 Live from Seattle, Washington. It's theCUBE on the ground. Covering KubeCon 2016. Brought to you by the Linux Foundation and Red Hat. Here's your host, John Furrier. We're here in Seattle for KubeCon and Cloud Container World. This is the action, you know, Cloud Native Foundation. Great event, Cloud Native Con and KubeCon. This is where all the cloud world is here on the developers. I'm John Furrier, theCUBE on the ground. Special presentation, Mark Porsteen, who's the CTO of Tremelo Security. Welcome to theCUBE. Thanks for having me. Tremelo. I'm sorry, I had it wrong there. Tremelo. Tremelo. You guys, I have a booth down here. You guys are got a unique solution because although Kubernetes is saving the world and the cloud with containers, it opens up some worms, canna worms around access. Yeah. Talk about what you guys do. So what we do is we bridge the gap between what's required to have a compliance world in the enterprise, you know, just because technology is awesome doesn't necessarily mean that it's running against policies. And so we add that layer very quickly into Kubernetes. A lot of the cost of identity management and authentication isn't so much the technology as it is cross boundaries inside your organization. The people who own Active Directory don't generally own Kubernetes. So they've got different interests. They're managing different things. So you want to make as minimal impact as possible. So we're able to come in and for both Kubernetes and OpenShift add all those identity management features that you're looking for. If you want to bridge into Active Directory authentication, you want to add authorizations without having to do rights to Active Directory. Your auditors need to have reports that they have quick access to. And then finally, your sysadmins don't want to be adding users to groups all day. They got better things to do. They want to be managing pods and nodes and all those other great things. Or this is not my department excuse or hey, I'm close to my data, don't screw with me. Who are you doing these Kubernetes things? A lot of politics involved. Absolutely. And so the easier you can make the technology, the less those politics end up interrupting your ability to actually do fun things with Kubernetes. It's so fun. Dave Vellante, who's my co-host on other cues, we always talk about the stove pipes or the silos. And the turf wars that have been in IT has been in battleground. It's been fun to watch over the years. But now they're being disrupted. So you guys are kind of a solution that eliminate kind of that whole challenge of how to get this done to manage the containers. Absolutely. Because when you go into the, you go to the people who own Active Directory or the other identity or repositories, usually if you ask the question, can I have a read-only service account? I'm not going to touch your data. Well, sure. Because everybody in every organization by default has a read-only service account in Active Directory. You can use your own account. So that one's easy. But once you start saying I need a way to be able to write into Active Directory, it becomes a whole other conversation. So just don't have it. What is that conversation? Because then like meetings get set up, a lot of it, a set of things happen. Yeah. And painful things. Meetings get set up. Multiple stakeholders have to get involved. There's a lot of paperwork. Some of it's specifically designed to just make you not want to do this. And so our answer is. And there's some legit policies around. They don't want people getting access to the jewels. Right. Security reasons, but it has nothing to do with the deployment of something else. Right, exactly. And quite frankly, if you think of Active Directory, I mean, when Active Directory goes down, that's a bad thing. So they need to protect that. So the less impact you have on those centralized services, and the more you can control your own destiny, the more likely you're gonna be successful. Yeah, it makes total sense. Take us through an example of a customer you work with where you guys had some pain. You guys came in and talk about what happened. Sure. So we actually are running a multi-jurisdictional identity service in the DC Metro region. And the first thing we came in, we started talking to these different governments, they said, yeah, we're not letting you talk to our directory. That's just not gonna happen. And so we said, okay, well, we need to be able to work with you guys. And we were able to sit down and actually show them, look, we can actually set up these bridges without talking to your directory. And users can authenticate, and you don't have to give us any kind of direct ingress. And they're like, wow, this is amazing. And then application owners started coming on and saying, well, wait a minute, we want to control this process. We don't want you to be telling us how these things need to work. You can control everything, but you don't want to have to start manually adding these users to groups. And so as applications started on-boarding to the service, they started saying, wow, I'm not worrying about these things anymore. When it comes time to look, I just pull up a report and I can see what's going on. And it's very easy. And it's so easy. We're actually able to get the executives to actually make approvals instead of saying, you know, I'll just do it via email. What's the secret sauce? Is it a methodology? Is it software? Is it automation? What's the secret sauce to this? It's experience. Myself and my co-founder have over 20 years of experience deploying every type of solution you can think of in identity management to every type of industry you can think of. And so you end up seeing a lot of these solutions that were invented by people who never