Cloud-native or cloud-hosted, that is the question. And depending on where you stand, cloud-native is either just the flavor of the season or the future of software development.
The buzz around cloud-native applications is definitely rising, but cloud-hosted applications remain the norm, at least for the time being. A Capgemini study estimated a 15 percent adoption rate for cloud-native applications, with a projected rise to 32 percent by 2020. Even among cloud-native leaders, the study found only 15 percent are developing new applications in a cloud-native environment and only 20 percent of these new applications adopt a cloud-native approach.
The cloud-hosted model is a middle ground approach that combines traditional on-premise application development with a more contemporary preference for cloud deployments. This approach does have its advantages – in the case of security-conscious industries that handle large volumes of sensitive data, for instance. However, it also impairs an organization’s ability to fully leverage the potential and the possibilities afforded by the cloud computing model.
By contrast, cloud-native applications are built, tested, and staged on the clouds. According to the Cloud Native Computing Foundation (CNCF), an open source software foundation driving the development of cloud-native computing, this modern approach enables organizations to run scalable applications in modern, dynamic environments such as public, private, and hybrid clouds. Since these applications are purpose-built and optimized for the cloud, they offer greater agility, resilience, and portability across clouds.
The CNCF defines three essential criteria for cloud-native development:
- It is container-based, so every component is packaged in its own container to facilitate reproducibility, transparency, and resource isolation.
- It is dynamically orchestrated, so the containers are actively scheduled and managed to optimize resource utilization.
- It is microservices-oriented, so applications are segmented into microservices to enhance the overall agility and maintainability of applications.
Containers, microservices, and dynamic orchestration
Containers: A container is a self-contained package of software that includes everything required for the application to run isolated from and independent of its operating environment. This makes container-based applications easy to deploy across diverse target environments such as a private data center or a public cloud. Container technologies such as Docker, CoreOS rkt, Mesos and LXC make it much easier for companies to develop, deploy and migrate applications across a hybrid computing environment. Plus, they offer some real business benefits including accelerated deployment times, faster time to market, lower infrastructure costs, higher operational efficiency, and they simplify the continuous deployment of microservices.
Microservices: More and more organizations are moving from large monolithic application architectures to a microservices architecture that is faster, agile, and easier to maintain. In cloud-native development, multi-functional applications are broken down into several smaller independent modules, each with a specific purpose. These microservices can work together through APIs to create more agile, scalable applications.
There are several advantages to this approach. For one, building a small module with one specific function is much easier than developing a large monolithic and multi-functional application. This modularity enables developers to choose the language or technology that best facilitates the required functionality. It also simplifies maintenance, as each service can be independently modified or updated without having to create an entirely new application. And since a microservices architecture isolates functions, even security issues are confined to specific modules and can be addressed without affecting the functionality of the entire application.
Dynamic orchestration: Microservices architecture enables businesses to more efficiently leverage cloud functionalities, allowing for rapid scaling-up or scaling-down and deployment across data centers and cloud platforms. But as the architecture becomes more complex, all the microservices have to be orchestrated so that they can work as an application. The coordination of commands across multiple services is managed by orchestrators or orchestration engines such as Kubernetes and Docker Swarm. Dynamic orchestration enables automation across software lifecycle stages enabling the creation, updating, and removal of software versions based on predefined criteria including real-time traffic demands. Service instances can be automatically scaled up or back based on requirements.
In addition to all this, the cloud-native model involves almost every modern application development tool, framework, and technology available including DevOps, Agile, and continuous delivery. However, leveraging all these modern technologies to completely reinvent application development for the cloud paradigm is not without its challenges.
The security challenge
Security, alongside culture, complexity, lack of training, and monitoring, is a top-five challenge facing cloud-native development efforts, according to a survey from CNCF. Though security concerns continue to drop across editions of the survey, it makes sense to take a closer look at the issue especially since it is one of the keys with cloud-hosted solutions.
There are several inherently cloud-native characteristics that may actually make these environments easier to secure, like the immutability of container images, for example. In fact, early cloud-native adopters cite improved data security as one of the top organizational benefits of this new approach.
Nevertheless, the dynamic nature of cloud-native development introduces some new challenges that cannot be addressed by conventional security strategies. Organizations need to adopt DevSecOps practices ensuring that security is integrated across the application development lifecycle. Controls have to be implemented at the application level to ensure that services behavior is always consistent with intent.
For many industry commentators, cloud-native means using the cloud as it was intended to be used. But as mentioned earlier, culture, complexity, and training continue to be issues that can slow down enterprise adoption of this innovative new approach. One solution, proposed by Oracle, is to build a bigger tent where the emphasis will be on reducing the complexity of cloud-native while ensuring that all enterprises, both modern and traditional, get all the support they need on their cloud-native journey.