Transcript
Mike Matchett: Hi Mike Matchett Small World Big Data. We are here talking with Environment Zero today about really, uh, how do you deal with infrastructure in the modern world? How do you deal with it once it becomes code and you can do some really great things to accelerate it, make it fungible, govern it, control it, scale it. Uh, but you need some tools for that. So we're going to talk to Environment Zero today about how they might help you look at this new world of environments and infrastructure as code and bring it forward. So just hold on a second. All right, Chris, welcome to our show today. Uh, you're from Environment zero. Uh, before we get into environment Zero a little bit, could you just set the landscape for us about where where infrastructure has become code? Uh, you know, we've got a lot of IT people here who when I say infrastructure, they're still thinking hardware. They're still thinking even if I go to a cloud service, I'm buying a virtual machine, and that's something that can almost still wrap there. What are we really talking about? Chris Graham, Chief Marketing Officer: Yeah, sure. So when we talk about infrastructure as code or IAC for short, what we're really talking about is a is a code file or a configuration file that's written in a particular IAC framework or an IAC language that dictates when a piece of infrastructure, physical infrastructure, gets provisioned. What are all the parameters of that particular piece of infrastructure? So when the IAC world, you might go into AWS and you might point and click and you say, okay, I'm going to spin up an EC2 instance and I'm going to go into my instance family and my instance size, and then I'm going to go and determine what type of storage I want to attach to it. And IAC, all of those parameters get defined in the code file. And then the code file when it gets run, when it gets deployed, it then dictates to the cloud, What is it that I'm actually building? That's what I see is today. Mike Matchett: And then that that file itself becomes something you can back up, restore, move around, re-implement. It becomes something that can be generated and tweaked and managed with policies also. Right. So you start to get this metal layer of insight and control over things. Chris Graham, Chief Marketing Officer: Exactly right. In the same way that an organization would, would ideally be storing their application code in a repository, a single source of truth or version control system. Your infrastructure as code also gets stored in a repository or in a in a git. And as you said, it can become it becomes manipulated, it can be updated, and we can enforce policies on top of it as it gets run and before it gets run. Mike Matchett: All right. So you're not new to this, uh, completely new to this, but you've rebranded recently just so you were you were you were environment with a zero, uh, digit zero. Now you've spelled it out. Environment zero. I guess you know that that that is there's some reasoning for that because you just tell us, you know, what the rebranding is doing for you. Chris Graham, Chief Marketing Officer: Sure. So so the company name as said, it's it's good that we're calling it Environment Zero because that's what the name means. Um, but when we say that we actually say M0. Mike Matchett: And zero. Chris Graham, Chief Marketing Officer: Okay. And the whole idea is that we are the place where the we are the, the, the locus from which all infrastructure arises and should arise, kind of the ground zero in a sense. Um, we've rebranded the company, we've preserved the name. Um, but part of why we're spelling the name, the way that we spell it, even with our own customer base, we had a, a lot of confusion just around what the proper pronunciation of the old spelling was. We had Envo Envo Envo env zero. So we we spelled it as phonetically as we could while staying true to the the founding name. Um, because the founding name is still very much tied to our go forward vision. We still want to be the single place from which infrastructure arises. But as we enter this AI era of 2025 and beyond, we're really leaning heavily into layering governance on top of infrastructure. Um, so that's that's a little bit behind the rebrand. Mike Matchett: So governance, I think we're going to talk about that here in a second. Let's, let's now talk about talk about M0. Uh, so what what kind of, uh, group within it or within an organization would be mostly looking at getting control of infrastructure as code. Is this I mean, I assume DevOps folks, but you know what? Help me put my hands around who that is. Chris Graham, Chief Marketing Officer: It's a great question. When so when I see really hit mainstream, I think we have to credit it started with CloudFormation AWS, but I think we really have to credit the community and Terraform, which is now under BSL with HashiCorp. It was really the DevOps group, but DevOps itself has undergone a pretty significant transformation, and the way we think of it is DevOps and SRE have sort of collided, and they're kind of melding together into what most organizations today are calling a platform engineering team. So that that platform engineering team, they're going to be the team that's not only carrying the task of codifying and managing infrastructure as code, but their job is really to control the entire development pipeline, to build a stable platform that is very fast, highly standardized, high