Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

DZone Research: Cloud Developers

DZone's Guide to

DZone Research: Cloud Developers

Security was mentioned most frequently as what developers need to keep in mind when developing for and deploying to the cloud.

· Cloud Zone ·
Free Resource

Insight into the right steps to take for migrating workloads to public cloud and successfully reducing cost as a result. Read the Guide.

To gather insights on the current and future state of the cloud, we talked to IT executives from 33 companies about their, and their clients’, use of the cloud. We asked, "What do developers need to keep in mind when developing and deploying to the cloud?" Here's what they told us:

Security

  • The developers need to think about building the application in as distributed as possible and exploit the scalability the cloud offers. The developers need to take responsibility for the security and move from DevOps to DevSecOps when they deploy in the cloud.
  • Effective use of cloud computing services imposes a higher level of responsibility and accountability on developers. Developers today demand more choice and decision-making authority to select cloud infrastructure services, but that autonomy comes with increased responsibility, not only for uptime and reliability but also for security. These are skills that traditionally would have been owned by systems administrators or security engineers but now, the developer becomes responsible – and will get paged in the middle of the night should their applications fail. Developers need to think ahead about how to account for these new responsibilities and build characteristics like reliability, observability and security into the development process. Otherwise, operational firefighting will overwhelm feature development. 
  • Be very aware of where delineation of responsibility Parkerian Hexad – there are six things to be aware of confidentiality, integrity, authenticity, possession/control, availability, and utility. Working against that model will tell you what you need to do to achieve 360-degree security. Backups,  archives and confidentiality pieces must also be in place. 
  • Where’s the data source for this, are their multiple locations, what’s the security, how’s consistency handled, keep that in mind when developing and deploying to the cloud. Data fabric makes it a lot simpler. The kind of generation can be simplified. BI process, AI process, cognitive intelligence model to guide business professionals. Historical and operational data combined with streaming data available on this data fabric for deep analytics and AI for data in motions. 
  • The way you write code still matters a lot in the cloud. You have to worry about the same things. Performance of your code is more important on the cloud. Complexities around security. How to help developers bring DevOps to the database. The cloud is a big piece of the infrastructure.
  • Developers need to understand standards, best practices, security. Be part of the cultural shift to be more successful. 
  • Automation and security — in the sense that they need to make sure that the software is not exposed, no potential breaches, and the like. Security scanning and penetration testing is important as part of the development process.
  • Security is first and foremost. Being flexible in APIs. Can’t just stick with one API, as the cloud moves faster than anything on-prem. Benefits are fantastic to the customer. Analytics has become so key in real-time. SQL APIs were failing. Graphics are so much better suited. Don’t move data be facile. Be agnostic in APIs. Same thing in code. Go best of breed. Cannot have 100% C++, use Go, Python. Challenge in maintaining codebases but the benefits outweigh with speed and feature sets. Cloud allows you to be a much larger engineering team than you are. 
  • Developers need to understand and keep the following in mind while developing for the cloud: 1) Security: What are the security protocols that a specific cloud platform provides? This encompasses secure infrastructure, data security at rest and in motion and whether the secure standards not only protect data but also the level of compliance they provide and how these protocols and standard scale with volume. 2) Hybrid data management: How does the cloud platform provide mechanisms to store and quickly retrieve data? Platforms like Google try to mimic Amazon’s S3 while other platforms have different storage mechanism. How much data can be stored and is the infrastructure elastic? They need to understand the latency of retrieval both locally on the same network and across the internet geographically from different areas in the work. What services are best positioned for their use-cases for managing data. 3) Collaboration: Developers should look for services and open source services that can be embedded into the application. 
  • Because so much of cloud deployment is linked to DevOps and other Agile development methodologies, adopt the concept of security as code — and require that your tools support this concept — this can go a long way toward making a move to cloud faster and easier. Security as Code means that — while security controls are specified by the security team, in conjunction with development and operations — security design and architecture is specified and updated by the development team. This eliminates the friction between development and security teams, allowing them to collaborate and keeping both teams objectives: move fast AND stay secure. Moving to the cloud means rethinking how you can instrument in security controls. Rather than blindly bringing over the tools that were purpose-built for the data center, you can now utilize the remarkable API platform services the cloud providers enable, and instrument in security controls that take advantage of the agility and cost-benefit the cloud offers. 
  • Remain transparent, let others know when they have introduced a security flaw. Work with vendors. Think predictive and AI/ML possibilities.

