TalkingTrust with Thales and Red Hat - Securing Containers and DevOps

TalkingTrust Series – Thales and Red Hat - Securing Containers

 

00:10 Hello.

00:11 My name is David Madden from Thales and

00:14 I'm here today to talk about securing

00:16 containers and DevOps.

00:17 We're glad to have Cameron Skidmore,

00:20 Associate Solutions Architect at Red Hat

00:22 with us,

00:22 who's an industry expert in containers

00:24 and open source,

00:26 to help us understand the critical and

00:28 emerging market. Microservices and

00:30 containerized architectures are being

00:32 embraced as a critical element of

00:34 enterprise digital transformation,

00:36 as a container platform offers

00:38 developers teams an efficient way to

00:40 build and deploy

00:41 apps across hybrid cloud environments

00:44 really at scale.

00:45 However, what is missing typically is a

00:47 security element.

00:49 Red Hat and Thales can help ensure

00:51 code runs securely

00:53 and data can be protected effectively. So

00:56 today

00:56 as a result of all of this we're going

00:58 to talk a little bit more about how Red

01:00 Hat and Thales

01:00 can enable a secure and scalable DevOps

01:04 platform to

01:05 deploy services. So with that let's get

01:07 started

01:08 with a short history and background on

01:10 DevOps containerization.

01:11 Cameron, can you share a few details with

01:14 us so we can better understand?

01:16 Sure Dave, I'd love to. So this idea of

01:19 DevOps I think it really

01:21 came out of a need to solve a problem

01:23 and that problem was that code just

01:25 wasn't getting

01:26 built and even deployed quick enough

01:30 and that there was this massive

01:31 inefficiency in the process.

01:33 For me the best way I know how to kind

01:35 of describe this within a metaphor

01:37 is it's like a relay race right with

01:39 batons. And, you've got one runner

01:42 running up to hand it off to the next

01:43 runner but of course the other runner

01:45 starts running before they get there

01:47 so both are kind of working together in

01:49 that moment and there's not this hard

01:50 stop,

01:51 where the person has to from nothing

01:53 start with the baton again.

01:55 I think it's a similar kind of idea with

01:58 DevOps because

01:59 you want there not to be this hard

02:02 demarcation point

02:03 where the Dev team then has to throw

02:05 code over to the Ops team

02:07 and it just kind of creates this massive

02:09 amount of 

02:11 inefficiency in the process right? Yeah

02:15 and I think that you know this is

02:16 something people have been working on

02:18 for a while. DevOps isn't really

02:19 a new idea at this point but there's a

02:21 lot of let's say technological

02:23 innovation going on right now, right?

02:25 There's a whole lot of stuff in the

02:26 field of automation

02:28 in cloud technology and I think

02:31 you and I talked about this before, but

02:33 DevOps is really a function of

02:35 the cultural adoption of DevOps. But then

02:38 you got to combine that with all this

02:39 technology

02:40 and the primary technology being adopted

02:43 to drive that

02:44 is really the automation. And that's kind

02:47 of what

02:47 you know add those two together and

02:49 you're gonna end up getting

02:51 the amount of success that your teams

02:53 are looking for in DevOps.

02:56 Makes sense. So how are modern

02:58 organizations then leveraging

03:00 open source DevOps and containers as a

03:02 core part of these digital

03:04 transformation plans? Sure that's a great

03:07 question

03:08 and when you're talking about the 

03:10 digital transformation or you're talking

03:12 about things like IoT

03:13 or cloud, fundamentally more and more

03:16 what I think that

03:17 ends up being is a conversation around

03:20 container technology

03:21 right? Because all these are kind of

03:23 converging within that and the container

03:25 technology

03:26 is different than legacy infrastructure

03:29 because,

03:29 and we were talking about this before,

03:31 but it was built

03:33 with DevOps already in mind. Right.

03:35 We can

03:36 see that and how they put together

03:38 these solutions and these technologies.

