WEBVTT - Sponsored Conversation: Ev Kontsevoy from Teleport 0:00:37.878 --> 0:00:40.128 All right. In this stand alone episode, I'm doing a 0:00:40.128 --> 0:00:45.428 sponsored interview with Eva Concevoir of Teleport. So we've all 0:00:45.428 --> 0:00:48.698 heard sponsored conversations before, and the structure I really like 0:00:48.698 --> 0:00:52.178 is imagining that you're having a lunch conversation with an 0:00:52.178 --> 0:00:55.058 entrepreneur and you're learning about the product for the first time. 0:00:56.068 --> 0:00:59.158 So that's really how I approach these, basically, I say, look, 0:00:59.158 --> 0:01:01.708 we're having lunch. Tell me about the product. And I 0:01:01.708 --> 0:01:04.588 get to comment and ask questions just like a normal conversation. 0:01:05.318 --> 0:01:07.978 Now these are sponsored, so I'm not likely to blast 0:01:07.978 --> 0:01:10.678 someone from orbit. But I'm also going to be honest 0:01:10.678 --> 0:01:12.928 if I see a challenger or a question just like 0:01:12.928 --> 0:01:16.568 I would during a lunch conversation. And the way we're 0:01:16.568 --> 0:01:19.688 looking to avoid conflict here is by pre filtering, we 0:01:19.688 --> 0:01:22.838 allowed to do sponsored interviews. So that's the approach the 0:01:22.838 --> 0:01:25.598 natural pitch in a conversation over the time span of 0:01:25.598 --> 0:01:25.988 a meal. 0:01:26.678 --> 0:01:33.468 And with that, here's of from teleport. All right. 0:01:33.678 --> 0:01:37.868 Well, it's very nice to meet you. Likewise. Yeah, so 0:01:38.018 --> 0:01:40.328 I guess, could you tell me about yourself and tell 0:01:40.328 --> 0:01:41.438 me about the company? 0:01:42.548 --> 0:01:47.978 Absolutely. So I'm an engineer who was always obsessed with 0:01:48.308 --> 0:01:52.628 computing infrastructure. So probably the reason for this is as 0:01:52.628 --> 0:01:57.338 most engineers, I started programming at the fairly early age, 0:01:57.338 --> 0:01:59.978 and I always like to write code that kind of 0:01:59.978 --> 0:02:03.908 makes computers do things like physical things like play music, 0:02:03.908 --> 0:02:07.448 using something that moves inside of a computer or do 0:02:07.448 --> 0:02:10.118 some special effects with a monitor. And for that reason, 0:02:10.118 --> 0:02:13.028 I kind of grew up and gotten into the workforce. 0:02:13.598 --> 0:02:16.928 I was naturally attracted to this cloud revolution that started 0:02:16.928 --> 0:02:20.588 to happen because just being in a data center, I 0:02:20.588 --> 0:02:22.948 see the ceiling racks and racks of servers. It's just 0:02:22.948 --> 0:02:25.958 that there's always been various fascinating. So it's a second 0:02:25.958 --> 0:02:30.068 company has started to make the lives of other engineers 0:02:30.068 --> 0:02:33.758 a year. So the first was what was an email 0:02:33.788 --> 0:02:36.158 cloud delivery technology. So if you were to run the 0:02:36.158 --> 0:02:38.258 applications in the cloud and you wanted to kind of 0:02:38.288 --> 0:02:41.768 send and receive email messages of massive scale? That was 0:02:41.768 --> 0:02:46.958 my first company called Mail Gun. But after Milgrom got 0:02:46.958 --> 0:02:52.298 acquired by Rackspace, which at the time was second biggest 0:02:52.298 --> 0:02:57.458 cloud provider, so I got exposed to big cloud problems. 0:02:57.638 --> 0:03:01.418 And one of those problems was the access because as 0:03:01.418 --> 0:03:07.028 companies continue to push more and more data to the cloud. 0:03:07.538 --> 0:03:12.338 So the importance of data security in data centers is 0:03:12.338 --> 0:03:16.358 now more important than ever. And it just so happens 0:03:16.358 --> 0:03:18.668 that when it comes to infrastructure security, when it comes 0:03:18.668 --> 0:03:22.658 to infrastructure access, the technology we use for that surprisingly 0:03:22.928 --> 0:03:26.918 is a lagging application level security where, like 10, 15, 0:03:26.918 --> 0:03:30.428 20 years. In other words, when you're accessing web apps 0:03:30.428 --> 0:03:33.848 online and by web apps, I mean, like banking. When 0:03:33.848 --> 0:03:38.858 you log into your bank to check your balance or 0:03:38.858 --> 0:03:42.098 pay your bills, you're actually using state of the art technology. 0:03:42.428 --> 0:03:45.698 But if you are an engineer at a sales company 0:03:45.698 --> 0:03:51.188 and you're accessing products, servers, computing environments, you're using antiquated 0:03:51.188 --> 0:03:55.028 stuff and people don't realize that they actually using better 0:03:55.028 --> 0:03:58.748 tools than engineers that build software. But that's true. So 0:03:58.748 --> 0:04:00.998 that's why Teleport was started to go and bridge this 0:04:00.998 --> 0:04:04.688 gap to get this state of the art technology into 0:04:05.258 --> 0:04:12.338 infrastructure access space. So software developers and another types of 0:04:12.338 --> 0:04:15.368 engineers can securely and conveniently access infrastructure. 0:04:16.848 --> 0:04:21.738 Awesome. And so just looking at it at a cursory level, 0:04:22.038 --> 0:04:27.388 it looks like the idea is controlling ingress and egress. 0:04:27.408 --> 0:04:30.918 It's like you have a single control point or all 0:04:30.918 --> 0:04:34.068 the different operations that need to happen is, is that 0:04:34.068 --> 0:04:35.148 the way you characterize it? 0:04:36.078 --> 0:04:39.768 So that's absolutely accurate. But I would say that so 0:04:39.918 --> 0:04:45.648 this type of description, it doesn't communicate much, right? So 0:04:45.648 --> 0:04:47.928 if someone would listen, it almost sounds like a network 0:04:47.928 --> 0:04:50.688 solution like, oh, you have a like a firewall or 0:04:50.688 --> 0:04:54.018 a proxy because they could be described using very similar language. 0:04:54.588 --> 0:04:59.598 The interesting thing is, it's all about identity at the 0:04:59.598 --> 0:05:02.298 end of the day. So even if you put security 0:05:02.298 --> 0:05:05.118 aside and you think about how is it that we 0:05:05.118 --> 0:05:08.628 do computing like, what is the process of computing? Who's involved? 0:05:09.108 --> 0:05:11.298 So you will see that there are three very different 0:05:11.298 --> 0:05:14.448 kind of actors in that dance. So you have hardware, 0:05:14.718 --> 0:05:17.988 but the actual things that stored data and perform operations 0:05:17.988 --> 0:05:20.358 and the data and the actual hardware. So then there 0:05:20.358 --> 0:05:23.948 are software and software. They act intelligently. So because we 0:05:23.958 --> 0:05:27.528 are pretty good at baking software, that makes decisions. So 0:05:27.528 --> 0:05:31.098 software is like control in hardware to make computing happen. Mm-Hmm. 0:05:31.188 --> 0:05:35.028 And then you have humans. Humans are obviously the most 0:05:35.028 --> 0:05:38.178 important thing. So humans create software. So there is this 0:05:38.178 --> 0:05:40.968 kind of loop of humans make decisions and then they 0:05:40.968 --> 0:05:43.998 create software, and then the software makes decisions on behalf 0:05:43.998 --> 0:05:46.788 of humans. And then it tells hardware what to do 0:05:46.788 --> 0:05:50.978 and hardware on behalf and software makes changes to the data. OK. 0:05:51.648 --> 0:05:54.168 So then if you are thinking about stealing someone's data, 0:05:54.168 --> 0:05:57.598 you now have a choice. You can attack hardware, right? 