
thing
to
go
ahead
and
deploy
openshift.
A
It's
one
thing
to
say
we're
on
board
with
you
know:
hybrid,
you
know
multi-cloud,
but
if
you
can't
manage
it
on
day
two
then
you're
never
gonna
go
into
production,
you're,
never
gonna
be
successful
and
you
know
containers
are
great,
but
containers
are
getting
smaller
and
smaller
and
smaller
and
smaller,
and
moving
towards
microservices
and
tens
of
thousands
and
millions
of
of
applications
all
standing
up
and
shutting
down.
You
know
that's
why
there's
companies
out
there
that
have
you
know
service
mesh
tools
to
help
manage.
A
You
know
how
you
manage
the
management
of
containers,
so
I
would
imagine
that
you
know
you
folks
just
must
be
ripping
your
hair
out.
I
know
clearly
I
have
been
about
how
do
you
secure
an
environment
where
customers
are
going
whole
hog
into
embracing
microservices
and
cloud
native
everything?
It's
just
got
to
be
an
absolute
goat,
rodeo.
B
The
key
point
here
is
that
you
kind
of
got
to
start
fresh
when
you
take
your
legacy
application,
and
you
say
I'm
gonna
make
it
run
on
kubernetes,
hopefully,
and
it's
my
strong
hope
and
strong
belief
and
an
advice
to
whoever
asks,
don't
take
your
legacy,
application
and
drop
it
into
kubernetes
cluster
and
think
that
it'll
just
run
and
run
better.
Just
because
kubernetes
does
all
these
wonderful
things
there's
a
great
picture
about
kubernetes,
where
there's
this
little
cute
thing
above
the
water
that
says.
B
Oh,
this
is
the
best
way
to
run
microservices
and
there's
a
huge
monster
underneath
the
waterline
that
has
all
this.
You
know
service
meshes
networking
container
runtime,
all
these
50
different
components
that
kubernetes
makes
seamless,
which
is
great,
but
you
still
have
to
remember
that
in
order
to
take
advantage
of
all
this,
you
have
to
essentially
re-architect
your
app
to
be
microservice
aware
and
to
run
microservices.
This
is
this
is
so
very
true
about
security
and
data
protection
as
well.
You
cannot
carry
your
data
protection
legacy.
B
That
said,
you
know
in
greek
servers
encrypt
vms.
You
cannot
take
this
legacy
products
and
carry
it
into
the
kubernetes
and
open
shift
environments
and
just
say:
yeah
kubernetes
basically
runs
on
unix
servers,
so
legends
and
creeps.
Let's
just
encrypt
unix
servers
and
we're
done
well
we're
not
done
you
have
an
illusion.
You
have
the
worst
possible
thing
in
that
case,
because
what
you
do
have
is
an
illusion
of
security,
illusion
of
data
protection
because
you're
writing
solutions
which
are
not
container
aware.
B
So
what
you
don't
want
to
see
happen
is
one
little
tenant
compromises
one
little
container
and
that
exposes
the
entire
openshift
cluster
or
set
of
clusters
to
malicious
user.
That's
why?
Just
as
you
re-architect
your
applications
to
run
microservices,
you
have
to
think
security
first
and
re-architect
your
security
approach
to
be
a
microservices
aware,
kubernetes,
aware
and
aware
of
this
containerized
application.
That's
that's
the
approach
we've
taken
in
satisfied.
We
didn't
carry
our
legacy.
C
And
mike,
if
I
just
very
high
with
new
technology,
you
have
to
follow
it
with
new
security.
You
can't
continue
the
old
way.
Like
he's
saying
you
have
to
re-architect
everything
and
what
we've
seen
is
all
right.
You're
going
to
come
across
the
folks
who,
like
you
said,
you
pull
your
hair
out
because
they
just
ported
what
they
have
done
into
this
new
environment
and
even
in
those
we
understand
that
is
the
world
right.
C
You're
gonna
have
that,
so
our
products
are
able
to
encrypt
the
data
in
place
where
we
understand
not
everybody's
gonna
jump
in
the
right
way.