03:40 It's not where you're having to, you know,

03:42 shoehorn the teams to work together in

03:44 ways that

03:44 the environment was never designed to.

03:46 It's more about

03:48 from jump, you can see oh it's the you

03:50 know, the Devs teams are flowing really

03:52 well into the Ops team

03:54 and it's just kind of a natural

03:56 progression from that.

03:58 And so I read how we talk about the

04:00 digital transformation a lot

04:02 and DevOps is really key to digital

04:04 transformation

04:05 because fundamentally with digital

04:08 transformation

04:09 that's something where the

04:12 the company itself right is trying to

04:15 reinvent their processes, their business

04:17 processes. They're trying to

04:19 put technological innovation first and

04:21 foremost

04:22 and I think at first when people hear

04:25 digital transformation, they may think

04:27 okay we're going to transform digitally.

04:28 We're going to move into the

04:30 the cloud space. We're going to adopt

04:33 all this technology

04:34 but it's not just one big sprint, it's

04:36 more of a marathon.

04:38 Right. You're going to have

04:39 to constantly

04:41 get your developers what they need and

04:42 keep the pace up over

04:44 the next year and decade even.

04:47 And there's going to be a huge

04:48 advantage for companies that are able to

04:49 do that and

04:50 leverage this kind of technology.  Makes

04:53 sense.  And so it sounds like

04:55 you know development, IT, operations

04:58 they're going you know from a service

05:01 provider approach to almost a core part

05:03 of the whole digital value creation

05:05 process.

05:06 So, this is really now a core asset of

05:08 any business in a digital economy

05:10 would you agree Cameron? I certainly

05:12 would agree,

05:13 and I think that also a

05:16 big aspect of maybe

05:20 the perceived risk going into this new

05:22 paradigm especially with all this new

05:24 technology,

05:25 is that there's this hesitation

05:29 on the part of, well maybe I don't really

05:31 know everything about

05:32 Kubernetes or I don't know everything

05:34 about

05:34 how security works in Kubernetes.

05:37 We found in our

05:38 research is that a big blocker for this

05:40 digital transformation

05:41 is mainly those two things.

05:45 Which is why I think it's really

05:46 important for companies like Thales and

05:48 Red Hat to work together

05:49 because helping meet people where their

05:53 IT skills are and you know implementing

05:56 top tier enterprise ready

05:58 security on top of it, I think that we

06:00 can really

06:01 lower the barrier to entry for digital

06:03 transformation together.

06:07 Makes sense. So in terms of 

06:10 security

06:11 it's like a platform

06:13 almost and then leveraging

06:15 Red Hat really drives things as a

06:17 platform where

06:18 you can you can take these elements and

06:21 apply them in

06:22 across your organization if you will, so

06:24 it enables things.

06:26 Obviously if it's not there

06:28 you've got a considerable risk

06:30 from both your platform running

06:32 smoothly,

06:33 efficiently as well as making

06:35 sure things you're not

06:37 missing an element as you roll from

06:40 development to

06:41 production. So how would you

06:44 architect this with Red Hat open

06:47 shift,

06:48 and how do you implement it across

06:49 containers? Can you describe

06:51 a little more detail for us?  Yeah

06:53 absolutely, I can give a quick flyby of

06:55 the architecture behind OpenShift.

06:57 So as it always does it really starts

07:00 with the OS.

07:01 Our goal with the OS that all

07:03 this is going to be running on

07:05 is to give you the ability to draw from

07:08 any kind of platform right,

07:09 if it's your own personal data center,

07:12 if it's a cloud environment, we want

07:16 it to feel all like it's cut from the

07:18 same piece of cloth,

07:19 right?  Because that's going to also help

07:21 this cooperation in DevOps without

07:23 everybody having to

07:25 work with different types of you know

07:28 starting points and core OS

07:30 How we've been able to do that

07:33 and core OS

07:34 for the points of security here, it's

07:36 it's a very

07:37 special operating system because for one

07:39 it can scale of course but

07:41 for two it's designed with the smallest

07:44 amount of surface area for attack

07:45 possible.