0:05:57.618 --> 0:06:00.198 So you can try to gain access to that machine, 0:06:00.198 --> 0:06:04.098 maybe even physically. Just break into data center steal, get 0:06:04.098 --> 0:06:07.728 the server out of the rack and run away. Like 0:06:07.728 --> 0:06:11.238 a Hollywood movie? Hard to imagine, but probably possible. Or 0:06:11.238 --> 0:06:13.968 you can attack software. You can try to inject your 0:06:13.968 --> 0:06:18.678 code into that software somehow, maybe through access, through cross-site 0:06:18.678 --> 0:06:22.098 scripting or by attacking supply chain. So you put your 0:06:22.098 --> 0:06:24.288 code into your software and then you get into hardware 0:06:24.288 --> 0:06:26.658 and then you get to today or you attack humans, 0:06:26.668 --> 0:06:28.818 you send an email and say, Hey, click on this 0:06:28.818 --> 0:06:31.938 thing to claim your whatever, and then you end up 0:06:31.938 --> 0:06:34.728 in their laptop. And from that laptop you get in software, 0:06:34.728 --> 0:06:38.748 hardware store and so forth. So that is important thing 0:06:38.748 --> 0:06:43.548 to realize that there are these three different entities and 0:06:43.638 --> 0:06:48.288 stealing data attacking could be done in three different dimensions. 0:06:48.678 --> 0:06:54.318 And historically, there have been completely different industries, completely different products, 0:06:54.408 --> 0:06:59.418 completely different organizations responsible for protecting each one separately. So 0:06:59.418 --> 0:07:03.138 you've heard the words like endpoint security or things like 0:07:03.468 --> 0:07:08.088 infrastructure access and then the like. These solutions, they would 0:07:08.088 --> 0:07:11.268 say we protect laptop or we protect your code or 0:07:11.268 --> 0:07:14.908 we protect your servers. And that is a broken approach. 0:07:14.928 --> 0:07:17.778 You see how fundamental that is. It's broken because they 0:07:17.778 --> 0:07:21.138 all disjointed. It means that if you were to have 0:07:21.138 --> 0:07:24.528 a complete protection, you have to, first of all, use 0:07:24.528 --> 0:07:27.918 different solutions for each of these three components. But then 0:07:27.918 --> 0:07:30.648 you also have to synchronize. You have to synchronize how 0:07:30.648 --> 0:07:31.368 they configured. 0:07:31.488 --> 0:07:34.818 Well, isn't isn't that because the history, though, is that 0:07:34.818 --> 0:07:37.698 they were very distinct components like it was a way 0:07:37.968 --> 0:07:40.548 up top and it was like a piece of iron 0:07:40.548 --> 0:07:44.598 sitting in a data center somewhere. So physically, the history 0:07:44.598 --> 0:07:45.978 is that they were very separate. 0:07:46.428 --> 0:07:50.088 Correct. Correct. And like you see, we as like, we're 0:07:50.088 --> 0:07:53.938 intelligent human beings. We obviously don't do anything obviously stupid. 0:07:53.958 --> 0:07:57.708 There's always a history behind. We've been making these incremental decisions. 0:07:58.758 --> 0:08:02.598 And each of those incremental decisions historically has been the 0:08:02.598 --> 0:08:05.548 right move. Right. But the end state that we really 0:08:05.568 --> 0:08:08.928 like we find ourselves in right now is just terribly wrong. 0:08:09.288 --> 0:08:12.918 Here's a very simple example of why it's broken every company. 0:08:12.948 --> 0:08:16.338 Most companies probably want to enforce one simple rule that 0:08:16.338 --> 0:08:20.838 states that a software engineer who no longer works here 0:08:21.318 --> 0:08:24.978 doesn't have access to our infrastructure. Yeah. Now, thank so 0:08:24.978 --> 0:08:27.378 for that to be true. You have to configure multiple 0:08:27.378 --> 0:08:32.678 tools in the same way. Mm-Hmm. So if you forget 0:08:32.828 --> 0:08:36.368 to say that this laptop is no longer trusted, that 0:08:36.368 --> 0:08:39.038 that laptop will be allowed to get in, or if 0:08:39.038 --> 0:08:41.708 you forget to say that this password is no longer 0:08:41.708 --> 0:08:45.478 valid through a web UI somewhere like intellect cabinet, just 0:08:45.488 --> 0:08:48.128 control panel engineers will be able to get it. If 0:08:48.128 --> 0:08:51.098 you forget to say that SSA is no longer accepts 0:08:51.098 --> 0:08:53.738 that they will be able to access infrastructure, you see 0:08:54.188 --> 0:08:57.578 simply because your data like it sits in the house, 0:08:57.578 --> 0:09:01.508 that's data center. And that house has dozens of doors 0:09:01.508 --> 0:09:04.868 for software hardware people where you have to synchronize access 0:09:04.868 --> 0:09:08.138 across all of them. And that is now becomes. It's 0:09:08.138 --> 0:09:11.468 almost actually impossible for most companies just due to the 0:09:11.468 --> 0:09:12.338 complexity of it. 0:09:12.458 --> 0:09:15.638 Well, especially on using separate software and also 0:09:15.788 --> 0:09:19.688 policies and software comes with expertise. So if you bought 0:09:19.688 --> 0:09:22.058 a solution, you better have experts who know how to 0:09:22.058 --> 0:09:24.938 set it up, configure and use it. And the expertise 0:09:24.938 --> 0:09:28.418 is always in short supply. Like every single company is 0:09:28.418 --> 0:09:33.758 struggling to hire engineering, talent and security in particular. And that, 0:09:33.968 --> 0:09:37.358 I would argue, is the fundamental problem that we solve 0:09:37.358 --> 0:09:41.288 with the act to splain concept, where we say that 0:09:41.408 --> 0:09:45.428 treating software access, hardware access and people were accessed separately 0:09:45.428 --> 0:09:48.668 is just not no longer scales like we have to 0:09:48.668 --> 0:09:53.408 have a single plane that works for all three actors. 0:09:54.488 --> 0:09:56.378 And in order for that to work, we need to 0:09:56.378 --> 0:10:01.268 agree on a common technology or common technological platform. It 0:10:01.268 --> 0:10:03.788 needs to be open. It needs to be an open standard. 0:10:04.058 --> 0:10:06.788 It needs to be easy to understand the reason about. 0:10:07.068 --> 0:10:09.278 And then when you say we're not going to support 0:10:09.278 --> 0:10:11.588 anything else like all the legacy stuff needs to go away, 0:10:12.008 --> 0:10:17.798 that is what teleport is. Teleport estates that for software, 0:10:17.798 --> 0:10:21.398 hardware and people where to seamlessly work, create this trusted 0:10:21.398 --> 0:10:26.438 computing environment. Everything has and everyone, everything and everyone really 0:10:26.438 --> 0:10:30.608 important has to have an identity and identity is represented 0:10:30.608 --> 0:10:33.248 in the form of a certificate. So there are two 0:10:33.248 --> 0:10:36.968 standards for certificates that exist that we support both SSA 0:10:36.968 --> 0:10:41.348 certificates and X five of nine certificates and teleport says 0:10:41.768 --> 0:10:45.908 that to do anything for machines, for software and humans. 