Subscribe
About

Coding in the cloud

Software development in a cloud world is a little bit like stepping away from a snowball fight.
By Tiana Cline, Contributor
Johannesburg, 09 May 2024
Ian Engelbrecht, Veeam Software
Ian Engelbrecht, Veeam Software

Cloud-native technologies are changing the way applications are built and run. Companies are opting for this approach because the cloud is dynamic, scalable, and resilient, giving them all the tools they need to compete quickly in a digital-first world.

When comparing cloud software to traditional applications, one of the easiest ways to understand the difference is to picture a snowball rolling down a hill. As traditional applications grow, they can become increasingly burdensome, difficult to modify and bogged down by legacy processes. They struggle to meet the needs of businesses, growing more bloated with technical debt. On the other hand, cloud-native technology is fundamentally shifting how applications can be built and run for improved scalability. You’re not making snowballs, you’re the ice sculptor, shaping applications with precision and adaptability and creating solutions that seamlessly navigate the ever-changing demands of the modern business environment.

Cloud-native “Before the cloud, the software development process on physical infrastructure looked different,” says Ian Engelbrecht, Veeam Software’s system engineering manager. “When it came to developing and trying to pass something from a development process into a QA [quality assurance] and then into production, you were maintaining an entire workload. The development timelines in a DevOps pipeline were much longer because they had to shift and move entire OSs and design, develop, and test code against the OS.

“But when you’re no longer dependent on an operating system, you’re no longer dependent on any virtualisation technology or hardware. Lifting and shifting these workloads into cloud becomes much easier.”

Engelbrecht explains that this is where the term cloud-native comes from; designing an application that has no dependency on infrastructure or operating system means you can move code from on-prem into whichever hyperscaler works best for that piece of software. “You don’t need to make infrastructure available because you can use a hyperscaler, like Amazon Web Services (AWS) and Microsoft Azure, and that just makes it simple,” he says.

Another change cloud brought to the development process is the ability for developers to leverage the as-a-service offerings in hyperscaler marketplaces. This allows developers to consume services like databases, analytics, and AI/ML, for example, without managing the underlying infrastructure themselves. These services can be integrated into their applications and development pipelines quickly and on demand, accelerating development cycles by removing infrastructure maintenance overhead. “This makes it seamless and much easier for companies to accelerate their development and R&D cycles,” says Engelbrecht, adding that the ability to consume AI as-a-service is a game-changer for cloud software development. “If you use a conversational model or large language models like Copilot from Azure, you’re now hooking that technology into the development pipeline, making it simpler for developers to develop their code.”

AI services offered in cloud marketplaces can help narrow down issues during debugging by analysing logs. “Developers can use AI to ensure that all the code is good, going to perform well and has no bugs or potential security risks. Microsoft is essentially renting to you that AI service that you can pull into your development pipeline,” says Engelbrecht.

Building cloud-native applications can be complex as there are a number of different components and layers to consider. If not managed properly, a business’ security risk can increase, posing risks of data breaches, unauthorised access, and noncompliance issues within the cloud-native software development lifecycle.

From code to cluster

Dirk Ras, a solutions architect in the office of the CTO at Dariel, says developers need to be cognisant of the application’s security. “The standard defensive programming measures still need to be applied – this is still a piece of software that needs to be run; it just happens to be running in the cloud.” He adds that the fundamentals of software security stay the same with cloud as traditional development. “Things like SQL injection or cross-site scripting – all those attack vectors do not go away; they still have to be considered and they still need to be mitigated.” Many of the hyperscalers offer granular permissions that allow you to restrict cloud applications to specific regions, users, and even specific virtual private networks. “Developers should pay special attention to keeping credentials private,” says Richard Frank, CTO of Flow Communications. “It’s quite easy to expose an API key publicly, which bad actors will detect in seconds and use to send a million spam emails or run Bitcoin mining software on your server fleet.”

“It’s quite easy to expose an API key publicly, which bad actors will detect in seconds and use to send a million spam emails or run Bitcoin mining software on your server fleet.”

Richard Frank, Flow Communications

Additional security measures need to be applied to a cloud. Security configuration, for example, is vital. “The configuration of your security groups is of utmost importance. Whenever there have been breaches to cloud applications, this is generally why it happens,” warns Ras. “If the security group is not configured properly, and it gives wide open access to your entire application stack, that is a massive security flaw. The same can be said for cloud storage solutions. If the access controls are not implemented correctly, it can leave you wide open.” Ras suggests using the security analysers offered by various cloud providers, such as AWS’ Identity and Access Management (IAM) Access Analyzer or Google’s Cloud Security Scanner. “All the cloud providers have security analysers that you can use, and they need to be maintained constantly,” says Ras.

Cloud – a choice

Regarding cloud security, distinguishing between public, private or hybrid setups is crucial for software development because different cloud setups have varying security implications and requirements. “There is a perception that private cloud offers better security as resources are not shared with others, but it comes at a high cost and maintenance responsibility,” says Colin Baumgart, CTO and Commercial Solutions area director at Microsoft South Africa. “Although there is a belief that private cloud is far more secure, most of the attacks we’ve seen have happened on-premises.” Hybrid and multicloud are a reality of business environments today and finding ways to simplify security is critical. “Microsoft Defender for Cloud helps businesses to incorporate good security practices early during the software development process,” says Baumgart. “They can protect their code management environments and code pipelines and get insights into their development environment security posture from a single location.” In addition to Microsoft Defender for Cloud, Baumgart mentions Azure Arc, Microsoft’s multicloud management solution that runs on both new and existing hardware, virtualisation and Kubernetes platforms, IoT devices and integrated systems. “It enables our customers to develop cloud-native applications with a consistent development, operations and security model and leverage their existing investments to modernise with cloud-native solutions,” he says. Data protection inside Kubernetes – the microservices, containers and persistent data – is essential for security and disaster recovery. In the context of software development, Engelbrecht says that if these three are compromised, a service like Veeam means the code can be easily lifted, shifted and restored into whatever platform is required, and a developer can continue working. “If Azure is down, we can bring up your data in AWS, and you can just continue your work. You can choose to go back…or not,” says Engelbrecht, and adds that business continuity can also mean protecting code from accidental deletion. “Having a protected data layer that allows companies to move their workloads from on-prem and across cloud is data freedom.”

Adopting cloud technologies empowers organisations with unprecedented agility, scalability, and resilience. Cloud development is a barrier against the snowball effect of complexity and inefficiency inherent in traditional software development practices. This agile approach to development minimises the accumulation of technical debt and ensures that applications remain adaptable and responsive to changing market dynamics.

* Article first published on brainstorm.itweb.co.za

Share