Podcasts about new stack analysts

Once they have piloted Kubernetes, many organizations then want to scale up their K8s deployments, and run workloads across many clusters. But managing multiple clusters requires a new set of tools, ones that automate many routine and manual tasks. So, for its fifth Tech Radar report, the Cloud Native Computing Foundation surveyed the tools available for multicluster management, based on the input from its end-user community.In this edition of The New Stack Analysts podcast, we talk with two people who helped assemble the report, Federico Hernandez, principal engineer social media analysis provider Meltwater, and Simone Sciarrati, Meltwater engineering team lead. We chatted about the report's findings and how the multicluster management tool landscape is taking shape. Co-hosting this episode is Alex Williams, founder and publisher of The New Stack and the Tech Radar's organizer Cheryl Hung, CNCF vice president of ecosystem.

In this edition of The New Stack Analysts podcast, host Alex Williams, founder and publisher of The New Stack and co-host Cheryl Hung, vice president of ecosystem at CNCF Cloud Native Computing Foundation (CNCF), discuss why secrets management is essential for DevOps teams, what the tool landscape is like and why Vault was selected as the top alternative. CNCF Tech Radar contributors and featured guests were Steve Nolen, site reliability engineer, RStudio — which creates open source software for data science, scientific research and technical communication — and Andrea Galbusera, engineering and co-founder, AuthKeys, a SaaS platform provider for managing and auditing servers authorizations and logins.

In this edition of The New Stack Analysts podcast, host Alex Williams, founder and publisher of The New Stack and co-host Cheryl Hung, vice president of ecosystem at CNCF Cloud Native Computing Foundation (CNCF), discuss why secrets management is essential for DevOps teams, what the tool landscape is like and why Vault was selected as the top alternative. CNCF Tech Radar contributors and featured guests were Steve Nolen, site reliability engineer, RStudio — which creates open source software for data science, scientific research and technical communication — and Andrea Galbusera, engineering and co-founder, AuthKeys, a SaaS platform provider for managing and auditing servers authorizations and logins.

In this episode of The New Stack Analysts podcast, TNS founder and publisher Alex Williams virtually shared pancakes and syrup with guests to discuss how Apache Cassandra, gRPC and, other tools and platforms play a role in managing data on Kubernetes. Mya Pitzeruse, software engineer and OSS contributor from effx; Sam Ramji, chief strategy officer at Datastax; and Tom Offermann, a lead software engineer at New Relic were the guests. They offered deep perspectives about the evolution of data management on Kubernetes and the work that remains to be done.

In this episode of The New Stack Analysts podcast, TNS founder and publisher Alex Williams virtually shared pancakes and syrup with guests to discuss how Apache Cassandra, gRPC and, other tools and platforms play a role in managing data on Kubernetes. Mya Pitzeruse, software engineer and OSS contributor from effx; Sam Ramji, chief strategy officer at Datastax; and Tom Offermann, a lead software engineer at New Relic were the guests. They offered deep perspectives about the evolution of data management on Kubernetes and the work that remains to be done.

On the last The New Stack Analysts of the year, the gang got together — remotely, obviously — to reflect on this year. And oh what a year! But for a year in tech, 2020 still had a lot of hits — and some misses. Publisher Alex Williams was joined by Libby Clark, Joab Jackson, Bruce Gain, Steven Vaughan-Nichols, and Jennifer Riggins. We looked back on the year that saw millions die, no one fly, and a lot of jobs in turmoil. It was also a year that, while many things screeched to a halt, much of the tech industry had to keep going more than ever.

On the last The New Stack Analysts of the year, the gang got together — remotely, obviously — to reflect on this year. And oh what a year! But for a year in tech, 2020 still had a lot of hits — and some misses. Publisher Alex Williams was joined by Libby Clark, Joab Jackson, Bruce Gain, Steven Vaughan-Nichols, and Jennifer Riggins. We looked back on the year that saw millions die, no one fly, and a lot of jobs in turmoil. It was also a year that, while many things screeched to a halt, much of the tech industry had to keep going more than ever.

Prisma Cloud from Palo Alto Networks sponsored this podcast. Identity and access management (IAM) was previously relatively straightforward. Often delegated as a low-level management task to the local area network (LAN) or wide area network (WAN) admin, the process of setting permissions for tiered data access was definitely not one of the more challenging security-related duties. However, in today's highly distributed and relatively complex computing environments, network and associated IAM are exponentially more complex. As application creation and deployment become more distributed, often among multicloud containerized environments, the resulting dependencies, as well as vulnerabilities, continue to proliferate as well, thus widening the scope of potential attack surfaces. How to manage IAM in this context was the main topic of this episode of The New Stack Analysts podcast, as KubeCon + CloudNativeCon attendees joined TNS Founder and Publisher Alex Williams and guests live for the latest “Virtual Pancake & Podcast.” They discussed why IAM has become even more difficult to manage than in the past and offered their perspectives about potential solutions. They also showed how enjoying pancakes — or other variations of breakfast — can make IAM challenges more manageable. The event featured Lin Sun, senior technical staff member and Master Inventor, Istio/IBM; Joab Jackson, managing editor, The New Stack and Nathaniel “Q” Quist, senior threat researcher (Public Cloud Security – Unit 42), Palo Alto Networks. Jackson noted how the evolution of IAM has not been conducive to handling the needs of present-day distributed computing. Previously, it was “not exactly a security thing” nor a “developer problem,” and wasn't even “a security problem, he said. “[IAM] really almost was a network problem: if a certain individual or a certain process wants to access another process or a resource online, then you have to have the permissions in place to meet all the policy requirements about who can ask for these particular resources,” Jackson said. “And this is an entirely new problem with distributed computing on a massive and widespread scale…it's almost a mindset, number one, about who can figure out what to do and then how to go about doing it.”