0:10:45.938 --> 0:10:49.178 All three have to have certificates and either something is 0:10:49.178 --> 0:10:52.658 allowed or not is done by looking at all three 0:10:52.658 --> 0:10:56.018 certs for every security related action and then saying yes 0:10:56.018 --> 0:11:00.578 or no. So that is the major innovation here. Is 0:11:00.578 --> 0:11:05.108 this consolidation of these three actors of computing and on 0:11:05.108 --> 0:11:09.008 top of Common Foundation, which is a certificate which is identity. 0:11:09.668 --> 0:11:12.848 So it solves, first of all, it solves the fragmentation 0:11:12.848 --> 0:11:15.428 issue where you have these kind of silos of security 0:11:15.428 --> 0:11:21.398 all over. But it's also often methodically eliminates the. Huge, 0:11:21.408 --> 0:11:26.328 a risk that exists in your system if you have secrets. 0:11:28.218 --> 0:11:32.268 So when companies talking about secure a vault, when they're 0:11:32.268 --> 0:11:36.168 talking about passwords, rotation, when they talk about encryption addressed, 0:11:36.438 --> 0:11:40.608 so they basically saying that our infrastructure has certain things 0:11:40.608 --> 0:11:44.268 on it that are protected by encryption. Mm-Hmm. So protected 0:11:44.268 --> 0:11:47.688 password is protected by encryption, so you cannot claim that 0:11:47.688 --> 0:11:49.998 the data itself will never be stolen, like things get 0:11:49.998 --> 0:11:52.458 stolen every once in a while. But you are relying 0:11:52.458 --> 0:11:57.198 on decryption or encryption decryption as your last line of defense. Mm-Hmm. 0:11:57.978 --> 0:12:02.118 So here's why it was just statistically not going to work. 0:12:02.388 --> 0:12:05.658 So if you have, let's say, a secret, let's use 0:12:05.748 --> 0:12:08.868 such a key. For example, we have a private association 0:12:09.018 --> 0:12:14.228 somewhere in your system. The worst case scenario here, like 0:12:14.228 --> 0:12:16.718 a lot of them, engineering laptops, but just to let, 0:12:16.738 --> 0:12:20.498 let's assume you have an encrypted key. So which means 0:12:20.498 --> 0:12:24.698 that there's decryption happening somewhere. Mm-Hmm. It could be happening 0:12:24.698 --> 0:12:27.638 or thematically. So you have some kind of scripts, some applications, 0:12:27.638 --> 0:12:33.308 some automation that does decryption, or it could happen manually. 0:12:33.318 --> 0:12:35.078 So there is a human that needs to type in 0:12:35.078 --> 0:12:38.558 the decryption key on a keyboard. OK. So in the 0:12:38.558 --> 0:12:42.488 first case, if it's a piece of automation that has decryption, 0:12:43.328 --> 0:12:46.688 you could have a bad deployment. You might have your 0:12:46.688 --> 0:12:50.588 code that does. Decryption with the decryption key might accidentally 0:12:50.588 --> 0:12:53.578 end up on on GitHub visible to the entire world. 0:12:53.888 --> 0:12:58.388 You know, mistakes happen. Mm hmm. The probability is close 0:12:58.388 --> 0:13:01.418 to zero, especially if you're world randomization. So doing your 0:13:01.418 --> 0:13:05.918 best not to do these bad deployments. And if you're 0:13:05.918 --> 0:13:09.368 doing it manually, well, humans are humans. Everyone like you 0:13:09.368 --> 0:13:12.188 might end up with a sticky note in the monitor somewhere. Mm-Hmm. 0:13:12.818 --> 0:13:15.028 And that sticky note may end up in the news, 0:13:15.038 --> 0:13:17.798 if that possible. It was a real story in 0:13:17.908 --> 0:13:19.208 an interview with VIDEO. 0:13:19.418 --> 0:13:23.828 Yeah, yeah, yeah. Well, again, the probability of that happening 0:13:23.858 --> 0:13:27.728 is comically low. But notice what happens as you scale, 0:13:28.268 --> 0:13:31.748 as you acquire more and more and more secrets as 0:13:31.748 --> 0:13:34.628 you get more and more and more hardware and you 0:13:34.628 --> 0:13:37.268 get more and more humans who can make mistakes. So 0:13:37.268 --> 0:13:41.768 the probability the combined probability starts to creep up and 0:13:41.768 --> 0:13:42.848 then eventually that happens. 0:13:43.478 --> 0:13:46.208 So. So let me jump in here real quick. So 0:13:46.208 --> 0:13:51.338 you're essentially saying these three things let's wrap them with 0:13:51.668 --> 0:13:55.688 some sort of access control plane of some sort and 0:13:55.688 --> 0:14:01.368 then have a policy inside of that plane, which. Looks 0:14:01.368 --> 0:14:05.118 for certain actions being allowed to be done and tying 0:14:05.118 --> 0:14:06.288 that directly to people 0:14:07.158 --> 0:14:11.358 views or true identities. Yeah, actually, it's important to say 0:14:11.358 --> 0:14:14.838 that we should not treat machines or humans separately from 0:14:14.838 --> 0:14:16.728 each other. They need to be treated the same. 0:14:16.788 --> 0:14:17.448 OK, so there are 0:14:18.348 --> 0:14:22.568 three parties A, B and C, right? A is hardware. 0:14:22.578 --> 0:14:25.548 B is a piece of software like microservice, for example, 0:14:25.548 --> 0:14:28.398 and C is a is a is a human. And 0:14:28.398 --> 0:14:32.388 when they interact, you should pay zero attention to visit 0:14:32.388 --> 0:14:35.088 machine is that person doesn't matter. You simply look on 0:14:35.088 --> 0:14:37.908 a certificate, you look at properties of a certificate and 0:14:37.908 --> 0:14:40.788 then you look at policy. So if the certificate says 0:14:41.148 --> 0:14:46.398 that the like one of these actors is a production environment, 0:14:46.398 --> 0:14:51.618 it's not staging AHA. So it triggers production policy because 0:14:51.618 --> 0:14:54.348 what what happens in private to production data versus staging 0:14:54.348 --> 0:14:57.108 is very different, right? So and then if one of 0:14:57.108 --> 0:15:01.788 these certificate says that I'm a like, a temporary contractor. 0:15:02.208 --> 0:15:04.788 So now you know that there is something happening on 0:15:04.788 --> 0:15:08.388 production with a temporary contractor. So you want to see 0:15:08.388 --> 0:15:11.568 what the policy of enforcing, but you should not paying 0:15:11.568 --> 0:15:14.448 attention as a human is a machine is itself doesn't matter. 0:15:14.748 --> 0:15:17.808 That is the key distinction because if you implement a 0:15:17.808 --> 0:15:21.588 system like this, then you have this massive unification. You 0:15:21.728 --> 0:15:25.218 essentially saying there is a single source of truth that 0:15:25.218 --> 0:15:28.548 issues identities to everyone and a single source of truth 0:15:28.548 --> 0:15:32.478 that makes authorization and authentication decisions and a single source 0:15:32.478 --> 0:15:34.098 of truth where the audit goes? 0:15:34.938 --> 0:15:38.358 Well, that how about the asset data? So how do 0:15:38.358 --> 0:15:42.708 you complete the the details of the policy? So I 0:15:42.708 --> 0:15:45.378 need to access this web service. I need to contact 0:15:45.378 --> 0:15:48.588 this API. I need to get onto this hard disk 0:15:48.588 --> 0:15:51.798 and pull this data. When you're trying to write a 0:15:51.798 --> 0:15:55.518 policy that says only this identity can do this during 0:15:55.518 --> 0:15:59.028 this time of day or whatever. Doesn't that require a 0:15:59.028 --> 0:16:02.208 lot of asset metadata to exist? 