Cloud native is an approach and a set of technologies that impact how applications are developed, deployed, and managed. It’s a significant step-change that drives the agility of customer-focused organizations, allowing them to be more innovative, resilient, and competitive. However, the pattern of cloud native adoption varies a lot by organization, argues Rani Osnat, SVP of Strategy, Aqua Security.
Cloud technologies have been around for over two decades if we look back at the original application service provider pioneers. In that time, practically every business has adopted some element of cloud computing but many obstacles remain, whether it is embedded legacy infrastructure or data protection legislation. Nevertheless, at this stage it is possible to identify three clearly defined cloud adoption archetypes that can help guide your journey.
Cloud-born companies
These are relatively young companies that have grown up with cloud platforms and use cloud native development tools and infrastructure. Thus, they don’t need to deal with legacy architecture or monolithic applications. They can take full advantage of the minimal upfront investment and predictable costs offered by cloud providers. The key question for the cloud-born is whether to take a single or multi-cloud approach.
Multi-cloud allows you to avoid proprietary tools and migrate services at will, however, it is more expensive. Single cloud enables optimisation at lower costs but ties you to one provider. Nevertheless, most of these cloud-born companies are start-ups and cloud providers love start-ups, which makes them willing to offer credits upfront and benefits that accrue as your budget increases.
Rani Osnat is SVP of Strategy at Aqua Security.
Islands of innovation
These are the companies that adopt the cloud native approach gradually, from the bottom up. Often decentralized and with a history of acquisitions, these organizations have a culture that fosters independent digital transformation initiatives. For such businesses, the likelihood of deciding in a broad way to go cloud native across multiple business units in a coordinated fashion is minimal.
Instead, an individual team or unit will launch an initiative, such as a new app. When you have multiple such projects beginning to gather pace across the business, it builds up a head of steam that the C-suite can no longer ignore. When these cloud-based apps and services start showing up on the radar of the CIO and CTO, it prompts the development of a more scalable, orchestrated and efficient cross-enterprise approach.
Driven from the top
In these organizations, management pursues cloud native transformation as a strategic shift, leading to cross-functional teams who can drive a unified blueprint. This then cascades through the ranks, allowing different departments to onboard themselves as and when is appropriate. Often, this is the result of an impactful event, such as a cyberattack or a competitive threat.
In these cases, the organizational DNA drives innovation. With internal service providers established and a broad cross-functional team in place, it becomes easy to migrate parts of the business at their own pace according to an agreed blueprint. Adoption tends to rapidly increase because the heavy lifting has already been done.
Security implications
An increasing number of cyberthreats are targeting the cloud native environment. Our own research indicates that backdoors were encountered in 54% of attacks, up nine percentage points from 2020, and worms were used in 51% of attacks, a 10 percentage-point increase. We also observed more sophisticated activity involving rootkits, fileless execution, and loading kernel modules.
That’s why, whichever path you find yourself on, you’ll need to bake security in from day one. Cloud native technologies can introduce vulnerabilities amid an ever-changing cyberthreat landscape. To unleash the full potential of your cloud native transformation, you will need to secure your applications across the entire stack, from cloud to VMs, containers and serverless.
True cloud native security is built-in from the start of development all the way to production, with ongoing monitoring. It scans artifacts for vulnerabilities, malware, secrets and other risks during development and staging and allows you to set flexible, dynamic policies to control deployment into your runtime environments. Cloud native security solutions also use modern micro-services concepts to enforce immutability of your applications in runtime, establishing zero-trust networking, and detecting and stopping suspicious activities, including zero-day attacks.
The upshot
For businesses starting out today, there is no real choice between these three approaches to cloud native. You will, by nature, be cloud-born: flexible, containerized and agile. For more established companies, there is a choice but it needn’t be mutually exclusive. Both approaches could be applied in different parts of the organization. The important thing for all is to understand that each has its own merits and challenges. There is no single right way of doing things, and one size does not fit all.
What is clear is that cloud native is the way ahead, enabling companies of all sizes to incrementally, unobtrusively and automatically enhance applications with zero on-premise overheads. Whether you are cloud-born, an island of innovation or driven from the top, the cloud native paradigm promises to revolutionize how you operate.
