Cloud Services / Development / Security

Cloud Computing 2020: From Coping to Consolidating

31 Dec 2020 3:00am, by

The impact of 2020 will continue to affect how cloud services evolve and are adopted in 2021, which looks set to be a year that mixes consequences with business as usual.

Early in the pandemic, a joke did the rounds on Twitter crediting COVID-19 rather than CEOs or CTOs with driving digital transformation. Years of cloud adoption at the usual pace happened in months and both cloud and network capacity held up well, even though supply chain issues in Q1 meant the big cloud services had to postpone some of their server purchases until spring and summer.

Organizations shifted to cloud services and SaaS quickly, especially as they encountered difficulties in acquiring and deploying hardware to increase their VPN capacity. Using cloud applications gateways meant that even applications hosted on-premises that had only been available inside the firewall could be accessed remotely; that will also increase adoption of single sign-on, MFA and robotic process automation that screen-scrapes legacy applications to include them in orchestrated workflows. And few CIOs who were able to switch away from VPNs are interested in switching back.

Cloud services also made decisions about prioritizing capacity and postponing some planned updates, feature rollouts and deprecations. Extending support lifecycles took some pressure of admins and developers, although that was already happening as technologies like Kubernetes mature; the official support lifecycle from Kubernetes 1.19 onwards is now a year of patches rather than nine months.

Cloud Spending Continues

What many of the organizations who’d made those unusually fast moves to cloud spent the rest of the year doing, as work from home continued to be the norm at least in technology firms, was going back and making sure they’d done things right. That included compliance, governance and security; after the rush to make sure everyone had access to the services, applications and data they needed to keep working came the effort to restrict that to only the people who were supposed to have access.

Although many CIOs in the GlobalData IT Buyers survey expected revenue to go down because of COVID-19, most IT budgets didn’t go down: they spent less on app development and management, and on consulting services but more on mobility, security, communications and collaboration — and especially on cloud. Fifty-nine percent of senior business leaders told CCS Insights they would increase IT spending in 2021 and 41% said public cloud is their top IT priority.

That doesn’t mean technology investment will be back to normal in 2021 by any means. IT buyers told GlobalData their priorities in 2021 would be improving operational efficiency for business processes, cutting costs and increasing automation, even though they’re still interested in AI and IoT. Long-term strategic plans are still important, but the short term tactical approach to cloud services is likely to predominate until it’s clearer what the post-COVID world may look like, rather than the current co-existence.

While consumer cloud services all offer less cloud storage, with Google Drive finally cutting back and even Docker Hub unable to continue hosting thousands of versions of bloated container images that developers haven’t taken the time to optimize, the majority of businesses will use significant amounts of cloud storage, both infrastructure and file sharing. Thirty-nine percent of organizations in the Spiceworks Storage Trends in 2020 and Beyond survey already use cloud storage infrastructure services and another 20% will adopt it by 2022. That will mean more interest in database migration options, whether that’s the services cloud providers and partners offer or open core options like Flyway.

It will also mean more exposed data on cloud services if admins or developers are careless. With Azure market share increasing, expect to see the kind of data breaches from poorly secured Azure Storage accounts that we’re used to seeing from unsecured S3 buckets.

Then there are the million possible API credentials and secrets GitHub detects checked into public repos every month (there are up to 900 GitHub API keys alone committed to public repos every week). GitHub is working on an API for handling secrets and tools to create regular expressions to detect specific credential patterns used in your organization so you can have any commit where secrets are detected fail to protect them.

The Sunburst SolarWinds supply chain attack might concentrate attention on the existing problem of software supply chains and dependencies. According to the 2020 State of the Octoverse, JavaScript repos often have large numbers of transitive dependencies (calling components that call other components and frameworks): typically 683 per repo (compared to 68 for Ruby and 19 for Python), any of which might have a security vulnerability.

Expect the major cloud services to introduce services to help you vet those open source dependencies, promising to let you keep the agility of open source without the security worries — or to offer more of their own, vetted projects that may or may not make upstream contributions. Some of these offerings will be extremely useful, but watch out for security theatre too.

The Hybrid Edge

Network stability even at the peak of demand was helped by the way 4G had already started to shift telecoms towards network function virtualization and software-defined networking running on industry-standard hardware instead of fixed-function devices. Deployment of 5G alongside existing 4G infrastructure helped with bandwidth and capacity but the transformative effect of intelligent 5G networks supporting edge computing running local cloud services won’t be seen until there’s a lot more infrastructure investment in standalone 5G. Some of that will be private 5G networks in industrial situations with edge compute hosting cloud services like image recognition and predictive analytics, using hybrid options like Azure Private Edge Zones and Amazon Web Services Wavelength Zones — and this is where we’re likely to see the most advanced mobile edge usage in 2021.

