1 00:00:37,878 --> 00:00:40,128 S1: All right. In this stand alone episode, I'm doing a 2 00:00:40,128 --> 00:00:45,428 S1: sponsored interview with Eva Concevoir of Teleport. So we've all 3 00:00:45,428 --> 00:00:48,698 S1: heard sponsored conversations before, and the structure I really like 4 00:00:48,698 --> 00:00:52,178 S1: is imagining that you're having a lunch conversation with an 5 00:00:52,178 --> 00:00:55,058 S1: entrepreneur and you're learning about the product for the first time. 6 00:00:56,068 --> 00:00:59,158 S1: So that's really how I approach these, basically, I say, look, 7 00:00:59,158 --> 00:01:01,708 S1: we're having lunch. Tell me about the product. And I 8 00:01:01,708 --> 00:01:04,588 S1: get to comment and ask questions just like a normal conversation. 9 00:01:05,318 --> 00:01:07,978 S1: Now these are sponsored, so I'm not likely to blast 10 00:01:07,978 --> 00:01:10,678 S1: someone from orbit. But I'm also going to be honest 11 00:01:10,678 --> 00:01:12,928 S1: if I see a challenger or a question just like 12 00:01:12,928 --> 00:01:16,568 S1: I would during a lunch conversation. And the way we're 13 00:01:16,568 --> 00:01:19,688 S1: looking to avoid conflict here is by pre filtering, we 14 00:01:19,688 --> 00:01:22,838 S1: allowed to do sponsored interviews. So that's the approach the 15 00:01:22,838 --> 00:01:25,598 S1: natural pitch in a conversation over the time span of 16 00:01:25,598 --> 00:01:25,988 S1: a meal. 17 00:01:26,678 --> 00:01:33,468 UU: And with that, here's of from teleport. All right. 18 00:01:33,678 --> 00:01:37,868 S1: Well, it's very nice to meet you. Likewise. Yeah, so 19 00:01:38,018 --> 00:01:40,328 S1: I guess, could you tell me about yourself and tell 20 00:01:40,328 --> 00:01:41,438 S1: me about the company? 21 00:01:42,548 --> 00:01:47,978 S2: Absolutely. So I'm an engineer who was always obsessed with 22 00:01:48,308 --> 00:01:52,628 S2: computing infrastructure. So probably the reason for this is as 23 00:01:52,628 --> 00:01:57,338 S2: most engineers, I started programming at the fairly early age, 24 00:01:57,338 --> 00:01:59,978 S2: and I always like to write code that kind of 25 00:01:59,978 --> 00:02:03,908 S2: makes computers do things like physical things like play music, 26 00:02:03,908 --> 00:02:07,448 S2: using something that moves inside of a computer or do 27 00:02:07,448 --> 00:02:10,118 S2: some special effects with a monitor. And for that reason, 28 00:02:10,118 --> 00:02:13,028 S2: I kind of grew up and gotten into the workforce. 29 00:02:13,598 --> 00:02:16,928 S2: I was naturally attracted to this cloud revolution that started 30 00:02:16,928 --> 00:02:20,588 S2: to happen because just being in a data center, I 31 00:02:20,588 --> 00:02:22,948 S2: see the ceiling racks and racks of servers. It's just 32 00:02:22,948 --> 00:02:25,958 S2: that there's always been various fascinating. So it's a second 33 00:02:25,958 --> 00:02:30,068 S2: company has started to make the lives of other engineers 34 00:02:30,068 --> 00:02:33,758 S2: a year. So the first was what was an email 35 00:02:33,788 --> 00:02:36,158 S2: cloud delivery technology. So if you were to run the 36 00:02:36,158 --> 00:02:38,258 S2: applications in the cloud and you wanted to kind of 37 00:02:38,288 --> 00:02:41,768 S2: send and receive email messages of massive scale? That was 38 00:02:41,768 --> 00:02:46,958 S2: my first company called Mail Gun. But after Milgrom got 39 00:02:46,958 --> 00:02:52,298 S2: acquired by Rackspace, which at the time was second biggest 40 00:02:52,298 --> 00:02:57,458 S2: cloud provider, so I got exposed to big cloud problems. 41 00:02:57,638 --> 00:03:01,418 S2: And one of those problems was the access because as 42 00:03:01,418 --> 00:03:07,028 S2: companies continue to push more and more data to the cloud. 43 00:03:07,538 --> 00:03:12,338 S2: So the importance of data security in data centers is 44 00:03:12,338 --> 00:03:16,358 S2: now more important than ever. And it just so happens 45 00:03:16,358 --> 00:03:18,668 S2: that when it comes to infrastructure security, when it comes 46 00:03:18,668 --> 00:03:22,658 S2: to infrastructure access, the technology we use for that surprisingly 47 00:03:22,928 --> 00:03:26,918 S2: is a lagging application level security where, like 10, 15, 48 00:03:26,918 --> 00:03:30,428 S2: 20 years. In other words, when you're accessing web apps 49 00:03:30,428 --> 00:03:33,848 S2: online and by web apps, I mean, like banking. When 50 00:03:33,848 --> 00:03:38,858 S2: you log into your bank to check your balance or 51 00:03:38,858 --> 00:03:42,098 S2: pay your bills, you're actually using state of the art technology. 52 00:03:42,428 --> 00:03:45,698 S2: But if you are an engineer at a sales company 53 00:03:45,698 --> 00:03:51,188 S2: and you're accessing products, servers, computing environments, you're using antiquated 54 00:03:51,188 --> 00:03:55,028 S2: stuff and people don't realize that they actually using better 55 00:03:55,028 --> 00:03:58,748 S2: tools than engineers that build software. But that's true. So 56 00:03:58,748 --> 00:04:00,998 S2: that's why Teleport was started to go and bridge this 57 00:04:00,998 --> 00:04:04,688 S2: gap to get this state of the art technology into 58 00:04:05,258 --> 00:04:12,338 S2: infrastructure access space. So software developers and another types of 59 00:04:12,338 --> 00:04:15,368 S2: engineers can securely and conveniently access infrastructure. 60 00:04:16,848 --> 00:04:21,738 S1: Awesome. And so just looking at it at a cursory level, 61 00:04:22,038 --> 00:04:27,388 S1: it looks like the idea is controlling ingress and egress. 62 00:04:27,408 --> 00:04:30,918 S1: It's like you have a single control point or all 63 00:04:30,918 --> 00:04:34,068 S1: the different operations that need to happen is, is that 64 00:04:34,068 --> 00:04:35,148 S1: the way you characterize it? 65 00:04:36,078 --> 00:04:39,768 S2: So that's absolutely accurate. But I would say that so 66 00:04:39,918 --> 00:04:45,648 S2: this type of description, it doesn't communicate much, right? So 67 00:04:45,648 --> 00:04:47,928 S2: if someone would listen, it almost sounds like a network 68 00:04:47,928 --> 00:04:50,688 S2: solution like, oh, you have a like a firewall or 69 00:04:50,688 --> 00:04:54,018 S2: a proxy because they could be described using very similar language. 70 00:04:54,588 --> 00:04:59,598 S2: The interesting thing is, it's all about identity at the 71 00:04:59,598 --> 00:05:02,298 S2: end of the day. So even if you put security 72 00:05:02,298 --> 00:05:05,118 S2: aside and you think about how is it that we 73 00:05:05,118 --> 00:05:08,628 S2: do computing like, what is the process of computing? Who's involved? 74 00:05:09,108 --> 00:05:11,298 S2: So you will see that there are three very different 75 00:05:11,298 --> 00:05:14,448 S2: kind of actors in that dance. So you have hardware, 76 00:05:14,718 --> 00:05:17,988 S2: but the actual things that stored data and perform operations 77 00:05:17,988 --> 00:05:20,358 S2: and the data and the actual hardware. So then there 78 00:05:20,358 --> 00:05:23,948 S2: are software and software. They act intelligently. So because we 79 00:05:23,958 --> 00:05:27,528 S2: are pretty good at baking software, that makes decisions. So 80 00:05:27,528 --> 00:05:31,098 S2: software is like control in hardware to make computing happen. Mm-Hmm. 81 00:05:31,188 --> 00:05:35,028 S2: And then you have humans. Humans are obviously the most 82 00:05:35,028 --> 00:05:38,178 S2: important thing. So humans create software. So there is this 83 00:05:38,178 --> 00:05:40,968 S2: kind of loop of humans make decisions and then they 84 00:05:40,968 --> 00:05:43,998 S2: create software, and then the software makes decisions on behalf 85 00:05:43,998 --> 00:05:46,788 S2: of humans. And then it tells hardware what to do 86 00:05:46,788 --> 00:05:50,978 S2: and hardware on behalf and software makes changes to the data. OK. 87 00:05:51,648 --> 00:05:54,168 S2: So then if you are thinking about stealing someone's data, 88 00:05:54,168 --> 00:05:57,598 S2: you now have a choice. You can attack hardware, right? 