Devops Chat

As any CIO knows, a data management architecture is essential to caring for one of the organization's most valuable assets: data. Data management sounds simple but it's not. Backup and recovery, disaster recovery, data retention, governance, e-discovery... all are parts of any effective data protection strategy. As businesses move and grow their presence in the cloud, the same capabilities apply in this very dynamic and elastic environment. Recently, Druva received another investment round of $130m led by Viking Global. Mike Palmer, Druva Chief Product Officer, joins us on this episode of DevOps Chat where we talk about Druva's planned use of those funds, and Druva's approach to providing a SaaS-based data protection platform.

Network technology has undergone its own transformation in parallel with cloud infrastructure, how we create software, and the adoption of DevOps. SDN, NFV, virtual network appliances, and an ever-expanding suite of APIs making network and security technologies much more accessible to developers. Network engineers' worlds are rapidly changing too. From highly skilled to associate-level, all network engineers are faced with building up a new and necessary skill: software development. Learning software dev can be a daunting, even intimidating proposition even for someone already skilled in the network engineer domain. So, how do we lift up the community of network engineers and help them build their development chops? How can software and DevOps engineers easily get access to all the programmatic interfaces that configure, manage and control the network? These questions and more we explore with Susie Wee, Founder, Senior Vice President, and CTO of Cisco DevNet. DevNet is an online resource full of informat

It's easy to forget not everyone started their move to the cloud eight or even ten years ago. Early adopters have a wealth of experiences that can benefit newcomers and experienced teams alike. A preview to August 14th's webinar "Top 5 AWS Security Mistakes and How to Stop Them Before You Lose Data", DisruptOps CEO Mike Rothman joins us on DevOps Chat. In this episode, we reflect on learnings and knowledge Mike and co-founder Rich Mogul incorporated into their product DisruptOps Guardrails. Be sure to register for the Aug. 14th webinar at https://webinars.devops.com/top-5-aws-security-mistakes-and-how-to-stop-them-before-you-lose-data.

In a world where our apps are stitched together from a various building blocks, why wouldn't we do the same with Kubernetes? Operators make this possible. We spoke with Rob Szumski of IBM RedHat OpenShift team about the groundbreaking work he and the OpenShift team have been doing with bringing an entire library/repo of Operators for Kubernetes that will make it easier and faster to deploy and use Kubernetes. Low code/no code is the wave and now you can ride it with Kubernetes too. Have a listen.

The tribe at Armory (https://armory.io) announced their $28m series B funding, led by Insight Partners. Armory enables continuous software delivery at enterprise scale, powered by Spinnaker. That is a crisp mission statement, but beyond that Armory is bringing the open source Spinnaker to the enterprise market. As such they are also helping the entire Spinnaker community and as part of this the entire CD market. They are members of the CD Foundation, part of the Linux Foundation as well. I had a chance to catch up with their founder/CEO, DROdio and VP of marketing, Carl Landers to talk about Spinnaker, CD and the state of software delivery. BTW, if you are interested in learning more about Spinnaker and will be in San Diego for CloudNative.com/KubeCon, the Spinnaker Summit is the weekend before. The Armory folks have been nice enough to arrange a 20% discount if you would like to go: https://www.eventbrite.com/e/spinnaker-summit-2019-tickets-57895274324?discount=ARMORYAUGUST20 The code for discount is

Martin McKeay, a cybersecurity veteran, joins us to review Akamai's latest State of The Internet report (SOTI). This SOTI edition, dubbed Financial Services Attack Economy, highlights the vast array of cyber attacks targeted at the financial systems ecosystem over the past 18 months. Martin highlight from the report includes readily available lists of compromised user IDs and passwords, stuffing attacks, low cost or free All-In-One (AIO) attack tools, and the characteristics of phishing attacks against enterprises versus financial institutions. And more. Join us on this episode of DevOps Chat with Martin McKeay, Editorial Director, Akamai. The full report is available at www.akamai.com/soti/

Michael Coates is on a mission, a journey, an unassailable quest. You don't come away from senior security leadership roles at Twitter and Mozilla without some real-world lessons of how to improve cybersecurity. Those lessons inspired our guest Michael Coates, former Twitter CISO, to co-found his new startup Altitude Networks. While we don't yet know all the details about Altitude Networks, we know Michael is addressing the protection of data when using cloud collaboration software like Google Drive, Box, Dropbox, Office 365 and other online collaboration services. Michael shares with us the lessons he learned from security roles at Twitter and Mozilla is applying at Altitude Networks. Security products need to be designed to solve problems and alleviate work, not make work. And security needs to enable end-users to get their work done and not interrupt them with confusing popups, options, and decisions most end users won't understand. Join us on this episode of DevOps Chat to get the latest on Michae

Agile, DevOps, multiple cloud providers, serverless, contemporary cloud native apps, shadow IT using a credit card…it can be daunting for any IT organization to be responsive to the internal customer needs. It’s even tougher to be proactive and get ahead of the curve. Enter Cloud Management Platforms (CMP). On this episode of DevOps Chat, we talk with Bernard Sanders (no, not the presidential candidate), CTO of CloudBolt. Our conversation explores how IT can use a CMP to provide the IT and self-service capabilities so DevOps and Agile teams won’t feel the pain and slowdown of IT past. Learn more about CloudBolt’s products at www.cloudbolt.io.

