 Hey, welcome to theCUBE's coverage of Red Hat Summit 2021, the virtual experience. I'm Lisa Martin, I have two guests joining me. One is a CUBE alum, Kamal Shah is back. He's now the VP of Cloud Platforms at Red Hat. Kamal, it's great to have you back on the program. You're in a new role, we're going to talk about that. Thank you. And Kirsten Newcomer is here as well. She's the Director of Cloud and DevSecOps Strategy at Red Hat. Kirsten, welcome and thank you for bringing the Red Hat vibe to the segment. Absolutely, very happy to be here. So looking forward to this conversation that we're going to be having in the next 20 minutes or so, we're going to be talking about, so last time, Kamal, you were on, you were the CEO at Stack Rocks in January of 2021, the announcement that Red Hat plans to acquire Stack Rocks. I'm going to be talking all about that, but I'd like to start with Kirsten, give us your perspective from Red Hat's perspective. Why is Red Hat a good fit for Stack Rocks? There are so many reasons. First of all, as you know, Red Hat has been working with productizing Kubernetes since Kubernetes 1.0, right? So OpenShift 3.0 shipped with Kubernetes 1.0, so we've been working with Kubernetes for a long time. Stack Rocks embraces, kind of is Kubernetes native security, embraces the declarative nature of Kubernetes and brings that to security. Red Hat's enterprise customers, we have a great set across different verticals that are very security conscious, and during my five years at Red Hat, that's where I spend the majority of my time, is talking with our customers about container and Kubernetes security. And while there's a great deal of security built in to OpenShift as it goes to market out of the box, customers need the additional capabilities that Stack Rocks brings. Historically, we've met those needs with our security partners. We have a great ecosystem of security partners, and with the Stack Rocks acquisition, we're now in a position to offer additional choice, right? If a customer wants those capabilities from Red Hat, tightly integrated with OpenShift, we'll have those available, and we continue to support and work with our broad ecosystem of security partners. Excellent, customers always want to us. Come on, give me your perspective. You wrote the helm, the CEO of Stack Rocks, as you were last time you were on theCUBE. Talk to me about the Red Hat acquisition from your seat. Yeah, so as Kirsten mentioned, we were partners of Red Hat, and we're part of the Red Hat partner ecosystem. And what we found is there was both a great strategic fit and a great cultural fit between our two companies, right? And so the discussions that we had were, how do we go and quickly enable our customers to accelerate their digital transformation initiatives, to move workloads to the cloud, to containerize them, to manage them through Kubernetes, and make sure that we seamlessly address their security concerns, right? Because it continues to be the number one concern for large enterprises and medium-sized enterprises. And frankly, any enterprise that's, you know, working out today. So that was kind of the impetus behind it. And I must say that so far, the acquisition has been going on very smoothly. So we had two months in roughly, and everybody has been very welcoming, very collaborative, very supportive. And we are already working hand in hand to integrate our companies and to make sure that we are working closely together to make our customers successful. Excellent, we're gonna talk about that integration in a second, but I can imagine challenging going through an acquisition during a global pandemic. But that is one of the things that I think lends itself to the cultural alignment, Kamal, that you talked about. Kirsten, I wanna get your perspective. We know we talk about corporate culture and corporate culture has changed a lot in the last year with everybody or so many of us being remote. Talk to me about kind of the core values that Red Hat and Stack Rocks share. Actually, that's been one of the great joys during the acquisition process in particular, Kamal and Ali shared kind of their key values and how they talked with their team. And some of the overlap was just so resonated so much for all of us, in particular, the sense of transparency that the team, the Stack Rocks executive team brings and approaches that's a clear value for Red Hat strongly maintained. That was one of the key things, the interest in containers and Kubernetes, right? So the technology alignment was very clear. We probably wouldn't have proceeded without that. But again, and I think the investment in people and the independence and the strong drive of the individuals and supporting the individuals as they contribute to the offerings so that it really creates that sense of community and collaboration that is key. And it just really strong overlap in cultural values and we so appreciated that. Community and collaboration couldn't be more important these days. And ultimately the winner is the customers. So let's dig in, let's talk about what Stack Rocks brings to open shift. Kirsten, take it away. Oh man, so as I said earlier, so I think we really believe in continuous security at Red Hat and in defense and depth. And so when we look at an enterprise Kubernetes distribution, that involves security at the real core OS layer, security and Kubernetes, adding the things into the distribution, making sure they're there by default that any distribution needs to be secure to be hardened, auditing, logging, identity access management, just a wealth of things. And Red Hat has historically focused on infrastructure and platform security, building those capabilities into what we bring to market. Stack Rocks enhances what we already have and really adds workload protection, which is really when it comes down to it, especially if you're looking at hybrid cloud, multi-cloud, how you secure not just the platform, but how you secure your workloads changes. And we're moving from a world where you're deploying antivirus or malware scanners