Cloud-Native Observability with Bruno Kurtic, Sumo Logic

Lee: 00:00:00

Operating a modern digital business means building and operating large, highly scaled applications that are more and more cloud-native in their architecture and implementation. Observability is critical in maintaining the highly scaled, highly available, highly adaptive nature of these modern cloud-native applications. You just can't keep a large, complex, modern application operating without having a solid, modern observability platform as part of your system. And ideally, in today's cloud-native market, you want an observability platform that is itself based on cloud-native technologies. Today I will talk with the founder of such a cloud-native platform. Are you ready? Let's go. Sumo Logic is a leader in cloud-native observability. They not only focus on providing analytics for cloud-native applications, they themselves operate on the cloud native platform. And while Sumo Logic provides tools for improving application reliability and availability, What really sets them apart in my mind, is their focus on security and compliance in a cloud-native environment. My guest today is Bruno Kurtic. Bruno is the founding Chief Strategy Officer for Sumo Logic. Bruno, welcome to Modern Digital Business.

Bruno Kurtic: 00:01:48

Thank you. It's a pleasure to be here.

Lee: 00:01:51

Well, so Sumo Logic, it appears, has a, I guess what I would call a multidimensional approach to observability. You do infrastructure monitoring, log monitoring, uh, you know, traditional application performance monitoring, and then you get into security and audit compliance, and even software lifecycle optimization. If you had to point a one thing that is the core key differentiator for Sumo, what would that one thing be?

Bruno Kurtic: 00:02:20

Well, it's a single platform that is all based on our strength in handling, highly scaled. Um, unstructured log data, right? It's the output of most of this infrastructure and applications. And we've, over the last 12 years, really spent a lot of effort on making sure we can handle that data at scale, uh, as it bursts that we can find schema and structure in the unstructured data and really kind of, um, put a lot of analytic rigor on digging up insights inside of this highly scaled, unstructured data that. Generally hard to analyze.

Lee: 00:02:59

So it's the platform approach to Observability.

Bruno Kurtic: 00:03:02

It is, and it's the logs and the unstructured, uh, data that we process through the log management system that we built.

Lee: 00:03:09

Okay. So it's, it's not just the structured analytical data, it's unstructured log data and the importance of, uh, of relating all that. And I'm, and I'm assuming, um, the processing of that includes, uh, AI machine learning capabilities that you go into it. Do you wanna talk about that

Bruno Kurtic: 00:03:26

It ,it absolutely does. Yeah. Um, there's, there's a lot of techniques that, that we've built. To make that log data and unstructured data to life for our customers, right? As because that data is growing at the rate of Moore's law, meaning it's, it's growing faster than budget, it's growing faster than than companies revenues. So coping with it and finding insights that it's critical. So we've applied a lot of techniques to that. Number one is we apply machine learning and AI to this data. Uh, our approach to that is very much of black box. We, we built algorithms. Highly focused and specially tuned for specific use cases. They work on behalf of our customers. They discover anomalies, patterns, outliers, perform predictive analytics and all these things the hood without our customer setting to know anything about machine learning, right? So the engine works on behalf of the customer without the customer having to science teams working with it. So that's, that's number one. And number two that we are building. Techniques around these analytics, for example, able to take fully unstructured data without knowing anything about it. Ingested into the system apply schema on demand, meaning we don't have to know what the data is. We can extract schema at, at query time and perform all of the required analytics as if we re as if we knew the schema ahead of time, which is super difficult to do. And it is really important in a, in a world. Agile teams ship new code and new data into production every hour of the day, and you cannot rely on knowing what the schema is ahead of time. So that's another technique that's very unique and important in this, in this, in this space.

Lee: 00:05:11

Did I hear you say at query time, you actually apply the schema changes. this is all, all done based on the, the request from a given user looking for a specific pattern or whatever. And in data they, they give you a query, and from that query you deduce a schema on your unstructured. And then process through that query.

Bruno Kurtic: 00:05:31

Exactly. Automatically discover schema and, and we also allow customers to specify, Hey, I wanna look at these fields. I wanna extract them, you know, specifically these, or we can extract them.

Lee: 00:05:43

What about alerting is, so this is, that's great for, for, uh, analysis by a human, asking questions upon the data representing what's the, the application going is going through. But what about alerting and, and the non-monitored or the non-human monitored aspect of observability?