So,
yes,
we're
going
to
say:
okay,
here's
the
way
that
you
should
do
it
and
here's
a
partner,
open
shift
that
you
can
put
in
but
for
right
now
do
our
security.
If
you
want
to
then
walk
out
as
you
turn
your
the
turret
into
where
you
should
be
with
the
proper
devops
with
the
proper
devsecops,
we
can
go
hand
in
hand
with
openshift
to
push
that
out
flip
it.
C
Maybe
openshift
is
there
already
and
then
you
hit
a
limit
on
deployment
where
you
have
10
000
nodes
that
you
want
to
put
out
in
micro
data
centers,
which
happen
to
be
5g
you're.
If
you're
in
europe
gdpr,
they
say
yeah,
you
can't
put
it
out
at
the
edge.
You
can't
store
data
out
there
because
it
needs
to
be
encrypted.
It's
got
to
be
encrypted,
so
at
that
point
you
say
again:
do
I
use
some
old
technology
to
do
this
in
a
new
environment?
C
C
A
C
C
A
C
C
C
Yeah,
it's
probably
in
our
office,
I
was
maxim,
could
go,
run
over
and
get
it
but
yeah.
We
were
just
very
proud
and
I
wanted
to
tell
our
whole
team.
Thank
you
for
all
the
the
great
efforts
you
put
in
it's
a
great
product.
We,
you
guys
helped
get
us
here
and
thank
you
for
all
the
support
on
the
partner
side
as
well.
A
Well,
you
know
we're
not
just
doing
this
randomly
because
we
were
like
someone
from
z.
You
know
your
admin
from
zetaset
reached
out
to
us
and
said:
hey
can
we
have
tim
and
maximo
in
your
tv
show?
I
mean
there's
a
reason
why
we're
doing
this
right?
My
team
works
with
third-party
software
vendors
to
make
sure
that
the
the
technologies
are
tested
and
red
hat
certified
and
published
in
our
container
registry
and
they're
available
in
the
red
hat
marketplace
and
the
operators
are
actually
built.
A
You
know
we're
talking
about
application,
orchestration
and
ripping
your
hair
out.
You
know
having
a
red
hat
certified
operator
for
those
products
which
run
with
openshift,
allow
for
the
true
ability
to
deploy
once
and
run
anywhere
right,
so
you
can
put
open
shift
in
in
amazon.
You
can
put
open
shift
in
azure.
You
can
put
open
shift
in
in
the
data
center
and
it'll
all
just
work,
because
the
operators
help
with
that
orchestration
for
day
two.
A
So
I
wanted
to
point
that
out
that
we're
not
we
didn't
just
randomly
select
zettaset
to
be
here.
You
guys
are
here
for
a
reason
and
and
at
the
the
end
goal
of
this
is
to
make
you
know
things
better
for
our
customers.
Right,
I
mean
we.
We
need
to
do
that
in
in
good
faith,
so
we
are
live
on
youtube
right
now.
We're
live
on
facebook.
A
C
I'd
like
to
say
this,
because
you're
absolutely
right
about
the
part,
while
we're
hopefully
waiting
for
these
stack
of
questions,
but
when
it
came
to
partnering
with
you
guys,
you're
absolutely
right,
there
was
no
admin
that
just
called
us
or
anything
like
that.
In
fact,
we
were
chosen
and
I
presented
a
gov
loop
back
in
november.
It
was
a
great
talk
about
the
joint
attack
development
and
the
jagd.
C
2C
is
the
initiatives
that
the
department
of
defense
has
to
bring
everything
together
in
data
share
and
to
use
openshift
to
do
that
and
for
us
to
encrypt
and
protect
the
data.
Then,
to
your
point,
in
the
partner
conference
that
was
in
january,
we
presented
I
presented
co-presented
and
with
a
healthcare
integrator
that
we
had
opioid
crisis
and
we
needed
to
share,
and
the
use
case
was
simple:
it
was
you
have
the
health
care
provider,
you
have
law
enforcement,
you
have
social
civilian
agencies
and
there's
a
wealth
of
reports.