on your VMs and your host operating system to a world where those workloads may be very short-lived. And if they aren't secured from the get-go, you miss your opportunity to secure them, right? You can't rely on, you know, you do need controls in the infrastructure, but they need to be Kubernetes native controls. And you need to shift that security left, right? You never patch a running container. You always have to rebuild and redeploy. If you patch the running container, the next time that container image is deployed, you've missed, you've lost that patch. And so the whole ethos, the whole shift left, the DevSecOps capabilities that Stack Rocks brings really adds such value, right? You can't just do DevSec or StackOps. You need to do a full infinity loop to really have DevSecOps. And Stack Rocks, I'm gonna let Kamal tell you about it, but they have so many capabilities that really drive that shift left and enable that closed loop. We're just so excited that they're part of our offerings. So Kamal, take us through that. How does Stack Rocks facilitate the shift left? Yeah, absolutely. So Stack Rocks, which we announced at Summit is now being rebranded as Red Hat Advanced Cluster Security was really purpose-built to help our customers address the use cases across the entire application lifecycle, right? So from build to deploy to runtime. So this is the infinity loop that Kirsten mentioned earlier. And one of our foundations was to be Kubernetes native to ensure that security is really built into the application as opposed to bolted on. So specifically, we help our customers shift left by securing the supply chain and by making sure that we are identifying vulnerabilities early during the build process before they make it to a production environment. We help them secure the infrastructure by preventing misconfigurations. Again, early in the process because as we all know, misconfigurations often lead to breaches at runtime, right? We help them address compliance requirements by ensuring that we can check for CIS benchmarks or regulatory requirements around PCI, HIPAA, and NIST. And that said, just focusing on shift left doesn't really mean that you ignore the right side or ignore the controls you need when your applications are running in production. So we help them secure that at runtime by identifying preventing breaches, so threat detection prevention incident response. That built-in security is, you both mentioned that built-in versus bolt-on. Kirsten, talk to me about that as really kind of a door opener. We talked a lot about security issues, especially in the last year. I don't know how many times we've talked about misconfigurations leading to breaches and we've seen so many security challenges present in the last year. Talk to me a little bit, Kirsten, about what customers' appetites are for going, all right, now I've got cloud-native security, I'm going to be able to, I'm going to feel more comfortable with rolling out production deployments. It's a great place to go. So there are a number of elements to think about. And if I could, I could start with, by building on the example that Kamal said, right? So when we think about, I need to build security into my pipeline so that when I deliver my containerized workloads, they're secure. What if I miss a step? Or what if a new vulnerability is discovered after the fact, right? So one of the things that Stackrocks or Red Hat ACS offers is, it has built-in policy checks to see whether a container or running image has something like a package manager in it. Well, a package manager can be used to load software that is not delivered with the container. And so the idea of ensuring that you are including workload, built-in workload protect box with policies that are written for you. So you can focus on building your applications. You don't necessarily have to learn everything there is to know about the new attack vectors that are really just, it's new packaging, it's new technology, it's not so much, there are some new attack vectors, but mostly it's a new way of delivering and running your applications that requires some changes to how you implement your security policies. And so ensuring that you have the tools and the technology that you're running on have those capabilities built in so that when we have conversations with our security conscious customers, we can talk with them about the attack vectors they care about, we can illustrate how we are addressing those particular concerns, right? One of them being malware in a container. We can look for, StackRocks can look for a package manager that could be used to pull in, code that could be exploited and you can stop a running container. We can do deeper data collection with StackRocks. Again, one of the challenges when you're looking at moving your security capabilities from a traditional application environment is containers come and go all the time in a Kubernetes cluster. Nodes, your servers can come and go in a cloud native Kubernetes cluster, right? If you're running on public cloud infrastructure, those things are, the nodes are ephemeral too, they're designed to be shut down and brought back up. So you've got a lot more data that you need to collect and that you need to analyze and you need to correlate the information between these, right? I no longer have one application stack running on one or more VMs. It's just things are moving fast. So you want the right type of data collection and the right correlation to have good visibility into your environment. And if I can just build on that a little bit, the whole idea here is that these policies really serve as guardrails, right? For the developers. So it allows developers to move quickly to accelerate the speed of development without having to worry about, you know, hundreds of potential security issues because there are guardrails that will notify that with concrete recommendations early in the process. And the analogy I often use is like, you know, the reason we have brakes in our cars is not to slow us down, but to allow us to go