Containerization transformed development speed—but at what cost to security? In this episode, Emily Long, co-founder and CEO of Edera, explains how rethinking infrastructure from the kernel up is making true container isolation possible without sacrificing developer velocity or platform flexibility.
Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes’ original design.
Emily outlines a critical flaw: Kubernetes wasn’t built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn’t real—it’s just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.
Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn’t disrupt developer workflows, integrates easily at the infrastructure layer, and doesn’t require retraining or restructuring CI/CD pipelines. It’s secure by design, without compromising performance or portability.
The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today’s ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.
Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today’s container sprawl, but tomorrow’s AI-powered compute environments.
This is more than a product pitch—it’s a reframing of how we define and implement security at the container level. The full conversation reveals what’s possible when performance, portability, and protection are no longer at odds.
Learn more about Edera: https://itspm.ag/edera-434868
Note: This story contains promotional content. Learn more.
Guest:
Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/
Resources
Learn more and catch more stories from Edera: https://www.itspmagazine.com/directory/edera
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25
______________________
Keywords:
sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
Not So Contained: When Container Isolation Is Just an Illusion | A Brand Story with Emily Long from Edera | An On Location RSAC Conference 2025 Brand Story
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: We start like this. We, we do this and we show off the, uh, we, we pop Our luck is not a strategy shirt.
[00:00:06] Emily Long: I got it. That's
[00:00:07] Sean Martin: right.
[00:00:07] Emily Long: I got it.
[00:00:09] Sean Martin: We're rolling. All right. Well, I'm keeping that in by the,
[00:00:12] Emily Long: I, I, I like it. I I'm not saying we cut it out. All right.
[00:00:15] Sean Martin: Well, you probably realize we're silly.
We're seriously silly.
[00:00:18] Emily Long: Yeah. Well, silly serious. I mean, I think we're like minded that way around. No
[00:00:23] Sean Martin: messing around there, Emily. Hello.
[00:00:26] Emily Long: So
[00:00:26] Sean Martin: good to see you again. Yeah,
[00:00:27] Emily Long: good to see you too. It's been a
[00:00:28] Sean Martin: couple days already.
[00:00:28] Emily Long: I know. A lot's happened. I'm sure. I know. It has. It really has.
[00:00:32] Sean Martin: You've, you've been roll, rolling.
I don't wanna say rolling on the streets. So you've been rolling in the hallways?
[00:00:36] Emily Long: Yes. Well, we, we've been, there's been a lot of feet on the street. Yes. I think if I were to count my steps, it would be quite a lot. Okay. We've been hustling around the, uh, Moscone Center mostly. Is it Moscone? It is Moscone.
[00:00:48] Sean Martin: We'll go with that.
[00:00:49] Emily Long: Yeah. Thank you. Appreciate it. Yeah. Make me feel very comfortable. Um, yeah. But with a lot of meetings, a lot of great conversations. It's been really good.
[00:00:56] Sean Martin: That's good. Yeah. That's good. We're gonna get into what some of those [00:01:00] conversations were about.
[00:01:00] Emily Long: Awesome.
[00:01:01] Sean Martin: Um, let's, let's take a look back at, uh, Kubernetes.
Yeah. Kind of the world of containers. I mean it Yeah. I think shifting left and, and finding new ways to build. Software and deliver software and maintain software and then make it portable, right? Mm-hmm. Obviously, a lot of those things, uh, were enabled by Kubernetes. Yep. Um, tell us a little bit about that and maybe some of the challenges that the original design of that and implementations of that have kind of left us maybe in a spot where.
[00:01:40] Emily Long: Where there's some, some open,
[00:01:42] Sean Martin: yeah. We might not wanna, questions, we might not want to keep in place moving forward.
[00:01:46] Emily Long: Yeah, I think, you know, there's a lot of, um, good energy and love for Kubernetes even still, I think 10 years later. I think it was 10 year or uh, anniversary or birthday of Kubernetes a couple months ago.
And I think it's done a [00:02:00] lot for the community. Uh, we, one of our angel investors is Joe Beta and he's one of the creators of Kubernetes and. One of the, the things we talked about really early on in Adera journey was kind of the, the Kubernetes was really not created for multi-tenancy. Like the way in which it was kinda expanded and, and used it was really not supposed to be as I would say, um, distributed in that way.