Bruno Kurtic: 00:06:04

Yep. So, you know, look, um, alerting is a huge use case for us. Um, we alert on all types of telemetry, you know, traces, um, metrics and logs, obviously, right? Logs are the big, big part of what we alert on. So we alert on all kinds of different, um, uh, conditions, right? So, A general purpose alerting system that can basically do basic aggregations and say, okay, if a specific user fails, log in more than x times within, you know, a set period, you alert. Right? And we extract that schema as the alert is being evaluated. We also, those will be sort of simple alerts, but then we've got also. So unknown, unknown type of alerts where we're detecting, Okay, we have a whole new pattern. We detected, we've never seen this pattern. You probably want to know about this pattern. Right? Something so much more sophisticated. Security style, threat detection type of alert. That we apply. And for those, we either extract schema on ingest, or we extract schema on demand as as, uh, the data is coming in,

Lee: 00:07:07

So now your, your focus is cloud native applications, is that correct? I mean, it's obviously these strategies can work for all types of applications, but you focus on cloud native a applications. Tell me what that means to you.

Bruno Kurtic: 00:07:23

In any industry, you win by innovating faster. Agile is a way to innovate faster, and if you're gonna build software in a much at a much faster rate, there are things downstream that facilitate. For example, when you build software and you change it every hour of every day, you probably want to be able to change your hardware at a similar rate of. You can't do that in a data center, right? So in the cloud you essentially, it's not all about cost and you know, separating yourself from managing infrastructure. It's about evolving your hardware. At the rate you're evolving software. Then the architecture that evolved with that is the microservices architecture. Because you de componentize the software, it allows you to sort of upgrade and build and push the production much faster. And all of these things are designed to accelerate the the rate of innovation when this happens. We are breaking down the number of components we're getting, you know, order. Couple of orders of magnitude, more components. Components are more ephemeral. You know, you go from servers and virtual machines to containers and serverless functions, Uh, microservices, many more sort of code, um, uh, containers that, that than in the previous three tier or multi-tier applications, which means that there's far more vari. Many, many more components to keep track of scale, um, is much more sort of, um, elastic, right? So being able to monitor these components to be able to adapt yourself to scaling the of these applications is very different behavior than, than what you see in the data center. And so for that new techniques had to evolve, had to be. Our own application had to be different and more scalable and more integrated into the cloud stacks, more aware of these components, and that is why we focused on the cloud native application. And we do believe that, that it requires very, very different tooling and technology for observability.

Lee: 00:09:25

And I completely agree with you. You're, you're speaking to the choir a little bit here when, uh, when you talk about that, I've, I've spoken a lot about, uh, the, what I call the dynamic cloud, which is basically the, the aspect that your application is changing not only software, but hardware and hardware's constantly changing, constantly involving, and that makes observability more difficult and actually more central. It's so, so much more critical. You know, the, you know, people who are afraid of Agile are afraid of, well, how, how, how can you make a change so fast? How do you know, how, you know, what happens to your application that says, Well, the answer is you, you watch it, you pay attention to it. And you have software that does that. And that's a critical aspect about Agile or, and a critical aspect about, well, DevOps in general, but uh, critical to making all this work. And what Cloud native does is it applies the same concepts to hardware as well as to software. Right? And so your, your entire infrastructure is now agile and, and, uh, and uh, and constantly evolving that. So, you, you mentioned the AWS word. And uh, and I know that very early on you made a conscious decision as a company that you wanted to. You wanted to focus on AWS I think the phrase you used was, uh, your company used was You're all in on AWS. So talk about that a little bit. And, you know, nowadays multi cloud is becoming a bigger deal. Uh, you know, it used to, it wasn't that many years ago when AWS was the cloud and there really wasn't a tier two and tier three of any significance. But now both Azure and, and, uh, gcp, our, our major comp competitors and major players in the cloud market, there's other smaller ones coming up and multi cloud really is not only a viable option, but in many ways did a preferred option for a lot of companies. So, uh, have you adapted your AWS all in strategy to match that? Or, and if so, what, what does that mean to you and to your strategy?

