 Everyone and welcome back to Las Vegas. I've got my jazz hands because I am very jazzed to be here at AWS re-invent, live from the show floor all week. My name is Savannah Peterson, joined with the infamous John Furrier. John, how you feeling? After you. Feeling great, love what's going on here. The vibe is a cloud, cloud native. A lot of security conversation data, stuff we love, cloud native. Yeah, MIAO. I mean big news security data lake. I mean, who would have thought Amazon was a great data lake, you know? EKS protection. I mean, you might have with that tweet you had out. Inside, outside the containers. Reminds me, I think it feels like KubeCon here. Honestly, and there's a lot of overlap and it's interesting that you mentioned KubeCon because we talked to the next company when we were in Detroit just a couple of weeks ago, Teleport, Ev is the CEO and founder. Ev, welcome to the show. How you doing? I'm doing well. Thank you for having me today. We feel very lucky to have you. We hosted Drew who works on the product marketing side of Teleport. We got to talk caddies and golf last time on the show. We'll talk about some of your hobbies a little bit later, but just in case someone's tuning in, unfamiliar with Teleport, you're all about identity. Give us a little bit of a pitch. A little bit of our pitch. Teleport is the first identity native infrastructure access platform. It's used by engineers and it's used by machines. So notice that I used very specific choice of words. First identity native. What does it mean? Identity native consist of three things. And we're writing a book about those, but I'll let you know. Stay tuned on that one. Exactly, but I can talk about them today. So the first component of identity native access is moving away from secrets towards true identity. The secrets I mean things like passwords, private keys, browser cookies, session tokens, API keys. All of these things are secrets and they make you vulnerable. The point is as you scale, it's absolutely impossible to protect all of the secrets because they keep growing and multiplying so the probability of you getting hacked over time is high. So you need to get rid of secrets altogether. That's the first thing that we do. We use something called true identity. It's a combination of your biometrics as well as identity of your machines. That's TPMs, HSMs, UB keys and so on and so forth. Go ahead. The second component is zero trust. Like Teleport is built to not trust the network. So every resource inside of your data center automatically gets configured as if there is no perimeter. It's as safe as it was on the public network. So that's the second thing. Don't trust the network. And the third one is that we keep access policy in one place. So Kubernetes clusters, databases, as a stage, RDP, all of these protocols, the access policy will be in one place. That's identity. Okay, so I'm a hacker, pretend I'm a hacker. Easy. That sounds really good to me. You're not supposed to tell me you're a hacker. I can go to one place and hack that? I get this question a lot. The thing is you want centralization when it comes to security. Think about your house being your AWS account, okay? Everything inside, your furniture, your valuable, like your watch collection, like that's your data. That's your servers, Kubernetes cluster, so on and so forth. All right, now I have a choice. And your house is in a really bad neighborhood, okay? That's the bad internet. Do you want to have 20 different doors? Or do you want to have one? But an amazing one. Extremely secure, very modern. So it's very easy for you to actually maintain it and enforce policy. So the answer is, oh, you probably need to have one. So you're designing security identity from a perspective of what's best for the security posture. It sounds like. Okay, so now that's not against the conventional wisdom of the perimeter's dead, the cloud's everywhere. So in a way, it kind of brings perimeter concepts into the posture because the old model of the firewall, the moat. It just doesn't scale. It doesn't scale. You guys bring the different solution. How do you fit into the new perimeter's dead cloud paradigm? So the way it works that if you're using teleporter to access your infrastructure, let's just use, for example, like a server access perspective. Like that machine that you're accessing doesn't listen on a network if it runs on teleport. So instead, teleport creates this trusted outbound tunnels to the proxy. So essentially you are managing devices using outgoing connection. It's kind of like how your phone runs. Your phone is actually ultimate. It's like a teleport. Like iPhone. It's like teleporting into your environment. Yeah. Well played, John. Well played. Think about, actually like one example of an amazing company that's true zero trust that we're all familiar with would be Apple. Because every time you get a new iOS on your phone, how is it different from Apple running massive software deployment into enormous cloud with billions of servers sprinkled all over the world without perimeter? How is it possible? That's