And what I think has started to happen is because it solved so many, like you said, like portability and flexibility, and there were so many advantages to it. The security element inadvertently became an afterthought. I don't think it was deliberate, but I think that there wasn't, again, because it depends on how you hold it, right?
And people were holding it different than it was initially intended. And so a lot of different security risks started to come in. And you're dealing with containers. You know, I think we, we talked about this the other day, is, you know, it's just a set of processes and it's not an actual thing. A container isn't real.
And even when you're running, you know. [00:03:00] Kubernetes with, I mean containers and Kubernetes somewhat synonymous in this example. You know, you didn't really expect there to be so much risk. And I would say over the last probably 18 months or so, there's been a lot more of a understanding and a shift to understanding how risky that is.
Right. And I can also appreciate that the flexibility, pace, portability of containers has changed the way we develop. I mean, it has made things a lot faster, more agile, and I don't think we wanna give that up. Right. Um, but we did give up some of the advantages of virtual machines with, you know, some security hypervisors and a lot of things we might dive into a little bit more later.
But it's been an evolution and I think now we're at a place where we can't really look away. It's kind of like when once you see something, you can't unsee it. Right. I think that's where we are now as the evolution of how we're using it was different than its initial, you know, initial
[00:03:50] Sean Martin: intent. Can you gimme an example or two of.
I think I a well-known employment or organizations that have used it a certain way that that [00:04:00] works. But leave us in this position.
[00:04:04] Emily Long: I mean, there's a, I mean, most enterprise, I think it's like 96%. It's like a garner stat use Kubernetes and enterprises. So most people are using it in a way that they would say fundamentally using air quotes work.
Mm-hmm. Uh, for development. You're, is that the focus of what you're doing really for the
[00:04:19] Sean Martin: engineers to deliver? Right,
[00:04:20] Emily Long: exactly. Like engineers saw it as a, um, kind of a liberation at the time and they brought that in, but I think it's now security teams and engineers, to be fair, when they started really becoming aware of and having to manage some of the security components, like a lot of engineering teams now are dealing with even compliance, like the, like having to deal with FIPs or FedRAMP.
Like it's actually been pushed into the engineering team's responsibility to be able to report back how are we securing our containers? That's the type of stuff. I think that
[00:04:47] Sean Martin: which is, and if you look at Fedra or FIPs is not just a thing, it's a process as well. It's Exactly,
[00:04:53] Emily Long: exactly. So I think a lot of enterprises have done it well for development.
I think it's, it's created a lot faster, [00:05:00] more meaningful pace. The problem now lies is that anybody who is trying to use, um, multi-tenancy is sitting there realizing, I can't really do that safely.
[00:05:10] Sean Martin: Mm.
[00:05:10] Emily Long: Um, there's, you know, describe the
[00:05:11] Sean Martin: multi-tenancy thing. Like, so multi-tenancy
[00:05:14] Emily Long: can mean, I mean, some people use it in different ways.
The way I'm using it is like I'm running workloads next to each other. Mm-hmm. That can be, if I am, if I have multiple customers, I might be running them next to each other and I have a shared kernel between those, those, okay. Those containers or, and that can be also, you know, just within your own ecosystem, you're running containers or departs things alongside each other.
Mm-hmm. So multi-tenancy means you're sharing a kernel with multiple workloads. Right. And, and
[00:05:37] Sean Martin: then the risk there is cross. In it.
[00:05:40] Emily Long: Yes. Like issues. So again, going back to the idea of that a container isn't an actual thing that is containing a thing, it's just processes next to each other. If I am able to, um, get into a container of vulnerability exploit mm-hmm.
I can actually pop into, or lateral movement is what they say. Like go into other containers. Right. [00:06:00] And that is very scary. Hmm. 'cause you can try to mitigate that with less vulnerabilities and other things you can do. But zero days are well known to be, you find out that you can exploit something and we aren't able to patch it yet.
It wasn't known. And that's when you think something might be safe because it's in a different, again, container. Right. But it's, if it's sitting next to one and sharing a shared kernel, you're putting the same risk.