Bruno Kurtic: 00:11:29

That's a fantastic question. I could go on about this question for, you know, tens of minutes. Um, so look, we, we did, we did pick AWS initially at that time when we picked AWS, it was because it was the only real viable option, right? As, as I said earlier, um, AWS has. Fabulous partner to us, right? So far, you know, they're not only a technology partner, they're also a go-to-market partner with us. And, you know, we, we work quite closely with AWS on sort of helping them help our customers, us helping their customers, and it's a very symbiotic relationship and we, we really appreciate that. Um, we, we have also, we're also fully aware that many of our customers are not just on AWS. In fact, many of our customers are not on AWS at all. And we have seen the evolution of what's happening to sort of the adoption of the cloud we, we, I use, I use the term multi-cloud customers, and over the last five years or so, maybe six years, my conversations in my capacity as a have strategy with our customers has been to understand what is their path? How are you evolving? Your path to the cloud and then I'll come back and talk about ours. And about five years ago, everybody was telling us, Oh, it's gonna be multi-cloud. We don't wanna be beholden to one customer, one, one vendor. Nobody wanted to repeat The Microsoft of 1990s, uh, challenges of just being basically, you know, uh, essentially beholden to only one technology provider. And so, you know, everybody talked to talk and then something happened about three years. Where we actually started to see the talk translate into action. And I will tell you this, we run this, uh, we run this report annually called the continuous intelligence report what it does, it looks at all the trends underneath our customers infrastructure. What are they doing to build their applications where they're running their applications, all that stuff. And, and the fastest group, individual group of customers that we have is the fastest growing group is the multi-cloud customers, meaning, Customers sending us data from more than one cloud to to, to observe and to secure. And so that's very interesting to us. It is still a smaller base, but it is the fastest growing and what have we done to, to do that and why have we chosen to stick with, with Amazon? So we are adapting our strategies. Number one, we're fully integrated in partners with Azure and GTP and other cloud providers as well. So we integrate and have visibility and provide observ. Security for their stacks as well. We still though, only run on Amazon. Um, and that has just been a convenience for us. No real reason. I fully imagine that at some point we, our workload itself will span clouds once we have enough of a center of gravity where we don't wanna move data around and things like that. Or customers have very, very specific requests about where the data has to reside. So far, that hasn't been an issue. Our customers don't really mind. Most of our customers are still on AWS. Right. But I totally agree with you. I see where the world is. There's definitely benefits of having multiple cloud provider infrastructures available. They all have different technologies. Some of them have better certain technologies in certain areas than others. They have better coverage in certain areas of the world where we operate and you know, I can imagine envision that happening. We just haven't had to do it quite yet.

Lee: 00:14:53

And you know, certainly, uh, the, the data export charges can be one of the things that drives customers there. You, you haven't had any problems with customers complaining or

Bruno Kurtic: 00:15:05

Great question,

Lee: 00:15:06

strategies. Uh, you always have problems with

Bruno Kurtic: 00:15:08

No, no, no. It's a, it's a, it's a great question because I have that conversation probably in 50% of my customer, uh, initial customer meetings, right? Everybody wants to know about that. In the end, when you sort of add it all up, it becomes a, Uh, charge because we do heavy compression in real time, you know, and the data trickles from many different places. Ultimately, that becomes a non-issue for our customers, Right. At some point you. Things will add up, including that, and we will end up, you know, I expect though that what will happen is it'll be more about people not wanting to move the data, not for the cost reasons, but because of either internal policy reasons, or regulatory reasons or, or, uh, contractual obligations or competitive concerns or whatever it is, right? They will want to keep it, and at that point, when that becomes bigger, big enough for a snowball for us, we'll probably pull the trigger.

Lee: 00:16:05

Yeah. I, And I, I agree with that comment too, and I, I think it's rather funny when one of the ear, early on, one of the first complaints you started hearing about why people couldn't move to the cloud was it's not secure. And now what you're hearing is we can't move data off the cloud because it's not secure to move off cloud. You know, it's, it's, it all, it all plays together there, and certainly, you know, the, the compliance aspect is going to be really important from, uh, you know, regulatory aspects, et cetera. Which brings me to something that I think is a differentiator for you compared to a lot of other observability companies, and that is your focus on audit and compliance. You know, you, you talk a lot about pci, about hipaa, SOX compliance, gdpr, et cetera. You know, basically PII management. Right. Tell me more about what you do in that space and why Sumo is, is an important player in, in the compliance and auditing space.

