Before an enterprise can benefit from the full benefits of a cloud-native approach in terms of scalability, availability or innovation, it must reveal a number of challenges. Here are the four main ones about cloud computing:
1. Addressing the skills in cloud based apps
A recent study by OutSystems points to the lack of in-house skills and expertise as one of the main obstacles to the widespread use of the cloud-native approach in desktop and mobile apps.
Cloud architect, tech lead, full stack developer… all of these cloud technology specialized profiles are currently under pressure in the job market. At the same time, 44% of the decision-makers interviewed in the study believe that the use of cloud native technologies is a lever for attracting and retaining talent.
The shortage is expected to ease in the coming years, however. Pablo Lopez, chief technology officer at WeScale, notes a shift in the content of initial training courses. “Engineering schools are starting to take containerization and Kubernetes cloud native technologies into account. Future classes will be trained natively in cloud platforms.”
2. Overcoming the cloud computing complexity
Moving from monolithic applications to the granular approach of cloud native through a microservices architecture requires a real increase in software skills. “Companies are going into the cloud by trial and error,” observes Pablo Lopez. “They have to maintain what they have while learning about disruptive technologies.
While cloud providers offer a very rich portfolio with a dozen new cloud services every month, the IT department must constantly monitor and evaluate the real contribution of these technologies in order to retain the best in terms of performance, security and cost.
According to the expert, two approaches are possible. “A company can set up new operational teams dedicated to cloud-native technologies that bring on board the rest of the IT department. At the risk that these will be looked at with envy.” Another possibility: opt for a global transformation. “This implies significant training efforts, but also a higher resistance to change.”
To get around this difficulty, major accounts have set up a cloud center of excellence (CCoE). This core of expertise aims to hide the complexity of cloud security projects, by popularizing and selecting a limited number of cloud services and giving trajectories to reach the Grail of the cloud native. Digital native” companies have set up SRE (Site Reliability Engineering) teams to spread best practices.
3. Controlling operational costs
No need to configure a physical server anymore, with the cloud IT teams can create a development and environment to test cloud based apps with a few clicks. This can lead to over consumption. “While there are threshold mechanisms, the ability to predict cloud costs remains complex,” says Seven Le Mesle, co-founder and president of WeScale. “They depend, among other things, on the traffic load and the auction systems set up by the providers.”
“CIOs are thinking more in terms of envelopes than fixed amounts. This disturbs financial teams used to managing a budget to the nearest dollar,” he continues. “As for the FinOps approach, there’s a lot of talk about it, but it’s still not widely implemented.” Failing that, there are solutions dedicated to cloud cost optimization such as CloudCheckr from NetApp, Beam from Nutanix or CloudHealth from VMware.
4. Understand new cybersecurity risks
Finally, the cloud-native is leading to a paradigm shift in cybersecurity. In an on-premises environment, you only need to build a strong enough wall around the applications to counter attacks, Pablo Lopez reminds us. “Cloud native breaks down this pattern. By multiplying the points of entry, we increase the attack surface. Cloud native therefore leads to rethinking security by reducing privileged accounts and limiting access to services and data to the strict minimum.
However, “by design” security is not yet natural, notes Seven Le Mesle. The IT department is adopting cloud technologies to give its developers more autonomy. However, they are not always aware of the cybersecurity issues and security teams are overwhelmed. In particular, hackers use “exploits” published on code repository platforms such as GitHub.
The DevSecOps approach should allow everyone to be responsible for security knowing that it took five years for DevOps to become mainstream. Meanwhile, Seven Le Mesle notes the emergence of a new role. That of the cyberchampion who evangelizes and disseminates best practices within IT teams.