C
That'll
say
you
can
better
help
a
human
being
get
off
of
this
horrible
addiction
if
they
all
can
share
data
and
work
as
a
unit
to
help
a
person
and
to
do
that.
Unfortunately,
there's
so
many
regs
that
you
can't
and
they've
had
many
conferences
saying
how
do
we
get
over
this
well
openshift
with
managing
containers
helps
and
with
those
containers
touching
all
that
data
if
we
can
encrypt
it
so
that
everyone
can
share
it,
you
can
check
the
box
with
regulation.
C
C
Have
the
benefit
a
massive
massive
amount
of
people
that
hopefully
can
get
off
of
this
one
of
the
items
in
australia
we
found
was
australia,
I
guess
was
one.
I
did
not
know
this
they're
one
of
the
countries,
that's
the
most
impacted
by
opioids
and
the
fact
that
we're
now
working
with
an
integrator
over
there
that
will
help
with
all
the
medical
facilities
and
the
government
to
better
allow
sharing
with
openshift
we're
very
excited
to
be
able
to
help
in
healthcare.
I
just
said
defense,
yeah
state
and
local
law
enforcement
sharing
with
homeland
security.
C
A
C
Yeah
I'll
start-
and
I
imagine
maxim,
might
have
something
simply
put
if
you're,
brick
and
mortar
and
you
have
your
bare
metal
and
you
have
your
containers-
maybe
you
don't?
Maybe
you
just
have
your
vms,
where
rel
is
the
only
thing
there?
We
welcome
that
as
well,
because
you,
like
we
said
lux
lux-
is
basic.
If
you
want
to
sit
there
and
give
another
level
of
encryption,
if
you
have
a
thousand
servers
in
your
farm,
then
you
gotta
manage
them
all,
and
you
have
to
push
out
policy.
C
C
So
we're
able
to
allow
red
hat
to
now
unite
all
of
their
deployments
on
servers
with
lux,
and
then
I
want
you
to
imagine
the
fact
that
you
you
now
have.
This
would
call
it
amoeba
of
this
network
where
everything
is
touched,
like
an
octopus,
and
to
do
that
you
need
our
management
console
and
it's
got
to
manage
and
monitor.
I
you
know
it's
it's
great.
You
can
stop
there,
but
again
what?
C
If
you
want
to
take
that
toe
and
dip
it
into
the
edge,
which
essentially
is
just
a
mini
data
center
and
when
it
comes
to
edge
computing,
you
can
just
do
the
same
playbook,
and
maybe
it's
only
three
notes,
or
maybe
it's
you
know
a
container
car,
a
carburetor
container
worth
of
a
micro
dense,
it's
the
same
playbook,
it's
just
smaller
and
we
can
be
lightweight
with
you
and
we
can
do
the
management
there.
So
it
doesn't
matter.
C
I
mean
that's
just
another
playbook,
but
if
you
want
like
you're
saying,
if
you
take
that
next
leap,
we
can
do
the
multiple
cloud
we
can
do,
hybrid,
we
can
do
on-prem
and
we
can
do
edge.
So
now,
you've
got
a
massive
mesh
and
it's
all
controlled
in
one
area
for
it
to
protect
your
day.
So
we
we
think
we've
got
you
covered
from
the
basic
old
rel
to
the
new
world
of
openshift.
A
Now
maxim
was
talking
about,
you
know:
customers
having
to
re-architect
their
their
legacy
apps
and
make
them.
You
know
kubernetes
ready.
I
know
certainly
some
of
the
large
the
larger
sql
database
vendors
out
there
trying
to
do
that
and
and
having
real
real
challenges
so
in
in
as
a
result,
they're
trying
to
bring
the
cloud
to
them
as
opposed
to
bring
their
sql.
You
know
database
out
to
the
cloud
the
majority
of
the
software
companies
that
I
work
with
and
there's
hundreds
of
them
are
all
building
cloud
native
apps.