faster because we know we can slow down when we need to, right? So similarly, these policies are really, it's really designed to accelerate the speed of development and accelerate digital transformation initiatives that our customers are embarking on. And Kamala, I want to stick with you on the digital transformation front. We've talked so much about how accelerated that has been in the last year with everything going on in such a dynamic market. Talk to me, Kamala, about some of the feedback that you've gotten from StackWorks customers about the acquisition and how it is that, maybe that facilitator of the many pivots that businesses have had to do in the last year to go from survival mode to thriving business. Yeah, absolutely. The feedback from all of our customers, Barman has been very, very positive. So it's been, it's allowed us to invest more in the business. And, you know, we publicly stated that we are going to invest more in adding more capabilities. We are more than doubling the size of our teams, as an example, and really working hand in hand with our, the broader team at Red Hat to further accelerate the speed of development and digital transformation initiatives. So it's been extremely positive because we are adding more resources, we're investing more, we're accelerating the product roadmap based on, compared to what we could do as a startup, as you can imagine. And the feedback has been nothing but positive. So that's kind of where we are today and what we're doing with the summit is rolling out a new bundle called OpenShift, OpenShift Platform Plus, which includes not just Red Hat ACS, which used to be StackRocks, but also Red Hat OpenShift Hybrid Cloud Platform, as well as Red Hat Advanced Container Cluster Management, ACM capabilities, as well as Quade Container Registry. So we are making it easier for our customers to get all the capabilities that they need to further drive their digital transformation initiatives. So again, it goes back to this whole customer centricity theme that Red Hat has, that was also core value of StackRocks. And the winner in all of this, if you believe ultimately, are our customers because that's where we exist to serve them. Right, and I really like that if I could chime in kind of on top of that a little bit. So I think that one of the things we've seen with the pandemic is more of the Red Hat customers are accelerating their move to public cloud and away from on-premises data centers. And that's just partly because of so many people working remotely, it just has really pushed things. And so with Hybrid Cloud becoming even more key to our joint customer base. And by Hybrid Cloud, I mean that they have some environments that are on-premises as they're making this transition. Some of those environments may stay, that footprint may stay on-premises, but it might be smaller. They may not have settled on a single public cloud. They could in fact, they often are picking a public cloud based on where their development focus is. Google is very popular for AI and ML workloads. Amazon of course is just used by pretty much everybody. And then Azure is popular with a subset of customers as well. And so we see our customers investing in all of these environments. And Stack Rocks, Red Hat ACS like OpenShift runs in all these environments. So with OpenShift Platform Plus, you get a complete solution that helps with multi-cluster management with ACM, with security across all of these environments. You can take one approach to how you secure your cluster, how you secure your workloads, how you manage configurations. You get one approach no matter where you're running your containers and Kubernetes platform when you're doing this with OpenShift Platform Plus. So you also get portability. If today you wanna be running in Amazon, maybe tomorrow you need to spin up a cluster in Google, you can do that. If you're working with EKS or GKE or AKS, you can do that with Red Hat ACS as well. So we really give you everything you need to be successful in this move and we give you back to that choice word, right? We give you the opportunity to choose and to migrate at the speed that works for you. So that simplicity, that streamlining, I gotta ask you the last question here in our last couple of minutes, Kamal, what's the integration process been like? As we said, the acquisition just a couple of months in, but talk to me about that integration process, what that's been like. Yeah, absolutely. So as I mentioned earlier, the process has been very smooth so far, so two months in, and it's largely driven by the common set of culture and core values that exists between our two companies. And so, from a product standpoint, we've been working hand in hand, as I mentioned earlier, we were partners so working hand in hand on accelerating the roadmap, the joint roadmap that we have here from a go-to-market perspective, our teams are well integrated. We are going to be rolling out the bundle and we're gonna be rolling out additional options for our customers. We've also publicly announced that we'll be open sourcing Red Hat ACS, formerly known as Stack Rock, so stay tuned for further news and then announcement. And so, again, two months in, everybody's been super collaborative, super helpful, super welcoming, and the team is well settled and we're looking forward to now focusing on our primary objective which is to make sure that our customers are successful. Absolutely, that customer focus is absolutely critical, but also, so is the employee experience and it sounds like we both talked about the ethos and the core value alignment there, probably being pretty critical to doing an integration during a very challenging time globally. I appreciate both of you joining me on the program today, sharing what's going on Stack Rocks, now ACS, the opportunities for customers to have that built in Kubernetes security. Thanks so much for your time. Thank you. Thank you. For Kamala Shah and Krista Newcomer, I'm Lisa Martin. You're watching theCUBE's coverage of Red Hat Summit, the virtual experience.