89 00:05:57,618 --> 00:06:00,198 S2: So you can try to gain access to that machine, 90 00:06:00,198 --> 00:06:04,098 S2: maybe even physically. Just break into data center steal, get 91 00:06:04,098 --> 00:06:07,728 S2: the server out of the rack and run away. Like 92 00:06:07,728 --> 00:06:11,238 S2: a Hollywood movie? Hard to imagine, but probably possible. Or 93 00:06:11,238 --> 00:06:13,968 S2: you can attack software. You can try to inject your 94 00:06:13,968 --> 00:06:18,678 S2: code into that software somehow, maybe through access, through cross-site 95 00:06:18,678 --> 00:06:22,098 S2: scripting or by attacking supply chain. So you put your 96 00:06:22,098 --> 00:06:24,288 S2: code into your software and then you get into hardware 97 00:06:24,288 --> 00:06:26,658 S2: and then you get to today or you attack humans, 98 00:06:26,668 --> 00:06:28,818 S2: you send an email and say, Hey, click on this 99 00:06:28,818 --> 00:06:31,938 S2: thing to claim your whatever, and then you end up 100 00:06:31,938 --> 00:06:34,728 S2: in their laptop. And from that laptop you get in software, 101 00:06:34,728 --> 00:06:38,748 S2: hardware store and so forth. So that is important thing 102 00:06:38,748 --> 00:06:43,548 S2: to realize that there are these three different entities and 103 00:06:43,638 --> 00:06:48,288 S2: stealing data attacking could be done in three different dimensions. 104 00:06:48,678 --> 00:06:54,318 S2: And historically, there have been completely different industries, completely different products, 105 00:06:54,408 --> 00:06:59,418 S2: completely different organizations responsible for protecting each one separately. So 106 00:06:59,418 --> 00:07:03,138 S2: you've heard the words like endpoint security or things like 107 00:07:03,468 --> 00:07:08,088 S2: infrastructure access and then the like. These solutions, they would 108 00:07:08,088 --> 00:07:11,268 S2: say we protect laptop or we protect your code or 109 00:07:11,268 --> 00:07:14,908 S2: we protect your servers. And that is a broken approach. 110 00:07:14,928 --> 00:07:17,778 S2: You see how fundamental that is. It's broken because they 111 00:07:17,778 --> 00:07:21,138 S2: all disjointed. It means that if you were to have 112 00:07:21,138 --> 00:07:24,528 S2: a complete protection, you have to, first of all, use 113 00:07:24,528 --> 00:07:27,918 S2: different solutions for each of these three components. But then 114 00:07:27,918 --> 00:07:30,648 S2: you also have to synchronize. You have to synchronize how 115 00:07:30,648 --> 00:07:31,368 S2: they configured. 116 00:07:31,488 --> 00:07:34,818 S1: Well, isn't isn't that because the history, though, is that 117 00:07:34,818 --> 00:07:37,698 S1: they were very distinct components like it was a way 118 00:07:37,968 --> 00:07:40,548 S1: up top and it was like a piece of iron 119 00:07:40,548 --> 00:07:44,598 S1: sitting in a data center somewhere. So physically, the history 120 00:07:44,598 --> 00:07:45,978 S1: is that they were very separate. 121 00:07:46,428 --> 00:07:50,088 S2: Correct. Correct. And like you see, we as like, we're 122 00:07:50,088 --> 00:07:53,938 S2: intelligent human beings. We obviously don't do anything obviously stupid. 123 00:07:53,958 --> 00:07:57,708 S2: There's always a history behind. We've been making these incremental decisions. 124 00:07:58,758 --> 00:08:02,598 S2: And each of those incremental decisions historically has been the 125 00:08:02,598 --> 00:08:05,548 S2: right move. Right. But the end state that we really 126 00:08:05,568 --> 00:08:08,928 S2: like we find ourselves in right now is just terribly wrong. 127 00:08:09,288 --> 00:08:12,918 S2: Here's a very simple example of why it's broken every company. 128 00:08:12,948 --> 00:08:16,338 S2: Most companies probably want to enforce one simple rule that 129 00:08:16,338 --> 00:08:20,838 S2: states that a software engineer who no longer works here 130 00:08:21,318 --> 00:08:24,978 S2: doesn't have access to our infrastructure. Yeah. Now, thank so 131 00:08:24,978 --> 00:08:27,378 S2: for that to be true. You have to configure multiple 132 00:08:27,378 --> 00:08:32,678 S2: tools in the same way. Mm-Hmm. So if you forget 133 00:08:32,828 --> 00:08:36,368 S2: to say that this laptop is no longer trusted, that 134 00:08:36,368 --> 00:08:39,038 S2: that laptop will be allowed to get in, or if 135 00:08:39,038 --> 00:08:41,708 S2: you forget to say that this password is no longer 136 00:08:41,708 --> 00:08:45,478 S2: valid through a web UI somewhere like intellect cabinet, just 137 00:08:45,488 --> 00:08:48,128 S2: control panel engineers will be able to get it. If 138 00:08:48,128 --> 00:08:51,098 S2: you forget to say that SSA is no longer accepts 139 00:08:51,098 --> 00:08:53,738 S2: that they will be able to access infrastructure, you see 140 00:08:54,188 --> 00:08:57,578 S2: simply because your data like it sits in the house, 141 00:08:57,578 --> 00:09:01,508 S2: that's data center. And that house has dozens of doors 142 00:09:01,508 --> 00:09:04,868 S2: for software hardware people where you have to synchronize access 143 00:09:04,868 --> 00:09:08,138 S2: across all of them. And that is now becomes. It's 144 00:09:08,138 --> 00:09:11,468 S2: almost actually impossible for most companies just due to the 145 00:09:11,468 --> 00:09:12,338 S2: complexity of it. 146 00:09:12,458 --> 00:09:15,638 S1: Well, especially on using separate software and also 147 00:09:15,788 --> 00:09:19,688 S2: policies and software comes with expertise. So if you bought 148 00:09:19,688 --> 00:09:22,058 S2: a solution, you better have experts who know how to 149 00:09:22,058 --> 00:09:24,938 S2: set it up, configure and use it. And the expertise 150 00:09:24,938 --> 00:09:28,418 S2: is always in short supply. Like every single company is 151 00:09:28,418 --> 00:09:33,758 S2: struggling to hire engineering, talent and security in particular. And that, 152 00:09:33,968 --> 00:09:37,358 S2: I would argue, is the fundamental problem that we solve 153 00:09:37,358 --> 00:09:41,288 S2: with the act to splain concept, where we say that 154 00:09:41,408 --> 00:09:45,428 S2: treating software access, hardware access and people were accessed separately 155 00:09:45,428 --> 00:09:48,668 S2: is just not no longer scales like we have to 156 00:09:48,668 --> 00:09:53,408 S2: have a single plane that works for all three actors. 157 00:09:54,488 --> 00:09:56,378 S2: And in order for that to work, we need to 158 00:09:56,378 --> 00:10:01,268 S2: agree on a common technology or common technological platform. It 159 00:10:01,268 --> 00:10:03,788 S2: needs to be open. It needs to be an open standard. 160 00:10:04,058 --> 00:10:06,788 S2: It needs to be easy to understand the reason about. 161 00:10:07,068 --> 00:10:09,278 S2: And then when you say we're not going to support 162 00:10:09,278 --> 00:10:11,588 S2: anything else like all the legacy stuff needs to go away, 163 00:10:12,008 --> 00:10:17,798 S2: that is what teleport is. Teleport estates that for software, 164 00:10:17,798 --> 00:10:21,398 S2: hardware and people where to seamlessly work, create this trusted 165 00:10:21,398 --> 00:10:26,438 S2: computing environment. Everything has and everyone, everything and everyone really 166 00:10:26,438 --> 00:10:30,608 S2: important has to have an identity and identity is represented 167 00:10:30,608 --> 00:10:33,248 S2: in the form of a certificate. So there are two 168 00:10:33,248 --> 00:10:36,968 S2: standards for certificates that exist that we support both SSA 169 00:10:36,968 --> 00:10:41,348 S2: certificates and X five of nine certificates and teleport says 170 00:10:41,768 --> 00:10:45,908 S2: that to do anything for machines, for software and humans. 