There’s probably no question of whether open source is beneficial for maintaining a successful business, as it provides more than one fundamental advantage.
If IT experts don’t want to be left behind in market competition, they must provide flexibility and agility. But while open source provides multiple fast, cost-effective, and safe ways to solve problems, there are endless possibilities to constantly improve your business as well as the professionalism of employees.
Today's Cybernews guest, Lukas Gentele, CEO of Loft Labs, claims that even though there has been some misunderstanding amongst enterprises as to what open source ultimately means, hesitation is now being reduced by its benefits.
How did the idea of Loft Labs originate? What has your journey been like so far?
The founders Fabian Kramm and Lukas Gentele ran a software development and consulting firm where they increasingly started working on Kubernetes-related projects in 2016/2017. A year later, they built DevSpace and published it as an open-source project on GitHub which was the starting point for building cloud-native open-source tooling.
Then, in 2020 they launched the kiosk and Loft. Then, they incorporated Loft Labs, Inc. as it exists today, and raised the first round of venture capital. Shortly after that, the company launched its popular vcluster distribution as well as jsPolicy in 2021 which added two additional open-source projects to the portfolio.
Can you introduce us to your Kubernetes platform? What are its key features?
At Loft Labs, we have created a number of projects and products that answer various questions that engineers commonly ask when working with cloud-native technologies. The Loft product is largely about enabling platform engineers with the capabilities to manage, create, and utilize Kubernetes clusters in a much more advanced way.
With Loft, we can empower developers and operators with the capability to deploy multiple clusters through the virtual clusters project, allowing them to spin up clusters as needed. This is all wrapped with enterprise features providing security through SSO (single sign-on), audit logging, and other features such as air-gapped deployments or HA (high availability).
It is evident that open source is an important part of Loft Labs. Would you like to share more about your vision?
Open Source is the core of most cloud-native businesses these days and here at Loft, we think that an open approach is mutually beneficial to Loft and our customers, end-users, and the open-source community.
A healthy Open Source community ultimately benefits everything we do, from community participation in moving our projects forward to hearing honest feedback from new and existing users.
How do you think the recent global events affected the way people approach cybersecurity?
There have been so many security issues in the press recently that have often stemmed from bad actors or leaked credentials. All of this is exacerbated by the use of large shared Kubernetes clusters, where many people are all having to access the same resources or insecure applications have been left running in places where they shouldn’t. The approach that most enterprises have adopted has been to try to move from a largely shared approach to segregated clusters.
Unfortunately, this approach is mirroring the problems that early virtual machine adopters faced with VM sprawl. We’re now finding lost, unmanaged, old, and insecure clusters scattered through infrastructure. There is a lot of work to simplify this new operating model and here at Loft, we’re focused on simplifying and making this approach enterprise-ready.
What would you consider the main challenges engineers run into nowadays?
At the moment, we see a lot of engineers ultimately stalling when trying to implement parts of their work. Infrastructure has certainly improved to the point where we can codify and automate a lot of the tasks that were stumbling blocks of yesteryear.
However, some enterprises – in attempts to maintain some semblance of control – hinder engineers when they need to provision platforms in order to move developers, and ultimately the business, forward. This often leads to these engineers circumventing the process or using shadow IT sources, and this leads to the sprawl of platforms and security issues mentioned previously.
In your opinion, why do certain companies hesitate to implement open source solutions?
In large enterprises, there have been potential misunderstandings as to what open source ultimately means. There often is a fear (and rightly so) of the commercial aspects of the company being out there in the open for all competitors to immediately duplicate, this often leads to draconian processors or outright blanket bans on any open source projects within the company.
With sufficient education within the company about what can and can’t be developed through open-source, then both the company and new communities can mutually benefit.
What are the best practices companies should follow when developing, and, when launching applications?
The best idea is to not be afraid of talking to users even if they have harsh feedback and many requests for improvements in the early days of a product. Building out a strong feedback loop with an initial set of brave and smart users is incredibly important to building a thriving project and community around it.
Talking about personal cybersecurity, what measures do you think everyone should implement to protect themselves from emerging threats?
From a personal perspective, the two main practices that people should adopt are two-factor authentication and password management. Two-factor authentication will protect personal accounts by tying authentication to an additional device, whilst password management allows much more complex authentication without requiring memorable passwords (that can be subject to social engineering).
Additionally, some password management will enable lookups for breached accounts notifying end users of potential accounts that need fixing.
What does the future hold for Loft Labs?
Within less than a year, Loft Labs quickly grew from a small 2-person team to a company with 15-plus employees spanning 8 time zones and the startup will continue to grow as it expands its footprint in the cloud-native ecosystem as well as in the enterprise software space.
One of the major milestones ahead of the company will be its first contribution of one of its open-source projects to CNCF’s sandbox – but, which project will be contributed and when is still confidential at this point.