 From Hell's Kitchen in New York City, it's theCUBE on the ground at Serverless Comp, brought to you by SiliconANGLE Media. Hi, I'm Stu Miniman with theCUBE here at Serverless Comp in Hell's Kitchen, New York City. Our first time doing theCUBE here, I'm happy to welcome back to the program a multi-time guest, Mark Nidencoven, who is the Vice President of Cloud Research at Trend Micro. Mark, great to see you. Thanks for having me, great to see you too. All right, so Mark, repeat after me. Security is everybody's responsibility. So, you did a keynote. Yes. Talking about security, and I love, I didn't get to see it in person, but I feel like I was there because we had the Twitters and the commentary and stuff like that. So, security, it's a non-issue, right? Serverless, it's all set, like containers and everything before it. Everything's secure, right? Yeah, as you know from looking at the headlines, we do security really well in the IT community, so you can sleep well at night. We don't have to worry about anything. No, unfortunately it continues to be a challenge, and the point of the keynote yesterday was sort of give the state of the nation how we're doing in the serverless environment, and the good news is we're doing well in security for serverless designs, but the bad news is not through any individual or purpose action, simply by just building in these methods, we get a huge amount of security advantages, but we can do better. All right, so what can we learn? It's funny, we see these kind of repetitive things go on in the industry. It's like, oh, well, I'm going to just use SaaS. I don't need to worry about security, right? Oh, I'm going to go public cloud, they'll take care of it for me. Now, containers, serverless, it feels like we have the same trope over and over and over again, right? We do, very, very much so, and one of the things I called out yesterday was actually highlighting how the OWASP top 10, which is the 10 most common vulnerabilities in web applications, have not really changed since 2010, yet we didn't have even the concept of serverless in 2010, but we're still making the same mistakes. SQL injection, still the top mistake that we've been making for the last decade. All right, so we're talking about security. Let's step back for a second. So I believe a lot of the people watching these interviews are going to be like, serverless, I don't get it. I love the, Cloud Guru folks have the t-shirt, the update of the cloud one, there is no cloud, it's just somebody else's, owns the computer, now it's, I forget the full thing. But it's, you know. It's somebody else's ephemeral execution environment that lasts for milliseconds, something like that. From your standpoint, you've been talking a lot of customers, you speaking at this conference, the what and the why of serverless. Yeah, so serverless is really that sort of, I won't say conclusion, but the logical next step of cloud, where you start to realize when you move out of your own data center, where you were doing everything, and you move into the cloud and go okay, well half of the responsibility is on Amazon or Google or Microsoft or whoever. And then you go well, hold on a second, why am I even managing Windows or Linux? What advantage is that to me? I make widgets or I sell shirts or whatever. And so you move up into some containers and you ask the same question, go well, why am I even running those? Serverless is that last step on the current line of going I don't have to run any of this stuff, I can just write code that's directly tied to my business. Yeah, and I like how you said it's the next step. I think back to science. And it was like when we found the atom, everybody was super excited. And then like oh, there were protons and neutrons and they're like oh my gosh, and electrons and everything. And then they're like oh, and then there's the quark and everything like that. So the further down we deep, but what is the value of that? So I think we went from the server to virtualized environments to microservices to containers, why is that important? What's the business outcome that people are getting when they get excited and start playing with serverless? For sure, so there's really two main points for me. One is that you have a direct tie between IT and the business both from performance as well as cost. So now you can actually say that application didn't cost me $1.10 per transaction and I normally make $9 on each transaction. So this is good, let's continue to invest there. So there's finally a breakdown between the separation and you get that unity with the business and the IT. And the second is accessibility. Because there's far less infrastructure and plumbing to worry about, you have people who aren't traditionally viewed as developers, more the business analysts, starting to actually write solutions that are far more directly in line with what you wanna do as a business. All right, one of the things I like seeing in the keynotes was what can we do today and what can't we do today? So web application is great, IoT, things like the Amazon buttoner, the Amazon Alexa, all leverage that. What are some of the cool applications that you've seen leveraging serverless today? Yeah, so a lot of cool robots. So a friend of mine, Ben Kehoe from iRobot gave a great talk on it. A lot of their stuff leverages that and I'm a nerd, I love robots. IoT doesn't like robots. Exactly, right? We welcome our robot overlords here at the queue. Absolutely. And we all, if they're listening and when they process this, thank you for your service. But yeah, there's a lot of great things where we're crossing out of just the digital world into the real world, because we can connect these things up with the advantage of serverless. We don't have to build out a huge infrastructure if you need smart lighting, if you need smart appliances, all of the IoT world, it's all serverless. Yeah, so I'm gonna bring up this word that has some weight to it, enterprise. So companies, we're talking, the cloud is being reused for whole businesses and everything like that. It's serverless for, that's web and robots and cool toys and everything like this. What are you seeing, what are the limitations and does this become a predominant operating model in the future? Yeah, there's a lot of hesitancy in the enterprise because they're not familiar with it, but realistically any enterprise today should have a very simple sort of fall-down model. When they're building something new, start at serverless, if that doesn't meet your needs, put it in a container, if that doesn't meet your needs, build a server. Again, you want to do less work. The challenge again is comfort level, serverless breaks a lot of our tooling, so you need to learn a lot of stuff, but it's definitely where enterprises should be looking today if they want to get ahead. Okay, and Mark, what advice do you give to companies today as they think about security across some of these various environments? Well, I mean, you led the cheer at the start. It's security's everybody's responsibility. From a security practitioner's point of view, we've done ourselves a disservice in isolating ourselves and teams and not talking to people. We need to be educators within our organizations to help people understand what they can do. It goes all the way back to the Mythical Man Month. It's easier to squash a bug before you ever write it rather than when it's deployed to millions of people. Same thing for security. The earlier you're on it, the more people are looking at it, the better off you're going to be. All right, Mark, want to give you the final word, takeaways, the event isn't done, but for people that aren't familiar, where do they get started, and where should they dig in for serverless? Yeah, there's a ton of great content here. So this is the fifth serverless event. A lot of the old talks are up on YouTube. A Cloud Guru has done a fantastic job pulling this community together. Check out all that stuff. The major providers, all of them are here. All of them have excellent entry-level projects to help you get rolling. And really, that's the best way to start. Fire up the console, start building something. Why not? All right, Mark, really appreciate you joining. Thanks for sharing with the community here, our community. Look forward to seeing you at many more events. And thank you so much for watching theCUBE.