171 00:10:45,938 --> 00:10:49,178 S2: All three have to have certificates and either something is 172 00:10:49,178 --> 00:10:52,658 S2: allowed or not is done by looking at all three 173 00:10:52,658 --> 00:10:56,018 S2: certs for every security related action and then saying yes 174 00:10:56,018 --> 00:11:00,578 S2: or no. So that is the major innovation here. Is 175 00:11:00,578 --> 00:11:05,108 S2: this consolidation of these three actors of computing and on 176 00:11:05,108 --> 00:11:09,008 S2: top of Common Foundation, which is a certificate which is identity. 177 00:11:09,668 --> 00:11:12,848 S2: So it solves, first of all, it solves the fragmentation 178 00:11:12,848 --> 00:11:15,428 S2: issue where you have these kind of silos of security 179 00:11:15,428 --> 00:11:21,398 S2: all over. But it's also often methodically eliminates the. Huge, 180 00:11:21,408 --> 00:11:26,328 S2: a risk that exists in your system if you have secrets. 181 00:11:28,218 --> 00:11:32,268 S2: So when companies talking about secure a vault, when they're 182 00:11:32,268 --> 00:11:36,168 S2: talking about passwords, rotation, when they talk about encryption addressed, 183 00:11:36,438 --> 00:11:40,608 S2: so they basically saying that our infrastructure has certain things 184 00:11:40,608 --> 00:11:44,268 S2: on it that are protected by encryption. Mm-Hmm. So protected 185 00:11:44,268 --> 00:11:47,688 S2: password is protected by encryption, so you cannot claim that 186 00:11:47,688 --> 00:11:49,998 S2: the data itself will never be stolen, like things get 187 00:11:49,998 --> 00:11:52,458 S2: stolen every once in a while. But you are relying 188 00:11:52,458 --> 00:11:57,198 S2: on decryption or encryption decryption as your last line of defense. Mm-Hmm. 189 00:11:57,978 --> 00:12:02,118 S2: So here's why it was just statistically not going to work. 190 00:12:02,388 --> 00:12:05,658 S2: So if you have, let's say, a secret, let's use 191 00:12:05,748 --> 00:12:08,868 S2: such a key. For example, we have a private association 192 00:12:09,018 --> 00:12:14,228 S2: somewhere in your system. The worst case scenario here, like 193 00:12:14,228 --> 00:12:16,718 S2: a lot of them, engineering laptops, but just to let, 194 00:12:16,738 --> 00:12:20,498 S2: let's assume you have an encrypted key. So which means 195 00:12:20,498 --> 00:12:24,698 S2: that there's decryption happening somewhere. Mm-Hmm. It could be happening 196 00:12:24,698 --> 00:12:27,638 S2: or thematically. So you have some kind of scripts, some applications, 197 00:12:27,638 --> 00:12:33,308 S2: some automation that does decryption, or it could happen manually. 198 00:12:33,318 --> 00:12:35,078 S2: So there is a human that needs to type in 199 00:12:35,078 --> 00:12:38,558 S2: the decryption key on a keyboard. OK. So in the 200 00:12:38,558 --> 00:12:42,488 S2: first case, if it's a piece of automation that has decryption, 201 00:12:43,328 --> 00:12:46,688 S2: you could have a bad deployment. You might have your 202 00:12:46,688 --> 00:12:50,588 S2: code that does. Decryption with the decryption key might accidentally 203 00:12:50,588 --> 00:12:53,578 S2: end up on on GitHub visible to the entire world. 204 00:12:53,888 --> 00:12:58,388 S2: You know, mistakes happen. Mm hmm. The probability is close 205 00:12:58,388 --> 00:13:01,418 S2: to zero, especially if you're world randomization. So doing your 206 00:13:01,418 --> 00:13:05,918 S2: best not to do these bad deployments. And if you're 207 00:13:05,918 --> 00:13:09,368 S2: doing it manually, well, humans are humans. Everyone like you 208 00:13:09,368 --> 00:13:12,188 S2: might end up with a sticky note in the monitor somewhere. Mm-Hmm. 209 00:13:12,818 --> 00:13:15,028 S2: And that sticky note may end up in the news, 210 00:13:15,038 --> 00:13:17,798 S2: if that possible. It was a real story in 211 00:13:17,908 --> 00:13:19,208 S1: an interview with VIDEO. 212 00:13:19,418 --> 00:13:23,828 S2: Yeah, yeah, yeah. Well, again, the probability of that happening 213 00:13:23,858 --> 00:13:27,728 S2: is comically low. But notice what happens as you scale, 214 00:13:28,268 --> 00:13:31,748 S2: as you acquire more and more and more secrets as 215 00:13:31,748 --> 00:13:34,628 S2: you get more and more and more hardware and you 216 00:13:34,628 --> 00:13:37,268 S2: get more and more humans who can make mistakes. So 217 00:13:37,268 --> 00:13:41,768 S2: the probability the combined probability starts to creep up and 218 00:13:41,768 --> 00:13:42,848 S2: then eventually that happens. 219 00:13:43,478 --> 00:13:46,208 S1: So. So let me jump in here real quick. So 220 00:13:46,208 --> 00:13:51,338 S1: you're essentially saying these three things let's wrap them with 221 00:13:51,668 --> 00:13:55,688 S1: some sort of access control plane of some sort and 222 00:13:55,688 --> 00:14:01,368 S1: then have a policy inside of that plane, which. Looks 223 00:14:01,368 --> 00:14:05,118 S1: for certain actions being allowed to be done and tying 224 00:14:05,118 --> 00:14:06,288 S1: that directly to people 225 00:14:07,158 --> 00:14:11,358 S2: views or true identities. Yeah, actually, it's important to say 226 00:14:11,358 --> 00:14:14,838 S2: that we should not treat machines or humans separately from 227 00:14:14,838 --> 00:14:16,728 S2: each other. They need to be treated the same. 228 00:14:16,788 --> 00:14:17,448 S1: OK, so there are 229 00:14:18,348 --> 00:14:22,568 S2: three parties A, B and C, right? A is hardware. 230 00:14:22,578 --> 00:14:25,548 S2: B is a piece of software like microservice, for example, 231 00:14:25,548 --> 00:14:28,398 S2: and C is a is a is a human. And 232 00:14:28,398 --> 00:14:32,388 S2: when they interact, you should pay zero attention to visit 233 00:14:32,388 --> 00:14:35,088 S2: machine is that person doesn't matter. You simply look on 234 00:14:35,088 --> 00:14:37,908 S2: a certificate, you look at properties of a certificate and 235 00:14:37,908 --> 00:14:40,788 S2: then you look at policy. So if the certificate says 236 00:14:41,148 --> 00:14:46,398 S2: that the like one of these actors is a production environment, 237 00:14:46,398 --> 00:14:51,618 S2: it's not staging AHA. So it triggers production policy because 238 00:14:51,618 --> 00:14:54,348 S2: what what happens in private to production data versus staging 239 00:14:54,348 --> 00:14:57,108 S2: is very different, right? So and then if one of 240 00:14:57,108 --> 00:15:01,788 S2: these certificate says that I'm a like, a temporary contractor. 241 00:15:02,208 --> 00:15:04,788 S2: So now you know that there is something happening on 242 00:15:04,788 --> 00:15:08,388 S2: production with a temporary contractor. So you want to see 243 00:15:08,388 --> 00:15:11,568 S2: what the policy of enforcing, but you should not paying 244 00:15:11,568 --> 00:15:14,448 S2: attention as a human is a machine is itself doesn't matter. 245 00:15:14,748 --> 00:15:17,808 S2: That is the key distinction because if you implement a 246 00:15:17,808 --> 00:15:21,588 S2: system like this, then you have this massive unification. You 247 00:15:21,728 --> 00:15:25,218 S2: essentially saying there is a single source of truth that 248 00:15:25,218 --> 00:15:28,548 S2: issues identities to everyone and a single source of truth 249 00:15:28,548 --> 00:15:32,478 S2: that makes authorization and authentication decisions and a single source 250 00:15:32,478 --> 00:15:34,098 S2: of truth where the audit goes? 251 00:15:34,938 --> 00:15:38,358 S1: Well, that how about the asset data? So how do 252 00:15:38,358 --> 00:15:42,708 S1: you complete the the details of the policy? So I 253 00:15:42,708 --> 00:15:45,378 S1: need to access this web service. I need to contact 254 00:15:45,378 --> 00:15:48,588 S1: this API. I need to get onto this hard disk 255 00:15:48,588 --> 00:15:51,798 S1: and pull this data. When you're trying to write a 256 00:15:51,798 --> 00:15:55,518 S1: policy that says only this identity can do this during 257 00:15:55,518 --> 00:15:59,028 S1: this time of day or whatever. Doesn't that require a 258 00:15:59,028 --> 00:16:02,208 S1: lot of asset metadata to exist? 