Discussing Cloud Native Security with Abhinav Srivastava

Discussing Cloud Native Security with Abhinav Srivastava

This conversation covers:

  • How Frame.io was faced with the decision to be cloud native or cloud-enabled — and the business and technical reasons why Frame.io chose to be cloud native.
  • How Abhinav successfully built a world class cloud-native security program from the ground up to protect Frame.io users’ sensitive video content. Abhinav also talks about the special security considerations for truly cloud native applications.
  • Cloud native as a “journey without a destination.” In other words, there is no end point with cloud native transitions, because new technologies are always being developed.
  • Why Abhinav is a firm believer in both ISEs and GitOps, and why he thinks the industry should embrace both of these strategies.
  • The challenge of not only maintaining security in this type of environment, but also communicating security issues to various stakeholders with different priorities. Abinhav also talks about the role that specialists like AWS and machine learning experts can play in furthering security agendas.
  • Common misconceptions about cloud native security.
  • Frame.io’s decision to roll out Kubernetes, and why they are also considering adding chaos engineering to fortify against unexpected issues.
  • Tool and vendor overload, and the importance of trying to find the right tools that fit your infrastructure.

Links:


Transcript


Announcer: Welcome to The Business of Cloud Native podcast where we explore how end users talk and think about the transition to Kubernetes and cloud-native architectures.



Emily: Welcome to The Business of Cloud Native. I'm Emily Omier, your host, and today I am chatting with Abhinav Srivastava. Abhinav, can you go ahead and introduce yourself and tell us about where you work, and what you do.



Abhinav: Thanks for having me, Emily. Hello, everyone. My name is Avinash Srivastava. I'm a VP and the head of information security and infrastructure at Frame.io. At Frame, I am building the security and infrastructure programs from ground up, making sure that we are secured and compliant, and our services are available and reliable. Before joining Frame.io, I spent a number of years in AT&T Research. There I worked on various cloud and security technologies, wrote numerous research papers, and filed patents. And before joining AT&T, I spent five great years in Georgia Tech on a Ph.D. in computer science. My dissertation was on cloud and virtualization security.



Emily: And what do you do? What does an average day look like?



Abhinav: Right. So, just to tell you where I answer the question where I work: so I work at Frame.io, and Frame.io is a cloud-based video review and collaboration startup that allows users to securely upload their video contents to our platform, and then invite teams and clients to collaborate on those uploaded assets. We are essentially building the video cloud, so you can think of us as a GitHub for videos.



What I do when I get to office—apart from getting my morning coffee—as soon as I arrive at my desk, I check my calendar to see how's my day looking; I check my emails and slack messages. We use slack primarily within the company doing for communication. And then I do my daily standup with my teams. We follow a two-week sprint across all departments that I oversee. So, a standup gives me a good picture on the current priorities and any blockers.



Emily: Tell me a little bit about the cloud-native journey at Frame.io? How did the company get started with containers, and what are you using to orchestrate now? How have you moved along in the cloud-native journey?



Abhinav: We are born in the cloud, kind of, company. So, we are hosted in Amazon AWS since day one. So, we are in the cloud from the get-go. And once you are in the cloud, it is hard not to use tools and technologies that are offered, because our goal has always been to build secure, reliable, and available infrastructure. So, we were very, very mindful from the get-go that while we are in the cloud, we can choose to be cloud-native or just cloud-enabled. Means use tools, just virtual machines, or heavyweight virtual machines, and not to use container and just host our entire workload within that.



But we chose to be cloud-native because, again, they wanted to boot up or spin up new containers very fast. As a platform we, as I mentioned, we allow users to upload videos, and once the videos are uploaded, we have to transcode those videos to generate different low-resolution videos. And that use case fits with the lightweight container model. So, from the get-go, we started using containerized microservices; orchestration layer; From AWS, their auto-scaling; automation infrastructure as a code; monitoring. so all those things were, kind of, no brainer for us to use because given our use case and given the way we wanted to be a very fast uploader and transcoder for all of our customers.



Emily: This actually leads me to another question: have you guys seen a lot of scaling recently as a result of stay-at-home orders and work from home?



Abhinav: Right. So, we are seeing a lot more people moving towards remote collaboration tools who are actually working in the production house since they have to work from home now. So, they are now moving to these kind of tools such as Frame.io. And we do see a lot more customers joining our platform because of that. From the traffic perspective, we did not see much increase in the web traffic or load our infrastructure, because we have always set up the auto-scaling and our infrastructure can always meet these peak demands. So, we didn't see any adverse effect on our infrastructure from these remote situations.