0:16:02.628 --> 0:16:07.248 Correct. So the assets method data I received by saying assets, 0:16:07.298 --> 0:16:11.898 you inject that distinction because the asset assumes like machines, self, 0:16:11.898 --> 0:16:15.528 the right ones are not assets. So this is why 0:16:15.528 --> 0:16:18.258 I want to double click on do not make that distinction. 0:16:18.258 --> 0:16:22.128 Just simply says metadata, right? So you have metadata associated 0:16:22.128 --> 0:16:25.278 with identity. Where's it coming from? That's I think, your question. 0:16:26.058 --> 0:16:29.328 So here's the thing. If you are a human and 0:16:29.328 --> 0:16:32.088 you going through a log and process, that metadata will 0:16:32.088 --> 0:16:35.568 get injected by idea the identity platform your company uses. 0:16:36.078 --> 0:16:39.468 It could be Active Directory sell point Okta. Like all 0:16:39.468 --> 0:16:42.048 of these things they can, they deliver a lot of 0:16:42.048 --> 0:16:46.158 metadata when you go through authentication. Teleport doesn't do authentication, 0:16:46.158 --> 0:16:48.318 by the way. We rely on your SSL. Sure, we 0:16:48.318 --> 0:16:52.368 just get your right that your identity is given to us. OK, 0:16:52.878 --> 0:16:54.828 so that's where it's come from that comes from in 0:16:54.828 --> 0:16:56.988 this case. So it's already there like your company knows 0:16:56.988 --> 0:16:59.298 who you are, like you are a member of a group, 0:16:59.478 --> 0:17:01.818 you have an email address, you have a manager. All 0:17:01.818 --> 0:17:04.578 of this going to be in your certificate. So then 0:17:04.578 --> 0:17:08.898 if your piece of software like you're a microservice and 0:17:08.898 --> 0:17:12.108 you are lunching inside of, let's say, a Kubernetes cluster, 0:17:13.338 --> 0:17:15.708 your identity will be handed to you in the form 0:17:15.708 --> 0:17:18.468 of a certificate and it will. The queue environment will 0:17:18.468 --> 0:17:22.218 be encoded in there. The the the community cluster knows 0:17:22.218 --> 0:17:25.938 I'm staging and production. If you database machine, it will 0:17:25.938 --> 0:17:29.178 all be there. So we already have this metadata on 0:17:29.178 --> 0:17:33.108 the infrastructure level like that. Technologies have been built by 0:17:33.108 --> 0:17:36.258 other people like we don't really need to imagine that 0:17:36.618 --> 0:17:42.708 or I'm sorry not imagine them re even invent that will. 0:17:43.188 --> 0:17:47.838 And the same is true for hardware when the hardware, 0:17:47.898 --> 0:17:52.028 when the company issues you a laptop, if it's OK, 0:17:52.128 --> 0:17:55.038 it's an Apple laptop that there is a hardware security 0:17:55.038 --> 0:17:57.858 module on it and you can mark like this laptop 0:17:57.858 --> 0:18:01.308 belongs to us. So some other laptop shows up and 0:18:01.308 --> 0:18:04.788 it has a TPM with a different fingerprint on it, 0:18:05.358 --> 0:18:07.418 and it will not. It will not be trusted, right? 0:18:07.428 --> 0:18:12.648 So the key technologies for having metadata and storing it 0:18:12.858 --> 0:18:16.128 already exist. So what teleport does that? We suck all 0:18:16.128 --> 0:18:19.428 of this metadata out, put it in a certificate, and 0:18:19.428 --> 0:18:22.548 then we make sure that these certificates are available when 0:18:22.548 --> 0:18:25.128 the decision is to be done, either to allow or 0:18:25.128 --> 0:18:26.808 deny specific operation. 0:18:27.528 --> 0:18:31.338 Yeah, very, very interesting. So how does this touch in with? 0:18:32.478 --> 0:18:35.958 Because it sounds very cloud friendly because that's where we 0:18:35.958 --> 0:18:37.918 have a lot of metadata present. 0:18:38.118 --> 0:18:40.968 It's easier to do in the cloud, definitely, because cloud 0:18:40.968 --> 0:18:43.548 allows you to do everything through code. So as you 0:18:43.548 --> 0:18:47.958 provisioned machines, using your scripts, as you create Kubernetes clusters 0:18:47.958 --> 0:18:51.108 and your services as there's just a lot of it's 0:18:51.108 --> 0:18:53.808 just awesome if you're in the cloud, if you if 0:18:53.808 --> 0:18:57.108 you run your own data centers. Companies that do that, 0:18:57.108 --> 0:18:59.968 they don't just like bare metal and nothing else. Yeah, 0:19:00.048 --> 0:19:04.928 they have. Things like VMware, OpenStack, they have private versions 0:19:04.928 --> 0:19:09.878 of what Ada Bliss offers, and those have similar capabilities. 0:19:10.208 --> 0:19:13.868 OK, so you're going to get metadata from somewhere, whether 0:19:13.868 --> 0:19:19.298 it's VMware or somewhere, OK for an MDM or something. OK. 0:19:20.148 --> 0:19:24.468 Very interesting, so as in so how how upfront is 0:19:24.468 --> 0:19:27.198 the policy editor because it seems like the policy is 0:19:27.198 --> 0:19:30.348 is very key. Right. You have the you have the 0:19:30.348 --> 0:19:32.568 control plane and then you have the policies that sit 0:19:32.568 --> 0:19:36.048 on top of it. Is that a is that a 0:19:36.078 --> 0:19:39.108 huge part of the product and the interaction point with 0:19:39.108 --> 0:19:39.558 the product? 0:19:40.548 --> 0:19:46.668 So the answer is yes and no. I would say 0:19:46.668 --> 0:19:52.248 that companies historically struggled, not with defining policy. Mm-Hmm. Because 0:19:52.968 --> 0:19:57.048 like the mid-sized organizations, their policies are not that complicated. 0:19:57.528 --> 0:19:59.988 You have, like even even the basic ones that are 0:19:59.988 --> 0:20:03.378 often not enforced. For example, the policies like engineers must 0:20:03.378 --> 0:20:06.138 not push production data easy enough, right? Mm-Hmm. So if 0:20:06.138 --> 0:20:08.168 you are in engineering, you should be dealing with staging. 0:20:08.178 --> 0:20:10.488 You should be dealing with test environments like don't touch 0:20:10.488 --> 0:20:14.808 customer data, don't you? So the policy for that is 0:20:14.808 --> 0:20:17.868 like a couple of lines of configuration using like arbitrary 0:20:17.868 --> 0:20:20.298 language like you and I could come up with a 0:20:20.298 --> 0:20:23.208 way to declare its policy. So the difficulty has been 0:20:23.208 --> 0:20:28.578 to actually enforce it because of this siloing off axis, 0:20:28.908 --> 0:20:32.148 because you have like cloud access through the API, you 0:20:32.148 --> 0:20:35.118 have a say you could go through just control panel 0:20:35.718 --> 0:20:37.638 through web. You I can go through Kubernetes. You see 0:20:37.698 --> 0:20:40.188 that there are just so many protocols, so many different doors. 