[00:06:22] Sean Martin: Yeah. And I guess it's scary enough. Just forget the, the tenancy part. It's scary enough if you have multiple instances.
Is and the lateral between, I don't know, customers chat bot instance. Yeah. Yes. Over to the financial, uh, yeah,
[00:06:41] Emily Long: proprietary. PII data something. Yeah, exactly. The keys to the kingdom. So that's bad. It's threatening. Yeah. But
[00:06:45] Sean Martin: when you start talking to 'em, I don't wanna say it. Managed service that has multiple clients and you, you pop a, I don't know, a retail shop that Yeah.
And
[00:06:55] Emily Long: then you get somebody else. Yeah.
[00:06:57] Sean Martin: Not, not cool.
[00:06:58] Emily Long: And what a lot of. [00:07:00] People have been doing to try to mitigate this is I'll do single tenancy, which again, you're running different environments and we've been talking to customers who are doing that and it does eliminate that problem, but it is ridiculously expensive to do.
Yeah. And so it's not manage that scale, probably little experience the orders of magnitude. Yeah. Yeah. Um, particularly if you are a large enterprise, you know, maybe if I'm a smaller business and I have to run 10 different single tenant environments, it's still. Obnoxiously expensive, but it impact
[00:07:26] Sean Martin: management as well.
[00:07:27] Emily Long: Yeah. Yeah. You're having to manage different environments. It's like, it's, you're, you're spreading it's time and money. Yeah. And again, it doesn't scale over time at all. Um, so some, you know, people are trying to do things that are, you know, hedging their bets in certain areas, but in order to actually have isolation in current stage, obviously we go into, it's a little bit different what we felt, but the only way to mitigate that was to do single tenant environments.
And it's, it's cost prohibitive. Yeah. For most. Well,
[00:07:53] Sean Martin: let's talk about what you built. I don't want to delay that. Um, and we'll talk about what it is, how it [00:08:00] works, why it matters, the outcomes of that. And then, uh, we're gonna look at the future, which is now Yeah. After that. And I'll hold that for a moment. So just describe what you've done, how it addresses what we just talked about, and maybe even more, um, just as a general picture, and then we'll dive into some of the fun stuff.
[00:08:18] Emily Long: Yeah. Uh, um, I'll take a quick step back and kind of the. The why and then what ended up happening and what we actually use it for. Okay. 'cause I think context is important. Um, we founded it about a year ago in April, 2024. Uh, my co-founders, Alex and Areni, are both incredible technologists. Mm-hmm. Um, Areni was behind the, um, chin images product.
She, global feed become launched. So she's very, very deep in the container ecosystem. Mm-hmm. Um, links, distributions, those types of things. And Alex grew up, um, at the age of 11, she started. Programming. She took her first programming job at 14. She's incredible. Um, but she's been working the last six years before adera on Edge devices like working for Google on [00:09:00] Edge devices.
And what's I think really unique about understanding the Edge is it's complex. You're dealing with different hardware, different software, um, complexities. Um, you have to be able to run containers, but you can't necessarily have hard hardware or like virtualization extensions. There's a lot of limitations.
It has to be really efficient. And so when Alex is looking at the issues at the Edge specifically. It was looking at how do I run containers efficiently without the need for, um, access to hardware? Is, is that possible? Can I get the security guarantees in isolation? And so she went out on this adventure to try to figure it out.
And in doing so, she was looking at a lot of different tools. And I think it's really important when we're looking at solving something really complex like container security being that's so prevalent that you're actually looking at history. Because we don't repeat the same mistakes in other technology that we did before.
And also to look at what did work in certain different technical elements and then see if there are ways to apply and modernize that. And when Alex went into a project called Zen, which is a hypervisor for VMs, it was about, it's about 20 years old, [00:10:00] but she realizes there was a lot of benefits there. It wasn't container native yet, which is what we did end up doing.
But she looked at it and said, oh look, there's something called para virtualization, which means that I can actually not have to get virtualization extensions. This field to get isolation. I could do a lot more, I could be more portable. It's smaller. So she took that, rewrote it in rust for memory safety and performance guarantees, and then made it container native.