A
So
what
what
do
you
folks
see?
As
far
as
you
know,
in
your
world
people
using
say
something
like
a
yugabyte
which
is
a
cloud
native
distributed
database
or
cockroach
labs,
or
something
like
that,
as
opposed
to
more
of
a
you
know,
trying
to
do
something
with
the
legacy
sql
database
and
and
how
do
you
folks
view
that,
from
a
data
protection
perspective,
do
you
have
a
preference
on
where
your
security
protection
works
better
for
third-party
apps
running
on
openshift?
Or
does
it
not
matter
it.
B
Matters
in
a
sense
that,
with
security
like
I
I
alluded
to
you-
know,
being
granular
and
being
able
to
protect
them
in
multi-tenant
environments,
it's
all
about
applying
security
at
the
right
level
and
when
I
say
the
right
level,
what
I
mean
by
that
is
that
there's
always
a
balance
between
performance
and
granularity
and
applicability.
So
you
want
to
be
as
close
as
possible
to
the
environment,
but
as
you're
raising
up
the
step,
you
know,
obviously
the
closest
you
can
be
to
the
environment.
It's
been
on
the
application
level.
B
Now
that's
going
to
give
you
so
much
performance,
headache
that
you're
just
not
going
to
be
able
to
do
that
or
you
will
have
to
modify
the
application
source
code
and
you'll
have
the
developers
cranking
out
hundreds
of
hours
before
you
can
release
a
new
version
of
the
application
stepping
down
the
database
level
database
vendors
take
their
own
steps
to
protect
their
databases
with
granular
encryption.
Sometimes
it's
too
granular.
Sometimes
it's
hard
to
manage.
B
B
If
you
are
in
our
data
center
product
or
the
cloud
product
we're
just
underneath
the
linux
file
system,
that
gives
you
performance
overhead
that
is
so
low
that
the
application
layers
will
likely
not
notice
that
so
we're
we're
running
at
a
sweet
spot
with
our
encryption
and
in
terms
of
databases.
That
happens
to
be
almost
just
below
the
databases
that
we're
not
really
concerned
about
what
database.
On
what
platform
we're
running,
because
we're
inside
just
above
the
file
system,
essentially.
A
B
A
B
All
of
the
well
everything
that's
above
us
is
really
transparent
to
us
and,
in
essence,
think
of
it.
This
way,
here's
an
example
of
what
we
do
for
permissions
and
access
management.
We
don't
really
what
it
means
is
that
we
leverage
the
cost
system,
specifically
linux,
of
course,
as
it
already
has
permissions,
it
already
has
authorization
and
access
control
and
there
are
other
permission
engines
that
run
on
top
of
it.
Sc
linux
not
been
a
permission
agent
per
se,
but
it's
a
essentially
a
restrictive
environment.
Where
you
can
control
access.
B
B
We've
seen
it
so
many
times,
I've
seen
it
so
many
times
where,
by
the
way,
people
do
that
with
firewalls
as
well
they're
on
the
service,
you
know
firewall
disa,
firewall
d,
disable
or
you
know
they
stop
the
firewall
because
they
could
not
get
the
proper
port
open.
They
cannot
get
the
sc
linux
rules
configured
correctly.
B
They
go
and
disable
s
linux
bad
idea,
because
once
you
disable
it,
it
doesn't
remind
you
that
you
have
to
be
aware
of
its
configuration,
and
then
you
forget,
when
you're
deploying
production,
so
don't
that's,
that's
less
to
you
and
more
hopefully,
to
people
who
are
listening
in
so
se.
Linux
is
not
a
problem
to
us.
It's
in
fact.
We
welcome
it.
A
B
Okay,
that's
that's
a
good
question.
So,
let's
talk
about
aws
kms
for
scams
is
short
for
key
management
system.
Key
management
systems
have
been
around
for
a
while
we've.
I
I
mentioned
that
we
worked
on
some
of
those,
and
that
was
before
the
well
key
management.
Interoperability.
