Ohad Maislish: Another use case is governance. Not every code should be executed. Some code can be very dangerous and expensive. That’s where you see Policy-as-a-Code. We see a lot of open policy agents (OPA) used to protect programmatic deployments before they happen. You can write policies that will prevent your organization from the wrong deployment. That’s like the unit test model for Infrastructure-as-a-Code.
The other way is role-based access. Maybe it’s okay for a developer to execute on staging but not on production. Production is more important and should have other permissions. The concept of role-based access for cloud resources totally changes. It’s no longer who can click a button in the AWS GUI; it’s more about who can execute which code on which cloud account.
The third use case is what we call managed self-service. We want to empower developers to easily provision cloud resources, but you can’t just give them access to execute whatever they want. You need to manage and allocate budgets and quotas to developers and then they can freely provision cloud resources. Maybe in a similar way that OPA does. To summarize, it’s the GitOps workflows, continuous governance, and managed service.
Sramana Mitra: What is the penetration of this technology in the DevOps organizations?
Ohad Maislish: Infrastructure-as-a-Code is huge. You see more customers now using Terraform than Chef, Puppet, or Ansible. Almost any company that deploys to the cloud does that at least partially with Infrastructure-as-a-Code. They need to have a business solution to manage that. There is a very famous product in our category called Hashicorp Terraform Cloud. We’re innovating in that space to provide even more freedom for developers and have more layers of sophistication to provide more capabilities.
All in all, everybody is moving to Infrastructure-as-a-Code. Three years ago, Chef, Puppet, and Ansible were used more than Infrastrucutre-as-a-Code. Now it’s the other way. You use Infrastructure-as-a-Code to provision and you partially use configuration management to configure the provisioned resources. With Infrastructure-as-a-Code being widely adopted, this category of solutions is being widely adopted as well.
Sramana Mitra: What are the open problems in your space?
Ohad Maislish: I always talk about Infrastructure-as-a-Code security, which is the cousin of what we’re doing. We’re doing Infrastructure-as-a-Code management or operations. With the shift to Infrastructure-as-a-Code, there is a need for new solutions for the security teams. Accurics got acquired a few weeks ago. It’s an Infrastructure-as-a-Code security solution. There are other Infrastructure-as-a-Code security companies. Now, it’s still a very big problem.
Sramana Mitra: You’re saying that even though there are a bunch of players addressing that issue, there are still issues that are not addressed.
Ohad Maislish: Yes, there is no Infrastructure-as-a-Code security solution that is five years old. All of them are very new. There are still places to innovate.
Sramana Mitra: Thank you for your time.
This segment is part 2 in the series : Thought Leaders in Cloud Computing: Ohad Maislish, CEO of env0