degrees of governance. But that can help get developers application code into a landing zone and then progress it up through the, uh, the the dev test staging production pipeline as fast as possible. Mike Matchett: All right. So let's let's just one more sort of higher level question here, and then we'll dive into a little bit more. But if I'm talking about applying governance to this infrastructure as code situation where I, you know, I want to provision things reliably from templates and I want to apply policies to them, and I want to do that. What is what does that look like to somebody? Uh, you know, if they're if they're if they're a developer, normally today goes to AWS and does something. What what do they have to do now or what does it look like after after you implement this? Chris Graham, Chief Marketing Officer: Sure. So I think today when a developer goes to AWS, part of the challenge is they can do anything they want and there really is no governance. So until a platform team has centralized its infrastructure provisioning process and put the governance as a layer or as a step in that provisioning pipeline, um, it's a little bit of the Wild West. And that's part of the problem that we solve with, with M0, whatever the policy that needs to be enforced on the infrastructure, it gets enforced in line with the actual provisioning run. So if you need to put a cost check or cost policy on a particular piece of infrastructure, we don't do it after the fact. We do it at the point that it's that it's birthed. If you have to put a piece of security policy on a piece of infrastructure or access that gets done in line with the run. Mike Matchett: All right. So that's a you know, it's a way of creating almost a factory kind of perspective out of it. Right? So you're I mean very high tech factory. But but you're putting something into a very structured way and I and I don't mean to pick on you. Do people find that limiting or enabling when you do that? Chris Graham, Chief Marketing Officer: Um, it depends on who you're talking to, I think. I think the developers, the way that we the way that we, uh, apply the policy platform teams love it because that's really what their charter is, is, look, you guys need to get this thing locked down. You need to make sure that every piece of infrastructure that we want to audit has the proper guardrails applied that it's supposed to have applied. Um, developers, we we do it in such a way where it is it's as frictionless as possible. And what our customers tell us, it's a reasonable amount. It's a reasonable amount of friction. Where? Yes, as they're doing their runs, you know, they can see the different checks and balances that are being applied. But it's it's, uh, really not cumbersome or a hindrance to their actual process. Mike Matchett: I mean, I can even see some acceleration there because things become templated. They become reliable. You know, if a developer forgets, for example, to turn off a bunch of instances in the old world, they just run up the bill and here there's some protection for them, so they're not going to get yelled at that money. Chris Graham, Chief Marketing Officer: Exactly right. Mike Matchett: That money can be reused and reapplied to other projects they want to do going forward. So you know, it can it probably has some benefits, uh, that we haven't really talked about for that not to mention just, you know, that's that overall reliability. You know, I, you can't be expert in everything. Right. So having someone who's already who's this works. This is a working solution for our company, you know, use this, uh, is probably a big, big help to us. So so let's talk about let's talk about M0. I apologize, I just in my mind, I was like with the digit on there, I would say environment zero because you have to spell it all out with this new brand. I'm going to have to rethink this. Just pronounce it the way it looks. And zero uh, what what are we what are we focusing on? What is sort of bring us up to speed. What's what's where where are we at with M0 in this solution? Chris Graham, Chief Marketing Officer: So what are we working on now? We always have a run rate work stream around just hardening the core product in, you know, enhancing, uh, system performance, enhancing ease of use of the product. So that's always there. Uh, as we look to where things seem to be going with AI, and I would certainly not claim to know where they're going because I don't think anyone really knows where things are going with AI. We're trying to be as salient as possible with some of the new features we've released without overdoing it. So we've recently released an MCP server that allows a user to interact with the core M0 platform through natural language directly within their IDE. Um, as, as uh, I think is becoming quite common in the industry. We released a set, a feature called Ready to Use policies, otherwise known as our Policy Library, where it's a series of out of the box policies that you can easily click and apply to any of the environments that you're going to be provisioning. And then coming in just a few short weeks. And we're recording this in mid-October. In just a few short weeks, we'll have a static code analysis agent. And so this is an agent that will essentially look over your shoulder as you're building a particular infrastructure run. It'll analyze your IAC code and it'll identify any vulnerabilities that might be in your code. So one