Protocol
also
known
as
k-mean,
has
been
introduced
some
time
ago
and
that
really
standardized
how
key
managers
function,
what
type
of
apis
they
expose.
B
What
type
of
features
they
provide
now
aws
kms,
for
whatever
reason
is,
has
chosen
not
to
be
km
compliant
a
few
years
ago.
They
said
they
would
work
towards
cmu
compliance.
I'd
like
to
see
that
actually
happen,
but
the
biggest
issue
with
aws
kms
is
not
so
much
with
its
feature
set
or
its
functionality
or
its
compatibility.
The
biggest
issue
is
that
you
trust
your
data
to
the
cloud
provider,
not
so
much
so
you
encrypt
your
data
right.
You,
you
protect
your
data.
B
C
Yeah
maximum
nailed
it
on
the
head,
I
mean
listen,
I
think
we
all
know
it's
either
client
side
or
server
side
and
right
now
and
that's
fine.
I
think
some
people
are
fine
with
aws,
but
I
how
many
people
enterprises
out
there
are
going
to
be
100
in
the
cloud
they're
more
than
likely
still
going
to
have
some
they're
going
to
have
a
hybrid
environment.
C
They
are,
I,
I
don't
think
anyone
100
trust,
a
aws
they'll
even
tell
you
it's
a
shared
security
responsibility,
and
with
that
in
mind,
why
wouldn't
you
at
least
control
the
data
protection
of
it?
So
when
you
as
soon
as
you
get
into
that
environment,
which
everyone
is
in
management
console
comes
in
management,
console
on
a
client
side
manages
the
on-prem
and
the
virtual
there,
and
we
also
touch
the
aws
kms
and
are
able
to
encrypt
and
manage
what's
up.
C
C
If
you
do
sorry
maxim
yeah,
if
you
decide
to
do
two
which
multi-cloud
now
you're
really,
what
are
you
gonna
do?
You're
gonna
have
two
different
key
managers
and
then
you're
gonna
try
and
bring
that
all
together.
Well,
let's
just
keep
it
on
prem
use.
The
management
console
again
touch
azure
touch,
google
touch
aws,
and
then
you
can
consolidate
your
policy
for
data
protection
in
one
place.
Okay,
did
you
have
anything
else.
B
A
B
A
B
Very
few,
actually,
in
fact,
we've
we've
looked
at
the
landscape.
We
have
an
interesting
slide
that
that
kind
of
lays
down
the
opponent,
the
landscape,
for
specifically,
in
that
case,
container
security
and
there's
so
many
faucets
to
container
security
there
that
it
starts
with
securing
container
images.
Then
you
have
to
secure
credentials.
You
have
to
secure
the
continuous
integration
continuous
development
pipeline.
B
You
have
to
maintain
security
while
you
deploy
in
production,
it's
interesting
to
see
that
lately
well,
not
lately,
but
just
with
the
rise
of
kubernetes
and
containers,
the
security
focus
seemed
to
have
shifted
from
well.
Security
focus
seemed
to
have
shifted
to
securing
the
container
runtime
container
images,
basically
establishing
trust
in
the
environment.
B
My
fundamental
question
there
is
well,
isn't
it
all
about
securing
the
data?
Ultimately
I
mean
it's
it's
lovely
to
say
I
can
trust
my
containers
that
it's
great
to
say,
I'm
I'm
certified
and
I'm
I'm
I'm
secure,
and
I
know
that
there's
there
hasn't
been
a
code
injection
into
my
container
stuff,
but
well
what?
If
my
data
is
compromised?
B
What
if
my
persistent
volumes
are
compromised?
Isn't
it
all
about
the
data
and
and
so
with
the
security
landscape?
There
it's
a
little
bit
like
unix
everybody
bring
their
own
kind
of
piece
of
pie
to
the
potluck.
It's
a
little
bit
like
stockrobs.
Does
something
cyberark
does
something
they
focus
on
container
image
scanning.
They
focus
on
runtime
analysis.
They
focus
on
compromise
detection
within
the
container
stack.
