00:00:05

I'm Wesley Pullin. I'm the Chief Strategy Officer for Electric Cloud. That's all I gotta say. And good day. Goodnight. No, I'm just kidding. Um, we're gonna get started. Uh, just like the song says, we're gonna take care of business today and looking at future, uh, the future of DevOps for the enterprise. Looking at some trends, things that emerge in 2018 that we can expect to also see in 2019. I am going to be on my absolute best behavior today because my wife is in the audience and this is her first time hearing me speak. So all my jokes, please laugh. Make sure that you, you know, so when she takes pictures, I look great and then she can go back and tell the kids I did a phenomenal job. So that's what I need from you. I need your support. So with that, let's begin.

00:00:44

Um, I don't spend a lot of time talking about marketing slides, but I do get passionate about technology. If I talk fast, feel free to slow me down. My wife is the only one allowed to throw things, but you can just, you know, raise your hand and I'll slow down a little bit, but, uh, just in case I talk too fast, just let me know. Okay, so we only have 30 minutes, so it's not a lot of time, but it's a good precursor to what we're going to talk about. So, electric Cloud, you heard probably how many people were just hearing about Electric Cloud for the first time. First time ever hearing about Electric Cloud. Okay, not bad. So the best way I would describe it, if I had one slide or one kind of statements like, we're the software behind the software. How many people have ever heard of like 1-800-NUMBERS and 1 8, 7, 7 number toll free numbers?

00:01:32

Well, we're the software helping Somos behind that? How many people have children age five to 18? Okay, how many people have heard of their children playing a game called Fortnite? My wife doesn't count. Okay, we're the software behind Fortnite is built from Epic Games, the Unreal Engine that's part of our software, helping Epic games to build the Unreal Engine, which is the software behind Fortnite. So we're the software behind the software is a good way to think about Electric Cloud. Alright, um, another thing about Electric Cloud, I'll end with this is our focus. I think that in software you have to divide a line. You have to draw a line. And the late Steve Jobs said it best when he said, you know, what people think about focus. And what we kind of envision it is, is that we had to say no to thousand things to be the best at one thing.

00:02:21

And we finally achieved that. We got an award at the DevOps Industry Awards, uh, in London just a few weeks, uh, about a week or so ago. And we did quite well in the Gartner Magic Quadrant for application release orchestration. Our focus is to help you deliver software better, faster, and cheaper than your means. Today we want to be like the UPS of software or the FedEx of software, if you will. That being the case. Let's get started. Future trends, willing to take pictures and everything. How many people have heard of Mark Andreessen? Okay, mark Andreessen. He made a quintessential statement during an interview with the Wall Street Journal individual where he was talking about why is he doubling down in his investments, the article. And what he was really trying to say is that I'm, mark Andreessen was investing his own money, not just the company, but his own money into software, techno technology companies when everyone else was betting into the more hardware, the Exxon Mobils and individuals like that, Walmart.

00:03:20

And so they said, don't you remember just 10 years ago, mark, this was a, you know, a technology bubble. All these companies kind of disappeared. And he said, listen, software's eating the world and you need to be doubling down. Let's see if he was right two years later after he made that prediction. Look at the red versus the blue. The technology companies with a market capitalization in the top five versus the blue were kind of your standard run of the mill. Exxon's, Berkshire Hathaway, Petro China, Walmart. Were very familiar. 2018. Now look at the picture of Mark Andreessen smile. And I got that real special picture of him smiling because he was actually right. All of these tech companies now are the largest, these are the top five companies by market cap in 2018. How many people have heard of Tencent, heard of Tencent, all the subsidiaries they own.

00:04:11

They also are made a minority stake investment in Epic games, Fortnite, you know, these, these popular games. So it's amazing what technology and digital transformation is doing. We're seeing technology companies now being the largest, the biggest companies publicly traded, uh, by market cap if you will. And one that may be happening. Something that we see we don't know. Uh, Uber right now is being valued at a possible IB IPO 120 billion by two different banks, both Morgan Stanley and uh, what Goldman Sachs. So that's large as a tech company that's major. How are they doing this? What is it that, uh, mark Andreessen was really trying to say is that companies are now trying to become more digital with the consumerization of it. Companies are now looking at ways of adopting practices. That's why you're at a DevOps conference. They're adopting it more. We did a study or there's a study that was done.