exactly the kind of technology that teleports gives you. I'm glad you clarified. I really wanted to get that out on the table because Savannah, this is the paradigm shift around what an environment is. Exactly. To the Apple examples. Okay, tell us about customer traction. Are people like getting it right away? Are their teams ready? They go, oh my God, this is great. Pretty much. You see, we're kind of lucky. Like in this business, and I'm walking around looking at all the successful startups. Like every single one of them has a story about launching the right thing at just the right moment. Like in technology, like the window to launch something is extremely short. Like months, I'm literally talking months. So we built teleport. Started to work on it in like 2015. It was internal project, believe it or not. Also a famous example. Like it's really popular. Like internal project, put it on GitHub and it sat there relatively unnoticed for a while. And then it just like took off around 2000. Because people started to feel the pain. They needed it. Exactly, exactly. Yeah, the timing one. And what a great way to figure out when the timing is right when you do something like that, put it on GitHub. Yeah. People will tell you what's up. Like a basketball player who can just like be suspended in the air over the hoop for like half the game and then finally scores and wins the game. And then a video gamer who's lagged. Everyone else is lagging and they got the latency being there. Okay, talk about the engineering side because I like this at KubeCon. You mentioned that at the opening of this segment that you guys are for engineers, not IT business people. That's right. Explain that. This is super important. Explain why and why that's resonating. So there is this bit ongoing shift on more and more responsibilities going to engineers. Like remember back in the day before we even had clouds. You had people actually racking servers sticking cables into them, cutting their fingers like trying to get them in. So those were not engineers, they were different teams. I then had system administrators who would maintain these machines for you. Now all of these things are done with code. And when these things are done with code and with APIs that shifts to engineers. That is what teleport does with policy. So if you want to have a set of rules that govern who or what and when under what circumstances can access what data like on Kubernetes on databases on servers. Wouldn't be nice to use code for it so that you could use like a version control and you can keep track of changes. That's what teleport enables. Traditionally, IT preferred more clicky graphical things like clicking buttons. So it's just a different world, different way of doing it. So essentially if you want security as code that's what teleport provides. And naturally this language resonates with this persona. We love that security is code. I know, it's a great term, yeah. Love it. I want to. Okay, we coined it. If someone else uses it on the show, we borrow it and give you credit. Okay, when did you coin that? Just now? No. I think I coined it before you. You wanted it to be a scoop, I love that. I wish I had this story when I was like that. Like a poor little 14 year old kid who was dreaming about security as code. Well, Dave Vellante will testify that I coined data as code before anyone else. 10 years ago. You didn't hear this morning, Jimmy actually brought it back up. AWS was talking startups and he said it is. Whoever came up with Lisp programming language that had this concept that data and code are exact same thing. All right, we could debate nerd lexicon all day on theCUBE, but in fact that could even be a segment. First of all, the fact that Lisp came up on theCUBE is actually a milestone because Lisp is a very popular language for object-oriented. Grandfather of everything. Yes, yes, grandfather. Good catch there, well done. All right, I'm going to bring this back. I want to ask you a question. No, nerd, this is Lisp is really big. No, I think it's great. You know how nerdy we can get here though. I mean, we can just hang out in the weeds the whole time. All right, I want to ask you a question that I asked Drew when we were in Detroit just because I think for some folks, especially the audience, they may not have as distinctive a definition as you all do. How do you define identity? Oh, that's a great question. So identity as a term was, it was always used for security purposes, but most people probably use identity in the context of single sign-on SSO, meaning that if your company uses identity for access, which instead of having each application have an account for you, like a data entry with your first name, last name, emails, and your role, you instead have a central database, let's say octa or something like that. And then you use that to access everything. That's kind of identity-based access because there is a single source of identity. What we say is that that needs to be extended because it no longer enough because that identity can be stolen. So if someone gets access to your octa account