Prisma Cloud from Palo Alto Networks sponsored this podcast. Identity and access management (IAM) was previously relatively straightforward. Often delegated as a low-level management task to the local area network (LAN) or wide area network (WAN) admin, the process of setting permissions for tiered data access was definitely not one of the more challenging security-related duties. However, in today's highly distributed and relatively complex computing environments, network and associated IAM are exponentially more complex. As application creation and deployment become more distributed, often among multicloud containerized environments, the resulting dependencies, as well as vulnerabilities, continue to proliferate as well, thus widening the scope of potential attack surfaces. How to manage IAM in this context was the main topic of this episode of The New Stack Analysts podcast, as KubeCon + CloudNativeCon attendees joined TNS Founder and Publisher Alex Williams and guests live for the latest “Virtual Pancake & Podcast.” They discussed why IAM has become even more difficult to manage than in the past and offered their perspectives about potential solutions. They also showed how enjoying pancakes — or other variations of breakfast — can make IAM challenges more manageable. The event featured Lin Sun, senior technical staff member and Master Inventor, Istio/IBM; Joab Jackson, managing editor, The New Stack and Nathaniel “Q” Quist, senior threat researcher (Public Cloud Security – Unit 42), Palo Alto Networks. Jackson noted how the evolution of IAM has not been conducive to handling the needs of present-day distributed computing. Previously, it was “not exactly a security thing” nor a “developer problem,” and wasn't even “a security problem, he said. “[IAM] really almost was a network problem: if a certain individual or a certain process wants to access another process or a resource online, then you have to have the permissions in place to meet all the policy requirements about who can ask for these particular resources,” Jackson said. “And this is an entirely new problem with distributed computing on a massive and widespread scale…it's almost a mindset, number one, about who can figure out what to do and then how to go about doing it.”

KubeCon+CloudNativeCon sponsored this podcast. How to manage database storage in cloud native environments continues to be a major challenge for many organizations. Database storage also came to the fore as the issue to explore in the latest Cloud Native Computing Foundation (CNCF) Tech Radar report. In this edition of The New Stack Analysts podcast, host Alex Williams, founder and publisher of The New Stack and co-hosts Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Dave Zolotusky, senior staff engineer at Spotify discuss stateless database storage, recent results of the report findings and perspectives from the user community. The podcast guests — who both contributed to the CNCF Tech Radar report and hail from the database storage user community — were Jackie Fong, engineering leader, Kubernetes and developer experience for Ticketmaster, and Mya Pitzeruse, software engineer, OSS contributor, effx.

KubeCon+CloudNativeCon sponsored this podcast. How to manage database storage in cloud native environments continues to be a major challenge for many organizations. Database storage also came to the fore as the issue to explore in the latest Cloud Native Computing Foundation (CNCF) Tech Radar report. In this edition of The New Stack Analysts podcast, host Alex Williams, founder and publisher of The New Stack and co-hosts Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Dave Zolotusky, senior staff engineer at Spotify discuss stateless database storage, recent results of the report findings and perspectives from the user community. The podcast guests — who both contributed to the CNCF Tech Radar report and hail from the database storage user community — were Jackie Fong, engineering leader, Kubernetes and developer experience for Ticketmaster, and Mya Pitzeruse, software engineer, OSS contributor, effx.

Accurics sponsored this podcast. Who doesn't love hotcakes? And to make them right, you need to wait until the batter starts to bubble up before you flip them. Immutable infrastructure management and related security challenges are also “bubbling up” these days, as many organizations make the shift to cloud native environments, with containerized, serverless and other layers. In this The New Stack Analysts podcast, TNS founder and publisher Alex Williams asked served up pancakes with KubeCon attendees who joined him for a “stack” at the “Virtual Pancake Breakfast and Podcast” while they offered their deep perspectives on what is at stake as immutable infrastructure security and other related concerns take hold. The guests joining the virtual breakfast were Om Moolchandani, co-founder and CTO for Accurics, Rosemary Wang, developer advocate for HashiCorp, Krishna Bhagavathula, CTO, for the NBA (who also brought his own L.A. Lakers-branded spatula), Chenxi Wang, Ph.D., managing general partner of Rain Capital, and Priyanka Sharma, general manager, for the Cloud Native Computing Foundation (CNCF).

Accurics sponsored this podcast. Who doesn't love hotcakes? And to make them right, you need to wait until the batter starts to bubble up before you flip them. Immutable infrastructure management and related security challenges are also “bubbling up” these days, as many organizations make the shift to cloud native environments, with containerized, serverless and other layers. In this The New Stack Analysts podcast, TNS founder and publisher Alex Williams asked served up pancakes with KubeCon attendees who joined him for a “stack” at the “Virtual Pancake Breakfast and Podcast” while they offered their deep perspectives on what is at stake as immutable infrastructure security and other related concerns take hold. The guests joining the virtual breakfast were Om Moolchandani, co-founder and CTO for Accurics, Rosemary Wang, developer advocate for HashiCorp, Krishna Bhagavathula, CTO, for the NBA (who also brought his own L.A. Lakers-branded spatula), Chenxi Wang, Ph.D., managing general partner of Rain Capital, and Priyanka Sharma, general manager, for the Cloud Native Computing Foundation (CNCF).

KubeCon+CloudNativeCon sponsored this podcast. CERN, the European Organization for Nuclear Research, is known for its particle accelerator and experiments and analysis of the properties of subatomic particles, anti-matter and other particle physics-related research. CERN is also considered to be where the World Wide Web (WWW) was created. Research and experiments conducted at the largest particle physics research center consisting of a 27-km long tunnel generate massive amounts of data to manage and store. All told, CERN now manages over 500 petabytes — over half of one exabyte — which, in a decade's time, is expected to total 5,000 petabytes, said Ricardo Rocha, a staff researcher at CERN. In this episode of The New Stack Analysts, we learn from Rocha how CERN is adapting as a new accelerator goes online in the next few years with the ability to manage 10x the data it manages now.

