When Rice University adopted a strategy to update its application portfolio with cloud native software, it needed to update its people, too.

“We needed to retrain our staff,” said Klára Jelínkova, vice president for international operations and information technology. The infrastructure teams had to adapt to new roles in areas like business analysis, change management and organizational readiness. Application developers needed to learn how to work with application program interfaces. New cybersecurity disciplines needed to be mastered.

“The change has been jarring for some,” Jelínkova said, “but overall, the staff embraced the chance to avail themselves of training opportunities and advance their skills.”

Rice University’s Jelínkova: Shift to cloud native computing “has been jarring for some” but most IT staff members have embraced new skills. Photo: Rice University

Cloud native computing, which is a new way of building and deploying applications based on distributed cloud platforms and services, is about more than just moving software to someone else’s infrastructure. It’s a complete change in the way organizations must think about building and deploying software, experts say. “Cloud native applications require a fundamental shift in thinking the people, processes, tools and technology relationship,” said Bola Rotibi, research director for software development at CCS Insight Ltd.

Modernization applications around cloud native principles is as much about people, process and governance as it is about technology, said Rajeev Kaul, managing director of cloud native engineering at Accenture plc. “There’s no escaping the fact that this can be a substantial undertaking for global organizations with large legacy estates,” he said.

New foundation

Cloud native applications are built and deployed fundamentally differently than their monolithic predecessors, said Vijay Raman, vice president of product management cloud at Information Builders Inc., which does business as ibi. He cites five major differences:

1. Development is usually done using the agile methodology called DevOps, which emphasizes modular programming, frequent code releases and continuous integration.
2. Cloud native applications are assembled from distributed microservices, which are loosely coupled services that are assembled rather than hard-coded. Applications usually run inside the integrated runtime environments called containers.
3. Extensions and customizations are made by accessing standardized APIs rather than modifying application code.
4. Application management involves monitoring and aggregating data from multiple sources.
5. Testing covers end-to-end integration as well as user experience.

Red Hat’s Gracely says without changing the culture to adapt to rapid change, “new technologies and skills become essentially useless.” Photo: SiliconANGLE

“In most cases, the new skills are tied to being properly organized to work in an environment that is frequently changing,” said Brian Gracely, senior director of product strategy for the OpenShift product line at Red Hat Inc. “If the culture or organization prevents or impedes that pace of change, then new technologies and skills become essentially useless.”

Among the most important high-level requirements Gracely believes cloud native computing demands are the ability to automate such tasks as software testing and deployment as well as continuous monitoring of the environment throughout the change cycle.

The need for monitoring skills is especially pronounced since cloud native apps “tend to be orchestrated microservices applications, so there are more stakeholders involved in production application monitoring and management,” said Pavlo Baron, chief technology officer of Instana Inc. The sheer complexity of these applications demands skills to automate across the management lifecycle “and expose the context of individual services, calls, traces and applications,” he said.

The loosely coupled nature of cloud native applications, where services may be scattered across the globe, make logging and monitoring skills essential, said Anders Wallgren, vice president of technology strategy at CloudBees Inc. “When there’s a problem with a monolithic application, there’s only one place to look for the problem,” he said. “When a customer reports a problem against an application with 500 microservices, you don’t want to be engaged in a treasure hunt to discover where things went wrong.”

Developers who are accustomed to the structured discipline of waterfall management, in which projects are completed in distinct stages and move step by step toward release, may find the constant iterations and rapid release schedules of cloud-native development using DevOps a little head-snapping.

Developers need to understand the mechanics of using compute, storage and networking resources that aren’t in their direct control. They also need to get comfortable with the idea of incorporating resources from someone else instead of building their own. “Cloud architecture also offers a variety of ways to accomplish any particular collection of tasks,” said Aaron Kimball, chief technology officer at Zymergen Inc. “Choosing the right solution – and keeping current on the ever-changing menu of capabilities from big providers – requires being familiar with their offerings.”

Shared responsibility

One of the information technology specialties most affected by a cloud-native migration is cybersecurity. Most cloud infrastructure providers operate under the principle of a shared responsibility model in which the platform provider takes care of infrastructure security while the customer is responsible for securing and patching everything else.

That has created headaches in the early going as “the majority of organizations allow privileged users to make configuration changes to cloud infrastructure in production, which introduces risks,” said Om Moolchandani, chief technology officer at the cloud security specialist Accurics.

Noting that more than 15 billion records were exposed in cloud breaches in 2019 alone, Moolchandani said cloud security specialists need to be more attentive to effectively saving users from themselves. Verizon Corp.’s 2020 Data Breach Investigations Report found that human error has been the fastest-growing cause of data breaches over the past five years and Gartner Inc. estimates it’s responsible for about 95% of cloud security incidents.

“Security must be codified into all layers of the cloud stack to identify and fix misconfigurations before cloud infrastructure is provisioned,” Moolchandani said. “If a configuration needs to be modified in any way, the change should be implemented in the code, assessed for risk and the infrastructure must be redeployed.”

Effecting all these changes in an environment of chronic skills shortages may be daunting, but many CIOs may have little choice, said Accenture’s Kaul. “It’s vital to remember one central point: You can’t wait for all the stars to align before embarking on a cloud modernization,” he said. “You just need to jump in and get started.”

Photo: Unsplash