07:46 And once it's built it can't really be

07:49 altered. So it's unalterable as an OS,

07:51 makes it very secure from a security

07:53 point of view.

07:56 The only other the really quick main

07:58 point that I also want to make

08:00 is that Kubernetes is OpenShift. I

08:03 think sometimes people hear OpenShift

08:04 and they're like OpenShift versus

08:06 Kubernetes, but really OpenShift

08:08 is built on top of Kubernetes.

08:10 That's really the movement

08:12 behind it we just have a lot of other

08:14 things to again going back to what we

08:16 were saying before,

08:17 perceived lack of talent on

08:21 the part of

08:21 certain companies wanting to adopt this

08:23 technology that's why we built OpenShift.

08:25 We

08:26 make it easier to install wherever you

08:27 want to install it.

08:29 We make it easy whether it's in a

08:31 cloud or an on-premise environment.

08:33 Auto scaling is determined through

08:37 the actual OpenShift GUI, so it's a lot

08:39 simpler and a lot more approachable.

08:42 We even have one-click updates as

08:45 well, so you're not constantly

08:47 tasking your administrators with the

08:49 kind of overhead

08:50 that might come with administering a

08:52 Kubernetes vanilla

08:56 environment all by themselves. 

08:58 That's another big part of it.

09:00 We also have services that exist like

09:03 code ready workspaces

09:04 and Istio service mesh and all these

09:07 other things to kind of help round out

09:09 the sharper edges of Kubernetes

09:10 environment that you might have just on

09:12 its own.

09:13 I think that's an important point as

09:14 well.  We kind of lay that out here in the

09:17 in the in the top section with the

09:19 application services and stuff,

09:21 but yeah, Kubernetes effectively

09:24 deployable in the enterprise by

09:26 providing all these

09:28 you know Red Hat value ads beyond just

09:30 the core OS.

09:31 Absolutely, and that's really

09:34 why people have kind of gravitated

09:37 toward OpenShift and we've been

09:39 working on this offering in parallel

09:41 with Kubernetes for five years now. We've

09:43 been an active participant

09:45 in the Kubernetes upstream. Kubernetes is

09:48 of course open source; you can't think

09:50 Red Hat without thinking open source, so

09:52 we've been on this and we've really

09:54 been trying to make it

09:56 as approachable, easy, safe and

09:58 secure as possible. You know just

10:00 taking an open source project off the

10:02 shelf there's a whole lot of

10:04 worry that can happen with that as far

10:06 as it being enterprise and hardened and

10:08 secure behind it. So we do offer of

10:10 course things like

10:11 continuous security patches as well

10:15 which is kind of standard for any of the

10:16 open source enterprise offerings at this

10:18 point.

10:20 Brilliant. You know one thing I heard the

10:22 other day I thought was interesting from

10:23 our friends at IDC.

10:25 They found that teams that were

10:26 leveraging

10:28 OpenShift and your OpenShift container

10:30 platform

10:31 and using application

10:33 delivery and DevOps were in much better

10:35 position to use software

10:36 innovation agility to impact their

10:38 organizations in their response to the

10:40 crisis

10:41 as they were able to roll out these new

10:43 releases in a much shorter time

10:45 and help drive the shift to their

10:47 digital business from you know

10:49 physical businesses. I thought that

10:50 was a really interesting thing and what

10:52 you're giving them here is

10:53 the tools to enable them to do that as

10:54 you say. People don't necessarily have

10:56 all the skills and capability

10:58 in that previous slide. That was the

10:59 number one issue, along with security,

11:01 in making sure people can move to a

11:03 digital world.

11:04 You're just helping them you know

11:06 given that roadmap if you will,

11:08 and all the tools to get there

11:10 quickly and efficiently.