We
focus
on
securing
the
data.
C
So
yeah,
let
me
just
round
what
can
I,
if
I
can
round
out
what
maxim
is
saying?
I
think
when
the
container
world
came
along
in
the
adoption
of
it,
everyone
was
focused
on
some
level
during
the
devops
process
of
the
integrity
of
a
container.
They
were
not
focused
on.
Like
maxim
said,
the
end
game
is
no
matter.
What,
if
you
have
a
bad
actor,
they
don't
care
just
about
getting
into
a
container
they
care
about
getting
in
a
container
to
get
to
the
data.
C
So
it's
it
would
seem
that
everyone
and
I
totally
get
it.
We
live
in
a
capitalism
society
and
the
opportunity
was
containers
need
to
be
protected,
but
the
end
game
is
to
get
to
the
data
and
I
think
that's
been
forgotten
a
little
bit
and
we
fill
that
gap
to
your
point
about
partnerships
we
partner
with
all
of
them,
in
fact,
because
if
you
have
you
need
container
scanning,
you
need
integrity
to
your
point.
We
were
working
with
stack
rocks
even
before
they
were
acquired
by
you
guys.
A
You
know
I
I
didn't
want
to
bring
that
up,
but
I
thought
I
thought
I'd
talk
about
the
elephant
in
the
room.
You
know
when
I
started
here
in
2002
we
made
linux,
we
didn't
compete
with
anybody
except
sun
microsystems,
and
you
know
the
of
course,
since
we
once
we
bought
jboss
and
we
had
to
start
competing
against
oracle
and
then
we
had
to
compete
against
ibm
and
we
had
to
compete
against
microsoft
and,
at
the
end
of
the
day,
we're
still
here
and
firing
on
all
cylinders.
A
B
B
C
Yeah,
I
I
think
one
of
the
items
you
said
was
there's
mike
looking
back
on
the
different
flavors
that
are
out
there.
We
like
to
some
people,
say
kind
of
like
maxim,
said
initially:
they're,
porting,
old,
defenses,
old
data
protection,
thoughts-
hey,
let
me
just
use
I'll,
give
the
the
evil
empire.
I
joke
about
it,
but
if
you
have
vms
and
you
turn
around
and
you
want
to
encrypt
them-
that's
great
you're
encrypting
a
vm,
but
that's
not
granular
enough.
You
want
to
at
least
get
to
the
persistent
volume.
C
Do
you
want
to
get
any
deeper
than
that
to
the
file
folder?
So
again,
this
is
more
like
a
goldilocks.
Do
you
want
to
use
I?
This
is
what
the
comparison
I
make
for
my
my
own
family.
So
they
get
it.
Would
you?
Rather,
if
you
look
at
it
as
a
beach
and
sand,
the
beach
is
the
likes
of
vmware
vsan
encryption.
C
The
other
end
of
it
is
a
grain
of
sand
which
is
file
folder
and
where
zettaset
sits,
is
the
persistent
volume
itself
is
a
bucket
of
sand
so
which
one
do
you
want?
Do
you
want
minimal
access?
Maybe
too
little
where
you
want
too
much
and
we
feel
the
bucket
of
sand,
which
is
the
persistent
volume,
is
the
optimal
place
to
do
it
and
doing
that
around
ceph.
It's
been
well
received
within
the
various
organizations
within
red
hat.
A
We
talked
about
your
competitors.
What
what
about
all
the
security
problems
that
are
going
on
around
the
world?
I
mean,
are
there
more
now
than
ever,
and
is
it
because
of
distributed
computing
and
multi-cloud,
or
is
it
just
because
twitter
and
the
news
channels
are
faster
yeah
are:
are
the
security
threats
and
problems
accelerating
and
becoming
more
prevalent,
or
do
we
just
know
more
about
them?.
B
Yeah,
it's
actually
it's
actually
both
well,
we
know
about
more
of
them
and
we
learn
about
more
of
them
faster
because
the
media
acceleration
and
the
social
networking
and
all
the
other
ways
to
reach
the
audience
security
problems
were
always
there.
