Additional Considerations For Developing And Deploying To The Cloud

To gather insights on the state of cloud development and deployment today, we spoke with 15 executives from 13 companies that develop tools and services for companies to develop in, and deploy to, the cloud.

We spoke to:

• Nishant Patel, CTO, and Gaurav Purandare, Senior DevOps Engineer, Built.io.

• Sacha Labourey, CEO and Founder, CloudBees.

• Jeff Williams, co-founder and CTO, Contrast Security.

• Samer Fallouh, V.P. Engineering, and Andrew Turner, Senior Engineer, Dialexa.

• Anders Wallgren, CTO, Electric Cloud.

• Jack Norris, S.V.P. Data and Applications, MapR.

• Michael Elliott, Cloud Evangelist, NetApp.

• Faisal Memon, Technical Product Marketing, NGINX.

• Seth Proctor, CTO, NuoDB.

• Pedro Verruma, CEO, rethumb.

• Pete Chadwick, Director of Cloud Product Management, SUSE.

• Nick Kephart, Senior Director Product Marketing, Thousand Eyes.

• Dmitry Sotnikov, V.P. of Cloud, WSO2.

Here's what they told us when we asked, "What have I failed to ask you that you think we need to consider with regards to developing and deploying to the cloud?"

• How do you protect your source code and other intellectual property when doing development in the cloud? Most organizations don’t think enough about the security of the code itself. If an attacker can gain access to the source (or binary) code they are much more likely to be able to find vulnerabilities. And if they can Trojan that code, their malicious logic can make its way into production and seriously damage the enterprise. Previously, when all development machines were internal, much of this risk was mitigated with traditional network and host security controls. But when the development pipeline moves to the cloud, it can be difficult to understand all the pieces and exactly what is exposed. Organizations should treat their development pipeline like other infrastructure and their code as a critically sensitive asset, from both a confidentiality and integrity perspective. It’s an interesting but often overlooked threat model.

• Where’s people’s interest services in multi-data centers?  Who’s doing what and why?

• I think it is very important to have personnel on the team who understand the completely different approach that cloud deployments represent. I don’t just mean people with experience, but also an open mind to this new infrastructure – one in which the company doesn’t own any servers.

• What obstacles are people still seeing in developing and deploying in the cloud?

• At what rate will we see enterprises move to the cloud? Does this include government and financial services?

• Who are the people that will put a foot down and say no we’re not moving to the cloud? Lawyers? IT? Anyone?

• After deploying what is the next-level test for each and every service? When something fails how do you handle it gracefully? Load testing, monitoring services. How do you keep up and running 100% of the time? Must remain compliant to security standards even after launch. Make updates in a timely manner.
• Up to this point, the public cloud has gotten a lot of attention in the industry. However, we’re seeing a shift in organizations wanting to take more customized, hybrid approach to the cloud. Many established companies that weren’t “born-in-the-cloud" are looking for ways to operate in both the public cloud for development and private cloud for production. Equally, there are a growing number of true born-in-the-cloud companies looking for ways to move more of their data into the private cloud. Our focus is to enable all customers to embrace cloud on their terms and maximize their ability to manage their data efficiently and cost effectively.

Do you have any additional considerations regarding the development and deployment to the cloud that we have not touched on in this series of articles?