And in originally she was looking to solve situations at the edge or compute security stuff at the edge. And then NY took a look at it and was like, I think he might have just solved for container securities. This is pretty darn big And fast forward, um, I Ariana left to go start the company with her. I called her and said, Hey, do you need someone like me?
I can be really helpful. And then this was born. And the reason why that context is important is because what, what Adera does is really low level, right? I mean, we are essentially a hypervisor that sits below the kernel. Mm-hmm. And we help manage, we essentially change the way containers are run. And the reason why [00:11:00] that's important is like if you look at containers not being a thing, let's you know, we actually put containers in what we call a zone, and we are able to isolate them from each other.
So in fact, it essentially makes it a container contained just by running them differently. So finally you get the promise of what we originally thought containers were at the time, containing as its name. Mm-hmm. But it wasn't, and then makes that actually possible. And I think that the up name finally exactly, somebody needed help renaming those.
But what's really cool about that is it gives the advantages of VMs, like virtual machines in the container world. So I wanna be able to have a hypervisor that actually, you know. Isolates, but I want performance guarantees and flexibility of containers. I want to have memory ballooning capabilities like VMs where I don't have to overprovision containers.
Right. I can do that now here. It brings a of stuff you need to, it brings primitives over. Yeah. Which we didn't have. We kind of split. We, we chose portability and flexibility over security and in many ways, like CPU memory management [00:12:00] and we're kind of bringing that over by actually using some older technology, reimagining it, right.
And putting, I mean, the rematch word is so silly. You hear it a lot. Companies, but it really was, it's, it's taking an older technology and making it and innovating it, and I think that's what makes it really unique. I'm picturing a
[00:12:14] Sean Martin: fork in and the this Exactly. Stuff got left behind. Yes,
[00:12:18] Emily Long: exactly. Which is, is meaningful.
Yeah. Because you get the confidence of knowing that something's tried in two for 20 years at its core, but getting rid of a lot of the technical debt. Right. Making it efficient, making it memory safe, and being able to utilize it in, you know, the actual environments today that people are using to the containers.
[00:12:35] Sean Martin: So as an engineer. Building stuff and maybe, yeah, I need to step back myself so I'm understanding it properly. Who, who is taking a Dara and putting it where?
[00:12:50] Emily Long: Yes. That's a good question. As a developer, you don't see it at all as transparent. You develop just like you always have. You use, not imagine, don't wanna contain disrupters.
You want, you don't wanna disrupt that.
[00:12:59] Sean Martin: [00:13:00] They, they know what they're doing.
[00:13:00] Emily Long: They're doing what they're doing, and, and people have their own flow and you don't wanna. Disrupt the flow. You also, even when you have something really important and innovative, if you have to retrain people and, um, take them out of their, their typical path mm-hmm.
It's, it's a non-starter and understandably so. Like it's, it's hard to get your flow. But, um, so we, it's actually really the platform infrastructure. Um, SRE teams, like people who are like managing more. So the infrastructure itself, they go by a lot of names. Sometimes it's
[00:13:29] Sean Martin: if the code's delivered. To them.
[00:13:32] Emily Long: Yes. And then they manage the infrastructure. Got it. And, but where we run is at the infrastructure we technically plug in at the CRI, the container runtime interface level. Okay. Um, and when you run us, it sits below the kernel, but developers are developing as they always would, but what it does is, again, transparent to them, their containers are actually isolated, moving around and transparent to them.
Well, because infrastructure teams, they're responsible usually for uptime. Mm-hmm. They're like the three nine crew. And this is giving them a lot [00:14:00] more flexibility in how they can maintain cost effectively. 'cause usually they're also the ones that are managing the AWS or you know, Azure or, or GKE bill.
And so this is kind of one of those like infrastructure teams dream. 'cause they don't have to change the way they work, they don't have to tell the developers to change the way they work and they get the advantages of better and more agile infrastructure, more efficient infrastructure and secure infrastructure at the same time.
So without. It, it's really easy. It's just a couple lines of yaml, um, to get it going, which again was a huge priority for us is if we knew we wanted to change the landscape of computing, we knew we had to do it in a way that was frictionless. Because anytime you have to, again, we could do a lot of things to secure by design, but it means we have to start over.
