Businesses are overcoming challenges with serverless
Big companies from around the world have started jumping on the serverless bandwagon and with good reason. But is 2019 the year of serverless? In this article, John Demian identifies some drawbacks that it will have to overcome before that is to happen.
Feels like only yesterday I was writing my first post on this new technology that I was calling “the new-new” in the server space. But that post wasn’t published yesterday and serverless is by no means new, yet it still has a lot of ways to go before it can truly be the new standard I hope it will become one day.
So what is serverless?
Serverless computing or serverless technology is a model of computing where the service providers handle the execution of the code as well as dynamically allocating resources while charging you only for the execution time.
Big companies from around the world have started jumping on the serverless bandwagon and with good reason. The technology promises a lot of benefits to business, from cost to the production speed and as you might imagine this is especially advantageous for big businesses.
Sounds awesome, right? So how come this is not the most popular thing out there? Well, there are still some drawbacks that it will have to overcome before that is to happen. Recently I started reading up on some of those pros and cons as well as asking some of the users about what they think needs to change before this technology goes mainstream. Here are some of the conclusions I drew:
The vendor lock-in sucks!
Let me explain what vendor lock-ins actually are. When you use a service like AWS or Azure, you are going to need to write code specifically for those services. Connecting different services in your app needs to be done in a very specific way and most often than not those services are going to play vital parts of your application. If you were to later want to change providers, you’d basically have to rewrite big chunks of your app in order to have it work on a different service provider.
This is on the biggest complaints people have with the current state of the serverless space and it will continue to cause anxiety for the foreseeable future. To get a better idea about what this means I reached out to some of the developers I had in my Rolodex (yeah, I’m old).
One of my buddies that replied to my email told me that even under (very loud) protests from his team, the company he works for went serverless about a year ago. Their main concern was with the lost control over the option to freely switch providers when need be. He then proceeded to paint a picture that explains his mistrust of the technology:
> “Assume Amazon decides to change the pricing for AWS Lambda or API Gateway. Nothing much, just a few cents enough to cause us to pay a few thousands more each month and since we don’t have the option to pack up and leave to any of the other competitors were left with only the option of accepting this and eventually have to charge our users more.” – Jake P.
While this stands true for right now, the situation might change. All the major serverless vendors expressed interest in making an effort into providing ways to minimize this problem for their clients finding ways to ensure their application can be easily transferred from one service provider to another without too much hassle.
> “I think being able to be cloud agnostic here is going to be big. Just like how Kubernetes is. Serverless functions are still very coupled to the cloud provider and I haven’t found an easy way to switch providers if I implement a serverless infrastructure using one cloud provider.” – Nipuna Perera
A push towards serverless
If I were to venture a guess, I’d say that enterprises will start moving large pieces of infrastructure to AWS Lambda in 2019. While we’ve seen this done time and again by the big dogs of industry, Netflix, Coca-Cola, Bustle, there are still thousands of companies that were or still are on the fence about the whole thing. I believe that we’ll see a large number of those companies move to serverless in the coming year as the technology matures and resolves some of the issues still holding it back.
One of the biggest reasons why enterprises make the switch to the new technology is the speed at which new features are developed on serverless. You don’t have to “unplug” the entire app to add or change a feature and since you don’t worry about the infrastructure, you can push new features at a much greater rate.
Another huuuuuge reason for making the switch to serverless, in fact, is probably the most popular reason amongst the people I’ve spoken with, is the cost. A few months ago, my colleague Annika published a survey about the cost benefits of serverless. She made a great post about it that I can’t recommend it enough.
Is serverless secure?
Security is a big thing for any enterprise and while serverless does make your app in the sense that you don’t have to worry about security upgrades and updates it also presents a new problem that you didn’t really have to worry about before. With serverless, you basically have a large number of functions that work individually from one another and that amounts to a bigger vector of attack for a hacker. Luckily for us, there are already a lot of ways to ensure your application is secured, one of them is by basically following the best practices for building serverless applications that mainly revolve around using authorization and properly handling the privileges and dependencies of the app.
> So, in fine-grained cloud-native applications that use things like Lambda and Fargate, properly crafted IAM roles, customized for each function, will mitigate huge swaths of your attack surface, even before you get to making your developers write better code. – Hillel Solow
Third party vendors like Protego help you secure your application by scanning it’s dependencies and resource privileges and help you minimize the risk of attack by recommending certain settings that fit your application.
I full-heartedly believe that 2019 will be the year of serverless and I’m sure we’ll see more and more companies rally behind the technology. One thing that gives me great confidence in that statement is the large number of third-party companies that launched and evolved into this brand new ecosystem and I’m eager to see what will happen 12 months from now.