259 00:16:02,628 --> 00:16:07,248 S2: Correct. So the assets method data I received by saying assets, 260 00:16:07,298 --> 00:16:11,898 S2: you inject that distinction because the asset assumes like machines, self, 261 00:16:11,898 --> 00:16:15,528 S2: the right ones are not assets. So this is why 262 00:16:15,528 --> 00:16:18,258 S2: I want to double click on do not make that distinction. 263 00:16:18,258 --> 00:16:22,128 S2: Just simply says metadata, right? So you have metadata associated 264 00:16:22,128 --> 00:16:25,278 S2: with identity. Where's it coming from? That's I think, your question. 265 00:16:26,058 --> 00:16:29,328 S2: So here's the thing. If you are a human and 266 00:16:29,328 --> 00:16:32,088 S2: you going through a log and process, that metadata will 267 00:16:32,088 --> 00:16:35,568 S2: get injected by idea the identity platform your company uses. 268 00:16:36,078 --> 00:16:39,468 S2: It could be Active Directory sell point Okta. Like all 269 00:16:39,468 --> 00:16:42,048 S2: of these things they can, they deliver a lot of 270 00:16:42,048 --> 00:16:46,158 S2: metadata when you go through authentication. Teleport doesn't do authentication, 271 00:16:46,158 --> 00:16:48,318 S2: by the way. We rely on your SSL. Sure, we 272 00:16:48,318 --> 00:16:52,368 S2: just get your right that your identity is given to us. OK, 273 00:16:52,878 --> 00:16:54,828 S2: so that's where it's come from that comes from in 274 00:16:54,828 --> 00:16:56,988 S2: this case. So it's already there like your company knows 275 00:16:56,988 --> 00:16:59,298 S2: who you are, like you are a member of a group, 276 00:16:59,478 --> 00:17:01,818 S2: you have an email address, you have a manager. All 277 00:17:01,818 --> 00:17:04,578 S2: of this going to be in your certificate. So then 278 00:17:04,578 --> 00:17:08,898 S2: if your piece of software like you're a microservice and 279 00:17:08,898 --> 00:17:12,108 S2: you are lunching inside of, let's say, a Kubernetes cluster, 280 00:17:13,338 --> 00:17:15,708 S2: your identity will be handed to you in the form 281 00:17:15,708 --> 00:17:18,468 S2: of a certificate and it will. The queue environment will 282 00:17:18,468 --> 00:17:22,218 S2: be encoded in there. The the the community cluster knows 283 00:17:22,218 --> 00:17:25,938 S2: I'm staging and production. If you database machine, it will 284 00:17:25,938 --> 00:17:29,178 S2: all be there. So we already have this metadata on 285 00:17:29,178 --> 00:17:33,108 S2: the infrastructure level like that. Technologies have been built by 286 00:17:33,108 --> 00:17:36,258 S2: other people like we don't really need to imagine that 287 00:17:36,618 --> 00:17:42,708 S2: or I'm sorry not imagine them re even invent that will. 288 00:17:43,188 --> 00:17:47,838 S2: And the same is true for hardware when the hardware, 289 00:17:47,898 --> 00:17:52,028 S2: when the company issues you a laptop, if it's OK, 290 00:17:52,128 --> 00:17:55,038 S2: it's an Apple laptop that there is a hardware security 291 00:17:55,038 --> 00:17:57,858 S2: module on it and you can mark like this laptop 292 00:17:57,858 --> 00:18:01,308 S2: belongs to us. So some other laptop shows up and 293 00:18:01,308 --> 00:18:04,788 S2: it has a TPM with a different fingerprint on it, 294 00:18:05,358 --> 00:18:07,418 S2: and it will not. It will not be trusted, right? 295 00:18:07,428 --> 00:18:12,648 S2: So the key technologies for having metadata and storing it 296 00:18:12,858 --> 00:18:16,128 S2: already exist. So what teleport does that? We suck all 297 00:18:16,128 --> 00:18:19,428 S2: of this metadata out, put it in a certificate, and 298 00:18:19,428 --> 00:18:22,548 S2: then we make sure that these certificates are available when 299 00:18:22,548 --> 00:18:25,128 S2: the decision is to be done, either to allow or 300 00:18:25,128 --> 00:18:26,808 S2: deny specific operation. 301 00:18:27,528 --> 00:18:31,338 S1: Yeah, very, very interesting. So how does this touch in with? 302 00:18:32,478 --> 00:18:35,958 S1: Because it sounds very cloud friendly because that's where we 303 00:18:35,958 --> 00:18:37,918 S1: have a lot of metadata present. 304 00:18:38,118 --> 00:18:40,968 S2: It's easier to do in the cloud, definitely, because cloud 305 00:18:40,968 --> 00:18:43,548 S2: allows you to do everything through code. So as you 306 00:18:43,548 --> 00:18:47,958 S2: provisioned machines, using your scripts, as you create Kubernetes clusters 307 00:18:47,958 --> 00:18:51,108 S2: and your services as there's just a lot of it's 308 00:18:51,108 --> 00:18:53,808 S2: just awesome if you're in the cloud, if you if 309 00:18:53,808 --> 00:18:57,108 S2: you run your own data centers. Companies that do that, 310 00:18:57,108 --> 00:18:59,968 S2: they don't just like bare metal and nothing else. Yeah, 311 00:19:00,048 --> 00:19:04,928 S2: they have. Things like VMware, OpenStack, they have private versions 312 00:19:04,928 --> 00:19:09,878 S2: of what Ada Bliss offers, and those have similar capabilities. 313 00:19:10,208 --> 00:19:13,868 S1: OK, so you're going to get metadata from somewhere, whether 314 00:19:13,868 --> 00:19:19,298 S1: it's VMware or somewhere, OK for an MDM or something. OK. 315 00:19:20,148 --> 00:19:24,468 S1: Very interesting, so as in so how how upfront is 316 00:19:24,468 --> 00:19:27,198 S1: the policy editor because it seems like the policy is 317 00:19:27,198 --> 00:19:30,348 S1: is very key. Right. You have the you have the 318 00:19:30,348 --> 00:19:32,568 S1: control plane and then you have the policies that sit 319 00:19:32,568 --> 00:19:36,048 S1: on top of it. Is that a is that a 320 00:19:36,078 --> 00:19:39,108 S1: huge part of the product and the interaction point with 321 00:19:39,108 --> 00:19:39,558 S1: the product? 322 00:19:40,548 --> 00:19:46,668 S2: So the answer is yes and no. I would say 323 00:19:46,668 --> 00:19:52,248 S2: that companies historically struggled, not with defining policy. Mm-Hmm. Because 324 00:19:52,968 --> 00:19:57,048 S2: like the mid-sized organizations, their policies are not that complicated. 325 00:19:57,528 --> 00:19:59,988 S2: You have, like even even the basic ones that are 326 00:19:59,988 --> 00:20:03,378 S2: often not enforced. For example, the policies like engineers must 327 00:20:03,378 --> 00:20:06,138 S2: not push production data easy enough, right? Mm-Hmm. So if 328 00:20:06,138 --> 00:20:08,168 S2: you are in engineering, you should be dealing with staging. 329 00:20:08,178 --> 00:20:10,488 S2: You should be dealing with test environments like don't touch 330 00:20:10,488 --> 00:20:14,808 S2: customer data, don't you? So the policy for that is 331 00:20:14,808 --> 00:20:17,868 S2: like a couple of lines of configuration using like arbitrary 332 00:20:17,868 --> 00:20:20,298 S2: language like you and I could come up with a 333 00:20:20,298 --> 00:20:23,208 S2: way to declare its policy. So the difficulty has been 334 00:20:23,208 --> 00:20:28,578 S2: to actually enforce it because of this siloing off axis, 335 00:20:28,908 --> 00:20:32,148 S2: because you have like cloud access through the API, you 336 00:20:32,148 --> 00:20:35,118 S2: have a say you could go through just control panel 337 00:20:35,718 --> 00:20:37,638 S2: through web. You I can go through Kubernetes. You see 338 00:20:37,698 --> 00:20:40,188 S2: that there are just so many protocols, so many different doors. 