0:20:40.578 --> 0:20:45.798 So synchronizing it the having a single way of defining 0:20:45.798 --> 0:20:49.488 that is the much bigger problem. And I'm not saying 0:20:49.488 --> 0:20:52.878 your question is not important. I'm simply want to remind 0:20:52.878 --> 0:20:56.088 that the focus is consolidation having a single voice, but 0:20:56.088 --> 0:21:00.648 then to define policy in teleport, we offer kind of 0:21:00.648 --> 0:21:01.908 two ways of doing it. Do you have like a 0:21:01.908 --> 0:21:04.648 static way of defining policy? You can think of like 0:21:04.668 --> 0:21:08.028 YAML file. The gamble says that like this group, this 0:21:08.028 --> 0:21:10.128 is what they could do inside of communities. This is 0:21:10.128 --> 0:21:12.228 what you can do with telling them be. But the 0:21:12.228 --> 0:21:16.638 interesting one is policy as code, so you could basically 0:21:16.638 --> 0:21:20.658 use your like programming language of your choice, which will 0:21:20.658 --> 0:21:23.958 be teleport will just ask your code. But what shall 0:21:23.958 --> 0:21:26.808 I do now? This read like this is what I. 0:21:27.078 --> 0:21:31.218 Identities of everyone involved like this allows you to kind 0:21:31.218 --> 0:21:36.528 of extend teleport behavior beyond static configuration so you implement 0:21:36.528 --> 0:21:41.438 completely arbitrary rules like if your last name ends with 0:21:41.448 --> 0:21:46.248 a Z, then you cannot do something on Tuesdays after 2pm. 0:21:46.848 --> 0:21:49.728 So that is kind of two ways of doing it 0:21:49.728 --> 0:21:53.448 through code dynamically or statically via a static concept. 0:21:53.958 --> 0:21:57.618 Yeah, it just seems to me that the policy piece 0:21:57.618 --> 0:22:00.288 is huge. Not not the technical aspect of like, how 0:22:00.288 --> 0:22:04.458 do you write it or implement it? But the aspect 0:22:04.458 --> 0:22:09.618 of explainability understanding your security program by being able to 0:22:09.618 --> 0:22:11.628 look at your set of policies that are in place. 0:22:12.258 --> 0:22:16.158 So it's like someone comes audit you, a customer or 0:22:16.188 --> 0:22:18.498 a regulator or something something and they come to you 0:22:18.498 --> 0:22:20.898 and they say, I want to know the current state 0:22:20.898 --> 0:22:23.568 of our environment. You could say here are all the 0:22:23.568 --> 0:22:26.298 policies that are currently in place. Here are the violations. 0:22:27.108 --> 0:22:31.278 That's right. Yep, yep. It's actually interesting computer science problem 0:22:31.278 --> 0:22:36.168 that you reminding me off. So, uh, so those of 0:22:36.558 --> 0:22:39.258 us engineers who went to school and if you take 0:22:39.258 --> 0:22:43.278 like a prologue class. Mm hmm. The policy is very 0:22:43.278 --> 0:22:47.898 similar to declarative programming. Mm hmm. So if you're writing 0:22:47.928 --> 0:22:51.258 a piece of software or using those languages, you basically 0:22:51.258 --> 0:22:54.828 define a set of facts like predicates. For example, cats 0:22:54.828 --> 0:22:58.338 are animals. Dogs are animals. So then the program will 0:22:58.338 --> 0:23:00.978 say that both cats and dogs are animals, and you 0:23:00.978 --> 0:23:03.948 can ask the question Is dog an animal? And the 0:23:04.068 --> 0:23:07.068 and the system will respond yes and no. So as 0:23:07.068 --> 0:23:09.678 you add more and more statements like this and the system, 0:23:09.678 --> 0:23:12.588 your probably your application becomes more complex and then you 0:23:12.588 --> 0:23:16.338 can ask the question So is Bob an animal? And 0:23:16.338 --> 0:23:19.758 the thing will and and the system of predicts will 0:23:19.758 --> 0:23:22.218 look like Bob is a human and human is not 0:23:22.218 --> 0:23:25.098 an animal. Therefore, Bob is not an animal. So you 0:23:25.108 --> 0:23:29.708 could just take a simple example. But notice that the 0:23:29.718 --> 0:23:33.108 answers will always be correct. You will either get yes 0:23:33.108 --> 0:23:38.048 or no or not enough data. But we don't have 0:23:38.048 --> 0:23:42.308 a system like this to query policies today because policies exist, 0:23:42.308 --> 0:23:45.328 as I said, because of that fragmentation and siloing, you 0:23:45.338 --> 0:23:48.518 have different policies for different systems declared using different languages 0:23:48.518 --> 0:23:52.808 and components, so you cannot ask a question can bob 0:23:53.078 --> 0:23:58.118 touch production data right? So because no way you because 0:23:58.118 --> 0:24:03.078 you have no one to ask. Simply because of that fragmentation, 0:24:03.088 --> 0:24:07.138 so that is why we rely on audits. Mm-Hmm. Audit 0:24:07.138 --> 0:24:10.108 is a retroactive way to see if you have an 0:24:10.108 --> 0:24:13.978 error in your policy. It's essentially troubleshooting policy. That's what 0:24:13.988 --> 0:24:19.558 audit is. This is why auditors look for this all logs. Mm-Hmm. 0:24:19.948 --> 0:24:22.348 Because they want you. They want to see if you 0:24:22.348 --> 0:24:25.468 have a way of spotting in there. I am basically 0:24:25.468 --> 0:24:30.148 saying that audit logging in the future should be considered 0:24:30.148 --> 0:24:33.388 almost like an absolute practice. Instead, we should have a 0:24:33.388 --> 0:24:35.968 system that is similar to prolog where you can ask 0:24:35.968 --> 0:24:40.558 a question can log access from production. And if the 0:24:40.558 --> 0:24:42.978 answer is no, it's not like they're there. 0:24:43.108 --> 0:24:45.838 We don't really give me the current state of the employee. 0:24:46.198 --> 0:24:49.258 So that is the future that we're driving towards. But 0:24:49.258 --> 0:24:52.678 the first step is to consolidate everything in one place. 0:24:52.948 --> 0:24:57.058 You see, this is why. I answered my your first 0:24:57.058 --> 0:25:00.818 question that way, because when you said like, just can 0:25:00.838 --> 0:25:04.918 I single control plan that everything goes through? That is true, 0:25:04.918 --> 0:25:08.158 but you see how deep that consolidation goes, that you 0:25:08.158 --> 0:25:12.868 making entire things like audit, log and observability not needed obsolete. 0:25:13.228 --> 0:25:15.358 That is the kind of benefit that you get if 0:25:15.358 --> 0:25:19.318 you consolidate access policy and identity source in one place. 0:25:19.708 --> 0:25:24.088 Interesting. And so what are the technical steps here like? 0:25:24.208 --> 0:25:28.218 What is the plane look like when it's installed inside 0:25:28.228 --> 0:25:30.958 a different environment? How does it look for physical assets? 0:25:30.958 --> 0:25:35.368 How's it look for Cuba daddies versus easy to versus 0:25:35.368 --> 0:25:36.388 all these other places? 