Frankly Speaking, 5/5/20 - Why Cloud != Cloud-Native
A biweekly(-ish) newsletter on random thoughts in tech and research. I am an investor at Dell Technologies Capital and a recovering academic. I am interested in security, AI/ML, and cloud.
If you were forwarded this newsletter, you can subscribe here, and view old newsletters here.
There's a lot of questions about what is changing on the IT side because of COVID, and what changes will stay around post-COVID. The most common answer is acceleration of cloud strategy. Many companies have been putting off transforming their IT infrastructure, and the ones that prioritized it have fared well during these times. Also, cloud companies like Amazon and Microsoft have actually done very well on the public markets. Companies that have strong cloud strategies have had a smoother transition to WFH.
Anyway, if you want to learn more, Bessemer publishes a great yearly report on the cloud that I highly recommend (kudos to Mary D'Onofrio for putting it together). Mary also talks more about what cloud growth in a great podcast.
Finally, thanks for all the feedback people are giving on this newsletter! One piece of feedback is that I should leave open questions that I've been thinking about or think about as I write this newsletter, so I'm going to pilot that.
LET'S BE FRANK
The past two newsletters, I talked about how public cloud is fundamentally changing security, and then I dive deeper and discuss how the session-based nature of the public cloud shifts security paradigms.
In this newsletter, I want to clear up a common point of confusion. Just because a company uses the cloud, it doesn't make them cloud-native.
Of course, cloud-native companies use the public cloud, but the reverse is not always true. In a past newsletter, I explain what I believe the cloud is, which is also confusing, and I explain why I believe a company like Rubrik is not a cloud company. tl;dr: the cloud provides on-demand infrastructure with elasticity. Rubrik, despite using the cloud internally, provides an appliance and services on-prem infrastructure.
This brings us to the ultimate question. What makes a company cloud-native? Of course, they have to use the public cloud, but I think it's an issue of development culture. The public cloud is not just outsourced IT. That framework fails to capture important subtleties and benefits. If a company takes their application running on-prem, puts it into a VM, and then deploys it to the public cloud, they missed the point of the public cloud. Two advantages are its elasticity and standardized IT management. Companies no longer have to worry about infrastructure capacity when deploying applications because they can get more on-demand. Also, the performance and flexibility of their infrastructure are no longer shackled to the quality of their IT managers.
As a result, developers can deploy applications faster and more frequently. Similarly, they can focus more time on the product and don't have to learn a new set of tools whenever they change jobs (unless the new company doesn't use the public cloud). Why can developers deploy applications faster? I believe the public cloud enables frameworks like Kubernetes. In fact, I believe that if a company is using the public cloud, they need to use Kubernetes to take full advantage of it. Kubernetes allows a company to take advantage of the elasticity of the cloud with its auto-scaling features. Moreover, it makes it easier to geographically distribute the application and reduce latency. The microservice philosophy of Kubernetes allows developers to more easily work on different parts of the applications simultaneously. As a result, companies can deliver new features and values to their customers more regularly with low friction.
The bottleneck in application delivery has shifted from the infrastructure to the developer's ability to develop new features. In a cloud-native company, developers are serious influencers, making their productivity paramount. The main infrastructure in an organization isn't hardware but developer infrastructure and code. Engineering organizations typically have small budgets, but because of this shift, many organizations like traditional IT and security are shifting to budgets to developers. So, in a cloud-native company, there is a strong focus on DevOps and agile development.
Because they now move so fast, DevOps will be responsible for a lot of the technical operations traditionally done by IT. It's just not feasible any other way! For example, security teams are already over-stretched. In the cloud-native, agile world, they not only need to learn security products but also the public cloud dev tools. By the time that happens, threats will have materialized and shifted. So, we need to develop easy-to-use tools for developers to do basic technical ops like security because they don't want to do it. They want to focus on product!
Some questions I've been thinking about:
- What are other benefits that the public cloud enables?
- VPCs are a big part of the public cloud. What can you do with VPCs that you can't do with on-prem infrastructure?
- Do we need SOCs in the public cloud world? What would be the replacement?
If you want to discuss these questions, send me a note at firstname.lastname@example.org or hit me up on Twitter.
TWEET OF THE WEEK
My new favorite Twitter profile…