339 00:20:40,578 --> 00:20:45,798 S2: So synchronizing it the having a single way of defining 340 00:20:45,798 --> 00:20:49,488 S2: that is the much bigger problem. And I'm not saying 341 00:20:49,488 --> 00:20:52,878 S2: your question is not important. I'm simply want to remind 342 00:20:52,878 --> 00:20:56,088 S2: that the focus is consolidation having a single voice, but 343 00:20:56,088 --> 00:21:00,648 S2: then to define policy in teleport, we offer kind of 344 00:21:00,648 --> 00:21:01,908 S2: two ways of doing it. Do you have like a 345 00:21:01,908 --> 00:21:04,648 S2: static way of defining policy? You can think of like 346 00:21:04,668 --> 00:21:08,028 S2: YAML file. The gamble says that like this group, this 347 00:21:08,028 --> 00:21:10,128 S2: is what they could do inside of communities. This is 348 00:21:10,128 --> 00:21:12,228 S2: what you can do with telling them be. But the 349 00:21:12,228 --> 00:21:16,638 S2: interesting one is policy as code, so you could basically 350 00:21:16,638 --> 00:21:20,658 S2: use your like programming language of your choice, which will 351 00:21:20,658 --> 00:21:23,958 S2: be teleport will just ask your code. But what shall 352 00:21:23,958 --> 00:21:26,808 S2: I do now? This read like this is what I. 353 00:21:27,078 --> 00:21:31,218 S2: Identities of everyone involved like this allows you to kind 354 00:21:31,218 --> 00:21:36,528 S2: of extend teleport behavior beyond static configuration so you implement 355 00:21:36,528 --> 00:21:41,438 S2: completely arbitrary rules like if your last name ends with 356 00:21:41,448 --> 00:21:46,248 S2: a Z, then you cannot do something on Tuesdays after 2pm. 357 00:21:46,848 --> 00:21:49,728 S2: So that is kind of two ways of doing it 358 00:21:49,728 --> 00:21:53,448 S2: through code dynamically or statically via a static concept. 359 00:21:53,958 --> 00:21:57,618 S1: Yeah, it just seems to me that the policy piece 360 00:21:57,618 --> 00:22:00,288 S1: is huge. Not not the technical aspect of like, how 361 00:22:00,288 --> 00:22:04,458 S1: do you write it or implement it? But the aspect 362 00:22:04,458 --> 00:22:09,618 S1: of explainability understanding your security program by being able to 363 00:22:09,618 --> 00:22:11,628 S1: look at your set of policies that are in place. 364 00:22:12,258 --> 00:22:16,158 S1: So it's like someone comes audit you, a customer or 365 00:22:16,188 --> 00:22:18,498 S1: a regulator or something something and they come to you 366 00:22:18,498 --> 00:22:20,898 S1: and they say, I want to know the current state 367 00:22:20,898 --> 00:22:23,568 S1: of our environment. You could say here are all the 368 00:22:23,568 --> 00:22:26,298 S1: policies that are currently in place. Here are the violations. 369 00:22:27,108 --> 00:22:31,278 S2: That's right. Yep, yep. It's actually interesting computer science problem 370 00:22:31,278 --> 00:22:36,168 S2: that you reminding me off. So, uh, so those of 371 00:22:36,558 --> 00:22:39,258 S2: us engineers who went to school and if you take 372 00:22:39,258 --> 00:22:43,278 S2: like a prologue class. Mm hmm. The policy is very 373 00:22:43,278 --> 00:22:47,898 S2: similar to declarative programming. Mm hmm. So if you're writing 374 00:22:47,928 --> 00:22:51,258 S2: a piece of software or using those languages, you basically 375 00:22:51,258 --> 00:22:54,828 S2: define a set of facts like predicates. For example, cats 376 00:22:54,828 --> 00:22:58,338 S2: are animals. Dogs are animals. So then the program will 377 00:22:58,338 --> 00:23:00,978 S2: say that both cats and dogs are animals, and you 378 00:23:00,978 --> 00:23:03,948 S2: can ask the question Is dog an animal? And the 379 00:23:04,068 --> 00:23:07,068 S2: and the system will respond yes and no. So as 380 00:23:07,068 --> 00:23:09,678 S2: you add more and more statements like this and the system, 381 00:23:09,678 --> 00:23:12,588 S2: your probably your application becomes more complex and then you 382 00:23:12,588 --> 00:23:16,338 S2: can ask the question So is Bob an animal? And 383 00:23:16,338 --> 00:23:19,758 S2: the thing will and and the system of predicts will 384 00:23:19,758 --> 00:23:22,218 S2: look like Bob is a human and human is not 385 00:23:22,218 --> 00:23:25,098 S2: an animal. Therefore, Bob is not an animal. So you 386 00:23:25,108 --> 00:23:29,708 S2: could just take a simple example. But notice that the 387 00:23:29,718 --> 00:23:33,108 S2: answers will always be correct. You will either get yes 388 00:23:33,108 --> 00:23:38,048 S2: or no or not enough data. But we don't have 389 00:23:38,048 --> 00:23:42,308 S2: a system like this to query policies today because policies exist, 390 00:23:42,308 --> 00:23:45,328 S2: as I said, because of that fragmentation and siloing, you 391 00:23:45,338 --> 00:23:48,518 S2: have different policies for different systems declared using different languages 392 00:23:48,518 --> 00:23:52,808 S2: and components, so you cannot ask a question can bob 393 00:23:53,078 --> 00:23:58,118 S2: touch production data right? So because no way you because 394 00:23:58,118 --> 00:24:03,078 S2: you have no one to ask. Simply because of that fragmentation, 395 00:24:03,088 --> 00:24:07,138 S2: so that is why we rely on audits. Mm-Hmm. Audit 396 00:24:07,138 --> 00:24:10,108 S2: is a retroactive way to see if you have an 397 00:24:10,108 --> 00:24:13,978 S2: error in your policy. It's essentially troubleshooting policy. That's what 398 00:24:13,988 --> 00:24:19,558 S2: audit is. This is why auditors look for this all logs. Mm-Hmm. 399 00:24:19,948 --> 00:24:22,348 S2: Because they want you. They want to see if you 400 00:24:22,348 --> 00:24:25,468 S2: have a way of spotting in there. I am basically 401 00:24:25,468 --> 00:24:30,148 S2: saying that audit logging in the future should be considered 402 00:24:30,148 --> 00:24:33,388 S2: almost like an absolute practice. Instead, we should have a 403 00:24:33,388 --> 00:24:35,968 S2: system that is similar to prolog where you can ask 404 00:24:35,968 --> 00:24:40,558 S2: a question can log access from production. And if the 405 00:24:40,558 --> 00:24:42,978 S2: answer is no, it's not like they're there. 406 00:24:43,108 --> 00:24:45,838 S1: We don't really give me the current state of the employee. 407 00:24:46,198 --> 00:24:49,258 S2: So that is the future that we're driving towards. But 408 00:24:49,258 --> 00:24:52,678 S2: the first step is to consolidate everything in one place. 409 00:24:52,948 --> 00:24:57,058 S2: You see, this is why. I answered my your first 410 00:24:57,058 --> 00:25:00,818 S2: question that way, because when you said like, just can 411 00:25:00,838 --> 00:25:04,918 S2: I single control plan that everything goes through? That is true, 412 00:25:04,918 --> 00:25:08,158 S2: but you see how deep that consolidation goes, that you 413 00:25:08,158 --> 00:25:12,868 S2: making entire things like audit, log and observability not needed obsolete. 414 00:25:13,228 --> 00:25:15,358 S2: That is the kind of benefit that you get if 415 00:25:15,358 --> 00:25:19,318 S2: you consolidate access policy and identity source in one place. 416 00:25:19,708 --> 00:25:24,088 S1: Interesting. And so what are the technical steps here like? 417 00:25:24,208 --> 00:25:28,218 S1: What is the plane look like when it's installed inside 418 00:25:28,228 --> 00:25:30,958 S1: a different environment? How does it look for physical assets? 419 00:25:30,958 --> 00:25:35,368 S1: How's it look for Cuba daddies versus easy to versus 420 00:25:35,368 --> 00:25:36,388 S1: all these other places? 