00:05:07

Uh, uh, a friend Yuri, he's the uh, CEO of DB maestro and he started to do some study, he did some trends in February, 2018. And one of those trends was looking at how are companies beginning to adopt DevOps? And he said in the trend it came up to 83% of the companies were adopting DevOps at a team level. 30% were beginning to adopt it. Companywide not just one or two teams, but Companywide adoption of DevOps. That's significant. The quote I took from his article, what Fise was saying was, is that he's starting to see c-level executives increasingly asked for strategic initiatives to transform their delivery pipelines to support digital strategy. Everyone now is no longer saying, Hey, I don't want one or two teams implementing DevOps. We gotta get to that point where the company, the culture, company wide is

00:05:57

Adopting DevOps to get digital transformation and realization. So that being said, three key trends we'll hit in the small amount of time I have with you cloud and container adoption that you see here. We'll talk about that just briefly. I'll show you some pictures of what it looks like. I'm kind of a practical guy, not just marketing. So I'll show you kinda what it looks like and how we've helped some companies there. Then we'll go to the rise of DevSecOps. I keep running saying security's coming. Security comp is coming. It's no longer just good enough to have quality, but we've gotta be able to inject security and start shifting left And getting security is more important. For instance, if I have a library that I'm downloading, I did great in my quality initiatives, my pipeline's great, but it's built on a framework that's vulnerable and has a malicious code in it so that it can be hacked and exploited.

00:06:45

And I went all the way through my pipeline, it's in production, I said yes, we passed all of our tests and someone hacks it and steals personally identifiable information. In other words, your credit card outta your bank, sir, I don't think you would think that's a successful pipeline anymore. So security is, is gonna be critical. We'll talk about DevSecOps in the conference that we have running after this one or the workshop. And then finally AI and machine learning. How can we apply artificial intelligence and machine learning, deep pattern recognition to DevOps in the form of feedback? So we'll cover all this hopefully in the 20 minutes we got left. So let's go First trend, trend number one, migration to the cloud. How many people here in the room your companies have some type of cloud migration strategy looking at cloud migration, maybe some private stuff, okay, that's not bad.

00:07:31

Maybe 20% somewhere around there. What we're seeing is that companies, enterprises are taking kind of a hybrid approach. You can't just abandon your legacy investment. And we see companies saying, Hey look, we have some traditional applications over here. We do have some greenfield aspects or some microservices that we'd like to begin with. And ultimately speaking we have hybrid applications that kind of, hey, we'll take the database tier and have that in the container, but keep the legacy stuff where it's at in blue, which is the legacy application, just traditional monolithic application, it runs through a pipeline. Then ultimately it starts to distribute itself to some cloud or container based platform. In the end, the key here is when you see some of these stats, you see multi-cloud strategy. We're not, we're seeing enterprises not necessarily say I'm only going to do Azure or I'm only going to do Google cloud engine or I'm only going to do AWS maybe in dev we start playing around in AWS 'cause we can spin something up very quickly, but the corporate strategy may be pivotal, it may be something else.

00:08:30

So we need the ability to run fast and we don't wanna hold back the the teams as they begin to experiment, but at some point it has to converge and get a little bit more consistent. So you see adopting containers 58%. This is a study that was done through several studies, 4 51 research, right scale. And you see traditional on-prem, all of these numbers are starting to, to bolster up that companies are starting to say we need some aspect of not only microservice and containers where things are loosely coupled, loosely put together, but I wanna start migrating them out to the cloud and start getting some adoption going with these, uh, with smaller teams. And then ultimately speaking, and I didn't put this here, I could have added another block where I say mainframe because I believe mainframe is never going away this period, I don't think it's ever gonna go away, particularly in financial services.