Bruno Kurtic: 00:17:02

Sure. Um, so look, the, the, I'll start a little bit of the history again. One of the reasons why we ended up where we ended up is because the three founders, um, including me and the two of us are two of the founders. Two of the three are still at, at, Sumo. All came prior to Sumo from a security space, security compliance space, sim space. Um, and when we first started the company, we had the hypothesis, especially for the when, when, when, um, data moves to the cloud. So we knew we were gonna focus on cloud. So that was one, number one thing. Number two, we also knew that our focus is going. Applications, customer facing mission critical apps, right? We weren't necessarily looking to just manage infrastructure where we wanted to make sure that we help cus companies transforming into digital companies running their mission critical workloads in the cloud, make those workloads run well and run secure, right? That includes compliance. So when we looked at it that way, we realized. You know what? What the security world and the compliance world looked like on premise. Where we used to be before Sumo Logic was that the observability data was coming from the application into the observability tool. Security data was going from the edge into the security tool. There was very little overlap between security and observability there. Once you move that application to the cloud, the perimeter goes away. You're running on infrastructure where your hacker might be running on the same physical machine on a virtual machine right next to you. There is no perimeter. There is no way to really kind of think about yourself as as walled off. Therefore, security and observability data comes from the same technologies. So we had a hypothesis that the data between observability and security will be heavily, heavily overlapping in the cloud, which meant that economically it didn't make. To duplicate it and put it into two different tools because it's huge, right? It's gonna cost you too much. And we thought from the very beginning, we need to make a technology that will have one data, uh, payload under the hood and multiple different lenses looking at that data for various purposes of a digital enterprise. So that was the sort of premise. We think that we were correct at that. We, we have. We think that we have proven that a hypothesis correct at this point in time. And now why? Compliance, right? When you think about compliance and audit, it's really important when you're running an application, right? Which contains, you know, your customer's data, your employee data. When you're processing credit cards, when you're holding health records, when you're running on third party infrastructure, auditors are gonna want to. How are you operating your technology stacks in this environment that you don't control anymore? And so we initially immediately knew that compliance will be a big use case for our customers given what business they are pursuing and what we were trying to help them with. And so we had a two-pronged strategy. One was. We, nobody will trust us because we were a small little cloud company at the beginning of the cloud, so we had to have a third party certify us in order to, for us not to have to convince the customer, like, I can't convince a GE or somebody like that, that I'm, I'm secure. I'm gonna leave that to the auditors. So we actually made ourselves go through the rigorous process of architecting for compliance and security and actually getting certifications for PCI provider level one, hippa, fedra, moderate, all of these things that we now hold and that gives our customers a level of security about ourselves. Second was we said, Okay, they will then need to also prove their own compliance to their own auditors. So we. will take these techniques, these techniques of understanding these compliance regulations and build solutions for our customers to actually gather the data. Store it in a, in a worm. Only write ones, read many, um, non-changeable data store. Be able to pull reports for auditors, do it all of that on a regular basis in order to provide our customers retooling for compliance auditors and for their own regulatory needs. So those are the two, That's the two, two-prong strategy for compliance that we needed to do. And you know, so far it's been working pretty well.

Lee: 00:21:29

Do you feel you're a tool that helps companies get compliance, um, maintain compliance, or are you a tool that helps companies work, uh, figure out what they need to do to become compliant or, or all of the above? Where, where's your focus there?

Bruno Kurtic: 00:21:46

our focus is to help our customers be compliant, run in a compliant manner. Prove compliance and maintain their compliance on an ongoing basis. We have many of our customers who are basically, you know, payment providers, like, you know, modern online payment providers, you know, companies like Visa and others. And they are basically, you know, using us, many of these pain providers using us to essentially prove to they're pci, right? And, and they use us to answer questions of their auditors when they come in. And, um, you. Talk to them about, you know, pulling up specific months of data to, to, you know, verify that, you know, the personal, uh, account systems have not been, you know, hack into,

