 From the CUBE Studios in Palo Alto in Boston, connecting with thought leaders around the globe. These are Cloud Native Insights. Hi, I'm Stu Miniman, the host of Cloud Native Insights where we're talking to companies and practitioners about how they take advantage of the innovation and agility of the cloud. Happy to welcome to the program. I have first-time guest, Edo Safruti. He is the co-founder and CTO of PerimeterX. Going to talk to him in a dual role, both as a practitioner and their adoption of cloud-native technology, serverless specifically, as well as they are a cloud-native supplier in the security realm. Edo, thanks so much for joining us. Nice to have you on the program. Yeah, good to be here. Thanks. All right, so Edo, if you could, you're co-founder of PerimeterX. Give us just, if you would, a little bit of your background and what PerimeterX does and we'll go into truth from there. Sure. So as CTO, I'm in charge of the research, engineering, and product team at PerimeterX. We are a vendor, a cloud-native vendor, of web application security, protecting all kind of different business logic abuses for our customers, mostly large websites that are in demand of web scale, so not only doing the protection or the application, but also integrated into multiple infrastructure and running at scale. We're solving problems like account takeover, carding, major card data skimming, and so on. Yeah, one of the conversations we've been having the last couple of years from security is that there's no shortage of new threats. The surface area of attack keep getting more. Here in 2020, everybody's working from home more. The people that are doing attacks didn't stop working. So if you could just under, how long has PerimeterX been around? And I want to lead up to the discussion of serverless. What was the architecture considerations before and what started leading you towards making a change architecturally? Yeah. So PerimeterX was founded almost six years ago, less than six years ago, and we were a cloud-native solution to begin with. We identified the challenges of where the gap of security in native cloud application is, where in many cases security solutions are, we're not leveraging the breadth and the new architecture of how well applications are built, and we're more of trying to slap in standard enterprise security on other cloud infrastructure. When we started, we wanted to integrate and adopt the cloud and adopt the flexibility of the specifically of the edge to help enhance our customer's infrastructure by adding security onto that versus forcing them to rearchitect it when they integrate security into it. Well, it's interesting. You say six years ago, I can't remember hearing the term cloud native that long ago. Cloud has been around for a while, but when I started this, one of the discussions around cloud native was, oh, people were talking about adopting containers in Kubernetes. And I said, they're great tools to help from the infrastructure standpoint, but you're talking about living in the cloud, taking advantage of cloud services. That's where we really see the opportunity in cloud native. So when you say you were built for the cloud, but things like containers, serverless, probably weren't doing those six years ago, maybe, you know, or were you? Actually, yeah. So we started early versions of obviously all dockerized. Kubernetes was not that great back then. So we were orchestrating some things on our own and gradually adopting other orchestration and mesh for our own service that is obviously running on multiple cloud vendors. But from us, from our point of view, the key for cloud was how can we enable our customers and how can we integrate better with them in a way that enhanced their infrastructure versus add friction? Because the challenge usually with security is that security in most cases or traditionally was adding friction and delays and complexity to develop our process. And we were designing our solution to begin with on how can we leverage these new technologies? How can we leverage the fact that CDNs and edges are becoming smarter and you can start deploying your own payloads and logic to make our logic integrated with them and to partner with these cloud players in order to enable our customers to add these additional tiers. And I think this is, from my point of view, one of the key capabilities of having the capabilities of computed edge and serverless is making a lightweight integration and making your existing infrastructure smarter by making it easy to incorporate third party vendors or other solutions or more logic without forcing the whole architecture of the solution. Yeah, you bring up some great points. I remember back the early days of Docker, it was can we get the atomic unit to be closer to what the application is? But, you know, my background is an infrastructure and it was, okay, it went from the server to the VM to the container. Yeah, there's an application that sits on top of it, but I don't think about it, as opposed to serverless starts with the developer first and how I build my application and then there's certain things that I have to worry about the platform. So help us understand, doing containers, looking at serverless, was it, okay, we're gonna completely overhaul and throw out what we had because there's something new and better. Are you doing still some containers and some serverless? Help us understand what drove that transition and what the outcomes were. Yeah, so our infrastructure, our machine learning algorithms, the data processing, the heavy lifting that we're running on our own infrastructure, which is, again, cloud-native infrastructure, but something that we're managing. In many cases, he's using containers, he's using other environments because we were running heavy payloads, we're not fully relying on some other platform to run it for us. We're leveraging a lot of these technologies to run it in a more efficient way. Where we're adopting serverless is both in some of the front-end decision, so making smarter load balancing decision, integrating with some other cloud vendors to help make sure that requests are coming in the right, you and things like this. But where it is more important then is how can we make ourselves relevant for our customers to adopt serverless and how can we help introduce security into these environments? Because if you're looking at traditional security, if you're, so it's more about, if I go to that on how can I enable our customers adopt serverless? How can I enable our customers adopt new technologies in the cloud? Because it could be a limitation. If you're a security policy or if your architecture is such that requires everything to go through a specific security proxy or some firewall, it may force you to utilize very limited architectures. If you want to deploy now a payload on Lambda or on your CDN, it typically will be way in front of your traditional enterprise security solutions. How can you make that application smarter? How can you make that application sort of self sufficient? By connecting modules, by making sure that you're including modules that integrate the security and bring the security with you everywhere. So this is the motion that we're trying to find here. Well, and I'm sure you've got a really interesting viewpoint that I'd love to hear on this Edo. So if you look at most new technologies, especially in the cloud space, serverless specifically, cost it should be less expensive, flexible. I should be able to make changes and speed. I should be able to do more faster. But always when you look at those, you say, well, but what about security? Can I do all of those things, be faster, better, cheaper, more agile and not be less secure? So I'd love to hear any thoughts you have on kind of the typical things, but also your security angle on that. Yeah. So one of the benefit