00:09:16

So that's what this can represent too. Traditional and legacy apps, mainframe adoption is still there. These are large investments, but you want them a part of the pipeline. Whether I have mainframe Kubernetes or microservices legacy.net, PHP, Java, I need a discipline with which I will get it over to its designated area. Now, I said this a little bit earlier, greenfield's different. We stole the term I guess you could say in the tech world from construction, right? Where I have no encumbrances, I can go build upon a piece of land and I don't have to worry about the building problems or infrastructure problems. Everything's open for me in the greenfield technology world, it's, I have one team, I take this team on the front row. We got one team, one app we're releasing into one environment. That's easy. The dots are real easy, but everyone in the room's looking at me like, Wes, you know, come on, this is our world.

00:10:04

We don't have one.one team. We got multiple teams. So geographically distributed, it's easy to get the first Kubernetes instance or some con uh, container instance up, but it's all the other dots, all the other pieces, all the other uh, dependencies you can say, I have to get all that working together. And if that doesn't work together, then the fact that I did one little instance for the dev team is not going to, uh, bold well for my CEO or the executive team saying, Hey look, we need all of this uh, tied together. We need this to be in one release cadence or one release stream. That's like having one product that relies on other frameworks. You release one piece of your product, very great, very secure, everything's working great and the other pieces don't work. They're not gonna consider it a a good job. They want it all together.

00:10:49

Okay? So that managing that complexity is hard. So what they're doing, what companies, enterprises we work with are doing, just to kind of shed some light, is building a single pipeline platform to integrate all the moving pieces. I shared this in an interview this morning is that it's okay to have lots of technologies. I guarantee if we raise, asked everybody to raise room, how many people have 2, 3, 4, 5, 10, 15 DevOps tools? The tool she shed is going up. But how many email tools do you have? How many payroll systems pay you as an employee? You don't have 80 DP on one and Paycom and another and another one for this. You don't split that. The development team will be paid on this system and the engineering team will be paid on this system and the QA team will be paid here and executives will be paid here.

00:11:32

It is one payment system. We need to start centralizing on one single pipeline platform and then let the teams use whatever tool they want. So certain things have to start converging over time. We also should see some support for agnostic app models that if I have an application, it could be PHB, it could be Java, it could be T net, that's okay. I need to be able to model it out in a way, shove it through that pipeline and get it to its necessary location. I shouldn't have to have different technologies just because I chose that. I have a legacy that we do. Acquisitions companies acquire technologies. Some had.net, others had Java. I shouldn't have to get a whole new tool stack in order to get them through the pipeline. I ultimately wanna get them new capabilities, new features into production. I should have a single system to help me make that transition.

00:12:21

And then enabling pipeline dep dependencies. You see some graphs here of just being able to, to model this out and just to show you that it's real. You know, I like to, you know, I'm a techie at heart I guess you can say. I think that you have to have something that will ingest. Uh, we, you know, since they only give us only like 20 minutes, I can never really do demos. But since I kind of help build some of this, it's kind of personal to me, it's passionate, right? So you should be able to have things like a self-service catalog where I can just click a button and say, make all this happen for me. We shouldn't have to always model it out, script it out and do all the work. There has to be capabilities like self-service where my team as an IT team says, here's our best practices, give this capability out.

00:13:01

And now when I wanna build my Kubernetes pipeline, I wanna do stuff, I just click the button and say, go get it for me. Go grab all the data for me and build my pipeline, build my model for me so my teams can operate a little faster. And so what I did for you, since I knew I only had so much time to cover all this is I said, Hey look, this is an example of that pipeline starting off with a catalog. You can see me saying, Hey, I'm gonna click here and it's gonna build out all the data for me. And then I did this one to say, okay, once this guy is done, I wanna click one more button and I want my multi-stage, CD pipeline to be built for me. I don't have to go do all the plumbing. We have to get to a point where templates and things reusability is available for me.