11:11 Absolutely. We want to make people feel

11:14 safe to move 

11:14 quickly, I think would be the best way to

11:16 describe OpenShift.

11:18 We want you to be able to innovate

11:19 quickly, to answer whatever

11:21 comes your way, like for example, the

11:23 pandemic. Which I love hearing that. It

11:25 really

11:26 makes me proud to work at Red Hat with

11:27 examples like that.

11:29 But that's the key, you want to be

11:31 able to feel like you're not

11:33 sticking your neck out every

11:34 time you really sprint forward in your

11:36 own digital

11:37 innovation and creating these new

11:38 digital assets.

11:41 So yeah, absolutely cool. So I guess to

11:44 your point, these are

11:45 digital crown jewels if you

11:46 will, as you're changing your whole

11:48 business and putting it online.

11:50 So how are we going to approach security

11:51 together with Red Hat, 

11:53 and how can we help customers prepare as

11:56 they build their

11:57 containerized environments?

12:00 Yeah absolutely. So we've spoken

12:04 already about

12:05 DevOps, but it's something that you

12:08 know we've been working on

12:09 lately and especially with Thales as well

12:11 is this idea of DevSecOps.

12:13 So the question becomes,

12:15 we've broken the silos down over the

12:17 last decade especially with the

12:18 automation technology

12:20 of developers and ops people, but

12:24 where does security fit in that

12:25 message? So in order to kind of

12:28 answer that, we've been developing out

12:30 DevSecOps as a as kind of philosophy,

12:33 but also something to hang the

12:34 technology on,

12:36 and it's a framework that focuses again

12:39 on what's most important on speed of

12:41 innovation.

12:41 But making sure that speed of

12:43 innovation is working in step

12:45 with the security team and not just you

12:48 know stepping on each other's toes as it

12:49 were right,

12:52 because we've seen that you're right.

12:53 Cameron, you know where you know dev

12:55 developed something,

12:56 then they try and get it to operations

12:58 but security pops in at the last second

12:59 says wait a minute.

13:00 You know you got to go back to square

13:02 one if you will

13:03 because the code isn't secure and of

13:06 course then they have to redo it whereas

13:07 if as you say if it's all part of that

13:09 that DevOps process you know as you say

13:12 DevSecOps.

13:13 It flows together and you don't have

13:15 those hiccups at the

13:17 in the last you know yard right?

13:20 Absolutely,

13:20 and I was just on a caller earlier

13:22 today Dave,

13:24 and we were talking about security

13:26 and we made the point

13:28 where Red Hat really isn't a security

13:30 vendor. We're not trying to be. We're

13:31 trying to be the platform and the tools

13:33 and the

13:34 infrastructure to build out whatever you

13:35 need, but we really do need the partner

13:37 ecosystem with partners like Thales

13:39 who can step in and fill out the

13:42 parts of this

13:43 DevSecOps pipeline to really bring

13:46 it to next level security and make

13:47 it ready for the enterprise.

13:49 I think a big question that a lot of

13:51 people have

13:53 about hesitancy to digital

13:55 transformation, security was one of them.

13:57 I think people feel really safe in their

13:58 legacy environments because they know

14:00 how to get the compliances they want

14:02 and how to do that, and when this new

14:05 kind of paradigm with cloud native

14:07 Kubernetes, they're like I don't really

14:08 know.

14:09 How is this going to get me there?

14:11 I think that's what Thales

14:13 can really bring to the table. Do you

14:15 want to talk any about how

14:17 Thales is helping fill out the

14:19 security points along this

14:21 DevSecOps? That would be great

14:24 actually.

14:25 And, you know to your point, we've

14:27 seen that time and again where

14:28 you know somebody's ready to roll

14:30 something out and you know they go, wait

14:32 a minute…

14:32 I'm not putting my crown jewels online.

14:35 Are we going to make sure this

14:36 is going to still be compliant?