actually had to use them. And so we took all of that experience as consultants and said, we can build a bare-mouth trap. And building in the things that applications really need. And it turns out you don't need a giant, bulky identity management system to get the job done. You need something small, lightweight, flexible. And it turns out that works really well with Kubernetes because now you have a system that meshes really well with this cloud-native idea. Lightweight is a cloud-native concept. Lightweight, building blocks. So downstairs we've got a Raspberry Pi setup. How many identity management solutions do you know that will run on a Raspberry Pi but still scale to your enterprise? Well, it's harshly scalable, it's a beautiful thing. So is it software you guys are selling? So what is the product? So we've got two solutions. One is an open-source solution. The other is commercial. It is a single container. We have also certified containers by Red Hat that provides you LDAP virtual directory, web access management, user provisioning, and a user self-service portal. And so you can either use the commercial solution or the open source. It's all the same bits and bytes, just different packaging. And you get the solution on the commercial side support or it's all on-site support. It's stuff that you run on inside of your data center, inside of your cloud. So they use the case, the customers download it, play with the open-source, wow, this is pretty good. It's a better mouse trap. And they get hooked on the Kool-Aid or heroin, however you want to call it. Strategy, land and expand is words for that. But that's essentially what you're just doing, right? And so because we're so small in light, you can afford to deploy an identity management solution for one application, get it working, see the value. And then you can go ahead and expand to your other applications without having to have a multi-million dollar investment just to turn the thing on. So Mark, I got to ask you, the skeptics out there, and you've seen them all because you've deployed every single identity management system on the planet. You've seen the movie before in every new market. What are the skeptics saying? What's the big challenge that you guys overcome or challenges that the classic conventional skeptic would say to you guys? So probably the biggest challenge we'll get is I want to maintain control. I want to be in control. Or I don't think you're going to, especially in the cloud native world where you're so far on the bleeding edge, I don't think you can run in my environment. And so the proof is always in the pudding. It's like, okay, let's just get it up and running. And it's usually just absolute amazement when people see, wow, that actually just works the way I think it should work rather than way of vendor dictating things first. It's a classic IT challenge, you know. It's the heat shield to get the pretenders not to come through and waste their time. Exactly. So the open source product that you guys have comes in and says, hey, we'll come in and do a quick deploy. You get to play with it. And then it's magic. They go, wow, this works. Exactly. You're my friend, basically. Yep. That's how this, that's a sales strategy. And you know, we're developers. We, you know, we, you know, we've been out there doing deployments, but we're also developers. You know, I'm on the Slack channels, you know, trying to help people out. We write things that, you know, are generic to Kubernetes. You know, we use our products to show it off, but we want to contribute back to the community that's given us so much. And that also engarners a lot of goodwill. Cause when people see that, they say, okay, well, just somebody who's given back. Yeah. Well, they know that you have credibility and there's some trust there. Exactly. You've been there, done that. You're not just some sales guy selling them snake oil. Exactly. Which a lot of other identity systems aren't really good for repackaging and repurposing. Right. And they're big. I mean, that's, that's kind of always been the Star Walt of identity is just the time it takes just to get to on. Okay. So what's next for you guys? So what's next for us? We're going to be expanding more into the recertification market. So right now we've got a lot of the pieces there. We want to make it just ridiculously easy to say, okay, I've designed my workflow for access. And now I want to make sure that I can turn that workflow on every three, six, nine months and make sure that users still have access and then getting into more online integrations. Final question. What's the show like? Share with the folks watching. What's it like here at the KubeCon, Cloud NativeCon? What's the vibe here? What's the buzz? What's the top conversations? Vibes fun. I'm having a blast. Talking to people that I've worked with across the country and the world on different projects has just been amazing to just be able to talk geek out and just exchange ideas. But I'm hearing common threads of, we want to use Kubernetes, a big impact to security. Some people are using workarounds right now that they might be losing some of the benefits of Kubernetes to try and get there. Some are just kind of hoping nobody's going to hack them. So, you know. Fingers crossed. Right. That doesn't work very well. So there's a lot of improvement that Kubernetes has made and is continuing to make in the security space. But it's clearly still a gap that people are thinking about. All right, Mark Borstein. Thanks for coming on theCUBE. Really appreciate it. Congratulations on your success. And thanks for coming on and joining us. Awesome. Thanks for having me. All right. I'm John Furrier here on the ground at KubeCon, Cloud NativeCon. We'll be right back. Thanks for watching.