 Hi, this is your host of the party and welcome to another episode of tfl Let's talk in today. We have with us was again David Williams SVP of marketing strategy at Kali David is great to have you on the show again It's great to be here again spot. Talk a bit about, you know, what kind of trends? What kind of development you are seeing in the market, especially in this kind of uncertain Economic situation a lot of companies are looking at cost cutting, you know layoffs are happening There's a war going on in Europe Everything can happen security something that cannot be compromising the change, but you know, there are different ground realities So I want to hear your opinion to To talk about where things are in the present context absolutely I think when everybody came into the end of last year with the 2023 horizon was pretty uncertain for everybody that was looking at investments and that goes from the companies that deliver Software to the obviously the massive amount of consumers that use it What we've seen is is a is a drive for change I think that when crisis is coming from multiple directions and the uncertainty of the market conditions doesn't enable you to plan With any great deal of certainty then a lot of decisions get made Which wouldn't normally get made that quickly. So for example Organizational changes changes in technology at how it's applied Those sort of things accelerated a little bit quicker than they would do when everything's fine and happy So I think that from us when it comes to infrastructure I think the main thing is that people are really lacking visibility So the first thing is they want to deal with these changes But they don't understand how infrastructure is being utilized and I think that that's really Due to the fact that cloud resources have always been fairly low cost at least a point of entry continuous software delivery Pipelines has really been a major initiative, but it's also created a level of Self-supporting infrastructure requirements so you can as a developer you can build what you need without too many restrictions in regards to What infrastructure you're using and what type of tools you're using to provision it So all these things are mounted up to what is going on who is using what how can I optimize if I can't understand What I'm using and how do I plan with any degree of certainty in regards to? How do I manage my security and how do I plan my costs? Those are the things that are really driving a lot of the conversations that we're having Thanks for going Dylan explain that now when we look at risk They can come in so many different forms. We had this discussion. I mean just look at an example of FAA, you know Bucks can be there misconfiguration can be there wrong line of code can be there And now we are also kind of you touched upon the cultural shift Where of course the fact is that as much as we like to break down silo There are some field which are expertise security is you know They're always the security folks they specialize in that area This is not an area that anybody can deal with so we do talk about DevSecOps in their space and their other security you know Personals as well but as Developers are becoming responsible for the whole you know lifecycle of their application talk a bit about How it is changing the landscape of security because you do have to think about a lot of things culturally as well And are there things that you are either worried about hey This is not the right trend or you're like you know what I think we are moving the right direction with these cultural changes Yeah, I think the security is something that has been done By the teams so organizations have built their security practices around infrastructure specific to either a cloud user cab provider or a an application easy to deliver so To be honest is fairly fragmented what we're seeing is that infrastructure access The different types of policies that people are using so when you provision infrastructure the way you tag things track resources understand what is What is being used by who so not all the policies are being adhered to so even though you might have an Open policy agent strategy where everybody uses a consistent type of Security the way that it's used is not consistent. So for example security and and resource Tracking a very similar in the way that you do it you tag them You track them you make sure that the policies are in there in a consistent way You make sure you're tagging but all these things are fairly fragmented So if you and I were basically Building some infrastructure the way with which I would meet my policies that I believe are important and the way that I would tag resources Maybe different the way you do it. It might be a different order It may be a different execution list But it may be different and what I'm saying is is that when you want to look at a holistic view of how Vulnerable am I at this very moment in time in regards to the infrastructure? I'm using to be able to pull that together in a way that makes sense as Infrastructure is used prolifically through multiple pipelines by multiple people. It's just a very difficult task So I think it's really consistency is key An ability to be able to help developers and and creators of infrastructure Build the infrastructure, but with the resources behind it the technology behind it that enables you to implement policy Easily so it has your back So you don't need to worry about you know doing everything yourself that the policies that you're using within the tool The tooling actually makes sure that those things are being adhered to so it gives you the freedom to build the infrastructure and know that Policies are consistent and the way that you tag is consistent these days We are talking a lot about platform engineering where companies are Organizational building platform internally, which can be used internally. So so talk a bit about When we talk about platform engineering What are the security implications around then are Organizations really looking at it that from that perspective or at this stage They are more focused on that from engineering and was thinking security is enough to thought Well, it's really weird with platform engineering That's in when you look at the platform engineering, especially when you look at what the analysts are saying the gardeners of the world They're really looking at a way with which you can interact with the infrastructure in a consistent way So what they're really trying to do here is make sure that all the policies the security The ability to interoperate with different resources cloud different clouds And also obviously the different technologies that support it. They're really saying if you can Manage it in a consistent way that everybody can interact with the infrastructure in a normalized way That also has all these mandates in it that says these are the policy engines And if this is how you should do things that's a really nice approach But we've seen this before, you know The idea of the market is that in times of when you've got the luxury to choose your technology It's best of breed. I will use whatever the technology in the platforms. I want At that moment in time, but it creates fragmentation. So So summarized what Gartner and companies like that are really saying is one that they want to be out of see a more Consolidated points of control for specific practices So infrastructure as is seen to be a united or a uniform way of delivering it And the second thing is obviously it comes with the policies and everything you need to apply to that in a consistent way But by saying that it requires a different type of technology It's not something that you can adapt from multiple islands of automation that exists today So it really requires a technology that no longer just gets the orchestration because that's what some people think about They think oh, I'll put a layer above it and it will integrate with everything But you're not removing anything. You're not dealing with the underlying issue. You're purely making it Islands of automation that happens to be now hierarchy So really what