Right. And that's just a non-starter for most everyone.
[00:14:44] Sean Martin: So, or I'm trying to, I'm trying to visualize, I I can see the under the hypervisor.
[00:14:53] Emily Long: Yes. Yes.
[00:14:55] Sean Martin: Um, what's, I guess, so [00:15:00] portability remains,
[00:15:01] Emily Long: yes.
[00:15:02] Sean Martin: Bursting, flexibility, all that stuff remains. Mm-hmm. What about the cost? Is there any difference in that in terms of, no.
So
[00:15:10] Emily Long: that's a big question we get is, uh, performance impact, right? What's the performance impact? Because I think hypervisors in the, um, VM sensor, even some of the other tools, we've tried to do isolation before. Um, tools like G Visor. Mm-hmm. And caa, there's restrictions on either where you run it, so do I need bare metal access or not?
Right. Can I do stuff in the public cloud? And the answer is no for a lot of them. Or, um, is there a performance hit, you know, like G Visor, they try to do like a kernel emulation kind of thing, and it ends up being a 30 to 40% performance hit. They. Advantage of isolation Is there, the practical usability of it is not, I'm
[00:15:46] Sean Martin: picturing a shim.
And a shim can be Yeah. Like lots of things. A, a slice or a, a big fat block. Yeah.
[00:15:52] Emily Long: And we actually have our, um, head of Adera research, marina Moore did an academic paper on our technology and compared it [00:16:00] to Visor, just like plain Docker. Mm-hmm. Ada, um, to be able to kinda show what our performance metrics are relative to running our software, because we knew how important it was for.
People to be able to see objectively that they're not gonna see any sort of large performance degradation. And we are, um, across the board, generally on par with a typical Docker container. In some cases we're actually more efficient 'cause of how we schedule CPU, um, and memory. But, uh, it's actually very cool in that way, which gives us a lot of hope, I think, in the world that we can actually solve for this problem because we know the businesses are gonna have to deliver results first.
[00:16:34] Sean Martin: Right.
[00:16:35] Emily Long: And security though, top of mind, ends up being second to that.
[00:16:38] Sean Martin: Mm-hmm.
[00:16:38] Emily Long: Um, and. Being able to not have those be a trade off act. Like in real, right? Like real terms. You see that marketing jargon. But that's a true term here is like if you don't have to trade that off, then you can have both at the same time.
[00:16:51] Sean Martin: So talk to me about, so I'm initially picturing a shim or a layer. Mm-hmm. Um, but you actually describe a container. Mm-hmm. [00:17:00] So I'm starting to visualize walls, but it's completely enclosed. Yes. A zone. We call 'em a zone. Zone. There we go.
[00:17:06] Emily Long: Mm-hmm.
[00:17:07] Sean Martin: That does. A few things in my mind. One outside penetration in and inside leaking out, out.
Mm-hmm. So what, what are some scenarios that traditional container implementations experience or we weaknesses to or vulnerable to? Yes. That you address specifically.
[00:17:29] Emily Long: Yeah. So the zone is really more like the out, like inside out. Okay. So like if there's a vulnerability that ex exists out in the wild. You can still access it.
Okay. So you're not, you're shielding, we're not shielding on the in What it does is that when you get into the container Got it. There's, you cannot pop out. Got it. And that really is the big scary part of the world here. So there are, like, if you have a container that has, we'll say keys to the kingdom, security keys.
Okay. PII, social [00:18:00] security numbers, whatever it may be. Um, you don't. Like if somebody gets in that's really bad and there's measures of, um, other companies. Chain Guard is one of the places we, we spend, I think minimis is another one that just launched that do like small vulnerability, kind of like images.
And the kind of premise of that really is to try to limit the attack surfaces going in. Got it. The problem is, is that you can't mitigate zero days and those types of things with that. But if you, or if you have, you know, these minimal images side by side, let's say you have your security keys or something really precious.
Sitting there and it's, you know, you got a zero image, whatever, but you have a legacy application sitting next to it that has end of life software or something like that. Mm-hmm. You can have a super great container sitting next to one that you made some questionable decisions and or you have legacy needs within an enterprise, which is very typical.