0:25:37.408 --> 0:25:40.618 So they're essentially, I would say, maybe three components of 0:25:40.618 --> 0:25:46.028 a system and. It's just kind of on a low 0:25:46.028 --> 0:25:49.028 level teleport is a single binary look, would you believe 0:25:49.028 --> 0:25:53.048 that simplicity is absolutely essential to security? So every engineer 0:25:53.048 --> 0:25:56.228 is familiar with the concept of a Unix daemon, so 0:25:56.228 --> 0:25:59.318 you have a system that's running on every box. So 0:25:59.318 --> 0:26:01.478 and we use that model. OK, we're going to be 0:26:01.478 --> 0:26:04.528 just like that because everyone knows how to run it. 0:26:04.538 --> 0:26:07.378 Everyone knows how it works. Everyone has an idea of 0:26:07.388 --> 0:26:11.518 how much resources it requires. CCD is also it's almost stateless. 0:26:11.528 --> 0:26:13.748 It has a little bit of config. It's simple. It 0:26:13.748 --> 0:26:16.508 never goes down. It has no dependency. It's like the 0:26:16.508 --> 0:26:18.488 first thing that comes up and the last thing that 0:26:18.488 --> 0:26:22.628 goes down. Mm-Hmm. Maintenance free or almost maintenance free. So 0:26:22.628 --> 0:26:25.598 that is what teleport is. It's just a drop in 0:26:25.598 --> 0:26:30.428 replacement process. OK. So with get out of the way now, 0:26:30.548 --> 0:26:34.898 how does it work when it's running you? You have 0:26:34.898 --> 0:26:39.668 to say that on certain machines, teleport works slightly differently. 0:26:39.668 --> 0:26:42.398 So in other words, you run the daemon with different 0:26:42.398 --> 0:26:46.148 flags in different places. OK. So you have to say 0:26:46.148 --> 0:26:49.118 like these machines are going to be proxies, so you 0:26:49.118 --> 0:26:52.898 have to select the proxy. OK, so proxy. It means 0:26:52.898 --> 0:26:55.738 that it's a machine that is exposed to the outside world, 0:26:55.778 --> 0:26:58.298 also on the inside. So that's your kind of front door. 0:26:58.778 --> 0:27:03.998 So teleport proxy. Again, SOCOG works exact same way, so 0:27:03.998 --> 0:27:06.908 if you think of jump host, that's really your proxy. 0:27:07.038 --> 0:27:09.938 OK, so this is like your your take on zero 0:27:09.938 --> 0:27:13.358 trust rather than VPNs like these are your proxies to 0:27:13.358 --> 0:27:14.618 get into everything behind. 0:27:15.188 --> 0:27:20.558 Correct. So but teleport proxies, peaks, all protocols. I feel 0:27:20.708 --> 0:27:24.398 like the massive difference there. Hmm. So when you try 0:27:24.398 --> 0:27:27.728 to connect to a MongoDB or teleport, the proxy will 0:27:27.728 --> 0:27:31.828 start speaking MongoDB protocol to you. If you're talking associate proxies, 0:27:31.958 --> 0:27:36.248 toxic assets h, so your existing tools think that they 0:27:36.248 --> 0:27:37.928 are talking to actual mongo. 0:27:38.108 --> 0:27:43.238 So if including on another distant host that's behind the proxy, 0:27:43.928 --> 0:27:45.788 how is it being routed to it? How does it know? 0:27:45.788 --> 0:27:46.358 So go. 0:27:46.668 --> 0:27:52.518 Yeah. So the proxy, what proxy does they? The proxy 0:27:52.518 --> 0:27:55.518 gets your request, and in there it sees which host 0:27:55.518 --> 0:27:57.378 you're actually trying to go to. So it makes this 0:27:57.378 --> 0:28:02.868 transparent connection and you go into that host on that 0:28:02.868 --> 0:28:06.168 host you have teleport to running and teleport is interacting 0:28:06.168 --> 0:28:09.018 closely with whatever it is you're accessing. Is it? If 0:28:09.018 --> 0:28:13.128 it's if it's Linux operating system, that's direct comparison to SSA. 0:28:13.398 --> 0:28:16.848 So it will just do Fool Association limitation, right? So 0:28:16.848 --> 0:28:20.388 but if it's good or my sequel, or if it's 0:28:20.388 --> 0:28:23.718 maybe a Kubernetes cluster, then it will connect that connection 0:28:23.718 --> 0:28:28.938 directly to the cluster and it and it will put 0:28:28.938 --> 0:28:31.758 certificate on the wire. Because all of these workloads actually 0:28:31.878 --> 0:28:36.238 support certificates could be an instance of birth certificate databases do. Hmm. 0:28:37.158 --> 0:28:40.518 But with a certificate coming from the proxy by itself 0:28:40.518 --> 0:28:43.458 is really dumb. It simply connects sockets together, and that's 0:28:43.458 --> 0:28:46.548 by design. Mm hmm. Because if you have an attack 0:28:46.548 --> 0:28:50.148 on the proxy, not because teleport is vulnerable, but simply 0:28:50.148 --> 0:28:53.148 because there is always an attack. You might have Postgres. 0:28:53.208 --> 0:28:56.508 I'm sorry, the WordPress or some other application that's older, 0:28:56.508 --> 0:28:58.878 built on the same machine, but like human made a 0:28:58.878 --> 0:29:02.298 mistake somewhere and people bad people have gotten onto the 0:29:02.298 --> 0:29:05.418 proxy fight. There are no secrets in the proxy, the 0:29:05.418 --> 0:29:10.238 way it works that. Before even connecting to your proxy teleport, 0:29:10.598 --> 0:29:12.968 it will it will look on the wire and see 0:29:12.968 --> 0:29:15.278 if you have a certificate. And if you don't have 0:29:15.278 --> 0:29:18.968 a certificate that will redirect you to identity manager like 0:29:18.968 --> 0:29:22.838 actor sell point Active Directory, it will say go do 0:29:22.838 --> 0:29:27.698 your SSL. So you go through that you log in 0:29:27.698 --> 0:29:31.928 using the choice of authentication your company prefers, and then 0:29:31.928 --> 0:29:36.038 that system will redirect you back to teleport with certificate 0:29:36.038 --> 0:29:40.408 on the wire. Mm-Hmm. Now we actually know what that's wrong. 0:29:40.418 --> 0:29:42.698 That's not how it works. It redirects you back to 0:29:42.698 --> 0:29:45.518 teleport with metadata on the wire. So we have standards 0:29:45.518 --> 0:29:48.968 like Samuel or Panaji Connect where your identity is going 0:29:48.968 --> 0:29:51.878 to be there. So the proxy will then take that 0:29:51.878 --> 0:29:55.418 identity and will send to the second component of teleport 0:29:55.418 --> 0:30:02.548 called Certificate Authority. Certificate Authority will look at you and 0:30:02.548 --> 0:30:05.168 there's OK which protocols you're using, or you need the 0:30:05.168 --> 0:30:08.978 cessation ID MongoDB you need. And then this will issue 0:30:08.978 --> 0:30:12.458 certificates for everything you need, and those certificates will go 0:30:12.458 --> 0:30:14.678 back to you and they will be put in the 0:30:14.678 --> 0:30:18.158 wire and then you'll be redirected back to proxy. And 0:30:18.158 --> 0:30:20.648 then proxy will look at these certificates and it will 0:30:20.648 --> 0:30:23.528 connect you to this thing. And when you add it's 0:30:23.528 --> 0:30:26.468 encrypted end to end this, your proxy proxy only looks 0:30:26.468 --> 0:30:29.288 at the circuit doesn't actually see any data. So then 0:30:29.288 --> 0:30:32.648 your connection is established, let's say, into MongoDB or Linux 0:30:32.648 --> 0:30:37.388 box and decryption only happens there. So that is the 0:30:37.388 --> 0:30:38.118 magic reminds me 0:30:38.138 --> 0:30:39.158 of Kerberos a little bit. 0:30:39.678 --> 0:30:44.128 Yeah, exactly. You see, these ideas are not