Kapil Thangavelu, Co-Founder & CTO of Stacklet, talks about how they provide governance at scale.
Stacklet provides a platform for running governance code at scale across thousands of accounts and policies while being able to offer an operational experience and the tooling to make a company successful “out of the box” by way of Policy Packs (such as those for cost optimization, security, governance, reporting, and GitOps workflows).
Stacklet recently made three announcements. The first is the Stacklet Platform, which is designed to work in a GitOps fashion to keep your governance as code. With this tool, you attach your Git repos and the Stacklet Platform will ingest them for version control and code review of your policies. The next piece is the commercial Policy Packs, which are commercially supported, “battle-tested” policies around various features that your company can then use within your environments. Finally, Asset DB is a real-time database of all of your cloud assets, inventory, cloud asset resources across all of your environments and providers.
According to Kapil, “The Stacklet Platform is all serverless. We are using a lot of different technologies internally, to help power that. Most of our platform is based on Python and based on the same language that clustering itself was written in.” Kapil adds, “We are also heavy users of libGit, and Git to provide that GitOps type of experience and workflow.”
Kapil discusses the trends from the past year which are focused around both security and security applied across the entire software development lifecycle. To that end, he says, “There’s been a lot of renewed focus around supply chain security with regards to how assets are being consumed and built with regards to Open Source and making sure that that delivery chain has the appropriate controls and guardrails.” Kapil concludes by discussing cost semantics and how the pandemic played into this.
Here is an edited transcript of the discussion, written by Jack Wallen.
A quick intro to Stacklet
Stacklet is based around the idea of helping companies be well managed in the cloud, using a Governance as Code tool based on Cloud Custodian. And so what Sacklet does is it brings a lot of the expertise from employing several of the maintainers of Cloud Custodian to giving an out-of-the-box business value by providing a platform for running governance code at scale across thousands of accounts and policies. We’re also able to give the operational experience and the tooling to make a company successful out of the box, both in the form of our policy packs, which provide the business value around cost optimization, security governance, as well as the reporting and GitOps workflows for companies to be able to provide their own policies.
What’s new in the platform
We’re announcing three things: The cyclic platform, our commercial policy packs (which feed into that platform), and also a tool called AssetDB, which is a real-time inventory of all of your cloud assets. The platform itself is designed to work in a GitOps fashion, to keep your Governance as Code so you might bring your internal Git repos, which have policies, and you attach them to the platform which will ingest them. And so you have version control, you have code review around your policy offering workflow, and then the platform will then take it and execute it at scale across your different cloud providers, across your different accounts, and give you reporting and visualization on all those things. Policy packs forms are commercially supported, battle-tested policies around various features that you can then use within your environment. And then AssetDB is something that helps power this. It is effectively a real-time database of all of your cloud assets, inventory, and cloud asset resources, across all of your environments, across all your providers, delivered in real time and made available both for end users to query via SQL, as well as helping to power the efficient execution of policies within the platform.
What Open Source projects are powering Stacklet technologies
Primarily, the Stacklet platform is all serverless. We are using a lot of different technologies internally to help power it. Most of our platform is based on Python and the same language that clustering itself was written in. In addition to Cloud Custodian, we also make heavy use of PostgreSQL for the asset database, as well as Redash, to provide some additional reporting. With regards to the rest of the platform itself, we are also heavy users of libgit and Git to provide that GitOps type of experience and workflow. But for the most part, beyond that, a lot of the technologies are really just direct integrations with cloud provider native services. We want to try to provide this as a managed experience with low operational overhead. And that was one of the drivers towards serverless. And it was also some of the drivers towards using solely managed services. When the platform itself is deployed in the customer environment, we want to make it as easy as possible to maintain that scale. And so a lot of it is about driving that managed experience.
Trends in the space, especially due to the pandemic and how Stacklet is helping customers in their journey
I think there have been some of the trends from the past year that I think are really focused around both security and security applied across the entire life cycle of software development. I think there’s been a lot of renewed focus around supply chain security with regards to how assets are being consumed and built with regards to open source and making sure that the delivery chain has the appropriate controls and guardrails. Additionally, we’re starting to see cost semantics at play. And I think last year, through the course of the pandemic, there was a large movement towards cloud. But cloud isn’t always cheaper and requires sort of that governance around usage to be able to be efficient. And so those are two concerns that we see playing out fairly strongly. The other one is there has been some interest in growth around multi-cloud usage, particularly for individual capabilities around different cloud providers. And so we’re starting to see more of that, which also feeds into a desire for having those governance tools work across these different environments. And at Stacklet we prepare to help companies be well managed and these different providers included in security and cost governance.