WebProNews

Tag: DevOps

  • DevOps Organizations Are Increasingly Turning to Alternate Cloud Providers

    DevOps Organizations Are Increasingly Turning to Alternate Cloud Providers

    A new report on the DevOps industry should be a concern for the top three cloud providers, showing that organizations are increasingly looking for alternate providers.

    AWS, Microsoft Azure, and Google Cloud dominate the industry, accounting for a 71% share of the market. Similarly, the three companies account for 65% of all cloud spending. Nonetheless, it appears some organizations are looking to support smaller, independent rivals.

    A new report, commissioned by Linode and conducted by Techstrong Research, shows that despite 93% of respondents using one of the Big Three, two-thirds would consider an alternative.

    The largest three hyperscalers (Amazon Web Services, Microsoft Azure, Google Cloud Compute) are used by 93% of respondents. Yet many DevOps buyers are re-thinking a reflex default to these hyperscalers. Two-thirds of companies surveyed would consider bringing in an “alternative” CSP; almost 22% have already done so. In fact, the combined market share for the top alternative vendors is fourth in the category, just behind Microsoft and Google.

    Even more troubling for the Big Three is the growing interest in alternative providers, as well as the reasons that interest is growing.

    Interest and adoption is highest in small and medium organizations (fewer than 10,000 employees). Main reasons for bringing in a new vendor include reducing reliance on a single provider, improving price performance and ease of use, and better data protection.

    Another growing concern is competition from a company’s cloud service provider (CSP). Each of the Big Three are part of larger companies that offer a wide array of products and services, many of which can compete with the products and services of their cloud customers.

    More than 50% of DevOps professionals and leaders surveyed say their CSP is already a competitor to their B2B or B2C business or is expected to become one. Fear of IP loss and rapid market displacement is also evidenced in respondent’s strong stated desire to work with a trustworthy, capable provider who shares their company values.

    Needless to say, the Big Three hold a commanding position in the market, and it will be a long time before they face a serious challenge. Nonetheless, the report should be a cause for concern and highlights areas where they must improve in order to keep their customers happy.

  • 96% of Third-Party Cloud Container Apps Have Known Vulnerabilities

    96% of Third-Party Cloud Container Apps Have Known Vulnerabilities

    A whopping 96% of third-party cloud container apps have known vulnerabilities, highlighting ongoing cloud security challenges.

    Cloud computing is often touted as more secure than traditional options. Unfortunately, this is only true if all parties involved make security a prime objective.

    According to Palo Alto Networks’ Unit 42 team, some 96% of third-party container apps have known vulnerabilities. In addition, 63% of third-party code templates contain insecure configurations.

    The news is especially concerning given the rise of supply chain attacks. Hackers are increasingly targeting widely used, third-party software, services, containers and plugins. Successfully compromising a single vendor who’s product is used by thousands of customers can have a far greater impact than compromising a single target.

    Unit 42 highlights the danger of supply chain cloud attacks:

    In most supply chain attacks, an attacker compromises a vendor and inserts malicious code in software used by customers. Cloud infrastructure can fall prey to a similar approach in which unvetted third-party code could introduce security flaws and give attackers access to sensitive data in the cloud environment. Additionally, unless organizations verify sources, third-party code can come from anyone, including an Advanced Persistent Threat (APT).

    Organizations that want to stay secure must start making DevOps security a priority:

    Teams continue to neglect DevOps security, due in part to lack of attention to supply chain threats. Cloud native applications have a long chain of dependencies, and those dependencies have dependences of their own. DevOps and security teams need to gain visibility into the bill of materials in every cloud workload in order to evaluate risk at every stage of the dependency chain and establish guardrails.

  • IBM Acquiring Instana As It Focuses On Hybrid Cloud and AI

    IBM Acquiring Instana As It Focuses On Hybrid Cloud and AI

    IBM has announced it is acquiring applications performance monitoring (APM) company Instana to aid in its hybrid cloud and AI strategy.

    IBM made headlines in October when it announced its plans to split itself into two companies. The legacy business will be split into a new company, while the core IBM doubles down on hybrid cloud and AI services.

    To assist in those goals, the company is now acquiring Instana, a startup that uses AI to help companies monitor the performance of cloud apps and services. The startup’s platform is a natural fit for IBM’s newfound focus.

    “Our clients today are faced with managing a complex technology landscape filled with mission-critical applications and data that are running across a variety of hybrid cloud environments – from public clouds, private clouds and on-premises,” said Rob Thomas, Senior Vice President, Cloud and Data Platform, IBM. “IBM’s acquisition of Instana is yet another important step that we are taking to provide companies with the most complete portfolio of AI-automated solutions to tackle this enormous challenge and help prevent unforeseen IT incidents that can cost a business in lost revenue and reputation.”