Oh yeah. I mean, and understandably, there's a lot of reasons that's a real thing, but Yeah. Then it doesn't matter what one's sitting next to it, you can pop into the next one and that becomes really scary. Yeah. And so for us it's really [00:19:00] about making sure that the context is there. So if you can't eliminate, the vulnerabilities will always be out in the wild.
How do I protect myself when, right. And if something gets popped. So for security professionals, when we talk to CISOs, they say constantly context. I just need context. Mm-hmm. I get these alerts, I know what's going on. Context for us, it's like. If you know that your containers that have all the scary stuff are over here.
Mm-hmm. You want your scanning solution to yell at you. When that happens, if you have stuff over here and it's not, there's nothing really in there so you can pop. You don't have to worry about people trying to get, it's not usually that people get access to the secret stuff first. Use as a vector. They use that as the vector to move, and so if you can trust your infrastructure and you know that nothing's gonna move, then that 9 1 1 kind of red alert scenario is much less.
Right. Prevalent. 'cause you know which containers are the ones that are scary versus the ones that are not.
[00:19:50] Sean Martin: But do you, is there a monitoring and alerting and of the container to say We see some anomaly? We
[00:19:58] Emily Long: have. I mean, our data [00:20:00] is, is exceptional. That's coming out of it. Mm-hmm. Uh, mostly 'cause we sit so low level.
We have a, a really detailed, uh, I, I don't like using the word perfect, but my CTO does. Mm-hmm. So I will say it because she does, and she knows a lot more than I do. Um, but a perfect snapshot of what happens in your system. Okay? So like, even if you do get it popped to container, um, vulnerability, we can copy that and see exactly what happens.
You can do really cool forensic stuff that we do. We are not a scanning solution. Um, we have EVPF enabled kernels, so we can work alongside, um, some of the, you know, prevalent, uh, what we said, observability solutions. Um, but our data becomes the secret sauce. We have APIs for people to do stuff from Prometheus and other things, but.
Um, for us it's more about us being at the infrastructure layer. Being your new infrastructure, right. And then, you know, you can grab any other tools that are gonna alert you, but those tools should be a lot less loud. We had one enterprise tell us that they had 2 billion alerts a day, and you have those moment where you're like, I don't even know what that means.
Mm-hmm. Like [00:21:00] conceptually, like, is it even worth having alerts? Right. Like, what do you do with that? Right. Like, what does that even mean? Mm-hmm. So for us, we hope to help that company that has 2 billion alerts. Contextualize that a lot more than you know they have today.
[00:21:14] Sean Martin: Any other stories like that where you Yeah,
[00:21:17] Emily Long: I mean, helping
[00:21:17] Sean Martin: companies
[00:21:18] Emily Long: that come to mind.
I mean, a lot of what we hear is because there's no proactive security. 'cause we're talking a lot about the security. There's obviously the infrastructure, you know, efficiency piece of this too, but. Being that at a security conference, if it feels appropriate. I'm,
[00:21:33] Sean Martin: I'm, I'm drawn to the Yeah, I, I know it's very cool the performance and efficiencies.
I know stuff I love. I know, I know. I
[00:21:37] Emily Long: love, um, but what we hear is that because there's no real proactive security measures out there, most, um, anybody who's marketing proactive, what they mean is we're trying to use AI to be as fast as we can when we see something abnormal occur to tell you that something's wrong, and then we can prevent.
Other things from happening, meaning we'll [00:22:00] tell you faster,
[00:22:01] Sean Martin: right?
[00:22:01] Emily Long: We are truly preventative, like it cannot go anywhere, in which case like that. That is incredibly important. So preventative. So what we've heard is people have layered like six different observability solutions on, because they all kind of look at things a little differently.
So you couldn't find a seven. So it's again, it's like hedging their batch. Yeah. Maybe there're more. We, we talked to one enterprise, it's over seven. We literally talked to one enterprise that said we have every single. Container security solution. We just buy them all because like the risk is so high for us, but we see a lot of power in trust in infrastructure.
