To gather insights on the state of cloud development and deployment today, we spoke with 15 executives from 13 companies that develop tools and services for companies to develop in, and deploy to, the cloud.
We spoke to:
Nishant Patel, CTO, and Gaurav Purandare, Senior DevOps Engineer, Built.io.
Sacha Labourey, CEO and Founder, CloudBees.
Jeff Williams, co-founder and CTO, Contrast Security.
Samer Fallouh, V.P. Engineering, and Andrew Turner, Senior Engineer, Dialexa.
Anders Wallgren, CTO, Electric Cloud.
Jack Norris, S.V.P. Data and Applications, MapR.
Michael Elliott, Cloud Evangelist, NetApp.
Faisal Memon, Technical Product Marketing, NGINX.
Seth Proctor, CTO, NuoDB.
Pedro Verruma, CEO, rethumb.
Pete Chadwick, Director of Cloud Product Management, SUSE.
Nick Kephart, Senior Director Product Marketing, Thousand Eyes.
Dmitry Sotnikov, V.P. of Cloud, WSO2.
Here's what they told us when we asked, "What are the obstacles to the success developing or deploying in the cloud?"
The biggest obstacle is security. The threat facing cloud-based development and deployment is significant. When an application moves to the cloud, there are two major changes. First, the entire foundation and all the security assumptions about the environment are completely changed. This isn’t just about technology, the people, processes, and even the legal framework for operating the application change. Second, all the connections made by the application are now exposed in new ways. The application that once previously connected from a trusted network to internal systems must now connect over public networks and may lack a trusted way to store credentials. Essentially, the developers made a certain set of assumptions about the environment when they designed and built the application, and when they change, it is extremely likely to result in both security improvements and security vulnerability. Certainly, not all private datacenters are well-run, and many cloud providers offer excellent security services, so the net change may be positive, but you will certainly want to carefully think through the new threat model.
The business proposition that the database can be an obstacle. A SQL database moved to the cloud loses its structure to the cloud. Concern about data certainty. Data management techniques. People think in five- to seven-year lifecycles. Increased importance in where you are physically running something. Latency in access versus management at an end-point.
The fast pace of technology – what you know today can be outdated in six months. There’s a huge learning curve and churn in technology. The learning curve changes because the technology is always changing. Different groups, companies, and trusted partners have different terminology. There are community conventions in how to structure and automate tasks.
The cloud makes it easier for projects to get out of scope given the ease of provisioning and getting things up and running. It can be hard to maintain discipline. Use project management to maintain. On the technical level, these problems are solvable with tools like Puppet adding discipline.
The challenge is in forcing complete and automatic end-to-end deployment, and in learning to interact with new tools and services. These are the two main issues when moving a service to the cloud. Handling new tools and services is becoming easier and easier, but it still takes some time to change the mental model when deploying to a new environment. Making an organization change to a completely automatic deployment is not easy, but after it’s done it’s a major advantage for any company using the cloud. It allows developers to push changes at a faster pace, and, at the same time, avoid scalability issues.
People without the proper expertise to understand the process and tools. People need to be wired for the cloud. There’s a lot to learn as AWS just introduced a lot of new services. Top-notch expertise is very important. As such, companies need to invest in ongoing training of their employees to ensure they are up to date. This is much better than reverting to legacy behavior.
Does the data fulfill the SLA requirements around availability, security, disaster recovery and accessibility? The SLAs of the business application around latency, 24/7 availability? What’s the data model?
The initial cost for getting on the cloud can be high while the actual cost to compute, move, and store data can be cheap. Concern over vendor lock-in.
There’s a shortage of operational talent for development, deployment, and delivery. How to use data in a more automated way to get insights because teams are overloaded and not enough people. Web developers and engineers don’t have time to spend on projects and get ahead of the curve and use the tools.
You must learn a new set of things from load balancing and firewalls to Amazon ELB. It’s a whole new skillset. How will you monitor? Some things can go into the cloud easier than others. Integrations can be challenging. We run JIRA inside a firewall with Perforce. While JIRA would move easily to the cloud, the integration with Perforce would be difficult. We understand our stack in the firewall. However, when it’s running in someone else’s environment, we don’t have the same level of access and control. Build and test 2A inside the firewall but then move artifacts to the cloud and distribute across instances. There’s a slow link between you and the web. How do you pre-stage artifacts to be deployed? Where do you put them? S3 on AWS? It’s hard to go back and forth.
Don’t look at the cloud as just a technology decision, it’s much more than that. A philosophical decision how to develop and manage across siloes in the organization – networking requirements, storage requirements. Once everyone is in the room, it’s easier to get a proof of concept. If you go with self-service networking, storage, and development have to work together. Get the system administrator out of the middle.
Lack of knowledge and skills. Shortage of DevOps skills. Need to know how to set up and run securely.
Although applications are portable, data is decidedly less so. Building your applications to ensure the portability of the data has always been an obstacle for developing in the cloud. Developers must explore various design principles and options to ensure they develop applications that can exist in multiple cloud environments.
What are the primary obstacles to success developing in and deploying to the cloud?