AiThority Interview with Thomas Hatch, CTO and Co-Founder at SaltStack
Could you tell us about your journey in technology and how you started SaltStack?
At one time, I was a data center architect and systems administrator in charge of the management and security of digital infrastructure that underpinned everything from consumer apps to classified government agencies. What I did then is now called site reliability engineering by the web-scale organizations of the world.
Back then, I needed automation built for modern data center infrastructure in order to do my job effectively. That automation didn’t exist, so I created Salt to fill a need that was not being filled by the legacy systems management tools. IT automation tools have existed for decades, however, they were built to manage small-scale, homogeneous infrastructures.
So much has changed over the years. Salt automation was different in that it was built in this century to address the data center management and security of this century, namely massive scale and complexity, cloud, and agile development processes. SaltStack software exists to orchestrate and automate the maintenance and security of modern enterprise IT infrastructure, from core data center systems to the very edge of the network and the Internet of Things (IoT).
What is SaltStack and how does it empower diverse IT teams to manage complex environments?
The majority of dollars spent on security software goes toward tools that show security operations teams all of the vulnerabilities and security issues found in an infrastructure. However, this does nothing to help fix or remediate the issues. At SaltStack, we’re changing what is possible in cybersecurity by bringing a new mentality to the problems facing the industry. We are delivering products to help SecOps teams combat the helplessness created by the crush of the infrastructure security and compliance problem.
Salt is written in Python, the world’s most extensive and popular language, to avoid the inherent technical debt created by tools that leverage Ruby or domain-specific languages. Salt infrastructure as code leverages YAML which is human readable and extremely approachable by even the most junior IT operators.
Whether you need help automating the work of ITOps, DevOps, NetOps, or SecOps, SaltStack intelligent IT automation software is the answer. From day-zero deployment and configuration to the ongoing maintenance and configuration of infrastructure, to the creation of a more hardened and compliant digital footprint, we offer SaltStack Enterprise and SaltStack SecOps products to manage and secure digital business operations.
What inspired you to author – “Salt”? Did you ever envision that Salt will become one of the world’s most widely used configuration management and automation platforms?
The core of all of our products is the Salt open-source automation engine. We released Salt in 2011 after I became frustrated with the speed and limitations of the legacy systems management options, and the Ruby-based open-source configuration management tools available at the time.
SaltStack was designed from the beginning as a high-speed remote execution platform that can be used for web-scale infrastructure and application automation. The result was a massively scalable automation system, easily supporting many thousands of nodes right out of the box, with message queue networking and a multi-master architecture. Salt is now used by tens of thousands of organizations around the world including companies like eBay to automate the maintenance and security of more than 300,000 servers.
IT operations, DevOps, site reliability engineering, and security teams use SaltStack’s unique and powerful automation to tackle pervasive IT challenges like Configuration Automation, Orchestration, Hybrid Cloud Management, and especially Security and Compliance remediation—at a speed and scale that simply can’t be matched by other solutions today.
You recently expanded your business with SecOps. What do you feel are some of the best features integrated into this tool?
SaltStack SecOps harnesses proven event-driven automation to deliver full-service, closed-loop automation for IT system compliance and vulnerability remediation. We believe that security and IT operations teams must work together to keep digital infrastructure compliant and secure, however, efforts are often hampered by disparate toolsets, misaligned workflows, and competing priorities. It’s time for change.
SaltStack SecOps is all about giving security teams the ability to define security compliance scans through a policy-driven approach. However, we don’t stop there. The policy is integrated with automated action in SaltStack. This is a major shift from the current capability of security products in the industry and allows for the security and IT teams to get on the same page, speak the same language, then take automated action at scale to actually fix and remediate infrastructure security issues.
With SaltStack SecOps, security professionals and operations teams can work together to define a compliance policy, scan all systems against it, detect issues, and actively remediate them—all from a single platform.
SaltStack SecOps focuses on three key areas:
Define: Build custom policies with industry-standard compliance profiles, such as CIS and DISA STIGS, then apply them automatically across your digital footprint.
Detect: Run continuous, item-level checks to locate vulnerabilities and non-compliant systems or applications anywhere in your environment.
Enforce: Use autonomous policy enforcement to fix violations automatically. Or kick off a remediation workflow so your teams can flag and prioritize issue resolution.
SaltStack SecOps delivers full-service, closed-loop automation for compliance and security. Finally, security and operations teams can effectively collaborate and communicate with each other. From continuous detection to true resolution, SaltStack SecOps is the only cybersecurity product to deliver natively integrated, fully automated infrastructure security compliance and true vulnerability remediation at enterprise scale.
Would you agree that AI-enabled Automation can successfully fill in for the “IT Ops and Networking” gaps in the industry? How do you leverage AI/ML at SaltStack?
Well… If I’m being honest, no; I don’t agree. AI is not going to sufficiently fill in the gaps in infrastructure management. I think AI is an important component at filling in these gaps and I do think it’s going to take us a long way but the talent gap continues to widen and AI is not going to remove our need to have experienced architects, admins and engineers in the data-center. Do I think AI can make people’s lives easier? Most definitely.
Personally, I think we need to stop this “search for a savior” mentality in IT. We need to sit down and ask, what are new ways to look at problems that we’re dealing with. That’s really what our focus has been with regard to products at SaltStack. I know it sounds like I’m blasting AI but I’m not. AI is going to be the thing that helps us wade through massive amounts of data to find these smoking guns that are often difficult, if not impossible to detect. I feel like that is one of the biggest benefits that AI can deliver. We’ve recently announced a project called Umbra, which allows us to pipeline data streams through pluggable AI models and engines. It allows us to flag those things that need attention. I feel that a combination of AI and powerful automation is really how we want to tackle this space in the next 5 years.