The mega-regions of hyperscale cloud aren’t going away, but they are being joined by micro-regions, some of them co-located with mobile carriers, as well as regions in an ever-growing list of countries around the world. Data sovereignty and regulatory governance issues will continue to have an impact on where workloads run and data resides, whether that’s questions of whether the UK will manage to achieve a data adequacy decision from the EU to allow a free flow of personal data after the end of the initial agreement, regulatory questions within the US or the thorny question of Chinese technology providers.

The continuum of compute from public cloud to hybrid and edge computing will make cloud definitions a little more nebulous for a time; the open glossary from the LF Edge Working Group will prove helpful for specifying exactly which edge is meant in different contexts.

Now that AWS has joined Azure and Google in embracing hybrid cloud, ever more cloud services will be available on-premise, whether that’s on purpose-built hardware that runs like public cloud or using container orchestration to deliver cloud services on more heterogeneous hardware. Azure Stack HCI is an interesting example. Originally called Windows Server Software Defined and available on certified hyperconverged hardware, it’s now a version of Windows Server that still deploy and manage but don’t need licenses for because you buy it as a service through Azure, automatically get updates and new features – and use it to run other cloud services like Azure Kubernetes Service on.

AWS’ enthusiasm for Arm instances that cost it 20% less to run while delivering performance improvements for CPU-bound workloads also extends to edge and hybrid computing, and Arm is pitching Neoverse processors for edge and data center servers as well as networking workloads. That means more cloud services will run on Arm; that will make a difference to developers when using cloud services that let them specify instance types, but will often be invisible unless there’s a project dependency that needs updating.

Cloud providers will continue to promise lower carbon footprints for their services, although as currently much of that will be achieved initially through offsets as the slower process of building and bringing renewable energy sources online continues. Even data centers getting power from solar and hydro will have diesel generators on-site for backup for some years to come. The more advanced and ambitious cloud providers will also work on the impact of water use by data centers.

It may seem that there are already cloud services for just about everything — from checking AI systems to data bias to running ground stations for satellites — but there will likely be a slew of services to do even more. Some of those will be for the new vertical clouds that are emerging — like IBM Financial Services Cloud and Azure Health Cloud. Others will extend familiar DevOps paradigms to new workloads; Cloudflare Pages now integrates JAMstack with serverless workers to combine frontend and backend development into something that looks like CI/CD for web publishing, whether it’s a static site or a dynamic app. (With Cloudflare’s scale, this may get more interest than similar approaches like Blazor running C# apps either on the server or in the browser using WebAssembly.)

Remote working in 2020 didn’t just mean using Teams and Zoom and cloud virtual desktops to make up for the difficulties of buying new PCs in Q1 (Windows Virtual Desktop usage on Azure tripled between January and March 2020 and the rumored Cloud PC service expected to launch in 2021 to deliver cloud desktops and apps on-demand without the complexity of provisioning and managing Azure infrastructure may prove equally popular).

It also meant executives monitoring new factory and plant build-out through AR headsets like HoloLens via cloud communications services. Expect more adoption of cloud services that provide voice interfaces, IoT management and robotics for areas beyond manufacturing and logistics, whether that’s being able to speak commands to a conference room setup rather than touching buttons, automated responses to sensor readings or robot arms that pick up bags of coins at a bank. (Expect those systems to be as annoying as video conferencing as people get used to them, as well.)

The many predictions that 2021 will be the year or machine learning and AI ignore how much deployment of machine learning and AI there’s already been, as well as the issues that have emerged around privacy and bias, with Google inadvertently providing an object lesson in how hard even researching these problems can be.

It will be increasingly hard to get a “first mover” advantage by implementing AI and machine learning because everyone will be using it; but not every organization will be using it effectively, securing it properly or understanding the importance of data science basics like model versioning and data lineage. A model trained on 2019 consumer habits isn’t going to do very well at recommending offers for someone planning a trip in 2021. Reinforcement learning, which moves closer to real-time learning by interacting with the environment, will move further from the research lab to the real world with commercial cloud services using it for personalization, anomaly detection and predictive maintenance.

2021 might also see the start of some major developments in mature cloud technologies like Kubernetes, where WebAssembly could emerge as a new sandbox that has a strong security model, starts up extremely quickly and runs in very small enough amounts of RAM (because it’s a binary with a native programming paradigm not an entire environment). Replacing containers with WebAssembly could put Kubernetes — or other distributed application systems — on the smallest of devices but also use hardware resources like GPU and trusted enclaves, combining performance with strong security.

Translating the current venture capital interest in WebAssembly into functional technologies will take some industry and open source community co-operation. It will also require a place for that co-operation to happen — like the rather informal Bytecode Alliance transforming into a proper foundation (which we’re told on background is likely to happen early in 2021).

Feature image via Pixabay.

A newsletter digest of the week’s most important stories & analyses.