Should we secure containers? How do we secure containers? How do we secure serverless computing architectured apps? With code repositories growing rapidly with each container we create, our guest John Kinsella, VP of Engineering - Container Security at Qualys, has some sage advice for securing containers. Containers are not intended to isolate code from security vulnerabilities, containers are designed for packaging and use. Which of my containers have a vulnerable version of OpenSSL installed in them? Integrating vulnerability scanning into the CI/CD process gives developers information to catch vulnerabilities in open source code before it hits production. Join us on this episode of DevOps Chat as we dive into the container security insights John Kinsella of Qualys has to offer.

RSAC 2019 APJ in Singapore is coming up and we’re lucky enough to preview a talk by Derek Manky titled "Flash War: Tapering an Accelerating Attack Chain." The speed at which networks are attacked, compromised and then intruders spread laterally is increasing rapidly. Add swarm technologies with AI machine learning and automation and the future holds a world where attacks that take days, hours or minutes today could laterally happen in fractions of a second tomorrow. House of Mirror defenses (yes, the network security equivalent of Bruce Lee’s Enter The Dragon mirror room) and other deceptions techniques step up to the challenge of tapering this accelerating attack chain. On this episode of DevOps Chats, Derek Manky, Chief of Security Insights at Fortinet previews his RSAC 2019 APJ Preview talk, Flash War: Tapering an Accelerating Attack Chain, scheduled at 1:15pm on July18th in Singapore. Join us on this podcast and at Derek’s RSA talk.

RSA Asia Pacific & Japan Conference 2019 in Singapore promises exciting and engaging sessions. A likely popular and possibly controversial talk will be “The Future of AppSec is Cloud Native.” Co-Presented by Jimmy Mesta (CEO and co-founder Ksoc and CTO at Manicode Security) and Jim Manico (Founder and trainer at Manicode Security), this talk makes the bold assertion that how we build cloud native applications will establish the new benchmark for application security. On this episode of DevOps Chats, Jimmy and Jim preview their RSA APJ 2019 talk, set out the case for why cloud native is the future for AppSec, and entice all of us to come learn more at their session on July 18 at 4:30pm. We hope to see everyone at their talk at RSA APJ 2019.

Our podcast guest believes the world changed “on a Tuesday" six months ago when the enterprise move to the cloud became imperative, not just an aspirational goal. That eureka moment was enough to pull Steve Mullaney off the sidelines and back into the game as CEO of Aviatrix after successful executive gigs at Palo Alto Networks and Nicira. Go-build might be a wonderful approach for cloud-native apps, but enterprises want the framework laid out ahead of their move to the cloud. Think enterprise cloud IT reference architecture, much like Cisco provided for enterprise IP networks, DEC mainstreamed for client-server, and IBM established for mainframe computing. You have to “bring the cloud to them.” That enterprise cloud reference architecture is what Aviatrix targets, in the same buy-with-a-credit-card model that fueled customers’ unfettered move to AWS. On our DevOps Chat podcast episode, Steve Mullaney, CEO of Aviatrix, talks about what enterprises want in a true enterprise multi-cloud backbone to suppor

Secure software depends on people finding vulnerabilities and deploying fixes before they are exploited in the wild. This has lead to a world of security researchers and bug bounties directed at finding new vulnerabilities. As dedicated as security researchers are, there is a vast ocean of software in existence, waiting for someone to find and exploit the next security vulnerability for profit or nefarious uses. With autonomous vehicles on the horizon, is there an autonomous solution to finding and fixing software vulnerabilities? Enter DARPA Cyber Grand Challenge winner “Mayhem”, created by a team of researchers from Carnegie Mellon University who spun out security startup ForAllSecure. And they have a BHAG (Big Hairy Audacious Goal). "Our vision is to check the world’s software for exploitable bugs so they can be fixed before attackers use them to hack computers”. Mayhem has moved on from capture the flag contests to observing and finding vulnerabilities in DoD software and is working its way to corporat