14:38 Are we going to meet GDPR? All

14:40 these standards, PCI,

14:42 and that's as you know that's what

14:44 we've been doing for the past 20 years.

14:46 And so you know as you say we're a

14:48 partner focused on security,

14:50 we've done it in the old world you know

14:52 together with Red Hat, we're helping to

14:53 move to a digitally transformed

14:55 modern world and really what Thales does

14:57 when you look at this

14:58 is we provide a couple of core elements

15:01 that integrate through your open API’s

15:04 and open source from Red Hat

15:05 and OpenShift in your container

15:07 platform where

15:08 we sign the containers, make sure

15:11 that they're

15:12 the ones that they're supposed to be,

15:13 that they haven't been you know

15:15 tampered along the way or over time. 

15:17 You prove that they're from

15:19 your enterprise entity. We've got

15:22 the processes to do that

15:23 in a secure manner. We also help with

15:26 managing keys,

15:27 protecting sensitive data, you know

15:29 credit cards, personal information,

15:32 or even just private data you

15:34 want to make sure that stays private

15:36 even if it's being stored up in the

15:38 cloud or in a hybrid cloud environment.

15:40 So as you look through this process that

15:42 Cameron has here you know

15:44 in the flow, our goal is just to tie into

15:47 that whole platform that Red Hat is

15:49 offering with OpenShift and your

15:52 automation

15:52 to make sure that you can not only

15:54 automate you can automate at scale

15:56 because now with these secure hardware

15:59 routes of trust storing keys

16:00 protecting them it enables you to scale

16:03 your DevOps

16:05 in a way that gets rid of the manual

16:08 interrupts to make sure, can I sign this

16:10 code, who can sign it?

16:11 If this has already been configured in

16:13 advance it all flows smoothly

16:15 you know around the world and really

16:17 protects against fraudulent keys and

16:19 usage.

16:20 Our goal is really to help work with

16:23 Red Hat to enable our enterprise

16:25 customers together

16:27 to scale their existing assets to the

16:30 cloud, modernize them,

16:32 and then move them to a micro service

16:34 and containerized environments. And

16:36 we really appreciate the partnership,

16:38 together we've got

16:40 thousands of enterprise customers that

16:41 are doing this and really our goal is

16:43 just to

16:44 hopefully make their lives a little

16:45 easier and a little more secure

16:48 as they take this migration to

16:50 the cloud and

16:51 digital transformation. Absolutely. Anything else

16:54 you want to add

16:55 Cameron that I might have missed? I

16:57 think I'm good. I just want

16:58 to kind of hammer home this ecosystem

17:00 and that you know

17:01 this, there's no silver bullet

17:04 when it comes to answering these

17:05 questions of DevSecOps and

17:07 digital transformation. It's best

17:09 practices right,

17:10 to have secrets management handled by a

17:12 third party like Thales.

17:14 So I think it's a strong message to

17:17 have

17:17 to present all this together in united

17:19 front and help people feel confident to

17:21 take that next step toward digital

17:22 transformation.

17:24 Great. Well Cameron, I’ve got to say on

17:26 behalf of all of us here at Thales and

17:28 our customers listening today,

17:29 thank you very much for coming on

17:31 as our expert from Red Hat to

17:33 explain containers DevOps, DevSecOps and

17:37 a little more detail

17:38 with us. If people have more

17:40 questions, I'm sure they do because

17:42 this is really just a high level to give

17:44 people a sense of where the world's

17:45 going what our customers are doing

17:47 together.

17:48 We've got a bunch of materials that you

17:49 can review in more detail, and

17:51 reach out to our organizations. 

17:53 We hope everybody's staying safe

17:56 out there and building secure

17:58 environments and changing the world in

17:59 the process.

18:00 Absolutely it's been a pleasure to be

18:02 here. it's always fun talking shop with

18:04 you guys.

18:05 Have a great day, everybody stay safe.