Red Hat CEO: We're going SaaS-first with OpenShift

BOSTON -- As Red Hat held its first in-person conference since the COVID-19 pandemic forced much of the world to go virtual in 2020, Paul Cormier, its president and CEO, reflected on how the so-called "new normal" will influence products such as OpenShift.

SearchITOperations sat down for a face-to-face interview with Cormier during this week's Red Hat Summit 2022 to discuss hybrid work, hybrid cloud and what OpenShift customers can expect to emerge on the product's roadmap post-pandemic.

The COVID-19 pandemic has been a huge disrupter and catalyst for the industry. I don't think any of us, two years ago, would have predicted where we'd be today, but I'm going ask you anyway: Where do you think Red Hat and its customers will be in another two years?

Paul Cormier: I don't think we settled on that, from a work perspective, what the new normal looks like. We have our policies in place, as do a lot of companies, where people can be remote, they can be hybrid, they can be full-on in the office. But I don't think we've settled in on how that works. I think we're all kind of feeling our way through that. The only thing I know at this point is the parking lots probably aren't very full on Mondays and Fridays, but every CEO, every company I've talked to is sort of in the same place. I mean, look at [JPMorgan CEO] Jamie Dimon. He originally said, 'Nope, we're coming back to the office,' and had to back off on it. Even the Valley companies, even Google said that originally, they'd love to have everybody back in the office, but they backed off on that a bit.

From a technology perspective, everybody always says, 'So what's next after hybrid, right?' We've been building a whole portfolio around that for eight years, and the pandemic probably put us three to five years ahead of where we were going to go anyway, but I think we're just at the beginning.

Take OpenShift Data Science and those other cloud services products. We did those as a SaaS offering first, and only after we got to the point where we had a good solution that our customers liked [did we go] on premises. We're going SaaS-first now and then going on premises when the customer demands [it], and of course with SaaS-first, we always think multi-cloud as well. Everything we come up with will go in that order now.

Customers have applications that they want to run on premises, but they like some of the things they get from cloud providers and they're expecting us to do it that way.

That's how you have to think now as a software vendor -- and it's not just the technology either, it's how we price [it]. Customers have applications that they want to run on premises, but they like some of the things they get from cloud providers and they're expecting us to do it that way. They want to buy on the cloud provider's marketplace. They want a committed spend program like they can get from cloud providers. They want usage-based pricing, no matter where it's running, and these are some of the things we're doing now. The on-premises platforms are going to look and feel more like cloud platforms as well, in terms of how you interface with them, in terms of how you buy them, how you price them, how you develop on them, publish on them, manage them -- everything.

Is that why API management has become more prominent within OpenShift?

Cormier: API management becomes critical because now everything is as-a-service. That's also a vulnerability point from a security perspective, a place where you have to have the ability to have policy and enforce policy, as well as some set of APIs you don't want to make public, and APIs you only want a certain group to be able to look at. We look at OpenShift as a cloud platform. The difference is, we just don't have a data center. We're spanning all the clouds, including on-premises.

Do you think we'll still be having the same security conversations in two years that we're having now? Because it seems like we're still having the same ones from two years ago.

Cormier: I think StackRox is a great example. We're securing at the Kubernetes level -- two years ago, we were having a discussion of how are you going to secure in a hybrid world when you're responsible for apps that are running outside your four walls? That's where StackRox came from, and that's why we acquired them. Security will be 10 times better three years from now, but there'll be other issues we have to deal with. Even if you look at some of the big security break-ins, many are caused by poor policy enforcement.

In a Red Hat Summit session, Matt Hicks, Red Hat executive vice president of products and technologies, said the biggest industry challenge is getting customers to use security capabilities. Is that something Red Hat can do anything about?

Cormier: When we went from OpenShift 3 to 4, we sort of welded things together, and we made some of those security pieces default. And we took a lot of heat from that. But those are some of the things you have to do sometimes. It's things like that where we set our defaults differently and also architectural changes, where we can also instrument what's going on in the platform, start using AI and automation as well. That's what he was talking about in getting people to use it, because for people that really know what they're doing, security can sometimes get in the way. Do you like changing your password every month and having to use 47 different characters? I don't. But that's what he means.

At the same time, the cybersecurity crisis seems to deepen with every passing day. How does the industry finally get ahead of these breaches and attackers, or at least stem the bleeding?

Cormier: You've got to have strong technology and strong policies. We're moving way beyond a world where everything you have to secure is within your own walls. Perimeter security just doesn't work. It's a big, big focus for us. People always ask us, 'Why don't you do security products?' But our tack has always been, we're not going to do generic security products. We're going to make sure we've got security built into our platform and offerings so that we can build secure products with things like StackRox. If we were a container security company, we would be trying to secure OpenShift containers and Amazon EKS containers and everybody's containers. But for us, we built it into the platform to ensure we can secure our containers no matter where they're running.

In Red Hat CTO Chris Wright's Summit keynote, he said, 'Software has eaten the world, and AI is now eating software.' What does that mean going forward for Red Hat's customers?

Cormier: It means a lot for Red Hat customers. But before it means a lot to Red Hat customers, it means a lot to our partners and ISVs. Because we're a platform company -- OpenShift is the next-generation OS. It spans the hybrid world. Things like OpenShift Data Science are the platform for ISVs to build on for customers, and for us to build solutions with those partners for our customers. We can now, together, give them much more powerful, complete solutions when we go in and work together. The problems we're solving are way too big for any one company to solve, including ourselves.

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.