of using serverless or, and I think there are two types, literally thinking of serverless. One is running your code in some backend application that may access different things, but you don't need to manage for scale because there is some platform that manage that, which is one great option. What you're seeing more and more and we're working in collaboration with Fastly and where you can see that on other edge platforms is having this notion of serverless, how can you deploy code to the edge? The benefit there is that you can mitigate a lot of the risks outside your data center, outside your cloud, if there is, and this is where security plays so well with that because you want to mitigate the risks and the attack as far away from your application as possible. So if you can deploy the logic that is doing that or making decisions at the edge, it helps you improve your infrastructure cost. It helps you improve some of the applications that are still in the backend. So you can gradually forward deploy the logic that is relevant at the edge and getting the scalability, getting this ability to scale a bit without limit because the CDN or this edge vendor has a lot of capacity and withhold if it's a denial of service attack or if it's any other type of attack where this logic can handle. Or even sometimes it just scale. Maybe you had a very good marketing campaign and you're having a lot of traffic. If you can deploy this code somewhere that can handle that in a distributed and efficient way, you're handling it better. Well, and it sounds like that fits into what ParameterX does. When I think about edge, scale concerns, security concerns are some of those top of mind as are just, can automation, things like machine learning or AI help me? Because usually that scale or distributed nature of it means that it's not necessarily something that people alone could take care of themselves. Am I getting right a little bit where ParameterX is helping their customers? Yeah, yeah. And the idea is to connect, to help offline offset some of the logic or some of the capabilities that you don't want your business to be an expert in. So if you're a retailer, you want to be able to sell the best to optimize recommendation for your customers and to handle that, you don't want to be an expert in detecting bots or in identifying malicious code or things of that sort. And if you can offset that and with a lightweight, easy integration that does not limit your ability to innovate and adopt new technologies, this is what we're trying to help. Let us focus this by integrating the edge, by integrating with partners like Fastly and so we can help enhance the infrastructure and add more capabilities where you can focus on doing your own business and we can help allow and enable additional technologies. Along your serverless journey, what partners, what other vendors who were helpful along the way, as I've looked at it, it's a relatively young ecosystem, but it's robust. So curious, some of the companies that have helped along the way. Yeah. I think Fastly is definitely one that is from their earlier infrastructure. They always had a component of exposing their edge and making it more programmable via configuration and setting logic and now rolling out a computed edge that is giving even more flexibility. Other CDNs are opening their edge as well with all kinds of views. Again, Lambda from AWS and other services. So this is one component. How do you manage that? How do you always read that? There are issues of how much state can you manage their access to data and there are different services that allows that. Other platforms which are more of the platform as a service that are not traditionally considered serverless. You can think of it as e-commerce platforms helps you deploy your logic and sometimes code application into their ecosystem and helps you focus on, again, managing your application. So think of Magento, think of Salesforce Cloud, this kind of commerce applications that you can deploy your logic. They're all fit into that ecosystem of help you. You want to write your code that you're key on and let someone else manage the scale, let someone else manage some of the things that are common to all. Well, that's definitely wanting to see that the diversity of solutions at edge, very different from if you were thinking kind of the traditional enterprise data center. Any, as a CTO, when you look at edge, where are we with the maturation of this whole solution? Are there areas specifically that you expect in the next 6, 12, 18 months that we will see something solidify, mature down the line? Yeah, yeah. So I think that the state where the edge compute is at now is more about deploying logic that is remote from the data center. So there is a limit if you look across different vendors to the more IO or data access capabilities of this load. So if you can write the code and make itself sufficient, it's easier and it's more common to find platforms that will allow that. What you're starting to see is how you add the data layer into that tier and making it more accessible. And that opens the gate for many more reach and interesting applications because once you can have a key value store and once you can manage a state, modify configuration, you can then start deploying more complex applications and make more decisions. Do I see a billing system running entirely on the edge? Probably not. I mean, there are things where you want to store it in the database. There are things that make sense to have it in some backend infrastructure, but a lot of payloads, more and more environments are going there. And I think these additional services of queuing services, data services, database-like services. So can I run a transaction on the edge? These kind of technologies are currently emerging and you can see them in different levels with different vendors. And they will definitely open the gate even further for more and more applications to be adopted at the edge. All right, well, last question I have for you. What advice would you give for your peers out there? As I said, you were early in Docker adoption. Yeah. You've done serverless adoption. Edge is something that is gaining a lot of attention. What advice would you give to people here in 2020 is that they look at the variety of cloud-native options out there? I think the easy one is anything new that you build, look around and figure out what is the best technology that can help you get there faster. And how can you build in a more strategic way for C-suite executive, if it's the CTO, CIO, CISO? Think on how can you enable your team to move faster? How can you enable your team by the solutions and technologies that you select to have the flexibility of moving faster? How can you enable them to adopt new technologies and make it available? How can, and this is, you need some practices because you need to make sure that you are getting the right metrics. So whenever that you're using vendors that will help you collect and monitor the services and get insights, because suddenly, if anyone can deploy anything anywhere, then there is some concern of loss of control. So finding the right vendors that can help you or adopting the right processes that help you gain this visibility while still enabling them to go anywhere. This is key, at least for us, it was key. And this is, from wearing my product hat, when we're building our services, this is what we're trying to enable our customers to do with the security part. Well, Ito Safriti, thank you so much for sharing your journey. I really appreciate you having on the program. Sure, thanks. And if you have people we should talk to, I would love hearing stories of cloud native, how those of jobs that you're going, sharing your information with your peers, I'm Stu Miniman and look forward to hearing more of your cloud native insights.