What Developers Need to Know About the Cloud
Keeping vulnerabilities, nuances, DevOps, and the sheer variety of available tools in mind will go a long way toward helping developers work with and through the cloud.
Join the DZone community and get the full member experience.Join For Free
To gather insights on the state of cloud development and deployment today, we spoke with 15 executives from 13 companies that develop tools and services for companies to develop in, and deploy to, the cloud.
We spoke to:
Nishant Patel, CTO, and Gaurav Purandare, Senior DevOps Engineer, Built.io.
Sacha Labourey, CEO and Founder, CloudBees.
Jeff Williams, co-founder and CTO, Contrast Security.
Samer Fallouh, V.P. Engineering, and Andrew Turner, Senior Engineer, Dialexa.
Anders Wallgren, CTO, Electric Cloud.
Jack Norris, S.V.P. Data and Applications, MapR.
Michael Elliott, Cloud Evangelist, NetApp.
Faisal Memon, Technical Product Marketing, NGINX.
Seth Proctor, CTO, NuoDB.
Pedro Verruma, CEO, rethumb.
Pete Chadwick, Director of Cloud Product Management, SUSE.
Nick Kephart, Senior Director Product Marketing, Thousand Eyes.
Dmitry Sotnikov, V.P. of Cloud, WSO2.
Here's what they told us when we asked, "What do developers need to keep in mind when developing and deploying to the cloud?"
Developers should keep in mind as their cloud-based software development and deployment process accelerates, the opportunity for devastating vulnerabilities also increases. They should be sure that they are doing security assessments continuously during the software development process. Teams may want to look at modern IAST tools that can provide continuous analysis. To protect against attacks, development teams should also consider integrating a RASP component into their architecture. These tools enable web applications and APIs to protect themselves against attacks, even when that code is hosted in the cloud.
1) Before you think about developing and deploying spend time on different clouds to understand the nuances. 2) Think up front if you know you want to use a particular cloud and use APIs or be agnostic. I recommend starting agnostic. Understand the economic and technical issues. 3) Try to learn a few scripting and deployment environments like Chef, Puppet, and Ansible. 4) Understand whether what you’re running aligns with the container model. Docker has made deployment simple and reproducible. Learn how to model something in that environment. Understand what’s happening in the space, think from that perspective.
Only reinvent the wheel if you’re going to make it better. Think about dependencies for applications to run. Keep track of what changes from the configuration standpoint for a smooth and successful deployment. Don’t forget about other dependencies. Apps need to be able to run in any environment.
Understand the business needs and mandates. Understand how you can affect the top line of the business. Be more agile. What wins can you demonstrate. Think about what cloud technology can help you solve a problem. Stop thinking about the cloud as something business won’t understand. Use what’s available to enable business. Business is willing to experience the transformation if you show them the possibilities.
Take the dynamic infrastructure and services into account earlier — things like object store, databases, queues, etc. In our case, we started to think about object store as a key part of our service. Without it, our service wouldn’t exist as it exists today. Sometimes cloud services can allow us to implement completely different systems than we’d originally drawn up, ones that are more robust and easier to maintain.
Because the technology is changing quickly, it’s the developer’s responsibility to find the right balance in their architecture. Don’t keep implementing “what if” scenarios, jump in and use the tools available to improve the business at hand. Don’t abstract completely away from using the tools to get started in the cloud.
Not all cloud solutions are the same. There’s a difference between orchestration and convergence. Complex applications, file processes, databases, streams, and the need to retain data for long-term storage. All of this can be available on a single platform or it can be orchestrated across several different platforms. You need to look behind the curtain to see what you’re getting and think about your needs. Your first application is not your last application. Your application will proliferate over time. Take a long-term view to achieve frictionless deployment and to realize greater success faster. Understand the role of data to what you are building. It’s easy to do applications and microservices with ephemeral data. It’s much harder with a large dataset that must be secure, stable, and scalable.
Security is a huge concern. It’s easier to hack sites and apps. The cost to the company is going up and the value of the data being stolen and resold is greater. You need to integrate security from the beginning. Do not wait until the end to make sure your code or your application is secure.
As an app or a service relies on providers, pieces, and parts interwoven to understand the performance and CX impacts. Learn how to decide when to take holistic responsibility versus pass the buck to the partner. The companies with the greatest customer satisfaction are taking the holistic responsibility. Determine what it takes to be responsible for and set up your operations to deliver on the promise.
It shouldn’t change a lot for developers. They may learn the architecture for the cloud. Continue to use the right processes and pipelines and security, performance, and functionality shouldn’t be an issue.
You need to know the fundamentals of the cloud. You might be great at writing code, but you need knowledge of the cloud. We’ve combined DevOps and developers to talk about service, failure points, scalability, and the importance of building service independently that have to scale.
Choose a tool that allows flexibility so you can customize and even adapt in different infrastructure settings and environments. Use encryption keys to track who issuing what and how often to ensure security.
What do you think developers need to keep in mind when developing for and deploying to the cloud?
Opinions expressed by DZone contributors are their own.