new, but 0:30:44.198 --> 0:30:47.918 we as an industry, we know what the best practices are. 0:30:48.248 --> 0:30:50.978 It just so happens that they're not always available to people, 0:30:50.978 --> 0:30:53.258 so they have to resort to. So that's really what 0:30:53.258 --> 0:30:56.208 we do. We just make best practices easy by making 0:30:56.208 --> 0:31:01.448 him default. So and now when you connecting to, let's say, 0:31:01.718 --> 0:31:04.868 like a database or Kubernetes, you have certificates in the way, 0:31:05.138 --> 0:31:07.118 which means that Kubernetes will put you in the right 0:31:07.118 --> 0:31:10.358 group and the role based access control will kick in. 0:31:10.718 --> 0:31:13.928 And the audit will now have like your metadata will 0:31:13.928 --> 0:31:16.418 be in the audit, so it will all be now 0:31:16.418 --> 0:31:20.078 synchronized and then the same thing will happen if you 0:31:20.078 --> 0:31:23.648 are a bot. So if you're like a backup script 0:31:24.068 --> 0:31:28.568 and you get started by scheduler inside of a Kubernetes cluster, 0:31:28.958 --> 0:31:32.678 the certificate will be injected into Kubernetes secrets, right? So 0:31:32.858 --> 0:31:34.538 now you have certificates. So if you want to make 0:31:34.538 --> 0:31:39.128 connections during anything like every programming language runtime when you 0:31:39.428 --> 0:31:44.018 open socket call, there is a certificate optional parameter refresh TV, right? 0:31:44.348 --> 0:31:46.268 Just put it there. That's all you have to change, 0:31:46.268 --> 0:31:49.178 like one parameter, one line of code and that you 0:31:49.178 --> 0:31:53.438 don't need API keys anymore. That's it. Like now your Borth, 0:31:53.438 --> 0:31:56.378 your automation has an identity, and that identity will be 0:31:56.378 --> 0:31:58.868 used to give you access to whatever it is you 0:31:58.868 --> 0:32:01.088 need to back up. Mm-Hmm. So you see how it 0:32:01.088 --> 0:32:04.868 works for software now on the hardware side when the 0:32:04.868 --> 0:32:08.768 machine is booting, but you see teleport is a demon. 0:32:09.068 --> 0:32:11.158 So the first thing it does when it comes on line, 0:32:11.408 --> 0:32:13.898 it will go it so it will do its own off. 0:32:14.588 --> 0:32:17.828 It will go to certificate authority and say, Hey, I'm 0:32:17.828 --> 0:32:20.948 over here, I'm a production host. If that's true, the 0:32:20.948 --> 0:32:23.438 certificate will be issued and it will land on the box. 0:32:23.828 --> 0:32:27.338 So you see, every microservice has a certificate, every human 0:32:27.338 --> 0:32:31.328 has a certificate, every hardware piece of hardware has a 0:32:31.328 --> 0:32:35.678 certificate and in on the roadmap we're going into client 0:32:35.678 --> 0:32:38.468 as well. So which means your laptop when you try 0:32:38.468 --> 0:32:41.738 to get in because laptop, it needs to be compliant 0:32:41.978 --> 0:32:46.108 and you have IT-BPM, so your laptop will receive a 0:32:46.118 --> 0:32:49.718 client hardware certificate. And so now you have you basically 0:32:49.718 --> 0:32:53.108 covered everything with certificates. They have this identities, and now 0:32:53.108 --> 0:32:58.448 you can do this. Fun things with policy enforcement asking questions. 0:32:58.448 --> 0:33:00.218 Cook who has access to what? 0:33:00.968 --> 0:33:03.128 Yeah, really, really cool stuff. 0:33:03.788 --> 0:33:06.758 Yeah. But let's talk about the negatives, because if it 0:33:06.758 --> 0:33:09.158 was so obvious, why would it like didn't exist before? 0:33:09.428 --> 0:33:15.238 So the sacrifice is complete goodbye to backwards compatibility. Mm-Hmm. 0:33:15.628 --> 0:33:18.868 Because you have so much infrastructure out there. Let's start 0:33:18.868 --> 0:33:21.898 with routers like every piece of network equipment has a 0:33:22.368 --> 0:33:25.438 associated baked into it and you cannot get out and 0:33:25.438 --> 0:33:27.988 it works using public private keys like there is no 0:33:27.988 --> 0:33:31.498 certificate support. If you look on the client, like using 0:33:31.498 --> 0:33:35.758 windows using putty. No certificate support. Yeah, there are versions 0:33:35.758 --> 0:33:40.018 of SSA agent on some Linux distros. They cannot hold certificates. 0:33:40.318 --> 0:33:43.318 So we just basically making these choices that if we 0:33:43.318 --> 0:33:45.718 were to make a difference, I would have to go 0:33:45.718 --> 0:33:48.808 where the puck is going and saying if if you 0:33:48.808 --> 0:33:51.418 don't do certs, you should stop doing it. So that's 0:33:51.838 --> 0:33:56.638 that's probably the most visible kind of drawback of the system. 0:33:58.378 --> 0:34:01.528 That makes sense, which would make sense that it's easier 0:34:01.528 --> 0:34:05.638 for newer orgs, like if they were to spin up 0:34:05.638 --> 0:34:08.308 a new company tomorrow and start with this, it would 0:34:08.308 --> 0:34:09.358 be much easier. 0:34:10.598 --> 0:34:14.988 Well, you would be surprised. On one hand, though, what 0:34:14.988 --> 0:34:18.348 you're saying is definitely true. But yet let's also remember 0:34:18.348 --> 0:34:23.328 that any large company is basically a collection of orgs. Right? Yeah. 0:34:23.598 --> 0:34:28.308 And certain are newer than others. Mm-Hmm. Samsung is arguably 0:34:28.548 --> 0:34:31.128 like a huge company that's definitely not, you know, it's 0:34:31.758 --> 0:34:37.128 like feels like it's a half of the South Korean economy. Sure, sometimes. 0:34:37.848 --> 0:34:41.028 But we have a significant presence at Samsung. So the 0:34:41.028 --> 0:34:45.288 teams that are starting new projects or just or simply 0:34:45.288 --> 0:34:49.518 operating on the newer technological stack. So they are adopting 0:34:49.518 --> 0:34:51.858 to work more and more frequently, and we have plenty 0:34:51.858 --> 0:34:56.598 of large companies still apart. 0:34:56.688 --> 0:34:59.778 Yeah. And there are a lot of companies who periodically 0:34:59.778 --> 0:35:02.538 they say, how should we be doing this different? And 0:35:02.538 --> 0:35:06.228 that's a perfect time. There are regular intervals where it's 0:35:06.228 --> 0:35:09.348 a perfect time to reevaluate and move into the future 0:35:09.348 --> 0:35:10.608 rather than doing the old thing. 0:35:11.118 --> 0:35:16.998 Yeah, I think the big another like other than fragmentation 0:35:16.998 --> 0:35:22.368 of access, which is absolutely killing everyone. Another huge problem 0:35:22.368 --> 0:35:29.678 is now with just treatment of secrets. Mm-Hmm. For a 0:35:29.678 --> 0:35:33.998 long time, it was considered to be acceptable to store 0:35:33.998 --> 0:35:36.308 secrets in an encrypted way as long as you do 0:35:36.308 --> 0:35:39.338 it properly. So you would use some kind of encrypted 0:35:39.338 --> 0:35:44.558 vaults or you would use basically just you would rely 0:35:44.558 --> 0:35:48.498 on encryption to protect your infrastructure. And it's okay. It's fine. 0:35:48.608 --> 0:35:55.208 But we have solid algorithms. We had like amazing mathematical breakthroughs. 