Lee: 00:22:29

So it's, it's to help the companies maintain compliance. Or, and, and if that helps in getting the compliance or helps the auditors, that's great. But the main purpose is for your, uh, customers to do the things they need to do to maintain the compliance that they

Bruno Kurtic: 00:22:46

Correct. And then you know, you have to, you know, it never goes just like that. Right? Because, you know, we have a whole cloud sim tool. Well, what's the sim all about? Well, it's about. becoming more secure. What's compliance about? It's, you know, what's pci? PCI is just a set of specific rules on what you need to do to be secure in order to, that the industry allows you to process, you know, credit card payments, right? So, you know, our technology helps customers become more secure, detect threats, defend against threats, investigate threats, and then prove. To the auditors that they comply with specific regulations that are required.

Lee: 00:23:29

So Sumo Logic is listed in the, you know, the Gardner Magic Quadrant for, I believe it's the one for security information and event management. You're listed as a visionary and so obviously this is a big deal. I, you know, the Gardner Magic quadrant's a big deal to a lot of companies, but especially when they're, uh, customers or enterprise customers. But what specifically does that mean for you and your customer?

Bruno Kurtic: 00:23:57

So we're one of the few, very, very few, uh, uh, that are listed in both the APM and Observability Magic Quadrant as well as Sim s Im Magic Quadrant, which is, you know, sort of the, the manifestation to what you were saying earlier that we, we, you know, we, we participated in both of these domains. Um, What it means for our customers to be visionary, um, is that, you know, we know how to handle their security use cases across the spectrum of security, from security analytics, cloud security analytics, essentially managing and monitoring their cloud security to compliance and auditing all the way to sim. And Soar, right? We have a so product as well, which is a security orchestration, automation response product, which, you know, in that sort of full spectrum, I would call it a full stack security. But overall, what the, the participation and recognition of the Gartner Magic there means is that we check the right boxes and divisionary. We are actually innovating, right? We are innovating with technologies and techniques. Like for example, we have a global intelligence service that we built, which is essentially, uh, leveraging our multitenancy and our visibility. Into, you know, thousands of different customers infrastructures and, and threats that are being experienced, say on AWS, right? We have this, we have this sort of crowdsourced engine that is able to detect the threats of AWS and then allow customers who are say on AWS to compare themselves against a global threat profile and say, Okay, why do I have more of these types of threats than what is seen on average? Let's say whatever, you know, subset of communities you see, let's say on AWS, right? It allows you to sort of not be in a silo to learn from the community of experts and to actually improve proactively, right? So that's one of the reasons, for example, that we are visionaries in that quadrant

Lee: 00:25:57

So I wanna switch gears a little bit here. So, you know, one of the things that's been coming up in the cloud conversations, More and more in recent years, and by recent years, I think specifically I'm talking about the last year or two is cost. And, um, you know, you're e even starting to see, you know, people writing about, uh, the backlash about how the cloud is ex is more expensive. And, you know, e even pundants like, like David Linthicum, who's, you know, an enterprise cloud expert has been very, very, very, um, focused on some of his writing on cloud is, is too expensive and it's kind of surprising to hear a lot of those sorts of comments. And then 37signals And when I think about this and when I look at it, when I analyze what I'm reading in those areas, usually what I find the issue isn't that people find the cloud to be too expensive. That's what they think the problem is, but usually what it is, is they find. And what's usually the problem, I should say, is that the cloud is too easy to spend money in. And the, the agility of the cloud is part of what makes it more expensive to use. Um, there's, of course, you know, that's a very simplistic view. It's a lot more detailed than that, but, but cost management in the cloud is something that, you know, its day is here, right? We need to find ways and techniques to better manage. Uh, cost and cost containment in cloud infrastructures in order for the cloud to maintain its ability to provide a cost effective solution to an on premise data center. Now, Sumo Logic is, uh, is in the cost management space. So what, what do you do specifically for your customers for cloud cost optimization, and where do you see the future of the cloud from the standpoint of cost optimization?

