 Good morning from Los Angeles. Lisa Martin here at KubeCon, CloudNativeCon North America 2021. This is the Cube's third day of wall-to-wall coverage. So great to be back at an event in person. I'm excited to be joined by Vince Wang, Senior Director of Products at Fortinet. We're going to talk security in Kubernetes. Vince, welcome to the program. Thank you for having me. So I always love talking to Fortinet at cybersecurity is something that is such an impersonal interest of mine. But Fortinet talks about the importance of integrating security and compliance in the DevSecOps workflow across the container lifecycle. Why is this important and how do you help companies achieve it? Well, as companies are making digital innovations, they're trying to move faster. And as you move faster, how many companies are shifting towards a cloud-native approach, rapid integrations, rapid development and rapid deployment. But sometimes speed, you know, there's a benefit to that, but there's also the downside of that where you can lose track of issues and you can introduce a human error in the problem. So as part of the means to deliver fast while maintaining this secure approach with both the company and the organizations delivering it and their customers, it's important to integrate security throughout the entire lifecycle from the moment you start planning and development and people is in process to when you're developing it and then deploying and running into production, the entire process needs to be secured, monitored and embedded regularly with good quality processes, deep visibility and an integrated approach to the problem. And I think the other thing to also consider is in this day and age with the current situation of COVID, there's a lot of development employment in terms of what I call an accidental multi-cloud where you're deploying applications in random places in places that are unplanned because you need speed and that diversity of infrastructure and diversity of clouds and development and things to consider then produces a lot of opportunities for security and challenges to come about. And we've seen so much change from a security perspective on the threat landscape over the last 18 months. So it's absolutely critical that the integration happens shifting left. Talk to us about now let's switch topics. Application teams are adopting CICD, CICD workflows. Why does security need to be at the center of that adoption? Well, it goes back to my earlier point where when you're moving fast, organizations are building, deploying, running continuously and monitoring and improving, right? So the idea is you're creating smaller incremental changes, clearing it to the cloud, running it, adjusting it so then you're rapidly integrating and you're rapidly developing and delivering. And again, it comes down to that rapid nature. Things can happen. There's more points of touching and there's more points of interactions. And again, when you're moving that fast, it's really easy to miss things along the way. So as you have security as a core fundamental element that DNA, as you're building it, that's in parallel with everything you're doing, you just make sure that when you do deliver something that it's the most secure application possible. You're not exposing your customers or your organizations to unforeseen risks that just kind of sits there. And I think part of that is if you think about cloud infrastructure, misconfiguration is still the number one biggest problem with security in a cloud space. There's attacks and vulnerabilities, those we all know. And there's those means to control that. But the configurations, when you're storing the data, the registries, all these different considerations that go into a cloud environment, those are the things that organizations need visibility on and the ability to adopt their processes to be proactive in those things and know what they just need to know what and where they're operating to kind of make these informed decisions. That visibility is key. When you're talking with customers in any industry, what are the top three recommendations to say, here's how you can reduce your exposure to security vulnerabilities in the CI CD pipeline? What are some of the things that you recommend there to reduce the risk? There's a couple, obviously security as a fundamental practice, we've been talking about that. So that's number one key. The second thing that I would say would be when you're adopting solutions, you need to consider the fact that there is a very much of a heterogeneous environment in today's ecosystem. Lots of different clouds, lots of different tools. So integration is key. The ability to have choices of deployment in terms of where you want to deploy. You don't want to deploy based upon the technology limitations. You want to deploy and operate your business to meet your business needs. And having the right amount of integrations and toolings to have that flexibility and option is key. And then I think the third thing is once you have security, the choices, then you create a situation where there's a lot of process overhead and operational overhead. And you need a platform, a singular cybersecurity platform to kind of bring it all in that can work across multiple technologies and environments and still be able to control how deep visibility and consolidated policies and management that's consistent across all possible points. So we're talking to the DevOps folks. What are some of the key considerations that they need to take into account to ensure that their container strategy isn't compromising security? Well, I think it comes down to having to think outside of just DevOps. You have to, we talked about CICD, you have to think beyond just the build process, beyond just where things live. You have to think continuous life cycles and using a cybersecurity platform that brings it together, such as we have the Fortress security fabric that does that, tying a lot of different integration solutions. We work well within our core, but they have the ability to integrate well into various environments to provide that consistent policies. And I think that's the other thing is it's not just about integration, it's about creating that consistency across clouds. And the reality is also for, I think today's DevOps, many organizations are in transition. It's as much as we all think and want to kind of get to that cloud native point in time. The reality is there's a lot of legacy things. And so DevOps, SetOps, DevOps, all these different kind of