0:35:55.478 --> 0:35:59.738 So let's do that. And that's true. But the reason 0:35:59.738 --> 0:36:02.588 why secrets no longer work is because of scale. So 0:36:02.598 --> 0:36:06.518 let me walk you through why he managed just right. Well, 0:36:06.548 --> 0:36:09.098 key management is one use case, but you can. But 0:36:09.098 --> 0:36:11.648 you could think about it in the generic terms like 0:36:11.648 --> 0:36:14.098 you have data and there's the standard like data and 0:36:14.108 --> 0:36:16.988 you should be encrypted at rest. OK, encrypted with what? Well, 0:36:17.168 --> 0:36:20.618 with a secret. So where does that secret go? And 0:36:20.618 --> 0:36:23.378 you have these instances of that like sprinkled all over 0:36:23.378 --> 0:36:27.298 there have API keys for internal external services. You have 0:36:27.298 --> 0:36:31.808 message credentials, you have a data like backups encrypted, just 0:36:31.808 --> 0:36:33.908 like all of the secrets. Where do they go? Like 0:36:33.908 --> 0:36:38.498 what is happening? So that is a growing concern and 0:36:38.498 --> 0:36:42.788 the problem in the space because it's not scalable and 0:36:42.788 --> 0:36:46.208 this is where scale breaks here. So imagine for a 0:36:46.208 --> 0:36:48.668 second that you have a single secret in your infrastructure 0:36:48.968 --> 0:36:51.788 and your infrastructure is a single server and your team 0:36:51.788 --> 0:36:54.728 is like five people. Everything is really small, so you 0:36:54.728 --> 0:36:59.108 encrypted something that's secret. And then you have to ask yourself, 0:36:59.108 --> 0:37:03.188 what is the probability of that being stolen? OK, let's 0:37:03.188 --> 0:37:05.798 look into it. If you encrypted something, it means there 0:37:05.798 --> 0:37:09.308 is decryption happening. Mm-Hmm. If decryption is happening, it means 0:37:09.308 --> 0:37:12.338 it's either manual. So one of your five engineers will 0:37:12.338 --> 0:37:16.058 just remember the secret and do decryption. Or it's a 0:37:16.058 --> 0:37:20.558 piece of automation, something that you periodically deploy. Mm hmm. OK. 0:37:21.098 --> 0:37:24.548 So if you are periodically deploying, there's a slight chance 0:37:24.548 --> 0:37:27.758 you will have a bad deployment. Type the wrong thing 0:37:27.758 --> 0:37:30.368 in the keyboard to flip the wrong thing and your 0:37:30.368 --> 0:37:33.998 secret will be on your public GitHub repository. You will 0:37:33.998 --> 0:37:37.448 check in with the code every once in a while. 0:37:37.448 --> 0:37:40.448 We make mistakes. Well, humans. Mm hmm. So there is 0:37:40.448 --> 0:37:42.908 a tiny chance that might happen on the automation side. 0:37:43.148 --> 0:37:46.328 But if it's on the human side, same thing. Humans 0:37:46.358 --> 0:37:49.088 make mistakes. There is a tiny chance you're going to 0:37:49.088 --> 0:37:52.778 click on the wrong attachment. You can sign up for 0:37:53.018 --> 0:37:56.948 the book with a phishing attack. Your laptop will get 0:37:56.948 --> 0:38:01.168 compromised and the secret will be stolen, but you would think, Oh, 0:38:01.178 --> 0:38:03.928 we're going to follow the best practices. We hired good engineers, 0:38:03.938 --> 0:38:06.758 the smart people not going to happen. OK, fine. But 0:38:06.758 --> 0:38:09.038 then what happens if you have two secrets and then 0:38:09.038 --> 0:38:12.548 two servers and then 10 engineers and then 100 secrets 0:38:12.548 --> 0:38:16.688 and 100 servers in a thousand years? So as you scale, 0:38:16.958 --> 0:38:19.088 as you process more and more data, you can grow 0:38:19.088 --> 0:38:24.428 that combined probability of human error keeps increasing. And I 0:38:24.428 --> 0:38:28.938 will never accept and we shouldn't, that humans are infallible. 0:38:29.078 --> 0:38:31.928 We will eventually make a mistake. So which means that 0:38:31.928 --> 0:38:35.778 the existence, the mere existence of secrets and your infrastructure 0:38:35.798 --> 0:38:39.308 is a liability. And the bigger you get, the bigger 0:38:39.308 --> 0:38:42.758 that liability becomes. So the future then, is to move 0:38:42.758 --> 0:38:49.178 to completely scrupulous future, where there's zero infrastructure secrets that 0:38:49.178 --> 0:38:53.168 are present anywhere. And that is where the certificates come. 0:38:53.318 --> 0:38:56.948 Come in because maybe we don't eliminate the need for 0:38:56.948 --> 0:39:01.538 secrets for all things infrastructure, but we eliminate the need 0:39:01.538 --> 0:39:05.618 for static credentials for access. So the API keys go 0:39:05.618 --> 0:39:09.528 away because your applications will get this ephemeral certificates that 0:39:09.528 --> 0:39:13.928 are automatically expiring so you don't really need encrypted storage 0:39:13.928 --> 0:39:17.768 for your API keys. So things like associated passwords who 0:39:17.768 --> 0:39:22.298 go away, things like private public keys go away. Things 0:39:22.298 --> 0:39:26.828 like like passwords to windows. You see, that's a huge 0:39:27.788 --> 0:39:32.228 kind of liability exposure that certificates on identity just eliminate, 0:39:32.528 --> 0:39:34.868 which is a big, big shift that's happening in the 0:39:34.868 --> 0:39:36.428 industry that now is important. 0:39:36.518 --> 0:39:40.388 I love this. I think this is. I feel like 0:39:40.388 --> 0:39:44.678 it's where things have to go because complexity just continues 0:39:44.678 --> 0:39:48.488 to grow. Exactly. This is this is the only way 0:39:48.488 --> 0:39:51.638 to actually address it with a system like this. 0:39:52.088 --> 0:39:56.828 It's something I enjoy seeing the similarities in how humans 0:39:56.828 --> 0:39:59.558 think about different problems. Like one, when we talk about 0:39:59.558 --> 0:40:04.568 carbon footprint and global warming, it's basically the same answer. Yeah. 0:40:05.258 --> 0:40:08.198 It needs to go to zero. Like simply lowering something 0:40:08.198 --> 0:40:10.538 by 20 30 percent is not enough because it keeps 0:40:10.538 --> 0:40:14.918 accumulating so few, gaining 20 percent all the time. So 0:40:14.918 --> 0:40:19.628 eventually that that curve is going to get you to say, Oh, 0:40:19.658 --> 0:40:23.558 it's just like you said with population, the population grows 0:40:23.558 --> 0:40:25.388 and you have a small problem. Well, you have a 0:40:25.388 --> 0:40:25.878 big yes. 0:40:25.988 --> 0:40:28.568 Yep. Yep, yep, exactly. Exactly. 0:40:30.128 --> 0:40:33.698 All right. Well, this has been fantastic. Definitely enjoyed this. 0:40:33.698 --> 0:40:37.198 I wish it was a real lunch, but me too. Yeah. Yeah. 0:40:37.568 --> 0:40:41.168 Maybe sometime soon. And thank you so much for the time. 0:40:41.678 --> 0:40:43.868 Yeah. Thank you for asking all the right questions I 0:40:43.868 --> 0:40:47.678 couldn't hope for to cover so much, so quickly. Awesome. 0:40:48.218 --> 0:40:49.148 All right, ladies, 0:40:49.148 --> 0:40:52.048 we're listening to the standalone episode. We'll see you next time.