Cloud Platforms

  • If you have an app designed for cloud A, and there is any hope of significant scale in the future, think about how you might be able to deploy it in cloud B or C.
  • Learn the best practices for each cloud platform. You can learn quickly. Don’t settle for one skill. Stay relevant. Security is always a priority.

Services

  • Learn about different PaaS services and APIs they can leverage. DevOps teams look at API-driven networking to support the developer’s needs. Look for abstractions to the networks.
  • Most DZone readers already doing these things. Only using AWS. Might be beneficial to explore developing on other cloud platforms. Developers need to think about cloud-native services to take advantage of what the clouds are offering.

Other

  • Don’t forget you are building a product or solution for a customer. What are the problems your customer is facing? How will you help to solve it? Focus on the problem you’re trying to solve. Be open to new technologies and providers. Understand the environment your code is being deployed to. Look at architectures and typologies and how to evolve progressively? Take advantage of new technologies.
  • Make your tools and solutions easy to use. If it’s not easy it doesn’t matter how good it is. Then be mindful of security. If too complicated it will not be deployed. The solution must be easy to use and deploy from application stack to the systems stack – networking and storage.
  • The old saying, “What got you here won’t get you there” is very, very true of the cloud. Some of the skills and knowledge that people took years to develop can be rendered insignificant in a short time. Not everything, of course, but just as the cloud is dramatically accelerating the possibilities for DevOps, it’s also shifting the balance to more Dev and less Ops. Or more correctly, it’s redefining “ops” to encompass business priorities like the real-time management of cost, compliance and customer experience.
  • 1) A mindset of developers being involved in the full lifecycle you build you run. Know later application concerns – scale, availability, monitoring. Need to worry about Kubernetes when designing software. 2) DevOps, Agile, CI/CD never more relevant or required than it is today. The cloud assumes mature CI/CD process you use. Need to get to a mature CI/CD process.
  • Just because you are doing Agile, DevOps, does not mean quality doesn’t matter. The sprint isn’t the end goal. A quality deployment is the end goal. The application should get iteratively better.
  • Start with native in the cloud. Put everything in the cloud and don’t do on-prem. Easy to maintain, much cheaper, easy to distribute.
  • 1) Start with business requirements. 2) Look at open source technologies and processes. Look at Netflix Spinnaker. Don’t reinvent the wheel. Enhance the communities. Constantly learn cross-discipline.
  • All engineering best practices still apply. Fault tolerant code. Minimize dependencies – keep it simple. Keep in mind what problem you’re trying to solve for your customer. Pick hardened services. Focus on monitoring. Good observability into service – performing under load, consuming resources, allowing design to have visibility and protect from provider failure while leveraging service they provide. Look at what new opportunities there to leverage for highly reliable software.
  • Plan for failures. Know that connectivity may vary. Build for resilience. Roll back automically. This leads to richer applications. Stay flexible so you can architect apps to work on multi-cloud.
  • Don’t take a one-size fits all approach to the cloud. It’s always best to determine the best deployments options with performance, resilience and cost management in mind.  Deployment options should include consideration of hybrid or multi-cloud deployment.
  • Stay open. Data may be located anywhere in the world. Have the data when and where you need it. Don’t get locked into a specific cloud vendor since your customers are doing the same thing.
  • Developers coming from on-prem need a different mindset for availability, scalability, elasticity, security, multi-tenancy, privacy. Thinking has to completely change. Elasticity needs to be built into the design. Recognize the need to protect private data. Think about from day zero.
  • Always consider your business needs and how you can best strategically migrate to the cloud. When deploying to the cloud make sure you anticipate and plan for any disruptions that might occur in the beginning.

Here’s who we talked to:

TrueSight Cloud Cost Control provides visibility and control over multi-cloud costs including AWS, Azure, Google Cloud, and others.

Topics:
cloud ,cloud security ,interview ,security as code

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}