421 00:25:37,408 --> 00:25:40,618 S2: So they're essentially, I would say, maybe three components of 422 00:25:40,618 --> 00:25:46,028 S2: a system and. It's just kind of on a low 423 00:25:46,028 --> 00:25:49,028 S2: level teleport is a single binary look, would you believe 424 00:25:49,028 --> 00:25:53,048 S2: that simplicity is absolutely essential to security? So every engineer 425 00:25:53,048 --> 00:25:56,228 S2: is familiar with the concept of a Unix daemon, so 426 00:25:56,228 --> 00:25:59,318 S2: you have a system that's running on every box. So 427 00:25:59,318 --> 00:26:01,478 S2: and we use that model. OK, we're going to be 428 00:26:01,478 --> 00:26:04,528 S2: just like that because everyone knows how to run it. 429 00:26:04,538 --> 00:26:07,378 S2: Everyone knows how it works. Everyone has an idea of 430 00:26:07,388 --> 00:26:11,518 S2: how much resources it requires. CCD is also it's almost stateless. 431 00:26:11,528 --> 00:26:13,748 S2: It has a little bit of config. It's simple. It 432 00:26:13,748 --> 00:26:16,508 S2: never goes down. It has no dependency. It's like the 433 00:26:16,508 --> 00:26:18,488 S2: first thing that comes up and the last thing that 434 00:26:18,488 --> 00:26:22,628 S2: goes down. Mm-Hmm. Maintenance free or almost maintenance free. So 435 00:26:22,628 --> 00:26:25,598 S2: that is what teleport is. It's just a drop in 436 00:26:25,598 --> 00:26:30,428 S2: replacement process. OK. So with get out of the way now, 437 00:26:30,548 --> 00:26:34,898 S2: how does it work when it's running you? You have 438 00:26:34,898 --> 00:26:39,668 S2: to say that on certain machines, teleport works slightly differently. 439 00:26:39,668 --> 00:26:42,398 S2: So in other words, you run the daemon with different 440 00:26:42,398 --> 00:26:46,148 S2: flags in different places. OK. So you have to say 441 00:26:46,148 --> 00:26:49,118 S2: like these machines are going to be proxies, so you 442 00:26:49,118 --> 00:26:52,898 S2: have to select the proxy. OK, so proxy. It means 443 00:26:52,898 --> 00:26:55,738 S2: that it's a machine that is exposed to the outside world, 444 00:26:55,778 --> 00:26:58,298 S2: also on the inside. So that's your kind of front door. 445 00:26:58,778 --> 00:27:03,998 S2: So teleport proxy. Again, SOCOG works exact same way, so 446 00:27:03,998 --> 00:27:06,908 S2: if you think of jump host, that's really your proxy. 447 00:27:07,038 --> 00:27:09,938 S1: OK, so this is like your your take on zero 448 00:27:09,938 --> 00:27:13,358 S1: trust rather than VPNs like these are your proxies to 449 00:27:13,358 --> 00:27:14,618 S1: get into everything behind. 450 00:27:15,188 --> 00:27:20,558 S2: Correct. So but teleport proxies, peaks, all protocols. I feel 451 00:27:20,708 --> 00:27:24,398 S2: like the massive difference there. Hmm. So when you try 452 00:27:24,398 --> 00:27:27,728 S2: to connect to a MongoDB or teleport, the proxy will 453 00:27:27,728 --> 00:27:31,828 S2: start speaking MongoDB protocol to you. If you're talking associate proxies, 454 00:27:31,958 --> 00:27:36,248 S2: toxic assets h, so your existing tools think that they 455 00:27:36,248 --> 00:27:37,928 S2: are talking to actual mongo. 456 00:27:38,108 --> 00:27:43,238 S1: So if including on another distant host that's behind the proxy, 457 00:27:43,928 --> 00:27:45,788 S1: how is it being routed to it? How does it know? 458 00:27:45,788 --> 00:27:46,358 S1: So go. 459 00:27:46,668 --> 00:27:52,518 S2: Yeah. So the proxy, what proxy does they? The proxy 460 00:27:52,518 --> 00:27:55,518 S2: gets your request, and in there it sees which host 461 00:27:55,518 --> 00:27:57,378 S2: you're actually trying to go to. So it makes this 462 00:27:57,378 --> 00:28:02,868 S2: transparent connection and you go into that host on that 463 00:28:02,868 --> 00:28:06,168 S2: host you have teleport to running and teleport is interacting 464 00:28:06,168 --> 00:28:09,018 S2: closely with whatever it is you're accessing. Is it? If 465 00:28:09,018 --> 00:28:13,128 S2: it's if it's Linux operating system, that's direct comparison to SSA. 466 00:28:13,398 --> 00:28:16,848 S2: So it will just do Fool Association limitation, right? So 467 00:28:16,848 --> 00:28:20,388 S2: but if it's good or my sequel, or if it's 468 00:28:20,388 --> 00:28:23,718 S2: maybe a Kubernetes cluster, then it will connect that connection 469 00:28:23,718 --> 00:28:28,938 S2: directly to the cluster and it and it will put 470 00:28:28,938 --> 00:28:31,758 S2: certificate on the wire. Because all of these workloads actually 471 00:28:31,878 --> 00:28:36,238 S2: support certificates could be an instance of birth certificate databases do. Hmm. 472 00:28:37,158 --> 00:28:40,518 S2: But with a certificate coming from the proxy by itself 473 00:28:40,518 --> 00:28:43,458 S2: is really dumb. It simply connects sockets together, and that's 474 00:28:43,458 --> 00:28:46,548 S2: by design. Mm hmm. Because if you have an attack 475 00:28:46,548 --> 00:28:50,148 S2: on the proxy, not because teleport is vulnerable, but simply 476 00:28:50,148 --> 00:28:53,148 S2: because there is always an attack. You might have Postgres. 477 00:28:53,208 --> 00:28:56,508 S2: I'm sorry, the WordPress or some other application that's older, 478 00:28:56,508 --> 00:28:58,878 S2: built on the same machine, but like human made a 479 00:28:58,878 --> 00:29:02,298 S2: mistake somewhere and people bad people have gotten onto the 480 00:29:02,298 --> 00:29:05,418 S2: proxy fight. There are no secrets in the proxy, the 481 00:29:05,418 --> 00:29:10,238 S2: way it works that. Before even connecting to your proxy teleport, 482 00:29:10,598 --> 00:29:12,968 S2: it will it will look on the wire and see 483 00:29:12,968 --> 00:29:15,278 S2: if you have a certificate. And if you don't have 484 00:29:15,278 --> 00:29:18,968 S2: a certificate that will redirect you to identity manager like 485 00:29:18,968 --> 00:29:22,838 S2: actor sell point Active Directory, it will say go do 486 00:29:22,838 --> 00:29:27,698 S2: your SSL. So you go through that you log in 487 00:29:27,698 --> 00:29:31,928 S2: using the choice of authentication your company prefers, and then 488 00:29:31,928 --> 00:29:36,038 S2: that system will redirect you back to teleport with certificate 489 00:29:36,038 --> 00:29:40,408 S2: on the wire. Mm-Hmm. Now we actually know what that's wrong. 490 00:29:40,418 --> 00:29:42,698 S2: That's not how it works. It redirects you back to 491 00:29:42,698 --> 00:29:45,518 S2: teleport with metadata on the wire. So we have standards 492 00:29:45,518 --> 00:29:48,968 S2: like Samuel or Panaji Connect where your identity is going 493 00:29:48,968 --> 00:29:51,878 S2: to be there. So the proxy will then take that 494 00:29:51,878 --> 00:29:55,418 S2: identity and will send to the second component of teleport 495 00:29:55,418 --> 00:30:02,548 S2: called Certificate Authority. Certificate Authority will look at you and 496 00:30:02,548 --> 00:30:05,168 S2: there's OK which protocols you're using, or you need the 497 00:30:05,168 --> 00:30:08,978 S2: cessation ID MongoDB you need. And then this will issue 498 00:30:08,978 --> 00:30:12,458 S2: certificates for everything you need, and those certificates will go 499 00:30:12,458 --> 00:30:14,678 S2: back to you and they will be put in the 500 00:30:14,678 --> 00:30:18,158 S2: wire and then you'll be redirected back to proxy. And 501 00:30:18,158 --> 00:30:20,648 S2: then proxy will look at these certificates and it will 502 00:30:20,648 --> 00:30:23,528 S2: connect you to this thing. And when you add it's 503 00:30:23,528 --> 00:30:26,468 S2: encrypted end to end this, your proxy proxy only looks 504 00:30:26,468 --> 00:30:29,288 S2: at the circuit doesn't actually see any data. So then 505 00:30:29,288 --> 00:30:32,648 S2: your connection is established, let's say, into MongoDB or Linux 506 00:30:32,648 --> 00:30:37,388 S2: box and decryption only happens there. So that is the 507 00:30:37,388 --> 00:30:38,118 S2: magic reminds me 508 00:30:38,138 --> 00:30:39,158 S1: of Kerberos a little bit. 509 00:30:39,678 --> 00:30:44,128 S2: Yeah, exactly. You see, these ideas are not new, but 510 00:30:44,198 --> 00:30:47,918 