using your credentials, then they can become you. So in order for identity to be attached to you and become your true identity, you have to rely on physical world objects. That's biometrics, your facial fingerprint, like your facial print, your fingerprints, as well as biometric of your machine. Like your laptops have PPM modules on it. They're absolutely unique. They cannot be cloned, stolen. So that is your identity as well. So if you combine whatever is an octa with the microchip in this laptop and with your finger, that collectively is your true identity which cannot be stolen. So it cannot be hacked. And someone can take my finger like they did in the movies. So they would have to do that and they would also have to steal your magic. Exactly. Exactly. And they'd have to have your eyes. And they have to, and you have to or whatever. And you have to think of that for whatever they want. So that is what true identity is from teleporters. And biometrics, I mean, we're so there right now. It's really not an issue. It's only getting faster and better time to market. There is one important thing I said earlier that I want to go back to, that I said that teleport is not just for engineers, it's also for machines. Because machines, they also need identity. So when we talk about access silos and that there are many different doors into your apartment, there are many different ways to access your data. So on the infrastructure side, machines are doing more and more. So we're offloading more and more tasks to them. But what do machines use to access each other? Biometrics. They use API keys, they use private keys. They use basically passwords. Yeah. Like they're, we already know that that's bad, right? So how do you extend biometrics to machines? So this is why AWS offers cloud HSM service. HSM is secure hardware security module. That's a unique private key for the machine that is not accessible by anyone. And Teleport uses that to give identities to machines. Does, do customers have to enable that themselves or they have that part of ADEP Amazon? So that's available on AWS. It's available actually in good old, like old bare metal machines. They have HSMs on them on the motherboard. And it's optional, by the way. Teleport can work even if you don't have that capability. But the point is that we try to- Do you have a biometric equivalent for the machines? With that- We take advantage of it, yeah. It's a hardware thing that you have to have and we all have it. Amazon sells it, AWS sells it to us. And Teleport allows you to leverage that to enhance security of the infrastructure. So that classic hardware software play, John, that we're always talking about here on theCUBE. It's all, it's all important. I think this is really fascinating though. So I had an, on the way to the show, I just enrolled in Clear and I had used a different email I enrolled for the second time and my eyes wouldn't let me have two accounts. And this was the first time I had tried to sort of hack my own digital identity. And the girl, I think she was humoring me that was kindly helping me, the clear employee. But I think she could tell I was trying to mess with it. And I wanted to see what would happen. I wanted to see if I could have two different accounts linked to my biometric data. And I couldn't, it picked it up right away. That's your true identity, yeah. Yeah, my true identity. So, forgive me, because this is kind of just a personal question that might be a little bit finger to the wind. But just how much more secure, if you could give us a rating or a percentage or a number, how much more secure is leveraging biometric data or identity than the secrets we've been using historically? Look, I could play this game with you and I can answer like infinitely more secure. But you know how security works that it all depends on implementation. So let's say you can deploy teleport, you can put us on your infrastructure. But if you're running, let's say, like a compromised old copy of WordPress that has vulnerability, you're going to get a hack through that angle. But- It happens to my personal website all the time. You just touched it, yeah. But the fact is that I don't see how your credentials will be stolen in this system, simply because your TPM on your laptop and your fingerprint, they cannot be downloaded. Like a lot of people actually ask a slightly different question that's almost the opposite of it. Like, how can I trust you with my biometrics when I use my fingerprint, that's my information. I don't want the company I work at to get my fingerprint. People, I think it's a legit question to ask. The answer to that question is your fingerprint doesn't really leave your laptop. Teleport doesn't see your fingerprint. What happens is when your fingerprint gets validated, it's your laptop is matching what's on the TPM. Basically, Apple does it. And then Apple simply tells Teleport, yep, that's Ev or whoever. And that's what we're really using. So when you're using this form of authentication, you're not sharing your biometric with the company you work at. It's a machine to human