KubeCon+CloudNativeCon sponsored this podcast. CERN, the European Organization for Nuclear Research, is known for its particle accelerator and experiments and analysis of the properties of subatomic particles, anti-matter and other particle physics-related research. CERN is also considered to be where the World Wide Web (WWW) was created. Research and experiments conducted at the largest particle physics research center consisting of a 27-km long tunnel generate massive amounts of data to manage and store. All told, CERN now manages over 500 petabytes — over half of one exabyte — which, in a decade's time, is expected to total 5,000 petabytes, said Ricardo Rocha, a staff researcher at CERN. In this episode of The New Stack Analysts, we learn from Rocha how CERN is adapting as a new accelerator goes online in the next few years with the ability to manage 10x the data it manages now.

Some legacy infrastructures are certainly more difficult to manage than others when organizations make the shift to cloud native. In the case of the heavily regulated financial services industry and the deep legacy infrastructure involved when banks transition to the cloud, challenges inherent in the sector abound. Regulatory and compliance and data-management challenges are also usually amplified when the bank has an especially large international presence. In this edition of The New Stack Analysts podcast, as part of The New Stack's recent coverage of end-use Kubernetes, Michael Lieberman, senior innovation engineer, vice president, of Tokyo-based MUFG, discusses his company's journey to scale out architectures in a microservice and Kubernetes environment in the world of financial services. Alex Williams, founder and publisher of The New Stack hosted the podcast with co-hosts Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Dave Zolotusky, senior staff engineer at Spotify.

Some legacy infrastructures are certainly more difficult to manage than others when organizations make the shift to cloud native. In the case of the heavily regulated financial services industry and the deep legacy infrastructure involved when banks transition to the cloud, challenges inherent in the sector abound. Regulatory and compliance and data-management challenges are also usually amplified when the bank has an especially large international presence. In this edition of The New Stack Analysts podcast, as part of The New Stack's recent coverage of end-use Kubernetes, Michael Lieberman, senior innovation engineer, vice president, of Tokyo-based MUFG, discusses his company's journey to scale out architectures in a microservice and Kubernetes environment in the world of financial services. Alex Williams, founder and publisher of The New Stack hosted the podcast with co-hosts Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Dave Zolotusky, senior staff engineer at Spotify.

In the serverless paradigm, the idea is to abstract away the backend so that developers don't need to deal with it. That's all well and good when it comes to servers and complex infrastructure like Kubernetes. But up till now, database systems haven't typically been a part of the serverless playbook. The assumption has been that developers will build their serverless app and choose a separate database system to connect to it — be it a traditional relational database, a NoSQL system, or even a Database-as-a-Service (DBaaS) solution. But the popularity of serverless has prompted further innovation in the data market. In this episode of The New Stack Analysts podcast, we talked about the latest developments in regards to managing data in a serverless system. My two guests were Evan Weaver, co-founder and chief technology officer of Fauna, and Greg McKeon, a product manager at Cloudflare. Fauna is building a “data API” for serverless apps so that developers don't even need to touch a database system, while Cloudflare runs a serverless platform called Cloudflare Workers.

In the serverless paradigm, the idea is to abstract away the backend so that developers don't need to deal with it. That's all well and good when it comes to servers and complex infrastructure like Kubernetes. But up till now, database systems haven't typically been a part of the serverless playbook. The assumption has been that developers will build their serverless app and choose a separate database system to connect to it — be it a traditional relational database, a NoSQL system, or even a Database-as-a-Service (DBaaS) solution. But the popularity of serverless has prompted further innovation in the data market. In this episode of The New Stack Analysts podcast, we talked about the latest developments in regards to managing data in a serverless system. My two guests were Evan Weaver, co-founder and chief technology officer of Fauna, and Greg McKeon, a product manager at Cloudflare. Fauna is building a “data API” for serverless apps so that developers don't even need to touch a database system, while Cloudflare runs a serverless platform called Cloudflare Workers.

Kubernetes is becoming boring and that's a good thing — it's what's on top of Kubernetes that counts. In this The New Stack Analysts podcast, TNS Founder & Publisher Alex Williams asked KubeCon attendees to join him for a short “stack” at our Virtual Pancake & Podcast to discuss “What's on your stack?” The podcast featured guest speakers Janakiram MSV, principal analyst, Janakiram & Associates, Priyanka Sharma, general manager, CNCF, Patrick McFadin, chief evangelist for Apache Cassandra and vice president, developer relations, DataStax and Bill Zajac, regional director of solution engineering, Dynatrace. The group passed the virtual syrup and talked Kubernetes, which may be stateless, but also means there's plenty of room for sides.

Kubernetes is becoming boring and that's a good thing — it's what's on top of Kubernetes that counts. In this The New Stack Analysts podcast, TNS Founder & Publisher Alex Williams asked KubeCon attendees to join him for a short “stack” at our Virtual Pancake & Podcast to discuss “What's on your stack?” The podcast featured guest speakers Janakiram MSV, principal analyst, Janakiram & Associates, Priyanka Sharma, general manager, CNCF, Patrick McFadin, chief evangelist for Apache Cassandra and vice president, developer relations, DataStax and Bill Zajac, regional director of solution engineering, Dynatrace. The group passed the virtual syrup and talked Kubernetes, which may be stateless, but also means there's plenty of room for sides.