Wouldn’t it be helpful to know if other cloud users are seeing the same or similar attacks that you are? Security intelligence about cloud applications beyond just those you own and operate as an enterprise opens up a new dimension in attack visibility against an even large sets of cloud apps. Sumo Logic announced its extending their machine analytics and intelligence platform to include AWS Guard Duty during AWS re:Inforce 2019. Dubbed Global Intelligence Service for Amazon GuardDuty, the new service is more than just a data aggregation and reporting play. The new service provides additional context around GuardDuty data by reporting attack information across multiple Sumo Logic customers using AWS GuardDuty. Essentially a “crowdsourcing” approach to reporting threat intelligence across the cloud. In this episode of DevOps Chat, David Andrejewski, Senior Engineering Manager at Sumo Logic, joins us to talk about this new, more expansive threat intelligence service. More information about Global Intelligen

Making sure our applications are secure during runtime is of course important but how do we shift left so security is built into containerized, serverless applications? Lacework announced the addition of build-time security capabilities which complement their existing run-time offering for cloud, container and hybrid environments. This “shift left” will provide security and compliance visibility across the enterprise’s infrastructure footprint, from development to runtime, and for cloud, container, bare metal, and hybrid environments. On this DevOps Chats episode, we talk with Lacework CEO Dan Hubbard about some of the challenges in moving security earlier in the DevOps process, and the benefits of examining security and vulnerabilities in both dev and runtime environments. More information about the announcement is available at http://www.lacework.com.

Introducing chaotic, unpredictable test software into your methodical testing regime is a good idea, right? Yes, it's a branch of testing called Chaos Engineering, or Chaos Testing. Netflix's Chaos Monkey famously introduced many of us to the idea that resilient systems, networks and software become more resilient and less brittle if we use chaotic testing methods to find their weak points before customers do. An innovative engineer at xMatters launched a new open source chaos testing tool named after H.P. Lovecraft's nightmarish character Cthulhu. Cthulhu is designed to test across multiple cloud providers, initially supporting Google Cloud with plans to support Amazon Web Services. It's open source, free to use, looking for more contributors, and is available on GitBub. We are joined on this DevOps Chats by Tobias Dunn-Krahn, CTO, and Gabrielle Gasse, lead engineer on the Cthulhu open source project, both at xMatters.

As more and more of the components that make up the applications we use are open source, the need to secure these open source components increases. Of course Equifax is the poster child for this issue. Checkmarx, one of the leaders i application security scanning has had an open source scanning module for sometime. They have now updated that with a new homegrown engine that greatly improves the ability for their scanner to detect open source vulnerabilities in your applications. https://www.checkmarx.com/press-releases/checkmarx-makes-sca-market-waves-with-enhanced-open-source-security-offering In this DevOps Chat we speak with Matthew Rose of Checkmarx about what this means for you.

Agility, DevOps and Digital Transformation are racing into the mainstream. You know that’s the case when enterprise technology suppliers shift and adapt their strategies from infrastructure software to platforms for application delivery. That’s certainly been the case with SUSE, a company we’ve know for a long time going back to its Linux distribution origins. Adoption of contemporary software technologies such as Kubernetes containers presents another investment decision. Do you download, build, maintain and support your installation of Kubernetes or do pre-integrated and supported solutions enable you to speed up building and delivering applications. A control versus speed argument. On our DevOps Chat podcast we explore these paths; when its preferable organizations build from open source resources, when to utilize a Containers as a Service offering, or when an application delivery platform with support from a trusted supplier is best. Joining me in the discussion is Jennifer Kotzen, Senior Product Marke

SignalFx just announced a $75m dollar round of financing, bringing their total raise to date to $179m. This is an impressive war chest that allows SignalFx to continue it mission of bringing next generation Cloud Monitoring to large enterprises. In this DevOps Chat we sat down with SignalFx CEO and co-founder, Karthik Rau to discuss what were the big trends he and the team bet on early in SignalFx's development which have allowed them to capitalize on the opportunity in the cloud monitoring market. Karthik also gives us his vision for where the market is heading and what SignalFx is going to use these funds for to stay at the forefront. Congrats to Karthik and the SignalFx team.

DevOps and Agile are all about making software cycles short and dynamic, empowering development teams to rapidly iterate, leveraging tools with fewer burdens and reliance on outside organizations. It's the dev + ops combination that is so powerful. But what about security, specifically the identity of physical and virtual devices, containers and micro services? Digital certificates are a key asset in managing device identity but traditional tools and processes may not fit the speed and dynamic nature of today's cloud native software. Our guest on DevOps Chats is Sandra Chrust, Senior Product Marketing Manager at Venafi. Sandra shares with us lessons learned to more easily manage device identities in DevOps and Agile environments, leveraging tools that provide self service portals, APIs and SDKs for automation. No more support tickets!