A tour of cloud computing: “The cloud gives us a lot of tools for producing better security”
Cloud computing is worth exploring; this is what we think but of course, we’re no experts. Therefore, we decided to invite 12 experts to weigh in on the present and future of cloud computing. Our next guest is John Mathon, CEO of Agile Stacks.
Cloud computing is worth exploring
In last year’s JAXenter Technology Trends Survey, we asked readers about their interest in different technologies and, according to the results, the cloud was a very relevant topic for developers. As you can see in the figure below, cloud computing was the runner-up in the “General IT topics” section, after software architecture.
If you want to read more about respondents’ favorite and least favorite cloud platforms, have a look at the results. Sure, cloud computing was already very popular but these results put things into perspective for us; in 2017, respondents were more interested in cloud computing than in microservices, DevOps, machine learning, blockchain and the list goes on. That may or may not still be the case, but these results opened our appetite for everything cloud-related.
Despite cloud computing’s popularity, there are still a lot of unknowns, misunderstandings and gaps. For example, earlier this year, we learned from Sumo Logic’s 2018 Global Security Trends in the Cloud report that almost half of their respondents reported that current tools do not work in the cloud. Furthermore, a whopping 97% out of the 300+ respondents felt that they lacked the tools for proper cloud security. Read more about the report here.
The bottom line is that cloud computing is worth exploring and the benefits definitely outweigh the risks. This is what we think but of course, we’re no experts. Therefore, we decided to invite 12 experts to weigh in on the present and future of cloud computing.
A tour of cloud computing will be published twice a week.
Here are the interviews published so far
- Abby Kearns: “It’s very important for technology to be cloud-compatible, if not cloud-native”
- Oleg Chunikhin & Terry Shea: “Serverless is another step towards improving productivity, especially in DevOps and operations”
- Peter Meulbroek: “Cloud-neutral adds a large amount of complexity and risk to a migration, without really solving the issue”
- Ross Kukulinski: “Observability is an essential component when successfully operating software in the cloud”
- Carlos Sanchez: “A seamless multi-cloud experience is currently practically impossible”
- Ben Newton: “Kubernetes is crucial for widespread multi-cloud adoption”
- Shiven Ramji: “The next step is to make integrations between cloud services as easy as possible”
- Brian Johnson: “Cloud-based infrastructure by itself doesn’t deliver huge benefits”
- Vince Arneja: “The Fn project is one technology to watch out for as it has great potential”
- Jeff Keyes: “Serverless is the natural evolution of microservices”
Our next guest is John Mathon, CEO of Agile Stacks.
JAXenter: What benefits does a cloud-based infrastructure bring? What are the drawbacks?
John Mathon: This is an issue, but the cloud gives us a lot of tools for producing better security. If you look at the statistics, many of the intrusions that have happened over the past couple of years are related to private data centers as opposed to the cloud.
Cloud infrastructure is instituting better practices for everything. For instance, there are tools that will scan websites or services for security vulnerabilities. Other tools let you isolate services effectively in the cloud. A lot of things can be done.
Here is another example. You can do two-factor authentication for your sites, and big companies do it, but I’ve noticed a lot of sites don’t. If you leverage things like that, then you have a more secure site in the cloud than you can have locally on-premise.
Doing DevOps first or doing a CI/CD chain into the cloud can result in up to 13 times the agility that you get in a normal enterprise development environment.
JAXenter: Has GDPR affected the way you or your organization does things?
John Mathon: Well, GDPR for Agile Stacks is a great thing because we make it easier to deploy data and services across many different regions on stacks. One of the primary things you have to do with GDPR is break your services in multiple services located in different countries and isolate that data. GDPR no longer allows companies to get away with running one instance of something and have everyone go to one site. Essentially installations of the data, if not your service, must be located in multiple countries, which means many stacks must be deployed in many different countries. It also requires changes to the application itself.
The value of Agile Stacks comes in helping people build stacks that can be deployed many times over reliably in different environments over and over again, as well as maintained and upgraded in the multiple environments. There is a lot of additional cost with having multiple instances of your infrastructure whether it’s the data or the rest of your services.
JAXenter: What benefits does a cloud-based infrastructure bring? What are the drawbacks?
John Mathon: One of the things that we try to do with cloud-based infrastructure is to enable a lot of agility, meaning changing it frequently. People have shown that doing DevOps first or doing a CI/CD chain into the cloud can result in up to 13 times the agility that you get in a normal enterprise development environment.
The cloud provides flexible infrastructure that you can deploy into using DevOps in a way that you can’t always do in an on-premises environment because you don’t have the software infrastructure that you need. Once you’re in the cloud, you can leverage its flexibility to deploy things much quicker, in a much more agile way, and much more frequently to meet customer demands.