We're not saying don't have observability, but like, do you need seven? Like if, if you're hedging your bets, because you need, you need somebody to tell you as fast as possible. So I want all of them. We want that. That to not have to be the world we live in. Which is why you end up with 2 billion alerts.
Yeah. It's not from one singular observability platform. It's from all of the ones you're trying to distill what's actually. Important and that becomes unmanageable. A lot of
[00:22:54] Sean Martin: duplicate alerts that are just from one root problem. Yes. You [00:23:00] eliminate the problem beginning. It's like then
[00:23:01] Emily Long: you didn't, you didn't have it in the first place.
I'm glad
[00:23:02] Sean Martin: you, you're talking about that and maybe, I don't know if there's more to elaborate on it, but the impact on AppSec teams and DevSecOps and a lot of the, a lot of the, you're talking about observability, what's going on, but there's still a lot of that in the build process too. Mm-hmm. Um, is there any impacts on how that looks and function?
Yeah,
[00:23:21] Emily Long: like kind of the CICD kind of story? Well, I mean, we all, I think know like solar winds and kind of the fun that, that brought fun again, air quotes that, that brought. So, you know, there's a lot of risk in builds, you know, you're bringing a lot of code in and one of our, um, case studies we will have coming out soon is on the efficiencies in CICD, but also security because being able to build, um, securely in CICD is really important and people are seeing issues with that and have for a long time.
Right. And um, I won't be able to go as in detail as I know some of our team would and kind of like docker and Docker and those types of things and risk and build. Um, but we definitely make that [00:24:00] simple and more gonna too. 'cause if you're gonna be bringing a bunch of code in, but you know, everything that you're putting in can't pop out.
Right. We have a much easier scenario of building without having to worry about what you're bringing into your containers. It doesn't worry about not, they shouldn't do
[00:24:11] Sean Martin: that work, but it's a level of comfort. Right?
[00:24:14] Emily Long: Yeah. Because I mean, there, there are going to be risks in build that is just inherent. So.
You know, and that becomes incredibly scary if you're looking at software supply chain security holistically. But that's where a lot of our power is too, is that it's not production of course. Like that's, I mean, that's kind of your end jam, but like as you build, the more you can eliminate and have, you know, more confidence there, the better.
[00:24:37] Sean Martin: So I know the answer I think already and that's pretty cool, but there's been talk about vibe coding and Yeah. And agent AI and, and. Code agents writing code for themselves, which opens up all kinds of weird scenarios, right? Yeah, it does. And I, I, I go back to my QA days quality assurance where I [00:25:00] actually did security testing as well.
And I, I could fairly easily define the box that this thing that we built was supposed to operate in. Mm-hmm. And very few API stuff going around, but now everything's API driven, everything's open source, everything now writing its own code, polymorphic in a sense, right. Um, I know the answer is, doesn't matter if it can't pop out.
Yeah. But what, what are your thoughts on that whole world and in relation to containers and, and what you're doing, kind of the future there?
[00:25:31] Emily Long: I mean, vibe coding. So you're so current. Really, we're gonna date ourselves with this episode over time. I think. I know, but it's so true. It's so big right now. You know, I so be careful of my opinion here.
I think there's a. Great case for it. And there's a lot of people that use it in a very responsible way. Mm-hmm. Product managers, being able to like, see and scope and those types of things. I know that when it comes to, for lawyers
[00:25:53] Sean Martin: using it, which is scary.
[00:25:54] Emily Long: It's scary, it's a scary thing. Mm-hmm. And I just hope that people [00:26:00] take the time to understand implications of what that means.
Mm-hmm. We, even if you just look at it conceptually from like technical debt, when you actually talk to people, I listen to a really interesting talk, um, in London. Around CubeCon, I think it was Monkey Grass. We're talking about, uh, essentially vibe coding and AI and the risks. And one of the big things is like AI doesn't always make the simple decisions when it's coding.
Like when you would have a kind of a logical human brain who is like lived in the world. So the, the way in which you can actually troubleshoot issues when you're trying to come in is very difficult. So like you're setting yourself up, you start to use it in your core build. Like you're setting yourself up for some pain.
