“By adopting the DevOps mindset, software development teams can quickly eliminate the pain of provisioning, configuring and scaling cloud resources on a continuous basis while also implementing business logic,”says Ashish Kakran, Principal, Thomvest Ventures, in an exclusive interview with EnterpriseTalk.
ET Bureau: According to you, what are the cloud migration challenges enterprises are making while rushing their digital transformation initiatives?
Ashish Kakran: It’s common to adopt the DevOps mindset as an afterthought but it can turn out to be a big mistake. Without DevOps, it is hard for organizations to attain high deployment frequency, lower failure rate or cut down mean time to resolution (MTTR) when things go wrong in a production environment. Simply migrating some workloads from on-prem datacenters to the cloud won’t ensure success.
Operationalizing, maintaining and upgrading these cloud workloads may necessitate multiple DevOps tools. Stitching such tools together to form a software delivery pipeline (also called Continuous Integration/ Continuous Deployment pipeline) is a big pain point. Imagine your teams scrambling to prioritize hundreds of alerts per hour or stitching together open-source tools to accomplish this task. This is where end-to-end automation tools like Harness.io excel — they cut down the time to build a software delivery pipeline from weeks to hours.
Such intelligent automation is not just limited to DevOps tools but it extends to DevOps workflows which are pretty standard. When an alert is generated, it needs to be prioritized, assigned to an expert and then tracked in an organization’s knowledge base. These workflows can be automated by orchestration tools and in the future, DevOps engineers will attain higher productivity with low-code automation tools.
ET Bureau: What can CIOs do to effectively adopt the hybrid cloud approach in their infrastructure?
Ashish Kakran: To avoid mistakes, CIOs should plan it such that cloud migration and DevOps adoption occur in parallel. This is to be able to turn multi/hybrid cloud deployment into a competitive advantage by automating most infrastructure related tasks. Successful migration is not just having your business-critical applications and data live in the cloud. It is also doing things like immediate benchmarking before and after migration of each critical application and then doing performance monitoring in perpetuity to build feedback loops. It means automating as much of this process as possible with code. It also means testing early and often as the software is getting written and integrated with code repositories. And last but not the least, don’t wait to scan for security vulnerabilities but make security a part of each step of the software release cycle. All of this is possible and more with DevOps when you have collaborative Dev and DevOps teams.
ET Bureau: How can CIOs and CISOs strengthen and secure their cloud migration process and infrastructure?
Ashish Kakran: Customers are happy when they get new features more frequently, experience fewer bugs when interacting with products and when their complaints get resolved faster. Today software delivery pipelines that integrate CI and CD tools do a great job of delivering delightful digital experiences. This is because rigorous testing, security scanning and feedback loops become part of the software creation process itself.
To successfully secure all steps of the CI/CD pipeline, the first step is to secure the business critical custom-written code. This is where SAST tools become important. We are investors in a company called ShiftLeft that scans code 40x faster than competitors helping developers ship more code with confidence. In addition to this build -phase related security, today operating containerized micro service environments at scale can be a security nightmare. Being able to create organizational policies as code and enforcing them as code without forcing a new version of applications becomes critical. That X-as-code where X can be security, policy, authorization etc. is an area where we are seeing a lot of innovation
In an on-prem world, the waterfall model worked where features were thrown to QA/testing teams when the release cycles were 6 months long, if not longer. Today it is not the case when it comes to release cycles. On cloud, software is deployed multiple times a day and without the adoption of DevOps, this successful cloud migration seems almost impossible. By adopting the DevOps mindset, software development teams can quickly eliminate the pain of provisioning, configuring and scaling cloud resources on a continuous basis while also implementing business logic.
ET Bureau: What trends do you think enterprises will witness in cloud migration process in the coming years?
Ashish Kakran: Cloud migrations are complex projects that can take months or even years to complete. This shifting of data and applications from on-prem data centers to the cloud, whether public or private is a technically complex undertaking. In the coming years, I expect the benefits from such migrations to be incredibly predictable regarding lower costs, high availability and scalability that are often tied to the cloud. However, for this to be successful, teams need to be aligned around a well-defined business goal. Without this clarity of goal and buy-in, cloud migration efforts can drag on for a long time.
In addition, to fully benefit from cloud, many of these workloads will be re-designed to benefit from latest cloud advances like the modern container-based architectures. Now, this might necessitate breaking a Java monolithic application into smaller micro services. Such an effort will require multiple team meetings and numerous white boarding sessions to map out the code dependencies so that the business-critical application can be re-architected. To be able to map the dependencies, one needs to start with the inventory of applications that need to be migrated.
Lastly, today it may be surprisingly hard to answer questions like where the source code for a particular application is hosted or what applications need to be migrated, or even what the definition of an application is. Add to that the complexity of figuring out firewalls, API Gateways, load balancing or tracking micro services for your new cloud-native applications. By adopting the DevOps and DevSecOps mindset earlier in the process, enterprises will witness more secure and efficient solutions to cloud migration.
Ashish is a principal at Thomvest Ventures supporting founders in the cloud infrastructure space. His journey in venture capital started with internships at BGV and Canaan Partners. Ashish’s past experience includes spending over 3 years at AppNeta, a Bain Capital-backed startup where he managed TraceView, a distributed-transaction-tracing product that was acquired by SolarWinds in 2016. Having been a part of startups, ones that were successful and ones that were not, he has developed an eye for finding the combinations of problems, teams, and cultures that help companies be successful.