Spotify is well known worldwide for its music service. Not so well known, is its path to Kubernetes Oz has been a road with many twists and turns. What also may be a surprise to many is that Spotify is a veteran user of Kubernetes and how it owes much of its product-delivery capabilities to its agile DevOps. Indeed, Spotify continues to increasingly rely on a container and microservices infrastructure and cloud native deployments to offer a number of advantages. This allows its DevOps teams to continually improve the overall streaming experience for millions of subscribers. In this edition of The New Stack Analysts podcast, as part of The New Stack's recent coverage of end use Kubernetes, Jim Haughwout, head of infrastructure and operations, shares Spotify's cloud native adoption war stories and discusses its past and present Kubernetes challenges. Alex Williams, founder and publisher of The New Stack; Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Ken Owens, vice president, cloud native engineering, Mastercard hosted the podcast.

Spotify is well known worldwide for its music service. Not so well known, is its path to Kubernetes Oz has been a road with many twists and turns. What also may be a surprise to many is that Spotify is a veteran user of Kubernetes and how it owes much of its product-delivery capabilities to its agile DevOps. Indeed, Spotify continues to increasingly rely on a container and microservices infrastructure and cloud native deployments to offer a number of advantages. This allows its DevOps teams to continually improve the overall streaming experience for millions of subscribers. In this edition of The New Stack Analysts podcast, as part of The New Stack's recent coverage of end use Kubernetes, Jim Haughwout, head of infrastructure and operations, shares Spotify's cloud native adoption war stories and discusses its past and present Kubernetes challenges. Alex Williams, founder and publisher of The New Stack; Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Ken Owens, vice president, cloud native engineering, Mastercard hosted the podcast.

KubeCon+CloudNativeCon sponsored this podcast as part of a series of interviews with Kubernetes end users. Listen to the previous stories about the ups and downs of Box's Kubernetes journey and what Wikipedia's infrastructure is like behind the firewall. It started simply enough but soon the site needed more than a server to keep things managed. Today, EquityZen runs on Kubernetes and is considering its next moves, in particular exploring how container as a service may serve them. In this edition of The New Stack Analysts podcast, Andy Snowden, engineering manager, DevOps, for EquityZen, discusses how he helped the company begin its cloud native journey and the challenges associated with the move. Alex Williams, founder and publisher of The New Stack; Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Ken Owens, vice president, cloud native engineering, Mastercard hosted the podcast. When Snowden joined EquityZen, he immediately began to apply his background managing Kubernetes environments to help solve a chief concern the company had: The reliability of its infrastructure. “During our initial conversations, they explained to me that ‘hey, we are having these issues and we are having these big site hits where the site will go down' and that is really bad for our customers. They also asked ‘what have you done in your past that has worked well for you?,'” said Snowden. “And knowing Kubernetes as I knew it, I said this sounds like a really good use case for it and I explained that these are the sort of things I might consider doing.” Once convinced that a Kubernetes environment would both boost reliability and help the company to better scale its operations, making the shift was, of course, a major undertaking.

KubeCon+CloudNativeCon sponsored this podcast as part of a series of interviews with Kubernetes end users. Listen to the previous stories about the ups and downs of Box's Kubernetes journey and what Wikipedia's infrastructure is like behind the firewall. It started simply enough but soon the site needed more than a server to keep things managed. Today, EquityZen runs on Kubernetes and is considering its next moves, in particular exploring how container as a service may serve them. In this edition of The New Stack Analysts podcast, Andy Snowden, engineering manager, DevOps, for EquityZen, discusses how he helped the company begin its cloud native journey and the challenges associated with the move. Alex Williams, founder and publisher of The New Stack; Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Ken Owens, vice president, cloud native engineering, Mastercard hosted the podcast. When Snowden joined EquityZen, he immediately began to apply his background managing Kubernetes environments to help solve a chief concern the company had: The reliability of its infrastructure. “During our initial conversations, they explained to me that ‘hey, we are having these issues and we are having these big site hits where the site will go down' and that is really bad for our customers. They also asked ‘what have you done in your past that has worked well for you?,'” said Snowden. “And knowing Kubernetes as I knew it, I said this sounds like a really good use case for it and I explained that these are the sort of things I might consider doing.” Once convinced that a Kubernetes environment would both boost reliability and help the company to better scale its operations, making the shift was, of course, a major undertaking.

KubeCon + CloudNativeCon sponsored this post. Box was one of the first companies to build on Kubernetes. Initially building its platform on PHP, Box's architecture still uses some parts of the PHP architecture. Today, Box serves as a case study of a software platform's cloud native journey that began a few years ago. The company also continues to rely on its legacy infrastructure dating back to the days when PHP ran on Box's bare metal servers in its data centers. In this edition of The New Stack Analysts podcast, Kunal Parmar, director of engineering, Box, discusses the evolution of the cloud content management provider's cloud native journey with hosts Alex Williams, founder and publisher of The New Stack, Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Ken Owens, vice president, cloud native engineering, Mastercard. Prior to Box's adoption of Kubernetes, the company sought ways to “create more services outside of the monolith in order to scale efficiently,” Parmar said. One way to do that, he explained, was to shift its legacy monolith applications into microservices. “For anybody who has [made the shift to Kubernetes], they would know this is a really long and hard journey. And so, in parallel, we have been focusing on adopting Kubernetes for all of the new microservices that we have been building outside of the monolith,” said Parmar. “And today we are at a point where we're actually now looking at also starting to migrate the monolith to run on top of Kubernetes so that we can take advantage of the benefits that Kubernetes brings.”

