 The Cube presents KubeCon and CloudNativeCon Europe 2022, brought to you by Red Hat, the CloudNative Computing Foundation and its ecosystem partners. Welcome to Valencia, Spain and KubeCon, CloudNativeCon Europe 2022. I'm Keith Townsend and we're continuing the conversation with builders, startups, large enterprise customers, small customers, the whole community. Just got an interesting stat earlier in the day, 7.1 million community members in the CNCF Foundation and we're been interacting with 7,500 of them, but we're bringing the signal, separating the signal from the noise. We have a cube alum who's been on both sides of the table, Armory Gazet, Co-Founder and CEO of Acerto. Welcome to the show. Thank you so much, Keith. So, identity management, it's critical need to the enterprise, CloudNative, but there's plenty of solutions on the market. What unique problem are you solving or how are you solving the problem in a unique way that we don't go to some of the big named vendors in this space? Yeah, my co-founder and I were veterans of large clouds we helped start Azure at Microsoft, we in fact helped build what became Azure Active Directory and those solutions entirely focus on one part, the I part, the identity part of the problem. They completely ignore the access management part and you could argue that is a larger problem and it is far from solved. So we completely agree, identity management, a problem that's been solved over the last 15 years and solved well by great companies like Microsoft and Octa and Auth0 and we're best friends with them, we basically pick up where they leave off. We do the access management part. So, the access management part, what specifically? What am I getting when I engage with your team and your product? Yep, so basically authentication is all about proving that you are who you say you are if you're a password or something else, biometric and that part is done. We basically pick up where that leaves off. So once you know who you are, once you've proven to a system that you are Keith, now what can Keith do? Like what roles, what permissions, what operations can Keith perform on what resources? That's a harder problem and that's the problem that we focus on. So for example, if you have a SaaS app, let's say you're building an applicant tracking system and you Keith are an owner of some job descriptions and you have some candidates but somebody else has a different set of candidates and an admin maybe has visibility at everything. How do you build that system? That actually is a pretty hard problem and how do you build it to enterprise grade? That's where we come in. We basically have an end-to-end solution that gives you cloud native end-to-end authorization that's built to enterprise grade. So when I think of this capability, I can't help but to think of AWS I am and I'm in AWS I am, I get my security role and now I can assign to an EC2 instance the ability to access some other AWS service or identity. So role-based identity. Are you giving me that type of capability? For everything else. So AWS I am for AWS resources, right? Google I am for Google resources. Azure has a similar system but they're all infrastructure focused and what we're trying to do is bring that to your domain specific resources, right? So you as an application builder, you have the things that correspond to, like you're not doing VMs, you're not doing storage arrays, you're not doing networks, you have higher level constructs, right? You know, like I said, if you're kind of building lever or greenhouse, you have candidates and jobs and reports and things like that. So we basically allow you to create this fine-grained access control but for your own objects. So where's the boundaries? Let's say that I have a container or microservice that is a service and it has a role, it has an identity on my network and there is a cloud-based service, let's say a cloud SQL and I want to do authentication across the two. Can I only have the boundaries within my private infrastructure or does that boundary extend to the public cloud as well? It extends everywhere, right? So basically, you know, if you think about all the different hops here, you know, zero trust is the rage, right? And that encourages defense in depth. So you have an access proxy that does some type of authorization, then you have an API gateway that has a little bit more context, a little bit more authorization. For us, we live inside of the application. So the application calls us, we give you a sidecar, you deploy it right next to your application, it gives you, you know, submillisecond response time, 100% availability, all the authorization decisions are done with full context about who the user is and what resource they're trying to access. And so our sidecar will give you a response back, allow or deny, and then downstream from us, you could basically talk to another microservice and at that point you're doing machine identities, right? So you may have a different authorization policy for those. Only, you know, these particular services are allowed to talk to these other services. And so we solve both the, you know, authorization for machine identities as well as authorization for human identities. All right, Armory, are you ready for Cube Clock? I sure am. Oh, I like the energy. Bring it on. I like the energy, but you know, there have been many before you that have failed the test. I mean, they brought the energy. You have the energy, but do you have the ability to survive the clock? I'm going to do my best. So I'm going to say start the clock. I haven't said start Cube Clock yet, but when I say it, you have 60 seconds, there's no start overs, there's no repeats, the pressure's on. You ready? All right, I'm ready. You ready? Start Cube Clock. All right, if you're a VP of engineering or a CTO or run a security or engineering organization, what are you doing for roles and permissions? You're building it on your own, right? Tough times, nevertheless. Last, tough people always do, and you're delaying, you're letting me, you're letting me break you up. Okay, all right, I'm not going to let you break me up. Great, so you don't want to build it yourself. You don't want to build yourself. Why would you spend engineering time? Why would you spend, you know, the space? You deserve a seat at the table. Look, why would you ever spend your time building something that is not differentiating your application? Instead, use something like a surdo. Just, dear God, use something. Use a developer API. Don't build it yourself, because what are you doing? You're reinventing the wheel. You want to get out of the business of reinventing the wheel. No, you got to, you think so? I think you have to go, you know, make sure that you spend your engineering resources on the things that matter, and the things that matter are, you know what, you threw three great curve balls and you struck me out. Great job, you just knocked it out the park. Great job, Omri. I appreciate you coming in, stopping by, sharing your company's journey about authentication and authentication services and getting kind of this cloud capability, the cloud native. I appreciate your time as well, Keith. Always a pleasure. From Valencia, Spain, I'm Keith Townsend, and you're watching The Cube, the leader in high tech coverage.