S2: we as an industry, we know what the best practices are. 511 00:30:48,248 --> 00:30:50,978 S2: It just so happens that they're not always available to people, 512 00:30:50,978 --> 00:30:53,258 S2: so they have to resort to. So that's really what 513 00:30:53,258 --> 00:30:56,208 S2: we do. We just make best practices easy by making 514 00:30:56,208 --> 00:31:01,448 S2: him default. So and now when you connecting to, let's say, 515 00:31:01,718 --> 00:31:04,868 S2: like a database or Kubernetes, you have certificates in the way, 516 00:31:05,138 --> 00:31:07,118 S2: which means that Kubernetes will put you in the right 517 00:31:07,118 --> 00:31:10,358 S2: group and the role based access control will kick in. 518 00:31:10,718 --> 00:31:13,928 S2: And the audit will now have like your metadata will 519 00:31:13,928 --> 00:31:16,418 S2: be in the audit, so it will all be now 520 00:31:16,418 --> 00:31:20,078 S2: synchronized and then the same thing will happen if you 521 00:31:20,078 --> 00:31:23,648 S2: are a bot. So if you're like a backup script 522 00:31:24,068 --> 00:31:28,568 S2: and you get started by scheduler inside of a Kubernetes cluster, 523 00:31:28,958 --> 00:31:32,678 S2: the certificate will be injected into Kubernetes secrets, right? So 524 00:31:32,858 --> 00:31:34,538 S2: now you have certificates. So if you want to make 525 00:31:34,538 --> 00:31:39,128 S2: connections during anything like every programming language runtime when you 526 00:31:39,428 --> 00:31:44,018 S2: open socket call, there is a certificate optional parameter refresh TV, right? 527 00:31:44,348 --> 00:31:46,268 S2: Just put it there. That's all you have to change, 528 00:31:46,268 --> 00:31:49,178 S2: like one parameter, one line of code and that you 529 00:31:49,178 --> 00:31:53,438 S2: don't need API keys anymore. That's it. Like now your Borth, 530 00:31:53,438 --> 00:31:56,378 S2: your automation has an identity, and that identity will be 531 00:31:56,378 --> 00:31:58,868 S2: used to give you access to whatever it is you 532 00:31:58,868 --> 00:32:01,088 S2: need to back up. Mm-Hmm. So you see how it 533 00:32:01,088 --> 00:32:04,868 S2: works for software now on the hardware side when the 534 00:32:04,868 --> 00:32:08,768 S2: machine is booting, but you see teleport is a demon. 535 00:32:09,068 --> 00:32:11,158 S2: So the first thing it does when it comes on line, 536 00:32:11,408 --> 00:32:13,898 S2: it will go it so it will do its own off. 537 00:32:14,588 --> 00:32:17,828 S2: It will go to certificate authority and say, Hey, I'm 538 00:32:17,828 --> 00:32:20,948 S2: over here, I'm a production host. If that's true, the 539 00:32:20,948 --> 00:32:23,438 S2: certificate will be issued and it will land on the box. 540 00:32:23,828 --> 00:32:27,338 S2: So you see, every microservice has a certificate, every human 541 00:32:27,338 --> 00:32:31,328 S2: has a certificate, every hardware piece of hardware has a 542 00:32:31,328 --> 00:32:35,678 S2: certificate and in on the roadmap we're going into client 543 00:32:35,678 --> 00:32:38,468 S2: as well. So which means your laptop when you try 544 00:32:38,468 --> 00:32:41,738 S2: to get in because laptop, it needs to be compliant 545 00:32:41,978 --> 00:32:46,108 S2: and you have IT-BPM, so your laptop will receive a 546 00:32:46,118 --> 00:32:49,718 S2: client hardware certificate. And so now you have you basically 547 00:32:49,718 --> 00:32:53,108 S2: covered everything with certificates. They have this identities, and now 548 00:32:53,108 --> 00:32:58,448 S2: you can do this. Fun things with policy enforcement asking questions. 549 00:32:58,448 --> 00:33:00,218 S2: Cook who has access to what? 550 00:33:00,968 --> 00:33:03,128 S1: Yeah, really, really cool stuff. 551 00:33:03,788 --> 00:33:06,758 S2: Yeah. But let's talk about the negatives, because if it 552 00:33:06,758 --> 00:33:09,158 S2: was so obvious, why would it like didn't exist before? 553 00:33:09,428 --> 00:33:15,238 S2: So the sacrifice is complete goodbye to backwards compatibility. Mm-Hmm. 554 00:33:15,628 --> 00:33:18,868 S2: Because you have so much infrastructure out there. Let's start 555 00:33:18,868 --> 00:33:21,898 S2: with routers like every piece of network equipment has a 556 00:33:22,368 --> 00:33:25,438 S2: associated baked into it and you cannot get out and 557 00:33:25,438 --> 00:33:27,988 S2: it works using public private keys like there is no 558 00:33:27,988 --> 00:33:31,498 S2: certificate support. If you look on the client, like using 559 00:33:31,498 --> 00:33:35,758 S2: windows using putty. No certificate support. Yeah, there are versions 560 00:33:35,758 --> 00:33:40,018 S2: of SSA agent on some Linux distros. They cannot hold certificates. 561 00:33:40,318 --> 00:33:43,318 S2: So we just basically making these choices that if we 562 00:33:43,318 --> 00:33:45,718 S2: were to make a difference, I would have to go 563 00:33:45,718 --> 00:33:48,808 S2: where the puck is going and saying if if you 564 00:33:48,808 --> 00:33:51,418 S2: don't do certs, you should stop doing it. So that's 565 00:33:51,838 --> 00:33:56,638 S2: that's probably the most visible kind of drawback of the system. 566 00:33:58,378 --> 00:34:01,528 S1: That makes sense, which would make sense that it's easier 567 00:34:01,528 --> 00:34:05,638 S1: for newer orgs, like if they were to spin up 568 00:34:05,638 --> 00:34:08,308 S1: a new company tomorrow and start with this, it would 569 00:34:08,308 --> 00:34:09,358 S1: be much easier. 570 00:34:10,598 --> 00:34:14,988 S2: Well, you would be surprised. On one hand, though, what 571 00:34:14,988 --> 00:34:18,348 S2: you're saying is definitely true. But yet let's also remember 572 00:34:18,348 --> 00:34:23,328 S2: that any large company is basically a collection of orgs. Right? Yeah. 573 00:34:23,598 --> 00:34:28,308 S2: And certain are newer than others. Mm-Hmm. Samsung is arguably 574 00:34:28,548 --> 00:34:31,128 S2: like a huge company that's definitely not, you know, it's 575 00:34:31,758 --> 00:34:37,128 S2: like feels like it's a half of the South Korean economy. Sure, sometimes. 576 00:34:37,848 --> 00:34:41,028 S2: But we have a significant presence at Samsung. So the 577 00:34:41,028 --> 00:34:45,288 S2: teams that are starting new projects or just or simply 578 00:34:45,288 --> 00:34:49,518 S2: operating on the newer technological stack. So they are adopting 579 00:34:49,518 --> 00:34:51,858 S2: to work more and more frequently, and we have plenty 580 00:34:51,858 --> 00:34:56,598 S2: of large companies still apart. 581 00:34:56,688 --> 00:34:59,778 S1: Yeah. And there are a lot of companies who periodically 582 00:34:59,778 --> 00:35:02,538 S1: they say, how should we be doing this different? And 583 00:35:02,538 --> 00:35:06,228 S1: that's a perfect time. There are regular intervals where it's 584 00:35:06,228 --> 00:35:09,348 S1: a perfect time to reevaluate and move into the future 585 00:35:09,348 --> 00:35:10,608 S1: rather than doing the old thing. 586 00:35:11,118 --> 00:35:16,998 S2: Yeah, I think the big another like other than fragmentation 587 00:35:16,998 --> 00:35:22,368 S2: of access, which is absolutely killing everyone. Another huge problem 588 00:35:22,368 --> 00:35:29,678 S2: is now with just treatment of secrets. Mm-Hmm. For a 589 00:35:29,678 --> 00:35:33,998 S2: long time, it was considered to be acceptable to store 590 00:35:33,998 --> 00:35:36,308 S2: secrets in an encrypted way as long as you do 591 00:35:36,308 --> 00:35:39,338 S2: it properly. So you would use some kind of encrypted 592 00:35:39,338 --> 00:35:44,558 S2: vaults or you would use basically just you would rely 593 00:35:44,558 --> 00:35:48,498 S2: on encryption to protect your infrastructure. And it's okay. It's fine. 594 00:35:48,608 --> 00:35:55,208 S2: But we have solid algorithms. We had like amazing mathematical breakthroughs. 