KubeCon + CloudNativeCon sponsored this post. Box was one of the first companies to build on Kubernetes. Initially building its platform on PHP, Box's architecture still uses some parts of the PHP architecture. Today, Box serves as a case study of a software platform's cloud native journey that began a few years ago. The company also continues to rely on its legacy infrastructure dating back to the days when PHP ran on Box's bare metal servers in its data centers. In this edition of The New Stack Analysts podcast, Kunal Parmar, director of engineering, Box, discusses the evolution of the cloud content management provider's cloud native journey with hosts Alex Williams, founder and publisher of The New Stack, Cheryl Hung, vice president of ecosystem at Cloud Native Computing Foundation (CNCF) and Ken Owens, vice president, cloud native engineering, Mastercard. Prior to Box's adoption of Kubernetes, the company sought ways to “create more services outside of the monolith in order to scale efficiently,” Parmar said. One way to do that, he explained, was to shift its legacy monolith applications into microservices. “For anybody who has [made the shift to Kubernetes], they would know this is a really long and hard journey. And so, in parallel, we have been focusing on adopting Kubernetes for all of the new microservices that we have been building outside of the monolith,” said Parmar. “And today we are at a point where we're actually now looking at also starting to migrate the monolith to run on top of Kubernetes so that we can take advantage of the benefits that Kubernetes brings.”

Listen to more from The New Stack here: https://thenewstack.io/podcasts Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. For this week's episode, we spoke with Liran Tal, a developer advocate at container security platform provider Snyk and a member of the Node.js security working group, about who should own security in the DevOps process — the security team or the development? TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and TNS publisher Alex Williams and TNS managing editor Joab Jackson. Tal wrote an article for us recently, “‘DevSecOps Insights 2020': Who Really Owns Security in DevOps,”which summarized the results of a survey the company carried out covering security, development and operations. The post included a couple of surprising survey results, namely that only 14% of respondents reported that they test for known vulnerabilities in container images, and 38% of respondents don't integrate automated security scanning into their DevOps pipeline. As Tal writes in the post: When that many respondents agree security is a major concern when trying to deliver software quickly, it means we need to scale up security to enable fast delivery of security fixes. The key to doing that is developers, as they ultimately fix security issues in an application's source code. We also get Tal's views on incorporating security into the a Continuous Integration/Continuous Delivery (CI/CD), the need for development speed, as well as his thoughts on the recent purchase of npm by GitHub. Then, later in the show, we discuss some of the top podcasts and news stories from the site. An episode of The New Stack Analysts podcast provides fodder for discussing service mesh adoption. Also on the agenda: Frustrations mount over Python 3 migrations; Project Calico offers a faster data plane with the help of eBPF; and an excellent side-by-side comparison offered by StackRox's Karen Bruner of the managed Kubernetes offerings from Amazon Web Services, Microsoft Azure and Google Cloud.

Listen to more from The New Stack here: https://thenewstack.io/podcasts Welcome to The New Stack Context, a podcast where we discuss the latest news and perspectives in the world of cloud native computing. For this week's episode, we spoke with Liran Tal, a developer advocate at container security platform provider Snyk and a member of the Node.js security working group, about who should own security in the DevOps process — the security team or the development? TNS editorial and marketing director Libby Clark hosted this episode, alongside founder and TNS publisher Alex Williams and TNS managing editor Joab Jackson. Tal wrote an article for us recently, “‘DevSecOps Insights 2020': Who Really Owns Security in DevOps,”which summarized the results of a survey the company carried out covering security, development and operations. The post included a couple of surprising survey results, namely that only 14% of respondents reported that they test for known vulnerabilities in container images, and 38% of respondents don't integrate automated security scanning into their DevOps pipeline. As Tal writes in the post: When that many respondents agree security is a major concern when trying to deliver software quickly, it means we need to scale up security to enable fast delivery of security fixes. The key to doing that is developers, as they ultimately fix security issues in an application's source code. We also get Tal's views on incorporating security into the a Continuous Integration/Continuous Delivery (CI/CD), the need for development speed, as well as his thoughts on the recent purchase of npm by GitHub. Then, later in the show, we discuss some of the top podcasts and news stories from the site. An episode of The New Stack Analysts podcast provides fodder for discussing service mesh adoption. Also on the agenda: Frustrations mount over Python 3 migrations; Project Calico offers a faster data plane with the help of eBPF; and an excellent side-by-side comparison offered by StackRox's Karen Bruner of the managed Kubernetes offerings from Amazon Web Services, Microsoft Azure and Google Cloud.

Listen to all of our podcasts here: https://thenewstack.io/podcasts/ In this, The New Stack Analysts podcast, Lee Calcote, an analyst and founder of Layer5, and Brian “Redbeard” Harrington, a principal product manager for OpenShift service mesh at Red Hat, discussed the many nuances of what the survey numbers really mean. Calcote, for example, notes how traffic management is seen as a key feature among the many different service mesh capabilities, but it's most useful to advanced users. Speaking about the use of traffic management functionalities, Calcote said: “Folks tend to be a little more advanced as they get into that because they're at that point they're actually affecting traffic and then routing requests differently, as opposed to something like just purely observing or getting a ‘read-only' view in their environment.” Harrington agreed. “I'm happy that Lee kind of pointed out the specific distinction around traffic control, because among the users who I'm talking to that's the — pun intended — ‘gateway drug,'” Harrington said. Organizations with legacy bare metal environments and “pretty expensive hardware incumbencies” face challenges as they move “move to dynamic environments” and as they “de-prioritize” some legacy hardware, traffic management capabilities service meshes can provide help when making the shift, Harrington said. The survey results and experience in the field also indicate organizations are still mulling the best use cases for service meshes. When asked whether an organization should adopt or how they should begin to rely on service meshes, it is often “irrespective of whether they're starting on the simpler…or more sophisticated [possibilities] in that spectrum,” Calcote said.”The advice is generally the same which is you should start and adopt a bit at a time a bit of value at a time and what that value is sort of dependent upon what you're looking for out of mesh,” Calcote said. “But between you getting comfortable with what you've deployed and getting the value out of what you've deployed, [organizations should] take the next step from there to hopefully at some point leverage all of the functionality of the mesh.”

