Are speed and agility at hopelessly irresolvable odds with safe and compliant development? In this edition of The New Stack Analysts podcast, Derek Collison, Founder and CEO at Apcera, said that his team is working to allow developers and DevOps to go at speed on a trusted platform system that brings together security and compliance.
Also joining The New Stack’s Alex Williams for this insightful discussion, which was recorded at Kubecon 2015, was Janakiram MSV, who is an analyst and advisor at Janakiram & Associates, and is also a contributor to The New Stack.
This podcast is also available on YouTube.
Collison spoke of the re-definition of Platform as a Service as a consequence of its evolution “since the early days (2010, or so).”
“What we’re seeing is an emergence of different patterns,” said Collison, who not only co-founded the cloud computing group at VMware, but also designed and architected Cloud Foundry. “What remains constant is the ability to orchestrate and manage infrastructure at a layer that meets developers where they’re at.”
“I think that’s still a fair characterization of all of these technologies,” he continued. “What becomes really interesting is, when you look at the system in totality, there’s lots of moving pieces. How do you actually deploy a workload? What does that workload run in? Where is it allowed to run? What can it be made up of? And, at least for us, very specifically, what is that workload allowed to communicate with?”
When Collison, Vadim Spivak and Mark Lucovsky moved from Google over to VMware, he recalls, “we were looking at a different set of problems, in a different world, where developing applications was complex, but it was becoming easier with things like Ruby on Rails.”
“The deployment of said applications was still difficult, and you started seeing this emergence of something called ‘Platform as a Service,’ which was a fancy way — a very opinionated way — of saying, ‘just give me your app and I’ll figure out everything else for you.'”
Later in the conversation, in making the business case for Apcera’s trusted cloud platform, Collison underscored the issue of access and security around trying to operate in the public cloud.
“In an enterprise, there being rules around data sovereignty — who’s allowed to access a database, what SLAs are allowed access if they’re running a test — having developers try to internalize and understand that, and effectively implement that, is a recipe for disaster,” he said. “It just does not scale.”
Instead, Collison suggested, a platform could manage policies that can execute these rules on behalf of the business, “while still letting the developers essentially run at full speed.”
He described a scenario where a business might determine that it could save money by transferring multiple, currently running jobs to Amazon. “If you walk through that methodology inside of an existing organization,” Collison countered, “with how they’re built today, coming to the decision on a spreadsheet — ‘wow, we could save this much money, now let’s see if we can execute it; let’s get NetOps involved; let’s get SecOps involved; we’ve got to hire people to spin up this stuff on Amazon’ — you actually lose all of the savings that you’re thinking you were going to get.”
The alternative, Collison proposed, is a platform that has the ability to enforce rules consistently, and to instantaneously add resources in the public cloud. “Click a button and in less than two seconds all those workloads are running out there, securely accessing a database on prem — that starts changing things.” He likened this evolution to the push into microservices: “We are changing our behavior because of the things that we’ve been presented with.”
“A platform that is truly multi-cloud, and trusted, presents you with opportunities as a business to do things that you might not do today.”
To subscribe to The New Stack Analysts podcast or check out other episodes, visit the podcast section of The New Stack.
Feature image via Pixabay.