What are your predictions on the future of Automation and Self-Learning Ops in 2020-2024? How can business owners prepare for the future with SaltStack?
The infrastructure space is going to continue to get more complicated. Over the last decade, the industry has introduced a ton of tools that allow us to deploy and manage applications faster, at bigger scales, etc. This has created new liabilities inside of infrastructure. Back in the day, keeping up with security demands was a much more reasonable prospect. Today, however, that’s a much more difficult challenge. SaltStack can help with this by automating high-speed, bulk changes to infrastructure. As an industry, we’ve spent far too much time focusing on app deployment; instead of focusing on the management of the underlying platforms. Those underlying platforms continue to grow at an exponential rate. Being able to maintain the underlying infrastructure is where a significant number of the holes we’re currently dealing with are located. SaltStack is targeted at maintaining that underlying infrastructure.
When it comes to self-learning, the challenge that we have is looking at all of the data that we’re gathering about these infrastructures. Machine Learning and Artificial Intelligence as it exists today doesn’t give us insight, it doesn’t give us discernment into what’s actually happening. For us to obtain that insight, we have to manually enter what it is that we’re actually looking for! Our new projects, centered around Machine Learning, are geared towards doing just that, finding and identifying specific anomalies, in specific situations that will allow us to quickly weed out the red herring’s and find the real challenges that we actually need to address. Business owners need high-speed automation, a real insight into what’s going on and then they need the human end of AI to do the things that Artificial Intelligence can’t do. Otherwise, they’ll stay stuck in the rut of praising the “AI Gods” yet again and watching them not deliver… yet again.
What is your opinion on “Weaponization of AI, Machine Learning and Blockchain”? How do you promote your ideas in the modern digital economy?
We need to make it easier for humans to extend Artificial Intelligence in a way that solves real problems. AI and ML have been hyper-focused on learning for learning’s sake. I hope I don’t get myself in trouble for saying this but I’m a real downer on Blockchain at this point. The problem with Blockchain is that we actually think it can work. We keep finding security holes all through this! When you find a security hole in a Blockchain, that means that anybody and their dog has instant access! It’s not like finding a security hole in a piece of software that can be breached with the hope of finding additional vulnerabilities in the infrastructure to exploit and eventually get beyond that initial server. I’m sorry but I think Blockchain, as it exists right now, is a bad idea.
Now, the places where Blockchain is making a difference are these deployments where Blockchain is being used for highly targeted use cases, in highly specific scenarios. It’s the same with AI. IBM went through so much work to create Watson and to be honest, they struggled with what the monetization of this platform would look like. Winning Jeopardy is really neat but it’s not going feed IBM. It’s all about having targeted applications, learning from them and eventually getting to the point of wide-spread usage.
The products that we’re working on strive to solve platform situations. It’s important to build a platform that can solve lots of problems and then pivot where the market takes you. Then, you start pushing that platform towards solving specific problems. Once those issues get solved, you can weaponize the solutions to those specific problems.
What kind of skills/ technical specializations is SaltStack currently hiring for to support Product and Marketing teams?
I want people who understand the fundamentals. I can’t stand people who build their careers on gimmicks. From a technical perspective, I want people who understand how the system works, because they’re going to be able to come up with creative solutions that will solve real problems. If I come across someone that’s forged their entire career from a “Tips and Tricks” book, I don’t want them. It’s the same with marketing, I need somebody that understands the foundation and fundamentals of getting the word out. If you’re humble, know how to read a room and connect with people in order to give them what they need and want, then you’re someone I’d love to talk to.
What digital technology start-ups and labs are you keenly following?
Honestly, I don’t think start-ups are strong market indicators. I think it’s very rare that someone has a magical idea; real ideas are an evolution. Often, that evolution takes place over a very long period of time.
What technologies within your industry are you interested in?
Frankly, it’s not going to be the answer you want to hear but I’m most interested in the technology that I’m currently working on! It’s called POP which stands for plug-in oriented programing. I wish I could give you something more but POP has pretty much consumed my life.
What are the new emerging markets for these technology platforms?
POP can help us as an industry deliver a whole new generation of software that is more maintainable, faster easier to develop and more secure. As the entire industry evolves becomes heavier, larger and more complex, the thing that is amazing about emerging technology is how fast it can fill the gaps that didn’t exist just a few years ago. The big picture is about seeing where the gaps are emerging.
What’s your smartest work-related shortcut or productivity hack?
Everyone’s biggest problems are the ones behind the curtain, the ones that are ignored when we rush to get a prototype out the door. Solving the big platform problems is what allows you to accelerate. That’s why I built POP! I built it to be pluggable, which will make things much faster, much easier and will become a huge shortcut for our users.
Tag the one person in the industry whose answers to these questions you would love to read:
Ginni Rometty, the CEO of IBM. She was handed a disaster of a company and an impossible situation which she turned around quickly.
Thank you, Thomas! That was fun and hope to see you back on AiThority soon.
Thomas Hatch is the creator and principal architect of SaltStack. His years of experience as principle cloud architect for Beyond Oblivion, software engineer for Applied Signal Technology, and systems admin for Backcountry.com, provided real-world insight into requirements of the modern data center not met by existing tools. Hatch’s knowledge and hands-on experience with dozens of new and old infrastructure management technologies helped to established the vision for Salt.
SaltStack intelligent IT automation software is used to help the largest businesses in the world manage and secure their digital infrastructure. Known for its powerful event-driven infrastructure automation engine, SaltStack is designed to control, optimize, and secure the inherent complexity of Web-scale while providing efficient, collaborative solutions for ITOps, SecOps, NetOps, and DevOps teams.