Emily: What were some of the other advantages? Like you were talking about that you had the choice to be either cloud-enabled or truly cloud-native? What were the biggest, you know—and I'm interested, obviously in business rationale to the extent you can talk about it—for being truly cloud-native?



Abhinav: So, from business perspective, again, a goal was to [basic] secure available and reliable production infrastructure to offer Frame.io services. But cloud-native actually helped us to faster time to market because our developers are just focusing on the business logic, deploying code. They were not worried about the infrastructure aspect, which is good. Then we’re rolling out bug fixes very quickly through CI/CD platform, so that, again, we offer the better [good] services to our customer.



Cloud-native helped us to meet our SLA and uptime so that our customer can access their content whenever they would like to. It also helped us securing our infrastructure and services, and our cost also went down because we were scaling up and down based on the peak demand, and we don't have to provide dedicated resources, so that's good there. And it also allowed us to faster onboard developers to our platform because we are using a lot of open source technologies, and so the developers can learn q...

Denne episoden er hentet fra en åpen RSS-feed og er ikke publisert av Podme. Den kan derfor inneholde annonser.

Episoder(275)

From Closed to Open: Shortening Sales Cycles with Stephen Goldberg

From Closed to Open: Shortening Sales Cycles with Stephen Goldberg

This week on The Business of Open Source, I chatted with Stephen Goldberg, co-founder of Harper, about the process of taking Harper from a closed-source software company to a open source company. I al...

6 Jul 33min

Does AI Make Open Core Models More Difficult? with Sam Alba

Does AI Make Open Core Models More Difficult? with Sam Alba

Today on The Business of Open Source I spoke with Sam Alba, co-founder of Mendral, formerly of Dagger, and the first hire at Docker. We talked a lot about about how AI is changing the developer tools ...

2 Jul 39min

Closed to Open Source Series: Doing Open Source "Right" with Ethan Arrowood

Closed to Open Source Series: Doing Open Source "Right" with Ethan Arrowood

One of the myths that swirl around the open source company ecosystem is that all open source companies started as an open source project that then suddenly got traction, and followed by the founders f...

22 Jun 40min

The Value of Code is Dropping to Zero with Yann Lechelle

The Value of Code is Dropping to Zero with Yann Lechelle

In this episode of The Business of Open Source, I talked with Yann Lechelle, Executive President of :Probabl.Perhaps the most interesting part of the conversation was about whether or not there is a r...

15 Jun 42min

Why the World Needs the Agentic AI Foundation with Manik Surtani

Why the World Needs the Agentic AI Foundation with Manik Surtani

In this episode of The Business of Open Source, I spoke with Manik Surtani, one of the co-founders of the Agentic AI Foundation and the CTO at the foundation. This is part of the series I’m working on...

8 Jun 34min

The AI-Induced Death of A Bug Bounty Program with Glauber Costa

The AI-Induced Death of A Bug Bounty Program with Glauber Costa

The Business of Open Source is back! I’m starting a series about AI and open source this week. I reached out to Glauber Costa, founder of Turso, after reading a post of his on LinkedIn about how bot-w...

1 Jun 43min

Changing Your Price Anchor with Anais Concepcion

Changing Your Price Anchor with Anais Concepcion

There’s a new episode of The Business of Open Source today! It’s been a while. I talked with Anais Concepcion about a program she’s been testing at Grist to give free activation codes for the enterpri...

11 Feb 32min

Earning Trust with Tom Hacohen

Earning Trust with Tom Hacohen

This week on The Business of Open Source, I spoke with Tom Hacohen, CEO and founder at Svix. We kicked off the conversation by talking about why Svix is an open core company… but Tom still initially d...

8 Okt 202535min

Populært innen Business og økonomi

stopp-verden
lydartikler-fra-aftenposten
dine-penger-pengeradet
e24-podden
rss-penger-polser-og-politikk
rss-borsmorgen-okonominyhetene
rss-skravla-gar
pengepodden-2
livet-pa-veien-med-jan-erik-larssen
finansredaksjonen
utbytte
okonomiamatorene
rss-pa-konto
tid-er-penger-en-podcast-med-peter-warren
morgenkaffen-med-finansavisen
liberal-halvtime
lederpodden
pengesnakk
rss-impressions-2
stormkast-med-valebrokk-stordalen