A tour of cloud computing: “The biggest roadblock to multi-cloud success is the learning curve”
Cloud computing is worth exploring; this is what we think but of course, we’re no experts. Therefore, we decided to invite 14 experts to weigh in on the present and future of cloud computing. Our next guest is Ivan Novikov, CEO and co-founder of AI-powered application security company Wallarm.
Cloud computing is worth exploring
In JAXenter Technology Trends Survey 2017, we asked readers about their interest in different technologies and, according to the results, the cloud was a very relevant topic for developers. As you can see in the figure below, cloud computing was the runner-up in the “General IT topics” section, after software architecture.
If you want to read more about respondents’ favorite and least favorite cloud platforms, have a look at the results. Sure, cloud computing was already very popular but these results put things into perspective for us; in 2017, respondents were more interested in cloud computing than in microservices, DevOps, machine learning, blockchain and the list goes on. That may or may not still be the case, but these results opened our appetite for everything cloud-related.
Despite cloud computing’s popularity, there are still a lot of unknowns, misunderstandings and gaps. For example, earlier this year, we learned from Sumo Logic’s 2018 Global Security Trends in the Cloud report that almost half of their respondents reported that current tools do not work in the cloud. Furthermore, a whopping 97% out of the 300+ respondents felt that they lacked the tools for proper cloud security. Read more about the report here.
The bottom line is that cloud computing is worth exploring and the benefits definitely outweigh the risks. This is what we think but of course, we’re no experts. Therefore, we decided to invite 14 experts to weigh in on the present and future of cloud computing.
Here are the interviews published so far
- Abby Kearns: “It’s very important for technology to be cloud-compatible, if not cloud-native”
- Oleg Chunikhin & Terry Shea: “Serverless is another step towards improving productivity, especially in DevOps and operations”
- Peter Meulbroek: “Cloud-neutral adds a large amount of complexity and risk to a migration, without really solving the issue”
- Ross Kukulinski: “Observability is an essential component when successfully operating software in the cloud”
- Carlos Sanchez: “A seamless multi-cloud experience is currently practically impossible”
- Ben Newton: “Kubernetes is crucial for widespread multi-cloud adoption”
- Shiven Ramji: “The next step is to make integrations between cloud services as easy as possible”
- Brian Johnson: “Cloud-based infrastructure by itself doesn’t deliver huge benefits”
- Vince Arneja: “The Fn project is one technology to watch out for as it has great potential”
- Jeff Keyes: “Serverless is the natural evolution of microservices”
- John Mathon: “The cloud gives us a lot of tools for producing better security”
- Vamsi Chemitiganti: “Every enterprise should run on hybrid cloud”
- Patrick O’Keeffe: “Don’t take the cloud provider’s word for it”
Our next guest is Ivan Novikov is CEO and co-founder of AI-powered application security company Wallarm.
JAXenter: Everything is in the cloud these days, including our data. How can developers maintain an appropriate level of security in an increasingly insecure landscape?
Ivan Novikov: It is said that half of getting the answer right is asking the correct question. This is especially true for developers. Previously, security for developers was in Douglas Adams’ words “somebody else’s problem”. Now security, as well as the infrastructure, has become a part of the developer’s responsibility.
There are definitely emerging and existing tools that can help developers manage this – from best practices, third-party open-source module reputation to security test automation; the question is in establishing the right processes.
JAXenter: What benefits does a cloud-based infrastructure bring? What are the drawbacks?
Ivan Novikov: Cloud infrastructure comes with a team of qualified professionals who maintain it following best practices and continue evolving its security architecture as new threats and new methodologies are discovered. Based on that, most cloud infrastructures are actually more secure than similar in-house installations.
To address the new challenges brought on by the cloud, companies need to also look at tools of the new generation, such as using AI for detection, securing APIs and looking at protection against bots and behavioral threats.
At the same time, shared multi-tenant environments do require a different architecture mindset that enterprise architectures need to take into account. For example, access to infrastructure management and securing the underlying virtual servers and network connectivity become a concern for software architects.
JAXenter: What is your favorite cloud-based tool, service, or platform to use and why?
Ivan Novikov: SEMRush is an excellent tool for any internet-based service to understand their customers, what they are interested in and what concepts they are searching for.
The service’s growing popularity is a testament to how well this model works.
JAXenter: Is Kubernetes facilitating cloud adoption?
Ivan Novikov: Kubernetes is an excellent tool to manage microservices’ based applications. The best part about this tech is it can easily be deployed in a private cloud or based on the managed Kubernetes service. Because of this, it is helpful for the companies who are considering hybrid clouds or a gradual migration.
JAXenter: How important is it for a technology to be relevant to today’s cloud-first world?
Ivan Novikov: Based on Wallarm experience, the ability to support cloud deployments is extremely important for a security technology. Even companies that currently focus on private clouds tend to deploy many of the same technologies, like on-prem Azure or Docker and are looking for a technology stack that is future-proof.
JAXenter: How important is it for a technology to be cloud-neutral?
Ivan Novikov: The key in security technology is the ability to have accurate detection and the ability to update continuously in response to new threats. A lot of the tools that are specific to a single cloud or built into an existing CDN service tend to be based on legacy regular expressions and don’t possess these properties. New generation tools tend to be cloud-neutral, but it’s more correlation than causation.
JAXenter: If cloud technology wants to continue to grow, tools should also grow and adapt with them. What are the most mature tools right now?
Ivan Novikov: The most mature security tools on the market are those that have been around the longest: firewalls and SIEMs. However, to address the new challenges brought on by the cloud, companies need to also look at tools of the new generation, such as using AI for detection, securing APIs and looking at protection against bots and behavioral threats.
The ability to support cloud deployments is extremely important for a security technology.
JAXenter: How can we capture the multi-cloud opportunity? What are the roadblocks to multi-cloud success?
Ivan Novikov: As with most new technologies, the biggest roadblock is the learning curve. People using the technologies are not yet adept in processes, configuration best practices, and performance tuning. There are subtle differences in those for each of the clouds. Using multiple clouds makes it exponentially more difficult.
Ivan Novikov: Serverless is a new way of handling data where the code gets executed directly in the cloud. It’s a cool technology and has excellent effective applications for certain problems including data handling. Other applications, especially those that heavily rely on state, are still better served by other types of frameworks, such as Kubernetes or Redis for real-time data management.