Listen to all of our podcasts here: https://thenewstack.io/podcasts/ In this, The New Stack Analysts podcast, Lee Calcote, an analyst and founder of Layer5, and Brian “Redbeard” Harrington, a principal product manager for OpenShift service mesh at Red Hat, discussed the many nuances of what the survey numbers really mean. Calcote, for example, notes how traffic management is seen as a key feature among the many different service mesh capabilities, but it's most useful to advanced users. Speaking about the use of traffic management functionalities, Calcote said: “Folks tend to be a little more advanced as they get into that because they're at that point they're actually affecting traffic and then routing requests differently, as opposed to something like just purely observing or getting a ‘read-only' view in their environment.” Harrington agreed. “I'm happy that Lee kind of pointed out the specific distinction around traffic control, because among the users who I'm talking to that's the — pun intended — ‘gateway drug,'” Harrington said. Organizations with legacy bare metal environments and “pretty expensive hardware incumbencies” face challenges as they move “move to dynamic environments” and as they “de-prioritize” some legacy hardware, traffic management capabilities service meshes can provide help when making the shift, Harrington said. The survey results and experience in the field also indicate organizations are still mulling the best use cases for service meshes. When asked whether an organization should adopt or how they should begin to rely on service meshes, it is often “irrespective of whether they're starting on the simpler…or more sophisticated [possibilities] in that spectrum,” Calcote said.”The advice is generally the same which is you should start and adopt a bit at a time a bit of value at a time and what that value is sort of dependent upon what you're looking for out of mesh,” Calcote said. “But between you getting comfortable with what you've deployed and getting the value out of what you've deployed, [organizations should] take the next step from there to hopefully at some point leverage all of the functionality of the mesh.”

The New Stack Editor Alex Williams sat down, with Diane Patton, technical marketing engineer at NetApp, Jenny Fong, VP of marketing at Diamanti, and Sriram Subramanian, an analyst at IDC, to learn how Kubernetes has evolved into the preferred infrastructure layer for stateful environments. Listen to this episode of The New Stack Analysts to hear more about where we are heading and how we should be able to handle state in any given situation.

The New Stack Editor Alex Williams sat down, with Diane Patton, technical marketing engineer at NetApp, Jenny Fong, VP of marketing at Diamanti, and Sriram Subramanian, an analyst at IDC, to learn how Kubernetes has evolved into the preferred infrastructure layer for stateful environments. Listen to this episode of The New Stack Analysts to hear more about where we are heading and how we should be able to handle state in any given situation.

In this episode of The New Stack Analysts podcast, we explore how two Kubernetes Special Interest Groups (SIG) are taking into account all of the various user personas in order to help shape the user experience on Kubernetes. Guests on this episode include: Tasha Drew, co-chair of the Kubernetes Usability SIG and a product line manager for Kubernetes and Project Pacific at VMware. Lei Zhang, co-chair of the Kubernetes Application Delivery SIG and a staff engineer at Alibaba. Emily Omier, The New Stack correspondent and a content strategist for cloud native companies.

In this episode of The New Stack Analysts podcast, we explore how two Kubernetes Special Interest Groups (SIG) are taking into account all of the various user personas in order to help shape the user experience on Kubernetes. Guests on this episode include: Tasha Drew, co-chair of the Kubernetes Usability SIG and a product line manager for Kubernetes and Project Pacific at VMware. Lei Zhang, co-chair of the Kubernetes Application Delivery SIG and a staff engineer at Alibaba. Emily Omier, The New Stack correspondent and a content strategist for cloud native companies.

The developer will certainly face new challenges when making the switch to a cloud native platform. The process might include, for example, learning how to add code to Kubernetes clusters or mastering the mechanics of etcd and kubectlis. The power and scaling flexibility a cloud native platform and Kubernetes offer, among other things, are often worth more than developers' investment in time and resources when adopting these technologies. And yet. What developers are usually more concerned about is the business goals they need to achieve. They will likely care less what the underlying infrastructure is as much as it can be used to create code that might improve their organization's bottom line, or for a public institution, better meet the needs of a citizen. In this episode of The New Stack Analysts recorded at the 2019 European Cloud Foundry Summit in The Hague, The Netherlands, this month where the business needs of developers and the role of the Cloud Foundry community were dicussed — and debated. Hosted by Alex Williams, The New Stack founder and editor-in-chief and co-hosted by Devin Davis, vice president of marketing, Cloud Foundry Foundation, the panelists were: Abby Kearns, executive director, Cloud Foundry Foundation Michael Cote, marketing director, Pivotal Tammy Van Hove, distinguished engineer, IBM Udo Seidel, Tech Writer, Heise iX

The developer will certainly face new challenges when making the switch to a cloud native platform. The process might include, for example, learning how to add code to Kubernetes clusters or mastering the mechanics of etcd and kubectlis. The power and scaling flexibility a cloud native platform and Kubernetes offer, among other things, are often worth more than developers' investment in time and resources when adopting these technologies. And yet. What developers are usually more concerned about is the business goals they need to achieve. They will likely care less what the underlying infrastructure is as much as it can be used to create code that might improve their organization's bottom line, or for a public institution, better meet the needs of a citizen. In this episode of The New Stack Analysts recorded at the 2019 European Cloud Foundry Summit in The Hague, The Netherlands, this month where the business needs of developers and the role of the Cloud Foundry community were dicussed — and debated. Hosted by Alex Williams, The New Stack founder and editor-in-chief and co-hosted by Devin Davis, vice president of marketing, Cloud Foundry Foundation, the panelists were: Abby Kearns, executive director, Cloud Foundry Foundation Michael Cote, marketing director, Pivotal Tammy Van Hove, distinguished engineer, IBM Udo Seidel, Tech Writer, Heise iX