00:13:39

This is what it looks like when it works. Where I can say, Hey look, here's my Kubernetes instance that I just built out. It has all this capability for me. I can then see and so that you know that it's real. This is not me playing with Flash and doing all this stuff. Or Wesley could have made it up. I can then say I auto discovered a Kubernetes instance. I can click on it to say, well Wesley, do you know that this is real? Is this a real Kubernetes instance? Yes, that's a live environment. I am actually auto discovering it. I'm looking at all the dependencies. We've gotta get to a point where we make life easier for your teams that are working to get delivery of software out into production or to the end user. And so all I did here when I was building out these graphs as I took screenshots to show you this is me ingesting and grabbing all that Kubernetes stuff, then this is me building out the pipeline for that next button. And when I run that pipeline, I have all of the things that, all those little dependencies, you could see why there's so many here. This is just some of the lists that I have. Then this is me running the pipeline and this is the most important picture for you guys of taking pictures to take is that it means nothing for me to do covid five compliance

00:14:51

And do all this work here in my pipeline if I don't build evidence along the way. Integration is no longer the high bar. Everybody can integrate with technology. It is what do I get to feed data into all these other stages that I got from integrating with your technology that makes the difference. So again, integration is the, everyone can integrate. We can write Pearl in this front row and we can integrate with any technology through rest API. It's not enough to integrate. You gotta be able to grab the evidence and feed the data in through a stream so that you make sure that you can get the job done. Okay? Alright, that being said, trend number two, we got about 15 more minutes, so I'll speed up a little bit. Um, DevSecOps, I cannot emphasize enough the need for security. Again, I'm gonna show you some statistics and I got this, I gotta give credit to John Willis because when I sat in on, we did the first conference, a DevSecOps workshop in London, just in June, he put up some staggering numbers and me as a developer, I'm like, oh, that can't be true.

00:15:50

But this is what he was doing. He put up some numbers that showed and I all these are hyperlinks. If you want the slides, we can provide all that. These are hyperlinks to the report that we got from Sonatype here. That 1 million downloads of vulnerable libraries since 2017, Equifax breach. Let me give you a common example. That's like me and my wife asking one of the teenagers, the college bound one that we just got a car did all this stuff. He's off to college. We say, please clean your room before you go out to your party, whatever. Just make sure your room is clean, cleans the room. Three day, no, I'm sorry, 24 hours later. It's like it's completely destroyed. Again, it's like you knew to clean the room. Why are you still doing the same things and we have to go back over through it.

00:16:32

This is exactly what's happening here. We knew that the, the patches in this frameworks that we were using caused this breach in Equifax. The fact that people are still downloading it and using it is just baffling to me. What that means is there's no security. Why would we do that when we know it can be hacked? You are literally inviting, that's like buying brand new furniture and everything and you leave your windows, open the door, open no alarm system and say, Hey, I'm going on vacation for three months. Have fun. Why would you do that? I don't understand why we do that, but we do it and it's just develop, it's just habit. But this is a problem. So we're seeing security having to come in, uh, in the world of lack of security. Mark Andreessen's statement that software's eating the world become softwares infecting the world.

00:17:21

If you don't secure your systems, it's like you're infecting it because now every line of code, every vulnerable library, you just literally gave an example to everyone. We have some videos that we shared on DevSecOps of a video that John Willis shared that shows a hacker literally showing you, I'm using Inmap here to find this port. I then move over to skip fish to do this. I then use meloy. Bam, okay, now I'm into their private network. Oh, they are using this SSH technology. Great, I can use that as a tunnel. He opens up a bridge, voila, credit card stolen. Beautiful. It's videotaped. I mean it's on YouTube. They have YouTube channels showing people how to do this. So you've got, we gotta get better. We're the technologist. We're at a conference that helps us use and gr get great ideas. We gotta do better about securing the libraries and giving security personnel our CISOs a little bit more a, uh, advantage of knowing what we're doing in our, in our DevOps pipeline.

00:18:18

So I can't emphasize enough the the need for security. Uh, this is what we run. It's gonna happen on Thursday. This is just one example of the DevOps uh, DevSecOps conference. We actually show you how to take advantage of a particular system. In our partnership with Sonatype, we run the Sonatype technology to see how many policy violations, security violations and others. And so what I took the liberty to do is for those who can't make it, to show you an example of what it looks like, you take a pipeline. We're using, uh, electric cloud's technology. Of course we tie in technologies and from the time a delivery team makes a change, I can be in GitHub. I make a commit and it kicks off a series of technologies. And then ultimately speaking, as we go through the various stages, you can go from dev to to QA to stage, but we have an SLA or a policy that is implemented before you get into prod.