you want to do is have a technology that can consume what you're using already with the processes but provide the the development organization the creators of infrastructure with and A way that they can interoperate with it in a seamless frictionless way So platform engineering is a nice way of looking at it But you really want to make sure that infrastructure becomes part of your overall engineering platform So if you're using an idp or you're using something that you you go to every day Infrastructure should be pulled down options within your idp. It shouldn't be Another platform that you have to go to a modify It should be like breathing in and out if I'm developing I want to be able to test I want to be able to create I want to be able to build I want to be able to pull the infrastructure in and that's what I think about when I see platform engineering Thank you for taking that question. Now, let's also talk about the the the The reality is that, you know, we can talk about technology, but most of us are almost all of us We are running a business So let's also talk about the business value or the business gain From, you know, when you look at managing your infrastructure or when you look at platform engineering Or you're looking at, you know, the mitigating risks that might be associated with a lot of things So that is not just, you know, doing certain things because we have to them All right, it's really cool when we talk to customers that are using infrastructure Typically, they don't see infrastructure as a business value item So what I'm saying by that is that if you're really going to Have a platform that delivers all these wonderful capabilities subsuming the underlying Existing tooling so all the files that you have integrated with your git So you look at the git find out what the files are pull them out make that normalized So you're now managing it from a consistent view. That's all wonderful But the problem is is that that doesn't address the problem that the business is trying to solve Which is what is the cost of infrastructure when you do all this wonderful stuff? How do I capture the purpose? So I'll give you an example of if I have a pipeline of activity Most people that do cost management or risk analysis will look at it from a very much production View they look at it as a as a more static environment The problem is to the left of that equation the continuous delivery process You might be provisioning infrastructure 20 times before it actually gets to a point where you commit and release it into production So what I'm saying is is that those 20 instances are treated separately If you look at it in that way when people look at their bill that they get from cloud They see 20 instances of cloud usage They don't see 20 instances of cloud usage that adhere to a business outcome purpose That enables people to be able to go. I now understand why all these things are happening I understand how the infrastructure is being leveraged and now I can optimize what I use I can adjust what I use I can be more nimble because when I I know what's being used I can then prioritize it So if you and I are developing, you know technology and we're using infrastructure What you do may be more important than what I do But unless you'll look at it from the lens of the business, then you're not going to understand that So really what these these platforms should be doing is also capturing that information And putting purpose to each time the infrastructure is being used and the ability to group it Is really important and that goes for both the costing and the risk I want to understand my overall risk And the 20 instances what were those how compliant were they did change get tracked every single time So really that's really what you want to be able to do is if you assign Purpose to the infrastructure activity and you're looking at it from an end-to-end perspective by grouping all the instances Then you get a much better view on how to one make things more secure and see where your weaknesses are And two it gives the business the ability to understand why they're spending the money And not wait for that long tedious process of getting the bill and working out why it's so high How much awareness do you see is already there about this topic? You know And once again as I asked earlier that the trends that are seeing but those trends were more in the cultural Because as we talked about the teams are getting smaller Sometimes companies they get overwhelmed with new terms. Hey, we have to use kubernetes Everybody's using kubernetes. We have to move to cloud everybody's Oh, we should explore platform engineering But it should not start with the solution. It should start with the question. Hey, do we need a platform? Do we need kubernetes? So so what are you seeing in the in the space today? It when you get kubernetes or you got containers of any description I think the challenge that a lot of companies have is the infrastructure's got a long tail What I mean that is that it has a lot of technical debt So what you develop today on containers is typically come from virtualization We just come from a different iteration of of infrastructure So from all the way from physical all the way through serverless There's different types of infrastructure being delivered with containers kubernetes And the way that they're delivered. So what I'm saying is is that if you've got the ability to be able to subsume Lots of different file formats that do virtualization containerization Cloud enablement all these pieces iac infrastructure as code everything as code What you want to be able to do is make sure that all these things are subsumed in a consistent way So it automatically normalizes if you like the layers So it says this is what i'm using for containers across all my development teams I understand it because i've now got a uniform view that I now understand how they're actually using it And I think the biggest and this is the sort of thing that they look for in the platform But it can't be There is a level of skepticism because it can't a platform cannot dictate a change in massive change in process It cannot be an added layer of abstraction It's got to remove something simplify that normalize it make it easier to use And it really can't demand you have more skills and training It's got to leverage the skills you have because people are very rare that have full infrastructure stack and as I say the the technical debt means you have to have um a visibility on infrastructure as it was yesterday as you're still using it What it is today as you're currently using it and strategically where you're going with it It's got to be strategically implemented in that way and a platform can't be Just an iteration of time or focused on one specific thing So containerization absolutely, but there's lots of things that go in it the application the middleware the tools that you're using So you've got to really look at it like an environment less like a container It's a container that contributes to the environment that you're building and that might Move to a serverless environment, but you've got to make sure that these things attract in the platform consistently So as I say the biggest danger I think most people have is when they look at the new technologies And they implement an automation technology that does infrastructure It creates yet another island and that's why as I say the platform engineering approach is something that Not only should make it easier to use but also should make it um A bit more focused on the different types of infrastructure that your corporation may be using otherwise as I say you're creating an island David, thank you so much for taking time out today and talk about this topic And as usual, I would love to have you back on the show, but let's make sure that there's not so much gap between our discussions I always love talking to you. It's uh, it's fun. It's a great way to end the week Thank you so much. And you know, I really appreciate your kind words and as I said, you know, I would love to have you back on the show Soon. Thank you. Have a great day