Bruno Kurtic: 00:27:52

Uh, that's a great question. Um, just before I go there, I'll just confirm or agree with you a little bit about this sort of whole cost of the cloud. My perspective on the cloud has always been, it's not about cost. It's about focus on, you know, why should a, you know, a real estate company learn how to run and wrap and stock servers. That just doesn't make sense. Like, you know, and I would, I would, I would venture to say, when you do the fully loaded cost, would all of the, um, sort of. Spend and, and time spend and talent spend and physical infrastructure, all this stuff, I would, I would still argue that I'm not sure that, that it would be end up being more expensive, but let's just, let's let the people who,

Lee: 00:28:41

again, choir here. I completely agree with you. And, and that's something I could and have talked for long periods

Bruno Kurtic: 00:28:48

Right. Uh, I, Exactly. So, so, we're, we're we're on the same page there, but I would say that, you know, it's important, and I do agree with you, that it's very easy to spend money on, on cloud, and then if you're not diligent and you don't clean up after yourself, you can see what can happen. Right? You can be a lot lingering infrastructure just sitting there and wasting money. But what do we do for our customers? We have, we have, um, we do a few things. Uh, we actually just announced recently a, an application that is essentially looks at, um, sort of the, the, the data. Let's talk about AWS again. Uh, that we are collecting on behalf of a customer in AWS. We're looking at, you know, how much. What, how much of, what infrastructure they're, they're, they're consuming, what type of infrastructure they're consuming, um, where are their opportunities to reduce that cost? What is, what this would look like, you know, if it was, you know, reserve spend versus non reserve spend. All of these things we do. So it's basically breaking down what we see flowing from through their data, from their applications. We break it down into components that are sort of meaningful costs. These cloud providers, particularly AWS, and then we essentially just illuminated sometimes, you know, when you look at the AWS bill or Bill from other cloud providers, it's, it's, it's not that easy to digest and. I'm not gonna say that it's by design like that, but it's not that easy to digest. Like we, we've looked at our own, uh, uh, uh, costs and that's why there's a cottage industry of, of companies that is always focused on, on managing cloud costs, right? And, you know, uh, you've seen that. The other thing that we do that I think is more, even more unique than, um, uh, than this application is again, Um, this global intelligence work that we've done. So I talked about it in, in aspect of security, where you can look at, hey, what do the threat, what does the threat profile look like and what, why look like we're doing this also for observability and cost. What does that mean? So it means that we, when we, let me use an example of Kubernetes, we are managing tens of thousands of Kubernetes clusters. We take, you know, on behalf of our customers and nodes and what have you. and we are benchmarking those or those clusters to understand what the provisioning looks like on average. What amount of memory are they consuming cpu? Are they consuming what through getting, We're doing the same thing. We're looking at things like that are seeing flow through cloud drill to look at like instance consumption and databases and latency and inserts and all that stuff. And we're then benchmarking that and providing that back to customers. And we have an application for Kubernetes that basically says, Hey, we've looked at all of your Kubernetes clusters and we think that 70% of them are are mis. You know, 30% are, um, overspending. They're over-provisioned and you know, another 40 are under provisioned where you're incurring risk. Right. We actually had, uh, a customer of ours, Alaska Airlines did the whole presentation at our conference on this very topic, is they were able to like just turn the sun and all of a sudden, based on the benchmarking of the all of the communities clusters, as we see, they immediately understood where their gaps were in terms of spend, and they were able to remedy those.

Lee: 00:32:10

So you essentially treat cost just like, uh, any other observability variable.

Bruno Kurtic: 00:32:15

Correct.

Lee: 00:32:17

That's a great strategy. And again, something you can do with a platform that you can't do with separate tools. So that's cool. That's great. Hey, are you going to be at reinvent this year?

Bruno Kurtic: 00:32:26

Absolutely. I've never missed one and we are, never missed one. And I will be on this one as well.

Lee: 00:32:32

I'm a little envious. I've missed the last two. Uh, you know, I missed the, the one in the heart of the pandemic and last year I was planning on going and then decided it. Probably just wasn't quite time yet. I decided not to and, and really regret that going, but I am going to be there this year, so let's definitely touch bases Anyway, well thank you, this, this has been great. I want to thank you for joining me today and I look forward to talking to you in the future.

Bruno Kurtic: 00:32:57

Thank you very much. It was a pleasure and any time you're interested to let me know.

Lee: 00:33:02

my guest today has been Bruno Kurtic, the founding Chief Strategy Officer for Sumo Logic. Bruno, thank you for being on modern digital Business.