Another huge advantage is that cloud-based infrastructure can drastically reduce your costs. If you do it right, you can move from having capital costs to operational costs. However, if you just do a straight port and move an on-premise application, architecture or infrastructure to the cloud, you may see no savings. It may be more expensive or not even work. I’ve seen statistics that say something like 60% of projects that move to the cloud, fail.
The best way to move to the cloud is to tear your project or application apart and rebuild it in the cloud as microservices. Moving to a componentized or containerized approach can cut the cost by 80% to 90%. Similarly, using serverless computing, you can drastically reduce costs in some cases.
SEE ALSO: Building a better DevOps-enabled cloud
JAXenter: What is your favorite cloud-based tool, service, or platform to use and why?
John Mathon: Agile Stacks, of course. Amazon Elastic Cloud Service is our favorite service, and we deploy, build, and make our services run in there.
JAXenter: Is Kubernetes becoming central to cloud adoption?
The best way to move to the cloud is to tear your project or application apart and rebuild it in the cloud as microservices.
John Mathon: Kubernetes definitely seems like it has become the de facto standard, and we think that’s remarkable. It has become amazingly prevalent in that all cloud services offer hosted Kubernetes environments, and everybody is talking about Kubernetes as a way to host an environment. I would be 100% behind this approach.
I think Kubernetes is displacing some of the other tools like OpenShift and Pivotal CF. It certainly has displaced container management platforms, such as Swarm and Mesos. There are CMP vendors who, if they can’t adapt for the microservices world, will end up folding.
JAXenter: Jakarta EE has recently taken the cloud-native Java path. How important is it for a technology to be relevant to today’s cloud-first world?
John Mathon: Developers are moving more and development into the cloud, and the traditional on-premise ways are collapsing as people seek to build the way the future is headed. The pressure is on to do things a cloud-first way. You have to embrace cloud development practices, including Kubernetes, the way you do storage, and the way you deal with mechanisms in the cloud.
It is very hard to implement cloud-first infrastructure. But if you want to attract the best talent, have agility, and maintain flexibility, then you need to move your development to the cloud. Additionally, with GDPR, you’re forced to move development into the cloud. Logistically, it’s the only viable way to deploy your apps and services all over the world.
John Mathon: All the cloud vendors have created their own serverless platforms. Someone has created a neutral initiative. I think that this is important, so people do not get stuck. Agile Stacks supports the hybrid model, so you can use stacks in multiple clouds or limited clouds. We find half of the companies want to implement cloud-independent projects even if they have no immediate plans to move to another cloud.
Half of the companies are keen to not develop a dependence on any one platform. Even if they had a choice, enterprises would opt for cloud-independent infrastructure. Traditionally software that is highly proprietary over time becomes commoditized and standardized.
Cloud vendors want to hook you in and lock you in, but on the other hand, consumers want standards that allow you to operate across different companies. I anticipate that cloud-independent vendors will succeed, though Amazon looks like it dominates at the present time.
JAXenter: If cloud technology wants to continue to grow, tools should grow and adapt as well. What are the most mature tools right now?
John Mathon: We see tools, such as Terraform, and infrastructure tools like Helm, which comes with Kubernetes, that are helpful. Also, some of the Amazon services—notably S3 storage—have become better and better. ECS is very mature and stable, and EKS is maturing nicely.
With GDPR, you’re forced to move development into the cloud.
JAXenter: How can we capture the multi-cloud opportunity? What are the roadblocks to multi-cloud success?
John Mathon: At Agile Stacks, we give you the choice of clouds, and you can deploy stacks across multiple clouds. Developing a GitOps strategy is important because, in order to reliably deploy across multiple clouds, you have to understand the dependency, which is an important element.
It is also important to support DevSecOps, so that there is isolation and control over networking and scanning over the multi-cloud strategy, which has a vulnerability.
JAXenter: What do you think of serverless? Is it a “revolution of the cloud,” as Maciej Winnicki, Principal Software Engineer at Serverless Inc. told us last year?
John Mathon: I am a founder of TIBCO Software and invented Publish/Subscribe messaging. Serverless uses pub sub and I think it is awesome, but the cloud infrastructure for this is still immature.
Serverless is a concept that allows you to restructure your applications as functions, in a functional way. Some people prefer this, and I’m a big advocate of it. I think what’s attractive is that it can reduce costs dramatically for some services, particularly if your service isn’t used very much. If you have a frequently used service, then the cost benefit falls off.
As an industry, we don’t know how to do large applications using a serverless approach. Again, the development methodology isn’t mature. It can offer great cost savings, but it is not a panacea yet.
Application developers have entered a new era with the advent of cloud technology. If you want to meet the movers and shakers in the world of cloud computing, don’t miss JAX London, a four-day conference taking place October 8-11, 2018.