But
you
know
make
no
mistake:
the
the
computing
power
increases
exponentially
right.
The
capacitor
storage
capacity
increases
exponentially.
It's
it's
pretty
much
boundless
and
the
ways
to
compromise
it
that
that
also
grows.
I
mean
talk
about
brute
force.
Attacks
right
brute
force,
attacks
required
massive
computing
power.
B
Here
you
go,
you
have
access
to
that
computing
power.
Now,
your
mobile
phone
is
more
powerful
than
some
of
the
servers
back
in
the
day
right.
So
now
now
you
can
use
mobile
phone
to
brute
force
things
like
simple
passwords,
so
just
as
security
shouldn't
stand
still,
just
as
the
data
evolution
and
the
compute
revolution
doesn't
send
steel,
so
are
the
compromises,
the
the
bad
actors?
They
don't
stand
still
they
progress,
and
on
top
of
it
all
these
modernized
environments.
B
You
know
more
parallel
computing,
like
you
said,
microservice
oriented
architecture,
think
about
every
container
as
a
potential
attack
surface.
That
could
be
compromised
right.
You
used
to
have
southern
computers
in
a
large
data
centers.
Now
you
could
have
ten
thousand
containers
in
one
kubernetes
cluster
and
you
can
have
multitude
of
kubernetes
clusters.
Every
one
of
them
is
literally
sitting
there
waiting
to
be
attacked.
C
Data
is
the
the
new
gold,
they
say
the
new
oil.
I
I
kind
of
I
have
there's
one
presentation:
I've
done
where
you
look
back
the
tower
of
london:
it
slowly
and
slowly
grew
bigger
and
bigger
because
they
had
to
protect
all
that
treasure
all
the
crown
jewels,
but
the
whole
time
people
were
still
trying
to
knock
down
that
door
and
I
think
back.
Then
it
was
a
little
harder,
but
now
with
all
the
different
factors
for
powering
it,
like
maxim
just
said,
the
temptation
is
so
great.
C
It's
never
going
to
end
and
we
have
to
it's
a
cat
and
mouse
game.
So
how
do
we
prevent
what
we
can
with
our
products
combined
with
other
products?
And
I
think
that's
why
I
we
always
like
to
say
we're
a
solution
sell
with
others
and
we
partner
with
others,
but
at
the
end
of
the
day,
if
the
platform
for
openshift
and
containers
is
to
touch
a
wealth
of
data
zettabytes
of
data,
we're
going
to
need
to
protect
that
we're
going
to
need
to
use
stack,
rocks
or
advanced
cluster
service.
C
We're
gonna
have
to
use
cyberark
to
watch
credentials
and
hold
things.
So
yeah:
let's
let
let's
keep
scanning,
let's
keep
expanding.
What
we
touch,
because
the
only
way
you
can
find
the
data
is,
if
you
touch
it
and
we
like.
If,
if
openshift
is
touching
all
this
data,
then
we
got
to
be
there,
we
have
to
be
there
and
by
itself
openshift
won't.
We
don't
want
to
see
bad
press
for
you
guys.
Nor
do
I
want
to
see
bad
press
and
that's
the
best
way
we
can
do.
It
is
let's
protect
kubernetes.
A
C
Yes,
yeah:
we
we
feel
that,
yes,
we,
if
you're,
going
to
protect
data,
and
you
have
to
be
somewhat
agnostic
right
so
yeah.
We
are
definitely
we're
part
of
the
cloud
native
compute
foundation,
we're
attending
kubecon,
we'll,
hopefully
get
to
speak
and
we'll
talk
about
some
of
the
items
there.
And
yes,
that's
all
agnostic,
that's
all
about
fundamentally
kubernetes
and
we
want
to
see
it
move
into
production
environments.
C
And
yes,
we
feel
that
red
hat
is
probably
ahead
of
the
game
compared
to
some
of
the
other
guys
and
if
you're
your
push-
and
I
heard
it
again
from
your
ceo
on
his
conference
earlier
this
week-
it's
about
hybrid,
it's
about
ai,
it's
about
software
and
moving
to
the
cloud
and
in
all
those
cases,
what
are
they
going
to
do?