Enterprise startups are building the tools that help their customers to create an agile modern enterprise that adapts quickly to market changes. But the enterprise isn't always open to that change, or even aware of the benefits of that change, said Frederic Lardinois, writer and news editor at TechCrunch, in this episode of The New Stack Analysts recorded at TechCrunch Sessions: Enterprise held on Sept. 5 in San Francisco. This is a primary challenge for enterprise software companies today. The people and technologies that help enterprise software startups grow was the focus of this recent panel discussion at The New Stack pancake breakfast and podcast at TC Sessions: Enterprise. TNS founder and publisher Alex Williams moderated the discussion, which was sponsored by GitLab. Panelists included: 1. Frederic Lardinois / writer & news editor / TechCrunch 2. Katherine Boyle / Principal / General Catalyst 3. Melissa Pancoast / founder & CEO / The Beans 4. Sameer Patel / former CEO / Kahuna 5. Sid Sijbrandij / co-founder & CEO / GitLab

Enterprise startups are building the tools that help their customers to create an agile modern enterprise that adapts quickly to market changes. But the enterprise isn't always open to that change, or even aware of the benefits of that change, said Frederic Lardinois, writer and news editor at TechCrunch, in this episode of The New Stack Analysts recorded at TechCrunch Sessions: Enterprise held on Sept. 5 in San Francisco. This is a primary challenge for enterprise software companies today. The people and technologies that help enterprise software startups grow was the focus of this recent panel discussion at The New Stack pancake breakfast and podcast at TC Sessions: Enterprise. TNS founder and publisher Alex Williams moderated the discussion, which was sponsored by GitLab. Panelists included: Frederic Lardinois / writer & news editor / TechCrunch Katherine Boyle / Principal / General Catalyst Melissa Pancoast / founder & CEO / The Beans Sameer Patel / former CEO / Kahuna Sid Sijbrandij / co-founder & CEO / GitLab

It would be a mistake to ignore the immediate impact artificial intelligence (AI) and machine learning (ML) is already having on software development processes and DevOps. While some may see AI and ML as new technologies high on the hype cycle with overall marginal influences — even though they have been available for years — many organizations are already taking advantage of how they can automate many tasks during the development process. This includes their role in performing more mundane and time-consuming tasks that developers, as well as operations staffers, would prefer not to do by letting the machine take over. During this The New Stack Analysts podcast, two DevOps and development process experts spoke about AI's and ML's effects on DevOps and the state of algorithm development today and it impact on IT operations today: Hyoun Park, CEO and chief analyst, Amalgam Insights, and Bola Rotibi, Research Director, Software Development, CCS Insight. This roundtable was hosted by Alex Williams, founder and editor in chief of The New Stack. Already, AI and ML are affecting DevOps workflows have provided “an amazing access to computing and processing” over the past few years, Park said. They have provided DevOps with the ability to test a wide variety of algorithmic strategies, as well as provide storage and data-management capabilities to handle the processing, the testing and benefits associated with machine learning, and artificial intelligence.

It would be a mistake to ignore the immediate impact artificial intelligence (AI) and machine learning (ML) is already having on software development processes and DevOps. While some may see AI and ML as new technologies high on the hype cycle with overall marginal influences — even though they have been available for years — many organizations are already taking advantage of how they can automate many tasks during the development process. This includes their role in performing more mundane and time-consuming tasks that developers, as well as operations staffers, would prefer not to do by letting the machine take over. During this The New Stack Analysts podcast, two DevOps and development process experts spoke about AI's and ML's effects on DevOps and the state of algorithm development today and it impact on IT operations today: Hyoun Park, CEO and chief analyst, Amalgam Insights, and Bola Rotibi, Research Director, Software Development, CCS Insight. This roundtable was hosted by Alex Williams, founder and editor in chief of The New Stack. Already, AI and ML are affecting DevOps workflows have provided “an amazing access to computing and processing” over the past few years, Park said. They have provided DevOps with the ability to test a wide variety of algorithmic strategies, as well as provide storage and data-management capabilities to handle the processing, the testing and benefits associated with machine learning, and artificial intelligence.

Just four years ago, industry analysts were wary of running production workloads in containers, but certainly the industry got over that fast. Numbers around Docker and Kubernetes adoption vary broadly, but it's safe to say that well over half of Fortune 100 companies have embraced containers. In this episode of The New Stack Analysts, our Editor in Chief Alex Williams sits down with Briana Frank, director of product management at IBM, and James Ford, independent technical strategy advisor, to reflect on the origins of containers, how Kubernetes and Docker began, and how adoption has grown so fast in only a few years. Frank said the impetus behind rapid container adoption came from Docker allowing everyone to get started quickly and simply —  about ten minutes. For her, this accessibility is a continued source of inspiration when she's creating demos and Getting Started tutorials, as this ease of use accelerates innovation. “We can attribute a lot of the popularity of Kubernetes today to the Docker beginnings,” she said.

Just four years ago, industry analysts were wary of running production workloads in containers, but certainly the industry got over that fast. Numbers around Docker and Kubernetes adoption vary broadly, but it's safe to say that well over half of Fortune 100 companies have embraced containers. In this episode of The New Stack Analysts, our Editor in Chief Alex Williams sits down with Briana Frank, director of product management at IBM, and James Ford, independent technical strategy advisor, to reflect on the origins of containers, how Kubernetes and Docker began, and how adoption has grown so fast in only a few years. Frank said the impetus behind rapid container adoption came from Docker allowing everyone to get started quickly and simply —  about ten minutes. For her, this accessibility is a continued source of inspiration when she's creating demos and Getting Started tutorials, as this ease of use accelerates innovation. “We can attribute a lot of the popularity of Kubernetes today to the Docker beginnings,” she said.