confirmation first. It's basically you and the laptop agreeing that my fingerprint matches your TPM. And if your laptop agrees, it's basically hardware that's validation. So then Teleport simply gets that signal. So Ev, my final question for you is, here at the show, KubeCon, great conversations there for your company. What's their conversations here like at re-invent? Are you meeting with Amazon people, customers? What are some of the conversations? Because this is a much broader, I mean, it's still technical, but a lot of business discussions, architectural refactoring of organizations. What are some of the things that you're talking about here with Teleport? So I will mention maybe two trends I observed. The first one is not even security related. It's basically how like as the cloud becomes more mature, people now actually have different organizations develop their own internal ways of doing cloud properly. And they're not the same. Because when cloud was earlier, like there were these like best practices that everyone was trying to follow. And there was like, there was just maybe the lack of expertise in the world. And now we're finding that different organizations just do things completely different. For example, some companies love having handful, ideally just one enormous Kubernetes cluster with a bunch of applications on it. And the other companies, they create Kubernetes clusters for different workloads and it's just like all over the map. And both of them are believe that they're doing it properly. Great example of creating Kubernetes with the complexity and yeah. That's kind of one trend I'm noticing. And the second one is security related. Is that everyone is struggling with the access silos. Is that ideally every organization is dreaming about the day where they have like one place which is with great user experience that simply spells out, this is what policy is to access this particular data. And it gets automatically enforced but every single cloud provider, but every single application, but every single protocol, but every single resource. But we don't have that unfortunately. Teleport is slowly becoming that of course. Excuse me for plugging teleports. No worries. This ongoing theme that everyone is, it can't wait to have that single source of truth for accessing their data. The second person to say single source of truth on this stage in the last 24 hours. Nerds, we love that. I know, I feel it. But it all comes back to that. I keep using this tab analogy, but we all want everything in one place. We don't want to have to be going all over the place and to look for both. Because if it's a multiple places, it means that different teams are responsible for it. So it becomes this kind of internal information silo as well. And the risks and liabilities there and depending on who's overseeing everything. That's awesome. So we have a new challenge on theCUBE, specific to this show. Think of this as your 30 minute, or 30 minute, that would be bold. 30 second sizzle reel, Instagram highlight. What is your hot take most important thing, biggest theme of the show this year? This year. Okay, so here's my thing. I want cloud to become something I want it to be. And every time I come here and I'm like, are we closer, are we closer? So here's what I want. I want all cloud providers collectively to kind of merge. So then when we use them, it feels like we are programming one giant machine. Kind of like in the Matrix, right? The movie. So like I want cloud to feel like a computer. Like to have this almost intimate experience you have with your laptop. Like you can like do this in the laptop, like performs the instructions. So, and it feels to me that we are getting closer. So like walking around here and seeing how everything works now, like on a single sign on, on the from a security perspective, there is, so that consolidation is finally happening. So like- It's the software mainframe we used to call it back in 2010. Yeah, yeah, just kind of planetary scale thing. It's not the Zuckerberg that who's building Metaverse. It's people here at re-invent. Unlimited resource for developers is call in. Yeah, yeah. Give me some resource, give me some compute. I would like alter that slightly. I would just basically go and do this. And you shouldn't even worry about how it gets done. Just put instructions into this planetary mainframe and mainframe will go and figure this out. Okay, we got to take a bluer, bluer red pill. I know I was just going to say, y'all we are, this segment is lit. Okay, we got Matrix. We got, we didn't get super cloud in here but we should weave that in. We got Lisp. I mean you just said it, so. We got Lisp. Oh, great conversation. Cloud native. Outstanding conversation. Ev, thank you so much for being here. We love having teleport on the show, obviously. We hope to see you back again soon. And Andrew as well. And thank all of you for tuning in this afternoon. Live from Las Vegas, Nevada where we are hanging out at AWS re-invent. With John Furrier, I'm Savannah Peterson. This is theCUBE. We are the source for high tech coverage.