KubeCon + CloudNativeCon NA Virtual sponsor guest post from Vijoy Pandey, VP Engineering, Emerging Technologies and Incubations at Cisco.

There seems to be no stopping the wave that is Cloud Native. Attendee count for the latest KubeCon + CloudNativeCon was a staggering 22,787 representing 8,000+ companies, and the virtual show was once again handled ultra-smoothly by the fine folks at the Linux Foundation and the CNCF events team. As Cisco, we participated in the event with the theme of Transform for a New App-First World. This application-first imperative drove our keynote, talks, and booth demos

Marvin made an appearance for our keynote, asking the community to step up its game around API and Application Security, and also prompting impatient attendees to ask, who is Marvin?

So, Who Exactly is Marvin?

If you have to ask, maybe you haven’t perused through a copy of The Hitchhiker’s Guide to the Galaxy and, in which case, please go and get a copy right now. (And don’t see the movie first, please). Marvin is a robot who, by his own account, is 50,000 times smarter than a human. He is built with Genuine People Personality technology and, therefore, carries all sorts of human emotions. It also prompts him to elicit some really choice quotes when his supercomputer of a brain predicts things going wrong. And he is known as the Paranoid Android. All of these qualities make him very suited to question the cloud native community’s progress on API and App Security. He is worried, very worried, saying –

“This will all end in tears, I know it.”

Why is Marvin Worried?

As cloud native architectures are becoming more pervasive, applications components are becoming thinner and more geographically diverse. Each node of a typical application service dependency graph is an API or service endpoint and, in theory, could be anywhere in the world and on any kind of infrastructure. The security problem for every modern application is becoming much, much worse. As a cloud native developer uses these globally distributed APIs, whether home-grown or via SaaS, PaaS, or IaaS providers, the quality and security of these APIs and services is unknown and might eventually put customer data at risk.

This risk causes a ton of unwanted behaviors within organizations. Developers perceive security as a hindrance or inconvenience because the processes in place within many enterprises to deal with compliance and risk management are burdensome, toil-laden, and slow. CISOs, SecOps, and Security SREs would like their developers to be more mindful of the trust challenges they face towards their customers and would rather not have developers only think about velocity and convenience. Both massive fallacies and yet incredible sources of friction.

What Can Marvin do About This?

It is said that Marvin could simultaneously plan for the entire planet’s military strategy and solve all of the universe’s hard problems three times over, while still having the calming capacity of composing a number of lullabies. With that kind of depth, demeanor, intelligence, and mental capacity, Marvin could easily solve the API and Application Security problem for us. He could provide visibility into the APIs being used and flag risk instantaneously to the security teams. He could curate compliant, reputable, and secure APIs for developers to use. And, most importantly, he could do these in a real-time, toil-free manner. 

He would ask you, the reader, to check out our keynote for more details on what it would take to build such a system, train the system, and how can the CNCF community help in driving this effort. And for those who would ignore his ask, he would say –

“I could calculate your chance of survival, but you wouldn’t like it.”

First-ever ScaleX Day 0 Event

This KubeCon also saw the emergence of ScaleX, a scale-focused Day 0 event sponsored by Cisco. Scalability was the #1 concern highlighted in the CNCF 2020 Survey and yet, surprisingly, there was no KubeCon Day 0 event looking at cloud native scalability in a holistic manner. 

Any event is only as good as its speakers and we curated a great group of presenters with a wide variety of experiences talking about a broad range of topics. There were speakers from banking (BBVA), cloud providers (Google), collaboration (Webex), gaming (Roblox), healthcare (doc.ai), communications (Nuance), and Cisco. Topics ranged from technology introductions, networking, software stacks, security, operations, and even skill sets, hiring, and building an effective organization. There was also an excellent panel on Security at Civilization Scale with very distinguished panelists from both the industry and academia, who provided some very good food for thought. All proceeds from the conference went to the CNCF Diversity Scholarship Fund.

Recordings of all the ScaleX sessions can be viewed on our KubeCon event web site.

We are looking forward to hosting our second ScaleX event at the next KubeCon in May 2021.

A Moment of Reflection

This was also a sad KubeCon for a lot of us. It was the first without Dan Kohn, our beloved CNCF Executive Director who sadly passed away on November 1st. Dan was an extraordinary human being – driven, compassionate, caring, and always there for you whenever you needed him. He was the moving force that made the CNCF what it is today and had been recently driving what was even more near and dear to his heart, the Linux Foundation for Public Health. 

We will all miss you, Dan.