They're
going
to
deploy
openshift
to
do
it
and
you're
going
to
need
to
protect
the
data?
C
And
I
think
that's
the
fundamental
piece
of
our
partnership
and
regardless
of
whether
it's
kubernetes
and
I
I
would
hope
some
folks
who
have
kubernetes
realize
that
they
need
an
enterprise
rapper,
because
ultimately
it
becomes
so
sophisticated.
It's
hard
to
do
themselves,
and
I
know
that's
where
your
value
comes
in
and
along
the
way
we
want
to
be
there
as
well.
A
We
have
three
minutes
left.
We
didn't
even
get
to
half
of
the
fun
topics
that
I
wanted
to
bring
up,
because,
frankly
I
just
this
was
just.
This
was
great.
We
have
a.
We
have
a
podcast
series
that
we
do.
It's
called
behind
the
app
it
used
to
be
called
the
red
hat
x,
podcast
series,
but
then
actually
I
started
it
about
four
years
ago
and
then
red
hat
corporate
found
out
about
it.
A
It
was
kind
of
unflying
under
the
radar
and
so
they've
been
doing
a
really
good
job
and
on
finding
all
these
rogue
things
that
are
going
on
in
red
hat.
So
we're
now
taking
our
podcast
series,
that's
being
merged
into
the
fold,
and
it's
going
to
be
called
behind
the
app
and
I'm
wondering
if
maybe
you
guys
might
want
to
come
on
sometime
and
and
we
do
something
like
a
war
story
wednesday.
A
I'm
kind
of
I'm
just
I'm
kind
of
thinking
that
there
could
be
a
whole
conversation
around.
What
do
you
folks
see
customers
or
prospects,
potentially
making
poor
decisions
and
and
planning
on
going
down
a
certain
direction
and
then
making
you
know
grave
mistakes
and
having
to
turn
around
and
start
all
over
again,
I
would
imagine
that
most
companies
I
deal
with
have
those
types
of
war
stories,
and
I
know
our
our
listeners
want
to
hear
those
types
of
things.
A
B
That'd
be
great,
absolutely
and
I'll
I'll
see
that,
with
with
the
thought
that
that
I
think
is
critical
there,
why
are
there
so
many
security
problems
that
we're
hearing
of
latest
that
oftentimes
security,
unfortunately,
is
an
afterthought
people
design
environments
and
they
think
are
we
just
not
security?
Later
security
is
an
up
afterthought.
It's
a
really
really
bad
idea.
It's
a
lot
more
expensive
to
add
it's
going
to
be
a
lot
weaker.
A
A
B
A
C
A
Diane
diane
mueller's,
terrific
person,
she's
unbelievable,
so
yeah
it.
I
I'm
I'm
still
waiting
to
hear
back
from
the
corporate
team
on
what
our
policy
is
about,
going
and
being
there
in
person.
Hopefully
we'll
hear
back
soon
I'd
I'd,
love
to
to
stop
by
and
and
and
check
up
with
you
guys
at
the
commons
event
and
then
also
on
the
show
floor.
What
else
is
going
on
here?
Anything
super
exciting,
coming
up
you
guys
ipoint
next
week
or
anything
or
you
know
you
have
your
own
customer
conference
or
something.
C
A
Well,
tim
and
maxim
thanks
so
much
for
coming
on
today.
We
literally
need
to
do
this
again
sometime.
I
I
want
to
get
into
all
the
all
the
actual
applied
implications
of
poor
security
practices.
I
know
you,
you
know
when
you
and
I
were
talking
about
the
pipeline
and-
and
you
know
all
that
all
that
other
stuff
and
see
how
you
folks
might
be
able
to
help
with
that,
but
we
are
out
of
time.
My
producer
is
gonna.
Gonna,
give
me
the
hook
here.
So
thanks
for
coming
today,
this
was
great.