As we close out 2022, we at DevOps.com wanted to highlight the most popular articles of the year. Following is the latest in our series of the Best of 2022.
Many developers and startups view cloud services as simply “compute”, “storage” and “networking.” The cloud has matured to the point where customers often don’t think about the underlying infrastructure, service levels or debate the merits of on-premises versus cloud&;mdash;instead, they are increasingly cloud-first. In fact, December of 2021 marked Amazon Web Services (AWS) marked its tenth AWS re:Invent conference—the company’s annual conference for customers and partners.
While many startups don’t think twice about centering their IT strategy around the cloud and SaaS offerings, the enterprise has been slower to adopt cloud computing at scale. The conversation for these companies revolves around security, compliance, SLAs and the loss of control over their technology stack. In many ways, little has changed about the questions that enterprises are asking about the cloud.
As the year starts, I’ve been reflecting on various conversations I’ve had with a variety of IT and business leaders, Digital CxOs and vendors. Below are three trends that I will be tracking this year.
1. Alternative Vendors Gain Momentum
The “big three” hyperscalers continue to dominate the market and garner the bulk of customer and partner attention. However, we are seeing increasing interest in the alternative cloud market. The alternative market includes vendors outside of the big names (AWS, Microsoft Azure, Google Cloud, Oracle, IBM and Salesforce). Developers and businesses are increasingly looking at alternative vendors and their offerings because they are easier to use than hyperscalers, less expensive and offer more predictable pricing models. In addition, with the tight labor market, hiring developers that are, for example, AWS certified can be extremely expensive. On the other hand, because alternative clouds are less complex, developers do not need to have the same certifications.
You might ask: What about the global scalability, quantum computing and/or the thousands of APIs that the hyperscalers offer? The truth is that most small and midsize businesses don’t actually need any of those capabilities and don’t want to help subsidize the R&D that these technologies require. Companies to watch in the alternative cloud market include Linode, Digital Ocean, OVHcloud, UpCloud, Hetzner and Equinix Metal. In 2021, Techstrong Research published a report, DevOps and the Alternative Cloud, that dives deeper into these alternatives.
2. Industry-Specific Cloud Ecosystems Expand
Banking, insurance and companies in other highly-regulated industries have been slow to adopt cloud computing. However, the market is quickly evolving and businesses are rethinking their approach to the cloud. One of the reasons these regulated companies are starting to invest more heavily in the cloud is because customers have heightened expectations when it comes to how they engage with businesses. If customers are unhappy, it’s easier than ever to find alternatives. These highly-regulated companies and industries are being increasingly challenged by fintech, insurtech, healthtech and other industry-focused startups.
Just as importantly, vendors are realizing that one size doesn’t fit all. Regulated industries need specific clouds that meet their regulatory and compliance needs. These industry-focused clouds aren’t being designed as an entire ecosystem where a variety of technology partners can offer their software to regulated industries. Instead, vendors have taken two different approaches to offering industry-specific offerings. Some providers are offering pre-built but customizable applications. Some notable announcements in the area of banking clouds include the following:
- Goldman Sachs and AWS are working together to create data management and analytics solutions for financial services organizations (announced at re:Invent 2021). The result of this collaboration is the Goldman Sachs Financial Cloud for Data. It’s unclear if AWS will be offering a more general financial services ecosystem in the future.
- IBM continues to grow its Cloud for Financial Services in terms of signature clients and partners. IBM built its cloud for financial services in collaboration with Bank of America, then hired the bank’s CTO, Howard Boville, to head up IBM’s hybrid cloud business.
- Microsoft announced general availability of the Microsoft Cloud for Financial Services in November of 2021 (interestingly, it’s not named Azure for Financial Services). The company already has a large footprint in the financial services industry, and we’ll be tracking the adoption of Microsoft Cloud for Financial Services closely. In September 2021, Wells Fargo unveiled their digital infrastructure strategy that relies heavily on its partnership with Microsoft, but there is no mention of Wells Fargo using the Microsoft Cloud for Financial Services.
I expect other industry-specific clouds to follow a similar pattern—with large vendors partnering with key industry incumbents to create cloud ecosystems that meet the performance, security and compliance requirements for that industry. For example, you can certainly imagine Oracle creating a Cloud for Health Care after the acquisition of Cerner closes.
3. Software Supply Chain Becomes a Key Security Focus
“Supply chain” was a key phrase across all industries and job functions in 2021. I’m particularly tracking the software supply chain—which, as you can imagine, is immense and complex. In essence, your software supply chain includes anything that might impact your software. That includes APIs, cloud services, containers, your DevOps pipeline and all of the open source components that you use. Software has many dependencies, and understanding the supply chain is critical to knowing your security and risk exposure. Take, for instance, the recent Apache Log4j vulnerability. Use of Log4j is pervasive, but how many companies were actually able to quickly identify what software is at risk? Check out Alan Shimel’s December blog post, Log4j: It’s All About the Supply Chain, Baby! to learn more about software supply chain security. In addition, API security is going to be a very hot topic in 2022.
However, people remain the number-one cybersecurity threat. Although complex cyberattacks by ransomware gangs and state-sponsored actors get much of the attention, cloud misconfigurations and unpatched software are likely your biggest threats. Understanding your software supply chain will help uncover potential weak points and allow you to add automation, observability and/or other security tools to help spot potential problems.
The Cloud Evolution
Although the cloud isn’t new, the cloud market is continually evolving. While the developer community has been quick to adopt cloud computing, large enterprises have lagged—and regulated industries have been even slower. The alternative cloud market is offering different options for developers and businesses that don’t want the complexities of hyperscalers and don’t need their endless options and global footprint. At the same time, regulated industries are changing their cloud strategies thanks to cloud offerings that are uniquely focused on the challenges of their industry. Finally, you need to secure your software and data no matter where it resides. Focusing on your software supply chain will help ensure you can react to security vulnerabilities and update elements when needed.