Every service requires an API key or credentials, so more software is passing credentials through more services than ever beforeView in browser »
The New Stack Update

ISSUE 258: Tech Radar Turns to Secret Management

Talk Talk Talk

“Org charts speak only to the internal structure of organizations. They don’t express that organization’s relationship with the outside, world such as customers and partners. They also don’t express the organization’s most important internal relationships: Those through which work gets done.”

Add It Up
Private Cloud Usage at Enterprises

The average number of private clouds being used or experimented with jumped 3.9 to 4.9 in the latest study from Flexera 2021 State of the Cloud Report. That’s more than the average 3.4 public clouds in the same study. Google Anthos rapidly picked up users and Amazon Web Services‘ Outposts also saw gains.

On the private cloud side of the fence, VMware’s vSphere continues to face attrition as the concept of private cloud has evolved. In recent years, many companies have transitioned to a container-centric world. Data elsewhere in the survey indicates that VMware’s market position is stabilizing around the Tanzu portfolio for managing infrastructure.

Will the increase in private clouds be linked by what they have in common, or by the differences in architecture and technology stacks used by each clouds’ unique mix of configurations?

The distinction between public and private cloud has become less important over the last 10 years, although some corporations have tighter restrictions on private cloud workloads. The New Stack’s own research indicates that workloads hosted in data centers are expected to grow, more at the expense of traditional IT rather than migration from public cloud to achieve cost savings.

Enterprises continue to use private clouds as they replace outdated data centers using cloud native technologies. A reported rise in workloads being pushed towards the edge will find more private clouds available to manage them. Whether or not these clouds will have a standard architecture is up for debate, and depends on the level of cooperation between industry hardware vendors, cloud providers and companies differentiating themselves in the “edge computing” category.

What's Happening

The cloud has become that new data center for how business gets done, and the internet is the new enterprise network backbone for how services are connected, said Joe Vaccaro, head of products for ThousandEyes, a provider of network monitoring systems. If an organization does not “own” all network connections across the internet, “you can’t take the same approach that you’ve done in the past, to be able to understand the digital experience through them,” Vaccaro explained.

In this The New Stack Makers podcast, hosted by Alex Williams, founder and publisher of The New Stack, Vaccaro discussed today’s digital supply chain for the modern app experience and managing backend interdependencies, as well as the value proposition ThousandEyes brings to the table.

When Managing Application Experiences Requires Internet Visibility

Tech Radar Turns to Secret Management

In January 2021, 140 companies in the CNCF End User Community were asked to describe what software their companies would recommend for managing secrets. Secrets are essential for cloud native computing. Every service requires an API key or credentials, so more software is passing credentials through more services than ever before. Secrets management refers to the tools and technologies used to manage digital authentication credentials. This can include APIs, keys, passwords, tokens, or other credentials used to protect sensitive information across the IT ecosystem.

Of the tools that were evaluated, only one was a stand-alone package that could be run on any platform, HashiCorp Vault. The others were tied to specific platforms, such as Amazon Web Services. The rest of this space is pretty fragmented in terms of different tools being used, said Cheryl Hung, the Cloud Native Computing Foundation vice president of ecosystem who helped oversee the latest CNCF Tech Radar report on emerging cloud native technologies.

In a way, it is surprising that so many organizations have gone with Vault, given the inherent complexities of setting up the software, but these challenges do not seem to be an inhibitor to some organizations; so, kudos to HashiCorp.

Other organizations, however, are happy to let the cloud provider manage secrets. The secrets management features offered by the cloud providers are almost “turn-key,” so onboarding a new operation should be relatively easy, the report noted. The end-users here did not seem to be too worried about being locked into a specific cloud provider, given that the effort to move a secrets management system to another architecture would be far less work than moving a database to a new environment, Hung noted.

The report, and each of the quarterly reports addresses organizations in two different stages of cloud native development. The first type of organization doesn’t have an existing solution and needs to make a decision. This report would help decision-makers for these orgs prioritize what choices to test. “If there were 20 different options, maybe it'll help you prioritize the top three, to look at,” Hung said. The other type of organization already has an existing secrets management system in place, but it wants to benchmark it against peers. “Is there a reason that [other organizations] are using something else? And then might be good reasons for that, so it just helps them benchmark,” Hung explained.

For a deeper dive into this report on secrets, check out our recent The New Stack Analyst podcast.

With Auth0 purchase, Okta Will Boost Access APIs for Developers

Why did Okta, the leading independent identity provider, set out to acquire Auth0, a leading identity platform for application teams, for $6.5 billion? TNS European correspondent B. Cameron Gain gets to the bottom of the case in this post. He points to how Auth0 has channeled more of its efforts to meet an increasingly urgent need among developers for a viable API authentication platform.

Best Friends: Harnessing Data to Save Lost Cats and Dogs

Like many businesses, Best Friends Animal Society set out to apply data to achieve its mission — to lower the number of dogs and cats killed in animal shelters across the country. However, collecting the data and being able to apply it effectively proved harder than it would first seem. The company turned to Vendia, a startup combining blockchain and serverless to creating a blockchain-based data network called Pet Chain, which follows a pet throughout its lifetime using an initial biometric identifier entered at birth — a nose print, which is as unique as a human fingerprint.

The Cloud Native Landscape: Platforms Explained

This post is part of an amazing ongoing series from the Cloud Native Computing Foundation Business Value Subcommittee co-chairs Catherine Paganini and Jason Morgan that focuses on explaining each category of the cloud native landscape to a non-technical audience. To date, they’ve offered dedicated articles for the provisioning, runtime, orchestration and management, and the application definition and development layer. This installment defines what a platform is, and how it is essential for enterprise operations. 

On The Road
SoloCon // MARCH 23-25 // VIRTUAL @ 11AM - 3PM EDT

MARCH 23-25 // VIRTUAL @ 11AM - 3PM EDT


SoloCon will bring together experts to speak about their use of enterprise and open source technologies. Some of the topics covered include Service Mesh Management, WebAssembly, and  Cloud Native API Management. Register Now!

The New Stack Makers podcast is available on: — Pocket CastsStitcher — Apple PodcastsOvercastSpotifyTuneIn

Technologists building and managing new stack architectures join us for short conversations at conferences out on the tech conference circuit. These are the people defining how applications are developed and managed at scale.
Best of DevSecOps: Trends in Cloud Native Security Practices

This is the first in a new series of anthologies that assemble some of our best articles on a trending subject, paired with our editors’ insightful analysis to frame the bigger picture. These exclusive ebooks help developers, architects, operators and management go in-depth, quickly, on hot topics in at-scale development and management.

In this ebook, we explore how security practices are now being integrated into the development process, as well as the build pipeline and runtime operations of cloud native applications. You’ll learn more about:

  • How DevSecOps enables faster deployment cycles.
  • Why DevSecOps is necessary for cloud native architectures.
  • The challenges and benefits of DevSecOps practices.
  • The new role of developers and operators in security.
  • How to measure DevSecOps success.
  • Tools and best practices for adoption.
  • Emerging trends to pay attention to.
Download Ebook
We are grateful for the support of our ebook sponsor:

Copyright © 2021 The New Stack, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

Email Marketing Powered by Mailchimp