595 00:35:55,478 --> 00:35:59,738 S2: So let's do that. And that's true. But the reason 596 00:35:59,738 --> 00:36:02,588 S2: why secrets no longer work is because of scale. So 597 00:36:02,598 --> 00:36:06,518 S2: let me walk you through why he managed just right. Well, 598 00:36:06,548 --> 00:36:09,098 S2: key management is one use case, but you can. But 599 00:36:09,098 --> 00:36:11,648 S2: you could think about it in the generic terms like 600 00:36:11,648 --> 00:36:14,098 S2: you have data and there's the standard like data and 601 00:36:14,108 --> 00:36:16,988 S2: you should be encrypted at rest. OK, encrypted with what? Well, 602 00:36:17,168 --> 00:36:20,618 S2: with a secret. So where does that secret go? And 603 00:36:20,618 --> 00:36:23,378 S2: you have these instances of that like sprinkled all over 604 00:36:23,378 --> 00:36:27,298 S2: there have API keys for internal external services. You have 605 00:36:27,298 --> 00:36:31,808 S2: message credentials, you have a data like backups encrypted, just 606 00:36:31,808 --> 00:36:33,908 S2: like all of the secrets. Where do they go? Like 607 00:36:33,908 --> 00:36:38,498 S2: what is happening? So that is a growing concern and 608 00:36:38,498 --> 00:36:42,788 S2: the problem in the space because it's not scalable and 609 00:36:42,788 --> 00:36:46,208 S2: this is where scale breaks here. So imagine for a 610 00:36:46,208 --> 00:36:48,668 S2: second that you have a single secret in your infrastructure 611 00:36:48,968 --> 00:36:51,788 S2: and your infrastructure is a single server and your team 612 00:36:51,788 --> 00:36:54,728 S2: is like five people. Everything is really small, so you 613 00:36:54,728 --> 00:36:59,108 S2: encrypted something that's secret. And then you have to ask yourself, 614 00:36:59,108 --> 00:37:03,188 S2: what is the probability of that being stolen? OK, let's 615 00:37:03,188 --> 00:37:05,798 S2: look into it. If you encrypted something, it means there 616 00:37:05,798 --> 00:37:09,308 S2: is decryption happening. Mm-Hmm. If decryption is happening, it means 617 00:37:09,308 --> 00:37:12,338 S2: it's either manual. So one of your five engineers will 618 00:37:12,338 --> 00:37:16,058 S2: just remember the secret and do decryption. Or it's a 619 00:37:16,058 --> 00:37:20,558 S2: piece of automation, something that you periodically deploy. Mm hmm. OK. 620 00:37:21,098 --> 00:37:24,548 S2: So if you are periodically deploying, there's a slight chance 621 00:37:24,548 --> 00:37:27,758 S2: you will have a bad deployment. Type the wrong thing 622 00:37:27,758 --> 00:37:30,368 S2: in the keyboard to flip the wrong thing and your 623 00:37:30,368 --> 00:37:33,998 S2: secret will be on your public GitHub repository. You will 624 00:37:33,998 --> 00:37:37,448 S2: check in with the code every once in a while. 625 00:37:37,448 --> 00:37:40,448 S2: We make mistakes. Well, humans. Mm hmm. So there is 626 00:37:40,448 --> 00:37:42,908 S2: a tiny chance that might happen on the automation side. 627 00:37:43,148 --> 00:37:46,328 S2: But if it's on the human side, same thing. Humans 628 00:37:46,358 --> 00:37:49,088 S2: make mistakes. There is a tiny chance you're going to 629 00:37:49,088 --> 00:37:52,778 S2: click on the wrong attachment. You can sign up for 630 00:37:53,018 --> 00:37:56,948 S2: the book with a phishing attack. Your laptop will get 631 00:37:56,948 --> 00:38:01,168 S2: compromised and the secret will be stolen, but you would think, Oh, 632 00:38:01,178 --> 00:38:03,928 S2: we're going to follow the best practices. We hired good engineers, 633 00:38:03,938 --> 00:38:06,758 S2: the smart people not going to happen. OK, fine. But 634 00:38:06,758 --> 00:38:09,038 S2: then what happens if you have two secrets and then 635 00:38:09,038 --> 00:38:12,548 S2: two servers and then 10 engineers and then 100 secrets 636 00:38:12,548 --> 00:38:16,688 S2: and 100 servers in a thousand years? So as you scale, 637 00:38:16,958 --> 00:38:19,088 S2: as you process more and more data, you can grow 638 00:38:19,088 --> 00:38:24,428 S2: that combined probability of human error keeps increasing. And I 639 00:38:24,428 --> 00:38:28,938 S2: will never accept and we shouldn't, that humans are infallible. 640 00:38:29,078 --> 00:38:31,928 S2: We will eventually make a mistake. So which means that 641 00:38:31,928 --> 00:38:35,778 S2: the existence, the mere existence of secrets and your infrastructure 642 00:38:35,798 --> 00:38:39,308 S2: is a liability. And the bigger you get, the bigger 643 00:38:39,308 --> 00:38:42,758 S2: that liability becomes. So the future then, is to move 644 00:38:42,758 --> 00:38:49,178 S2: to completely scrupulous future, where there's zero infrastructure secrets that 645 00:38:49,178 --> 00:38:53,168 S2: are present anywhere. And that is where the certificates come. 646 00:38:53,318 --> 00:38:56,948 S2: Come in because maybe we don't eliminate the need for 647 00:38:56,948 --> 00:39:01,538 S2: secrets for all things infrastructure, but we eliminate the need 648 00:39:01,538 --> 00:39:05,618 S2: for static credentials for access. So the API keys go 649 00:39:05,618 --> 00:39:09,528 S2: away because your applications will get this ephemeral certificates that 650 00:39:09,528 --> 00:39:13,928 S2: are automatically expiring so you don't really need encrypted storage 651 00:39:13,928 --> 00:39:17,768 S2: for your API keys. So things like associated passwords who 652 00:39:17,768 --> 00:39:22,298 S2: go away, things like private public keys go away. Things 653 00:39:22,298 --> 00:39:26,828 S2: like like passwords to windows. You see, that's a huge 654 00:39:27,788 --> 00:39:32,228 S2: kind of liability exposure that certificates on identity just eliminate, 655 00:39:32,528 --> 00:39:34,868 S2: which is a big, big shift that's happening in the 656 00:39:34,868 --> 00:39:36,428 S2: industry that now is important. 657 00:39:36,518 --> 00:39:40,388 S1: I love this. I think this is. I feel like 658 00:39:40,388 --> 00:39:44,678 S1: it's where things have to go because complexity just continues 659 00:39:44,678 --> 00:39:48,488 S1: to grow. Exactly. This is this is the only way 660 00:39:48,488 --> 00:39:51,638 S1: to actually address it with a system like this. 661 00:39:52,088 --> 00:39:56,828 S2: It's something I enjoy seeing the similarities in how humans 662 00:39:56,828 --> 00:39:59,558 S2: think about different problems. Like one, when we talk about 663 00:39:59,558 --> 00:40:04,568 S2: carbon footprint and global warming, it's basically the same answer. Yeah. 664 00:40:05,258 --> 00:40:08,198 S2: It needs to go to zero. Like simply lowering something 665 00:40:08,198 --> 00:40:10,538 S2: by 20 30 percent is not enough because it keeps 666 00:40:10,538 --> 00:40:14,918 S2: accumulating so few, gaining 20 percent all the time. So 667 00:40:14,918 --> 00:40:19,628 S2: eventually that that curve is going to get you to say, Oh, 668 00:40:19,658 --> 00:40:23,558 S1: it's just like you said with population, the population grows 669 00:40:23,558 --> 00:40:25,388 S1: and you have a small problem. Well, you have a 670 00:40:25,388 --> 00:40:25,878 S1: big yes. 671 00:40:25,988 --> 00:40:28,568 S2: Yep. Yep, yep, exactly. Exactly. 672 00:40:30,128 --> 00:40:33,698 S1: All right. Well, this has been fantastic. Definitely enjoyed this. 673 00:40:33,698 --> 00:40:37,198 S1: I wish it was a real lunch, but me too. Yeah. Yeah. 674 00:40:37,568 --> 00:40:41,168 S1: Maybe sometime soon. And thank you so much for the time. 675 00:40:41,678 --> 00:40:43,868 S2: Yeah. Thank you for asking all the right questions I 676 00:40:43,868 --> 00:40:47,678 S2: couldn't hope for to cover so much, so quickly. Awesome. 677 00:40:48,218 --> 00:40:49,148 S2: All right, ladies, 678 00:40:49,148 --> 00:40:52,048 S1: we're listening to the standalone episode. We'll see you next time.