00:19:08

And so that way if you're not secure, we're gonna bounce you. You're not gonna get a chance to go all the way to prod and then we show you how you can remediate that. This is what it would look like in real life. You take the pipeline, you can see here I highlighted kind of just the beginning, uh, the policy violations. These are policy alerts, eight critical, three, severe, zero, moderate. You put the hyperlink in so you can go straight to the sonotype report. You click the button, this is what it looks like. There's the eight and the three. And I could have displayed all of these. I just displayed in the initial instance since I only had so much time before <laugh>, we got up here. So I showed just some of the policy alerts and this is what it would look like when you get a little bit further that there is a policy violation.

00:19:56

So you did well, you got all the way through here, but we stopped you because you didn't clean up those policies violations and license infringements. And we don't want that going out into a production state right here. These are the uncontrolled environments. This is the controlled environment. We don't want you going into production with something like that. So we stop it and then you can do auto remediation. Now some people don't like to look at it this way, so I took the liberty to show it this way too. So you can look at the pipeline. We are a big proponent of sometimes DevOps your way is kind of the best way to do it. Some people prefer the K bond view of things because it's, we've used Trello and we manage tasks. I think of a pipeline as more than the task. I think about it as the integrations or the seams in between. So I prefer the other view, but sometimes people like it. This view you can use either way within our technology. So we're on

00:20:46

Our last trend. We've got a few more minutes, so this is great. We're on the last trend. And this is the one that uh, I would say I've been the most forward thinking in trying to evaluate how we can help companies in this area. And this is the kind of the emergence or the, what I call the DevOps operating system, predictive analytics. It's how do we apply artificial intelligence and machine learning, not as just buzz terms, but where would it actually apply in a real life pipeline? Like why would we do this? So, and this is good because of electric cloud. I get uh, get a chance to say this. We kinda applied it to ourselves. I changed the names 'cause I'm gonna show you some live data. I did change their names. So if there's any developers from electric in the room, I changed the names, just letting you know.

00:21:26

So we won't know who you are. But, um, this report, we, I did an interview this morning with, uh, Torsten, he's awesome. And he's been studying as a, you know, as a EMA, uh, research analyst manager of a research. Uh, he's been studying a lot of these trends and one of them is this rise of companies making an investment in, um, in 2018 in uh, artificial intelligence and machine learning. And you can see right here that artificial intelligence was high. But look at the container management and DevOps, adoption, DevOps pipeline adoption. Now I didn't know he was writing this report, it's just we're converging on things. He's an analyst, we are a solution vendor. We provide solutions and we go in and we see some of the things that are kind of converging on the same light. So, you know, for those who are looking at, uh, applying machine learning and artificial intelligence to your platform, you have to draw stake in the ground of where you're going to begin because this is what we're essentially doing.

00:22:21

We're taking technologies that you're using as a solution. And I'm gonna tell you how we do it. We take technologies that we're using. We're not gonna ask the people in the room how is things going. We're gonna go to the tools and study through log analysis and through the actual use of the technology by applying deep pattern recognition, statistical analytics, we then understand from those, uh, the statistics that there's a grouping, there's a pattern emerging from those analytics. We then can predict some risk patterns for you. And then from there, make some recommendations. And if I apply it in real life, it might look something like this. It's like you wanna be able to move from a reactive mode to a more predictive type mode. I want to be able to see if I were to make a couple of changes, if my developers did this or if my QA engineers did this, could I get this release out a month early?