Christopher Liljenstolpe is the founder and chief technology officer of Tigera, a provider of cloud native security and networking software. He formed Tigera to offer commercial support for Project Calico, a control plane he created for cloud native applications.  In this episode of The New Stack Analysts podcast, TNS Managing Editor Joab Jackson and TNS contributing analyst Janakiram MSV talk with Liljenstolpe about Calico's creation, overlay networks, service meshes and IPv6. Key Takeaways: Originally created for OpenStack, Calico was designed to make it easy to get data packets from one part of the network to another, using the Internet technologies like IP routing, rather than switching, virtual networks, overlay networks or other complex approaches. Since this form of networking offers only a coarse-grained isolation across nodes, so Calico uses real-time distributed filtering engines to control which nodes can communicate with one another, in effect acting as a network policy enforcement tool. Anticipating containers, Calico was designed for very dynamic environments, and can manage hundreds of thousands of end-points that can change location at any time.

It is hard to believe for many, as it is for this writer, that Cloud Foundry has existed for more than a decade after it was founded in 2008. Since its beginning, it certainly has more than established itself as a platform as a service (PaaS) of choice for deploying and scaling open source applications. It  has also certainly played a role in the growing momentum in the adoption of Kubernetes, microservices, cloud native and other new technologies as well as many other open source tools that continue to help transform DevOps practices. In this episode of The New Stack Analysts podcast, we recorded a panel discussion held during a pancake breakfast at Cloud Foundry Summit North America earlier this month in Philadelphia with Cloud Foundry as the featured topic. Hosted by The New Stack's Alex Williams, founder and editor-in-chief, and co-hosted by Joab Jackson, managing editor, panel invitees discussed Cloud Foundry's evolution over the past few years and the key role it continues to play in the open source community. The panelists included: Abby Kearns, executive director, of the Cloud Foundry Foundation; Cornelia Davis, Vice President of Technology, Pivotal; Daniel Jones, CTO for EngineerBetter; Rick Rioboli, Senior Vice President and CIO, for Comcast; and Stephen O'Grady, an analyst for Redmonk.

On today's episode of The New Stack Analysts podcast, TNS founder Alex Williams is joined by Janakiram MSV, a principal analyst with Janakiram & Associates, and Steve Burton, VP of Marketing at Harness.io to discuss not only the effects containers and Kubernetes have had on realizing our DevOps dreams, but also how machine learning is taking it to the next level with the evolution of AIOps. "In the last five years, DevOps has actually matured. So, we started with VMs, and DevOps was all about provisioning and configuration management and then, eventually CI/CD came in and Jenkins became the front and center of build management and release management, but that entire game was taken to the next level when containers became mainstream," said Janakiram. "We have evolved. Basically the current phase is driven predominately by container orchestration managers like Kubernetes that makes it extremely easy to spin up a staging environment or a test environment. And then we have Docker images as the unit of deployment. That fundamentally changes the game."

This week on The New Stack Analysts podcast, we take a closer look at the appeal of using virtual machines in Kubernetes environments. The discussion was sparked by a popular blog post penned last month by Pivotal Principal Technologist Paul Czarkowski. The problem with basic Docker-styled containers is that they do not offer sufficient security in multitenant environments, where multiple deployments intermingle on the same set of Kubernetes-controlled servers. So we spoke with Czarkowski to learn more of his thinking. Linux containers all rely on a shared kernel from the kernel, and isolation is provided by the kernel through namespaces. The Kubernetes API, however, is not secured, and most K8s components are not aware of the tenants. This is forcing service providers to provision Kubernetes workloads for different clients as separate clusters, not taking full advantage of the full savings that Kubernetes could provide by pooling workloads on the same cluster, Czarkowski argued.

The divide continues to grow between people developing serverless technologies and those in DevOps roles building, deploying, and managing Kubernetes. "Questions about serverless approaches and Kubernetes don't really come up with developers," said Timirah James, a developer advocate with Cloudinary on today's episode of The New Stack Analysts podcast. James joined TNS founder Alex Williams and Analyst/Co-Host Klint Finley, contributor at WIRED, to discuss how organizations and developers both can help bridge this gap. Detailing her experience at Notre Dame University in Belmont, California, James noted that, "If you're pursuing education in this field and trying to go to college for it, if you're trying to go to college for anything, you want to make sure you're attending an institution that has a network, community, and foundation around what you're studying. Especially something as niche as Computer Science."

Blockchain has finally gotten over the Wall Street hump. Now that BitCoin and Ethereum are essentially old news, the actual technology behind these commodities is beginning to trickle into real world enterprise applications. Blockchain, it seems, has many useful use cases out there in the business world, and with the help of the Linux Foundation and IBM, enterprises can now take advantage of the open source Hyperledger implementation of blockchain technology. On today's episode of The New Stack Analysts recorded live at OSCON 2018, Klint Finley, Reporter with Wired and the author of the Wired Guide to Blockchain, said that he had a few real and hypothetical use cases the piece he wrote a few months ago. One of those use cases was that of, "Blockchain feels like the thing that is the most hard to parse the value out of the hype. With cloud computing it was clearly an enormously hyped concept, but there were use cases and benefits. With big data it was coming out of actual real use cases at places like Google and Yahoo! With the Internet of Things, that's probably the least well established of those at this point, but there are still established use cases for that. With Blockchain it feels really preliminary," said Finley.

To do cloud-native computing, you need to identify all your workloads, and, more importantly, they need the ability to identify each other, so they can work together in automated chains. To aid in this task, the Cloud Native Computing Foundation has adopted the open source SPIFFE specification, and its associated SPIRE runtime. SPIFFE provides a standard for securely identifying software components in heterogeneous IT systems and SPIRE is the engine that can make it happen (and, in this setup,  CNCF's Open Policy Agent [OPA] can enforce the authorization duties). If you feel all this is a bit much to take in, then you are not alone.  For our latest "pancakes and podcast" edition of the The New Stack Analysts — recorded live at the Kubecon + CloudNativeCon Europe 2018 on May 3 — we focused our panel discussion on SPIFFE, and the room was filled with those curious about this topic (and/or hungry for delicious pancakes). Watch on YouTube: https://youtu.be/lO7CZZVGRz4