operational functions need to consider the fact that everything is in transition. There are legacy applications. There are new cloud native cloud first type of application deliveries using containers and various technologies. And there needs to be again, that singular tool, the ability to tie this all together as a single pane of glass to be able to then navigate and merge between legacy deployments and applications with the new way of doing things and the future of doing things with cloud native. And it comes out again to something like the Fortress security fabric where we're tying things together, having solutions that can deploy on any cloud, securing any application on any cloud while bringing together that consistency, that visibility and the single point management to kind of lower that operational overhead and introduce security as part of the entire life cycle. Do you have Vince, an example of a customer that Fortinet has worked with that has done this that you think really shows the value of what you're able to enable them to achieve? We do, we do, we have lots of customers. I can't name any one specific customer for various reasons, you know, it's security after all. But the most common use case is when customers look at it, when we talk to CIO, CISO, CTOs, I think that's the one thing that they ask us is, well, how do we manage in this day and age making these cloud migrations? Everyone, I think the biggest challenge is everyone is in a different point in time in their cloud journey. There's, if you talk to a handful of customers or a room full of customers, you're not going to find one single organization that's going to be at the same point in time that matches yet another person, another organization in terms of how they're going about their cloud strategies, where they're deploying it, at what stage of evolution there are in their organizational transformations. And so what they're looking for is that flexibility to deploy and secure any application on any cloud throughout their entire application lifecycle. And so the most common things that our customers are looking for and are doing is they're looking to secure things on the network and then interconnect it to the cloud to deliver that superior application experience. So they're deploying something like the security fabric. Again, Fortinet has the cybersecurity approach so that they're deploying things, securing the native environments. They're looking at DevOps, they're deploying tooling to provide security posture management, cloud security posture management to look at the things that they're doing, the registries, their environment, the dev environment to then securing their cloud networks like what we do with our FortiGate solutions. We're deploying things from the DevOps cycle, securing the cloud environment with our FortiGate environments across all the very multitudes of cloud providers like AWS, Azure, Google Cloud. And then tying that together with some superior interconnections with SD-WAN and then tying that into the delivery and productions on the web application side. So it's a very much a continuous lifecycle. We're looking at various things. And again, the other example we have is because of the different places in different, in terms of cloud journeys, that the number one key is the ability to then have that flexibility deployment to integrate well into existing infrastructure and build a roadmap out for cloud as they evolve. Because when you talk to customers today, they're not going to know where they're going to be tomorrow. They know they need to get there. They're not sure how they're going to get there. And so what they're doing now is they're getting to cloud as quickly as they can. And then they're looking for flexibility to then kind of adjust and they need a partner like Fortinet to kind of bring that partnership and advisorship to those organizations as they make their strategies clearer and adjust to new business demands. Yeah, that partnership is key there. So FortiGate advocates the importance of taking a platform approach to the application lifecycle. Talk to me about what that means and then give me like the top three considerations that customers need to be considering for this approach. Sure, number one is how flexible is that deployment in terms of do customers have the option to secure and deploy any application on any cloud? Do they have the flexibility of integrating security into their existing toolings and then changing that out as they need and then having a partner and a customer solution that kind of grows with that. I think that's the number one. Number two is how well are these integrations or these flexible options tied together like what we do with the security fabric where everything kind of starts with the idea of a central management console and consistent policies and security from the get go. And I think the third is looking at making sure that the security integrations and security intelligence is done in real time with a quality source of information and points of responsiveness. What we do with our foreguard labs, for example, we have a large machine learning infrastructure where we're supported by all the various customer inputs and then the great intelligence organizations and then put real time intelligence and protection as part of that deployment lifecycle again. This then kind of really brings it all together organizations looking for application security and trying to develop in a CICD fashion. They have the ability to then have security from the get go, tie that in to the existing toolings with flexibility and visibility and then benefit from security all along the way with real time, you know, leading edge security that then kind of brings that sense of confidence and reassurance as they're developing. They don't need to worry about security. Security should just be part of that and they just need to worry about solving the customer problems and, you know, delivering business outcomes and results. Right, it's all about those business outcomes but delivering that confidence is key. Vince, thank you for joining me on the program today, talking through what Fortinet is doing, how you're helping customers to integrate security and compliance into the DevSecOps workflow. We appreciate your insights. Thank you so much for your time, I really appreciate it. My pleasure, for Vince Wang. I am Lisa Martin. You're watching theCUBE live from Los Angeles at KubeCon and CloudNativeCon 21. Stick around, Dave Nicholson will join me next with my next guest.