And that's not even, we're not even talking like security risk at that point. You're just talking about like, legit, how do I use this in time and deal with my own technical debt? What bad did I write? Yeah. What did I, what did it do? How do I, you know, because a lot of our build is like, it's debugging. Yeah.
I mean, a lot of our engineers are spending time like diving in complex rabbit holes and when AI's gonna make a decision [00:27:00] and, and in this talking specifically, they're talking and give examples of the decisions that were like, ah. Highly complex in ways that it didn't need to be for a very simple solve because it just took, you know, what it found from, its, you know, whatever it was being trained on, that's problematic.
And then you, again, yeah, you don't know what you're gonna be introducing. You don't have the same kind of quality checks if you're just gonna trust what it's bringing in, which you will view up looking at it. But, but it does, it does help. We do, we do not hurt the process on the security side by existing and making sure that if something is malicious, it's brought in that that would, um.
You know, be an issue in either build or, or production. But
[00:27:36] Sean Martin: yeah, not a focus area. But you're not gonna,
[00:27:37] Emily Long: yeah, I mean, there's a lot of opinions there, but we, I mean, we have a strong opinion on, on, you know, AI security. Like we, a lot of our product offering is focused right now on securing GPUs, right. Um, itself, because, you know, if you're building ai, you're using GPUs, in some cases, TPUs, GPUs.
But our technology is hardware agnostic, which is very powerful. But like, we believe that people need to [00:28:00] understand the risks of using and developing. AI and using a GPU memory wiping, knowing that you're not dealing with just a container, you're dealing with GPU itself and the risk of it staying in memory or on the GPU device, right.
It's, it's scary. And you know, you've got AI develop, developing and having memory management, memory management, wiping stuff, knowing and guaranteeing you can, and the complexities of that are, are wild. But if you have something like Adera where you have a hypervisor that sits. Iss again, right above the hardware and you can map everything that's happening and you can confirm that the memory was wipe that you updated to back that up.
That's powerful. Right now it, it's not possible. So it's, it, it's, there's a, so building off of the vibe coding component of that, you have that and your vibe coding on that. I mean, I don't even, I sometimes I don't wanna think about it, right. 'cause it scares me so much, but. You know, you can don't, we're trying to do our part
[00:28:52] Sean Martin: so flexible and capable.
Who knows where it's gonna take.
[00:28:54] Emily Long: Exactly. You don't know. I mean, it's very powerful stuff. It's great. But it's, yeah.
[00:28:59] Sean Martin: Am [00:29:00] I getting the, I'm getting the marker Uhoh that we're done. I
[00:29:02] Emily Long: think we talked too long. My goodness. Are being getting in trouble.
[00:29:04] Sean Martin: We're getting in trouble. But that's a good sign, in my opinion.
Yes.
[00:29:08] Emily Long: Yes. And
[00:29:09] Sean Martin: also a, a sign to say we're gonna have more conversations.
[00:29:12] Emily Long: I, yes. Excited. We're gonna, I'm so excited. We gonna do, we're
[00:29:14] Sean Martin: gonna do some webinars.
[00:29:15] Emily Long: Yes. We're gonna get deeper into this packaging fund. We're gonna get into
[00:29:17] Sean Martin: some of this stuff. We'll. Have some people online asking us Yes. And questions that I'm not able to ask.
[00:29:23] Emily Long: Yeah, yeah. Because it's been a while since I've been, and I probably wouldn't be able to answer. We're gonna, we're gonna tap it so we're bring the Alex. Yeah. We're gonna gonna, we're gonna bring the right people, but people doing the work, the people creating the offering. Yes. Yes. And it's gonna be super fun.
That'll be really fun. Thank you so
[00:29:35] Sean Martin: much for having me. So grateful. I love this. And your team.
[00:29:38] Emily Long: Yes. Amazing. Thank you. Thank you. I said it
[00:29:40] Sean Martin: the other night, I'll say.
[00:29:41] Emily Long: Yes. Yes. Super
[00:29:42] Sean Martin: fun, super smart.
[00:29:43] Emily Long: Amazing. Thank you. Very. So
[00:29:45] Sean Martin: thanks everybody. We'll, uh. Stay tuned. Connect with Edera team. Connect with Emily.