    At the same time, being part of IBM will help Instana develop its service even more, becoming a dominant player in the DevOps community.

    “With the added responsibility of ensuring the build and run quality of the software they develop, DevOps teams need a new generation of application performance monitoring and observability capabilities to succeed,” said Mirko Novakovic, co-founder and CEO, Instana. “Instana’s observability capabilities combined with IBM’s AI-powered automation capabilities across hybrid cloud environments will give clients a full view of their application performance to best optimize operations.”

  • GitHub Poaches Leading DevOps Researcher From Google Cloud

    GitHub Poaches Leading DevOps Researcher From Google Cloud

    In the ongoing battle between Microsoft and Google, the former’s GitHub has hired Dr. Nicole Forsgren away from Google Cloud.

    Forsgren made the announcement on her website, saying she would be GitHub’s new VP of Research & Strategy. Forsgren was previously co-founder and CEO of DORA before it was acquired by Google. She is also the writer of the award-winning book Accelerate. Now Forsgren is taking her expertise in DevOps to GitHub.

    “Looking to the future, there are more and different questions I want to ask, and this move is the perfect opportunity for that,” writes Forsgren. “At GitHub, I will expand and continue investigating developer happiness and productivity while also helping the industry get better, and there’s no better place to ask these questions because GitHub is truly at the heart of software development for so many communities. Here, I can bring the research closer to the tools that we use and build on the foundation of knowledge that exists while asking different questions, from different angles, and surfacing different insights. I am excited to continue talking with and learning from developers, testers, IT ops, infosec, and executives to understand their work; working with tools teams across the ecosystem to understand their challenges and what they see so we can help make things better; nerding out with researchers and makers across the industry and academia so we can partner to find interesting questions (and ways to ask and frame and think about those questions), supporting each other and collaborating on solutions.”

    Bringing Forsgren onboard is a big win for Microsoft and GitHub. The talent, experience and expertise she brings will likely result in significant improvements to the developer community.

  • Cisco: How To Be An Engineer Of The Future

    Cisco: How To Be An Engineer Of The Future

    “We’re seeing an increased interest in how people take teams, work with their engineers, build towards these automation and software skill sets, and create the engineer of the future,” says Mandy Whaley, Sr. Director, DevNet & Certifications at Cisco. “What we see at Cisco is that the most successful teams and the most successful companies are building teams with this combined skill set of infrastructure skills and software and automation skills.”

    “I lead our DevNet and technical community and certifications team for Cisco,” says Whaley. “This includes everything about helping developers use our APIs. We do a lot of work on the paths that you can take to build the skills to learn about Cisco technology, to learn about software skills, to learn about automation, and then prove and test those skills by earning some certifications.”

    Mandy Whaley, Sr. Director, DevNet & Certifications at Cisco, says that the engineer of the future combines infrastructure, software, and automation skills:

    How To Be An Engineer Of The Future

    I come from a software development background. I’m working with a lot of DevOps, network engineering teams, infrastructure engineering teams, and we’re really looking at how all these skill sets have been evolving over time. What we see at Cisco is that the most successful teams and the most successful companies are building teams with this combined skill set of infrastructure skills and software and automation skills. Whether those skill sets are combined in one person or combined within a team of engineers who have specialties, that’s what it really takes to succeed with the scale, the speed, the agility, and the distributed nature of applications that we’re seeing today.

    We’ve really seen this come into effect with COVID and the way that companies have had to respond really quickly. Automation came to the forefront as being very important. Companies that had at least a start on those skill sets have been able to respond more quickly. Now we’re seeing an increased interest in how people take teams, work with their engineers, build towards these automation and software skill sets, and create the engineer of the future.

    New Job Roles Are Emerging

    Part of that has a lot to do with new job roles that are coming out of that. These business drivers of speed and agility and scale are driving things like the need for CI/CD pipeline for more than just your software, even for your networks, for your infrastructure. Out of that are these new job roles emerging, things like a Network Automation Engineer or DevSecOps Engineer, bringing security strongly into your DevOps flow.

    That’s part of what we’re learning from the DevNet community and what we’re working with the DevNet community on is how people are building the skills to go after those new job roles. There are a lot of opportunities and a lot of fun stuff to learn.

    Cisco’s Mandy Whaley Explains How To Be An Engineer Of The Future