To gather insights on the state of cloud development and deployment today, we spoke with 15 executives from 13 companies that develop tools and services for companies to develop in, and deploy to, the cloud.
We spoke to:
Nishant Patel, CTO, and Gaurav Purandare, Senior DevOps Engineer, Built.io.
Sacha Labourey, CEO and Founder, CloudBees.
Jeff Williams, co-founder and CTO, Contrast Security.
Samer Fallouh, V.P. Engineering, and Andrew Turner, Senior Engineer, Dialexa.
Anders Wallgren, CTO, Electric Cloud.
Jack Norris, S.V.P. Data and Applications, MapR.
Michael Elliott, Cloud Evangelist, NetApp.
Faisal Memon, Technical Product Marketing, NGINX.
Seth Proctor, CTO, NuoDB.
Pedro Verruma, CEO, rethumb.
Pete Chadwick, Director of Cloud Product Management, SUSE.
Nick Kephart, Senior Director Product Marketing, Thousand Eyes.
Dmitry Sotnikov, V.P. of Cloud, WSO2.
Here's what they told us when we asked, "Do you have any concerns regarding the development or deployment to the cloud?"
My biggest concern is that many organizations are deploying applications “naked and afraid.” We know most organizations can’t reliably produce code without vulnerabilities. And our operational defenses have been extremely spotty in the past. I believe the future of application security in cloud environments is “self-protecting software” that can identify its own vulnerabilities and protect itself against attacks. This approach works so well for cloud applications, because no matter where applications are deployed, no matter how they scale, the protection is part of the application itself. SPS is available now and being used by hundreds of the largest companies in the world.
Capex or Opex saving when you go to the cloud assumes you are managing the data effectively – some are and some are not. Manage cost. Understand expectations. Balance the appeal of on demand and just-in-time. It used to be that people monitored mean-time-to-failure, and six-9 uptime. In the hardware world, we understood these KPIs. In the cloud, these are difficult to calculate. Use SLAs or redundancy, terms have changed. How to think about and talk about failure in the cloud – up time as a service.
Nothing severe. The person dedicated to DevOps may be concerned about becoming obsolete but they will always be needed to enhance the automated workflow. Understand how an app is developed and deployed for optimization.
No. On the technology side, we are very well-versed. There’s a lot available and it’s evolving in how we can get more value from it.
Using the cloud forces us to be more thoughtful about security — we don’t have the false sense of security that comes with the idea that “we own” the infrastructure. Because our infrastructure is 100% remote, we take security even more seriously, and talk about edge cases that one might be more prone to ignore if all the servers or services are in-house.
The same concern with the cloud as on-premises. If you don’t have the expertise, or proper training, you are less protected. In the cloud, you’re exposing your data processes and tools to the real world.
We’re no longer in an on-prem versus cloud world. We have a distributed global processing model with the agility and flexibility when where to run is a concern. Data is an important asset and you must consider the expense of storing and accessing it securely, privately, while meeting regulations. In a distributed unified security model, there are fewer moving parts.
The unpredictable nature of the cloud. You are ceding some control to the cloud provider and moving data beyond the firewall. You must live with Amazon’s and Google’s rules when you’re on their clouds whereas when you’re on-premises you can do what you want.
Objections have been answered with regards to performance, security, DDOS attack. Vendors are moving to DDOS mitigation services. This should allay any concerns for anyone who hasn’t started moving to the cloud.
There’s a steep learning curve. How do you test for security? There’s a different way of testing against the public cloud. If you do a security test, you need to let security know it’s a test and not an intrusion. Things get different than you are used to and you have to learn them.
Not concerned. Most people are comfortable putting some stuff, but not everything, in the public cloud because of data locality. There’s some concern about security but that’s going away. Some concern with compliance of internal guidelines.
Tons of tools. Hard for clients to keep up with all the tools and know which is best for their particular application.
To the contrary, we have embraced our customer’s movement to cloud and have fully supported it with development of tools that enable Continuous Integrations (CI), Continuous Development (CD) and Continuous Deployment (DC). Examples can be seen through our work with Jenkins, release of our API’s and development of the NetApp Docker Volume Plug-In (nDVP).
Do you have any concerns regards cloud development and deployment?