00:23:12

Could I be better? Could I get it out faster? Could I reduce the cycle time in my pipeline? Because at the end of the day, a pipeline is just the time I begin with an idea to the time I have it in production. Let's say it takes everyone in the room, we're great, we get it done in three months. What if some executives, like my competition's doing it in two, how do we get it done in two, do you have the analytics to say, okay, here's what we would need to do to get it out in two months. So what we're trying to do is take the patterns and factors like developer code base builds and things like that. Provide a risk score so you get some provenance about root cause and specific contributing factors. We applied it to ourselves. This is electric cloud on Electric Cloud using our product DevOps foresight a year in this is why we made the announcement in June for those who weren't aware is that we took some developers, I changed the names or at least they told me that I changed the right names.

00:24:01

But so we look at what they're doing, here's, uh oh went by that a little too fast. Um, code smell statements. That's from technologies like Sonar cube that we all know. Uh, functional complexity per function, lines of code per comment. We're looking at things that they're doing, code they're writing, commits that they're making and saying, I'm gonna try to identify a pattern. That's the first thing I'm gonna study the developer persona. Now, right now with Electric Cloud, we focus in on the developer, but you can see where this is going. It'll go to developer then q, QA, release and build then operations, then everyone else. It's just a algorithm. It's applied to the developer right now because they do a lot of writing of code, they do a lot of commits. They have comments, they have things that we can study. Once we get that study, it contributes to a risk analysis for your release.

00:24:51

I have high risk releases and some low risk releases. And when I drill down into one of those releases, I get the ability to say from each contributing factor, where am I problematic? The objective is I can take in the pattern. Now just so you know, this is like big data at the next iteration. This is not data you can, I don't know that people saw this. This is not data you can get in two months or three months. This is a year's worth of data of looking at developers within electric cloud and then studying that pattern so that it could understand here's where you're leading, here's the leading contributing factors to what you need to do to improve for this particular release. So this takes time. I mean anything with machine learning and artificial intelligence, you're not gonna do in a month or two.

00:25:34

You're gonna apply some data over the course of a year of collecting data or collecting logs. So just to make you aware, so as we have to wrap up, there's a lot of stuff, right? We covered a lot of things from container adoption to DevSecOps and my concern about vulnerable, uh, patches and vulnerable frameworks that we're using down and ending with, uh, machine learning. Here's some areas I'd like to highlight. I don't think we need to know everything. I just want you to highlight the key takeaways I want everyone to have. Um, number one, DevOps is no longer a fringe movement. We got enough state of the DevOps reports for everybody in this room to go back to your senior execs and say, look, this is real. We can really get competitive advantage. This is not a fringe movement. This is serious. This is a major competitive advantage for companies who start to adopt this, not only at the team level but corporate wide.

00:26:21

Number two, the multimodal approach that cloud and container adoption. You're gonna have people that do it from the greenfield aspect with, hey, I got a small team to, hey, in order for me to tie this in, truly I gotta get my legacy applications, my in-between or hybrid applications as well as some of the greenfield things too. And I wanna tie them all to one pipeline. DevSecOps is not an acronym. It is, it is real. It's something serious that we need to take seriously. We gotta stop starting with myself as well. We gotta stop using vulnerable, uh, frameworks and patches and things that we know that we need to get a little bit better on. A little bit more discipline. We gotta start adding security into our pipeline. Not just quality. Quality is one thing, security is another and we need to start shifting left and allowing the security teams to have some stake in checking and validating the code that we are about to push into production.

00:27:12

And then finally, uh, getting feedback from artificial intelligence and machine learning. If you're not doing it with electric Cloud, we'd love to help you. If not, we have some sessions that I'm gonna show you in a second. But please do focus in on some of the platforms where you can gather that data. For those of you, if you just had to know, since I'm getting on the yellow time, there are some other sessions where we're gonna drill down on these. Torson ISS gonna talk about the seven steps to move, uh, DevOps team to machine learning. And in the AI world, uh, Eric is gonna talk about some common pro processes in communication of adco. They're one of our customers and how they grew. And then the final one, the key metrics that matter, uh, our CTO Anders Walgreen is gonna talk about how to measure DevOps and looking at some of those measurement and feedback loops. So again, thank you so much for your time. I appreciate no one threw anything. My wife gets to gimme that great score. Now back to the kids. Appreciate your time. Enjoy the conference. Thank you so.