of the most common ones is you have, uh, secrets or secret keys, right, that are exposed directly within the state file of the IAC code. It's a big no no. Um, but it's unfortunately more common than it should be. And so our static code analyzer agent will will catch that, it'll remediate that. And then via pull request, it'll update your IFC file. So those are some of the short the short things that we're working on right now. Mike Matchett: I mean, the AI is interesting. It's evolving. We'll have to just keep an eye on what's going on there. But let me just ask you about this policy thing, because some people struggle with policy creation, uh, whether they're doing it manually, at a detailed level, or even just physically, philosophically, like, what should our policy be here? So it's great that you're going to provide suggestions, but what what sort of span what what are the policy span here? Uh, when we're looking at IAC. Chris Graham, Chief Marketing Officer: Sure. Uh, so they really span three broad buckets. Um, cost is one of the big buckets. So setting certain cost thresholds or cost parameters, um, compliance. So is a particular piece of infrastructure abiding whatever compliance uh requirements that it needs to abide based on the type of application that will be hosted there or who will have access to that particular piece of infrastructure, and the third would be security. Those are the three broad strokes of policy that we can help enforce. Mike Matchett: All right. So you can you can make sure that no one person is going to go off and launch a thousand machines and run the bill up, uh, on their way out the door or something like that, or, or bring everything down or do some crazy stuff. So you can just really put some, put some hands around it. Chris Graham, Chief Marketing Officer: Exactly. Right. And then kind of the, the overlay, um, that I think is kind of encapsulated in each of those three areas in IAC, there's this concept of drift, which is to say, if I'm if I'm codifying my infrastructure, I, I'm committed to I'm defining it in some way. I'm defining it and saying this is what the infrastructure state should be. But that doesn't necessarily mean that the living, breathing state of the infrastructure is not able to be changed. You could still have someone go and make a manual change. We refer to that as click ops. You might have some sort of an optimization tool tied into your infrastructure that's making dynamic changes, uh, to, to how a particular instance might be sized or configured. Right. And so changes can still happen. And so one of the really nice pieces of uh, of governance that M0 adds is drifted detection, analysis and remediation. So when the natural state or the living state doesn't anymore match the code state, we can see that we can analyze when it happened, why it happened, who did it. And then we can suggest ways for them to quickly bring it back into into balance. Mike Matchett: Yeah, I saw that you guys have as part of that AI, uh, evolution and MCP server. So someone can use AI to start using M0 and doing things. But this would be one of the guardrails on the other end to say like if, if the AI is or whoever is using it has created a monster, the drift analysis will come back and say, hey, you know, there's a problem here, there's a. Chris Graham, Chief Marketing Officer: Problem. Mike Matchett: Fix it. Chris Graham, Chief Marketing Officer: Yeah, yeah. Exactly right. Mike Matchett: So you got to give you got to give people the carrot and stick with AI. I firmly believe this. Right? You can't just. You can't just say, have at it and and ask for. Ask for the world. Because, uh, you might just provision the world, and then your bill goes way, way up. Um. All right. So. So, um, I guess I guess, you know, if people know what infrastructure as a code is, they're probably going to already have heard of M0 here. If they're not, I would probably suggest that people start looking at, you know, what Terraform does and looking at how that works. But for the folks that do know or are developing these capabilities, where would where would you say if they've seen this and now they're interested in following, where would you send them first and start to start their next step of research? Chris Graham, Chief Marketing Officer: Sure. So they can definitely come to our website. So that's just env0.com. Um, there's a lot of resources here, uh, that they can learn not only about our platform but also about IAC broadly. And then one of the, one of the other things I would encourage them to check out is, is open source. Um, and that's not one of the things that we we talked about earlier, Mike. But open tofu is actually a it's a cloud Native Computing Foundation project that is a fork off of the main Terraform project before Terraform went, uh, BSL in 2023. So there's a lot of really nice innovation being done just within the Open Tofu project, which, again, is emerging as one of the preeminent infrastructure as code languages or infrastructure as code frameworks. Mike Matchett: All right. So you guys have some pointers there. Some, some, some things to go do as soon as you finish watching this. Uh, thank you, Chris, for being here today. Check out ns0. Their new brand puts you at n n0. I'm gonna have to practice that vs n0.com, uh, website. Uh, and, uh, you guys are you guys are on fire. I'm glad to see it. Uh, you guys got a lot of good stuff coming, too. So stay tuned.
