According to Gartner, the respected research firm, one of the main trends in the IT industry today is the adoption of technologies that allow organisations to build new application architectures that are resilient, elastic and agile.
Under the heading of “cloud-native platforms”, these architectures enable organisations to accelerate and improve the adoption process as it relates to cloud computing, while supporting faster response times linked to more urgency when rapid digital change is demanded.
Cloud-native applications use platform-as-a-service tools and associated methodologies to permit modern software development processes to function as the cement binding the building blocks of cloud-native architectures.
From the corporate perspective, the development of a cloud-native platform represents a fundamental acceptance of IT modernisation practices, including design innovation, advanced testing and monitoring regimes and the establishment of an accelerated production environment.
Gartner predicts that by 2025, cloud-native platforms will serve as the foundation for more than 95% of new digital initiatives, up from less than 40% last year (2021).
From the corporate perspective, the development of a cloud-native platform represents a fundamental acceptance of IT modernisation practices.
One of the important attractions of cloud-native platforms is their capacity to deliver a broad range of automated solutions. It is this feature that radically distinguishes the architecture from many on-premises environments which are often limited to repetitive, manual tasks common to non-cloud environments.
Through their integration into the corporate computing environment, cloud-native platforms are able to deliver an effective method by which organisations execute new digital strategies designed to enhance operational efficiency and ensure a continually upward trend in the business growth graph going forward.
Significantly, cloud-native platforms obviate the traditional “forklift-upgrade” approach to the introduction or updating of cloud technologies, which not only adds complexity to the process but also fails to take advantage of the true benefits of the latest cloud-enabling tools.
According to Sid Nag, a senior member of the Gartner Cloud Leadership Council, cloud-native platforms provide abilities that fast-track the use of cloud computing. They include technology functions such as container management, infrastructure as code, continuous integration and delivery, service mesh and serverless functions.
“They also provide capabilities in, and connections to, application architecture, infrastructure and operations, as well as transformation, including culture, staffing, tools and processes,” he notes.
In this light, it is not surprising that organisations are seeing cloud-native platforms as central to the concept of the “the ultimate infinite enterprise”, where scalable cloud services and distributed network access are vital to the work-from-anywhere movement.
As attractive a prospect as this is, organisations and their IT management teams have to accept a high level of responsibility for a variety of functions linked to the adoption of cloud-native platforms.
These functions include long-term strategy development, procurement decisions and vendor management, as well as regulatory compliance to which can be linked data privacy and security obligations.
Traditional security practices, strategies and technologies, while unable to deal with the growing sophistication of any number of increasingly common threats, are obviously unsuited to the more specific and demanding needs of cloud-native platforms.
Therefore, beyond their practical features and benefits, and in addition to their broad acceptance of public, private, hybrid and multi-cloud environments, cloud-native architectures must incorporate advanced threat prevention for all corporate assets and workloads. This is key.
While it is usual for hardware platforms to be security-certified, this level of endorsement does not often extend to end-users’ infrastructure and data or – more notably – cloud-native platforms.
It is thus encouraging to see certain vendors adopting a more proactive stance in this regard. Perhaps one of the more important steps taken to underscore the security of cloud-native platforms comes in the form of an information security management system that complies with the requirements of the ISO/IEC 27001 certification standard.
ISO/IEC 27001 is a standard published by the International Organisation for Standardisation (ISO), the world’s largest developer of voluntary international standards, together with the International Electrotechnical Commission (IEC). It deals exclusively with information security management.
By aligning with vendors that have adopted the ISO/IEC 27001 certification, cloud-native platform users will be endorsing a worldwide standard for security. Compliance with the certification is, by requirement, regularly monitored through internal and external security audits to ensure integrity.
ISO/IEC 27001 provides 114 controls structured in 14 sections (clauses), each covering a specific security-related area. In essence, ISO/IEC 27001 defines a process for establishing, implementing, maintaining and continually improving information security management systems within an organisation.
It also defines security controls and management processes covering personnel, physical security, logical security, security systems and business continuity. And it assists in identifying risks and devising strategies for mitigating and remediating security threats while improving cyber security barriers.
Cloud-native platforms are able to offer many benefits to organisations, including a “faster time to value” by maximising the innate capabilities of cloud computing.
Under the umbrella of the ISO/IEC 27001 standard, cloud-native platforms can facilitate trusted environments in which development teams are able optimise these benefits and create applications whose features contribute towards a significantly smaller infrastructure burden.
Share