It was another exciting year for Venafi at KubeCon EU. We had three stands at the show to highlight the breadth of our offerings—a cert-manager stand, a Venafi stand showcasing our workload identity management solutions and a joint stand with Venafi and Otterize. We were happy to meet with platform engineers and security architects to discuss our commitment to the cloud native industry.
First and foremost, there is still a lot of LOVE for cert-manager! And a number of people I spoke to said they had used it as their inspiration for their project. In fact, the project is in rude health, and preliminary data based on pulls per second indicates that cert-manager is being downloaded roughly 6 billion times a year. That would probably make cert-manger one of the two or three most downloaded projects in the entire cloud native ecosystem outside of Kubernetes itself.
As the inventor and maintainer of the cert-manager project, I’m also happy that there is a growing association between Venafi and the value we can provide on top of it with TLS protect for Kubernetes. There was also a very strong positive response to the multi-cloud identity work we’ve done with Otterize. We were really pleased to be so strongly associated with them, and I think it communicated our aim of being the ‘most connected’ machine identity solution.
Cloud Native Certificate Management - Exploring How cert-manager is Used in Kubernetes Production Environments
Growing Importance of workload identity
I heard a lot of buzz about workload identity at the show. It’s not so much a theme at the conference yet, but I met or heard about a number of brand-new identity start-ups, mostly in the workload identity space. They will be much more visible next year. This is in addition to a number of AuthZ related startups, both at the infrastructure and app level.
When I spoke with a leading workload identity company, I was interested to learn that they don’t believe they’re creating a security company, but rather a developer productivity company. This would, in essence, replicate Okta’s approach as a human identity provider but would be applied to ‘non-human’ identities and cloud native services. Along those lines, I felt that many of the people I spoke to were taking an ‘platform engineer approach to identity’ to ultimately influence security to pay for workload identity solutions.
Hot topics
- Software supply chain security. This topic is consistently running through many conversations. There was a lot of discussion about which of the big open source projects to standardize on, what's best, how to manage it, how to attest, and how to sign code.
- Observability. It’s everywhere! And some big drivers for this include new players in OpenTelemetry (agentless, standards based), cost and inflexibility of incumbents, and security focused observability.
- Modern PaaS platforms. This topic is getting big developer mindshare. They’re focused on making it easy to build sites, do testing, and get built-in CDN out of the box. There’s less to configure, quicker to get results and almost everyone was talking about building on these new platforms.
- AI. As you would expect, there is lots of talk about AI and many ideas are being floated around. But I didn’t hear much practical applications as of yet. That will obviously change rapidly.
Overall impressions
I was struck by a change in perception towards a number of vendors from the early days of cloud native that are now seen as incumbents ready to be disrupted themselves. This shows how far this industry has come in such a short time.
Not as many service mesh conversation as I had expected, probably because it's already 'arrived.' Conversations focused more around mTLS, multi-cloud tracing, and observability using service mesh rather than just how to deploy it.
Gartner and Forrester now seem to be working with, and advising, a number of the cloud native companies I spoke to. Only a few years ago I would NEVER have imagined this would happen. In fact, top analysts were typically laughed at by this community as being ‘out of touch.’ And now they are a go-to resource. Crazy.
Overall, it was a great conference. It’s exciting to see the cloud native community grow and mature and to learn where it’s going next. I’m looking forward to KubeCon North America 2024, which will be hosted in Salt Lake City, home of Venafi’s headquarters and KubeCon EU 2025, which will be hosted on my home turf in London.