In the past decade, we've seen explosive growth in the adoption of the cloud-based infrastructure model. IT organizations are increasingly choosing to reduce their up-front investments in IT infrastructure by deploying their applications into cloud environments. These environments offer on-demand availability of data storage and computing power that organizations need to handle high volumes of data and growing demand for application access and services.
But cloud adoption doesn’t look the same for every organization. Mapping the journey from legacy to cloud-native architecture involves many questions and considerations. To help offer some answers and insights, we brought together experts from a variety of organizations for a DevOps Insight Forum panel discussion about making the switch to cloud-native, or not.
Andi Mann - CTO at Qumu, a platform to create, manage, secure, distribute and measure the success of live and on-demand videos.
Lee Atchison - President of Atchison Technology, a cloud consulting firm.
Bruno Kurtic - Co-Founder and Head of Strategy at Sumo Logic.
Zehra Syeda-Sarwat - Sr. Director of Business Strategy at Microsoft, makers of Azure, a cloud computing service operated for application management via Microsoft-managed data centers.
Mitch Ashley - Principal with Techstrong Group research analyst firm that covers IT industries and practices that are reshaping the world of technology.
What does it mean to be cloud-native?
Debate surrounds the terms “cloud-native,” “cloud-first,” “cloud-based,” and “born in the cloud.” These terms are often used interchangeably or confused to mean the same thing.
The definition of cloud-native from the Cloud Native Computing Foundation (CNCF) is most commonly accepted:
Cloud-native technologies empower organizations to build and run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Containers, service meshes, microservices, immutable infrastructure, and declarative APIs exemplify this approach.
However, Atchison isn’t a fan. “It's a limited view of the value of the cloud, that doesn’t totally reflect what organizations really care about when they move to the cloud.”
For Ashley, the definition from the CNCF is spot on. “Cloud-native applications are built using containers, microservices, and overall, built in a way that can be leveraged by DevOps to deliver software more quickly, update it quickly, and scale.”
Mann takes a more practical view. “It’s defined by the capabilities it enables that are only really available in the cloud, like on-demand scalability and continuous integration (CI)/continuous delivery (CD).”
It’s tempting for companies that take a lift-and-shift approach to think of themselves as cloud-native, but Syeda-Sarwat explains how that’s only the first step on a company’s journey to the cloud. “It’ll help you get started, but you won't necessarily reap the benefits of the cloud, like cost reduction and increase in uptime resiliency.”
What is the value of cloud-native?
In trying to decide if, when or how to migrate to the cloud, it’s helpful for organizations to do a cost-benefit analysis and determine expected ROI. But, of course, this is difficult to calculate and between IT and business, there are often different ways of measuring the value of cloud-native.
From Kurtic’s perspective, having seen so many organizations from a wide variety of industries, it all comes down to one thing. “Rate of innovation is what matters, and I think cloud has evolved to actually enable us to evolve our technology stack faster than we can do it ourselves. It is all about being able to move faster and respond to business conditions faster.”
Similarly, Syeda-Sarwat believes it begins with your business goals. “Having that conversation on why the business needs to move to the cloud––is it to reduce cost, become more agile in product development and go-to-market lead time, or time-to-value? Answering those questions first helps inform metrics and KPIs to measure value.”
At Qumu, the value of cloud-native is less concerned with cost reduction and more so tied to its SLA and development process. “We've got to be reliable, always on, and so being able to use cloud-native services to scale out instantly and provide backup encoders, for example, to back up streaming for our clients is critical.”
Equally valuable to Mann is agility. “We can try new things –– fail fast, fail forward, test them out in different regions for different customers –– so for our business that means we're super reliable, we're super scalable and we get new features out quickly.”
Are you more secure when you move to the cloud?
As organizations grow and scale, relying on cloud solutions for data management and storage needs becomes more appealing. But the challenge, of course, is how to keep your data safe and secure. Cybercrime only continues to grow more rampant and damaging.
Atchison is quick to point out that IT organizations and the cloud service providers they do business with share responsibility for implementing security controls to protect applications and data that are stored or deployed in the cloud. These controls include a variety of measures for reducing, mitigating or eliminating various types of risk. “It is in the cloud provider's best interest to provide you the tools to make your application secure, so rather than reinventing the wheel, you can use the best practices from your cloud provider to end up with a more secure app than you could ever have in your own data center.”
For highly-regulated industries that may be slower or unable to entirely become cloud-native, like financial services.
“It can take at least six months to complete any new patch that's released, so that's six months where they are vulnerable.” Not surprisingly, Syeda-Sarwatagrees with Atchison that businesses are more secure by being on the cloud.
But Mann is less convinced, noting that not all cloud service providers are created equal. “My clients are constantly asking us in RFPs about who we use as our cloud provider, where our services are hosted, and what third-party cloud tools we use, so I think it's very important to understand that you can still be super insecure and have a cloud-native environment; it depends on how you implement it, what controls you've got internally, and what your level of governance is around code compliance, code review, and code checking.”
Watch the entire panel discussion to learn more about the challenges, approaches, and value of cloud-native applications.
And visit our website to learn more about how Sumo Logic can help bolster your cloud infrastructure.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.