Start-ups have gotten the hang of DevOps. The enterprise is another matterView in browser »
The New Stack Update

ISSUE 160: Culture Is the Biggest Cloud Barrier

Talk Talk Talk

“Whatever you’re building, you should always assume it’s going to fail and someone is going to break it.”

Add It Up
What is your top source of toil?
“Double, double toil and trouble; fire burn, and cauldron bubble,” chant three witches in Shakespeare’s “Macbeth,” as they warn of getting more than you originally wished for. The message is apt for site reliability engineers (SREs).

Although the SRE job role is often defined as being about automation, the reality is that 59 percent of SREs agree there is too much toil (defined as manual, repetitive, tactical work that scales linearly) in their organization. Based on 188 survey responses from people holding SRE job roles, Catchpoint’s second annual SRE Report surprisingly found that almost half (49 percent) of the SREs believe their organization has not used automation to reduce toil.
What's Happening

Site reliability engineers (SREs) are tightly woven into DevOps today. They also provide a changing and critical role in deployments on cloud native platforms and microservices deployments. But as a job description and function, an SRE position and role is often described incorrectly — in that way, the definition of an SRE can mean many different things, depending on whom you talk to.

In this episode of The New Stack Makers podcast, Steve Herrod, managing director at General Catalyst, expressed this truism: “One thing I would characterize most SREs by are that they are great with writing automation and scripts and using the tools themselves to do something custom in their environment.

The Certainties About Your Job as an SRE

Culture Is the Biggest Cloud Barrier

In a contributed piece from The New Stack sponsor Oracle, Bob Quillin, vice president of Oracle Cloud developer relations, argues that the biggest hurdle to move to cloud native operations is not the technology itself. Rather, it is the people.

An August survey from the Cloud Native Computing Foundation found that efforts to adopt cloud native technologies faced certain challenges, and “cultural changes with development team,” weighed in as the factor that caused the most concern, as voiced by 41 percent of the survey participants.

No surprise, as cloud native requires DevOps to work correctly. And DevOps is still a new thing for many IT people.

“Cloud native technologies has fundamentally changed software and team processes. The culture of DevOps is expanding how we work and think,” Quillin wrote in this piece. “For some, this presents an exciting opportunity. Others approach it with more trepidation.”

Start-ups have, by and large, gotten the hang of DevOps; the enterprise is another matter. They may have hundreds or even thousands of IT people who are unwilling to consider these new ideas — and tools — about how software should be developed and released. It requires operators to know how to code, and developers who know how to manage a network stack.

“Understandably, their developers don’t necessarily want to become experts in infrastructure and in projects such as Kubernetes. They may not see the value in having a bunch of novices muck around with it,” Quillin wrote.

One trick is to build a small champion team already eager to work with Kubernetes and other cloud native technologies. This is a tip that Quillin picked up from Araceli Pulido, an engineering manager at Bitnami, who discussed this matter at the recent KubeCon+CloudNativeCon. “Some of your developers are probably already going to meetups and working with open source. If they’re also unusually collaborative and enjoy documenting what they learn, they’re good candidates for that first team,” Quillin wrote.

The Central Security Project: Vulnerability Reporting for Open Source Java

Security platform HackerOne and software supply chain management tool Sonatype have teamed up with The Central Security Project to solve the problem of what to do when a new security bug is identified. This is a new effort that brings together the ethical hacker and open source communities to streamline the process for reporting and resolving vulnerabilities discovered in libraries housed in The Central Repository, the world’s largest collection of open source components. The new project was meant to help provide a single way for vulnerability disclosures to be made. When a new vulnerability is reported, Sonatype will assess the report and, where appropriate, develop a fix.

How to Improve the Security of Your APIs from the Get-Go

This contributed piece from Dmitry Sotnikov — vice president of cloud platform at enterprise API security company 42Crunch — discusses changes in best practices for web firewalls in the enterprise. Previously, the entry point to an organization's network architecture was through applications, with a thin web application layer and running on dedicated servers. This made it relatively easy to maintain security by setting up a web application firewall (WAF) to protect the application servers. However, with the rise of APIs, the picture today is very different. Now, there is no nicely defined single entry point to the network architecture. Instead, the entry points are the plethora of APIs that call the backend to provide the functions of the application. Because APIs now form the point of entry to your network, this puts the quality and security of the API definitions in the spotlight. The starting point for API security is the OpenAPI definition itself. API Contract Security Audit tool at is a quick and free online resource that you have at your disposal.

Kubernetes 1.14 Brings Docker Orchestration to Windows Server

The latest release of Kubernetes, version 1.14, is out with production-level support for Windows nodes and 10 enhancements moving to the stable release. Windows special interest group lead Michael Michael from Microsoft, as well as contributors from other companies, helped on this work to enable Windows nodes, an effort that began three years ago. Now you can schedule Windows Server containers using Docker on top of Kubernetes. “This effort really centered around modifying the Kubelet and the Kube proxy to make it so that Windows is supported as an operating system and the Docker on Windows capability is properly accounted for,” said Michael.

Please Take the New Stack and Lightbend Survey on Data Streaming

To better understand how and why data streaming is used in application architecture, Lightbend has partnered with The New Stack for its second annual survey on fast data trends. The results will surface use cases for data streaming technologies, focusing on the choices and challenges of the technologists who manage architectures with data streaming requirements, including emerging cloud native architectures. Take the survey now.

On The Road
KubeCon + CloudNativeCon // MAY 22 // BARCELONA, SPAIN @ FIRA GRAN VIA, HALL 8, ROOM F1


KubeCon + CloudNativeCon
It’s time for pancakes in Barcelona! Come have a short stack with The New Stack for a Q&A with our expert panelists about the issues and options for managing identity in service mesh environments. Cloud native security and how it affects the pace of enterprise adoption will be the mainstay of our conversation for this latest stop on the pancake breakfast circuit. Thanks to VMware for hosting our breakfast — we’ll see you in Barcelona. Register now!
The New Stack Makers podcast is available on: — Pocket CastsStitcher — Apple PodcastsOvercastSpotifyTuneIn

Technologists building and managing new stack architectures join us for short conversations at conferences out on the tech conference circuit. These are the people defining how applications are developed and managed at scale.
Free Guide to Cloud Native DevOps Ebook

Cloud native technologies — containers, microservices and serverless functions that run in multicloud environments and are managed through automated CI/CD pipelines — are built on DevOps principles. You cannot have one without the other. However, the interdepencies between DevOps culture and practices and cloud native software architectures are not always clearly defined.

This ebook helps practitioners, architects and business managers identify these emerging patterns and implement them within an organization. It informs organizational thinking around cloud native architectures by providing original research, context and insight around the evolution of DevOps as a profession, as a culture, and as an ecosystem of supporting tools and services. 

Download The Ebook
We are grateful for the support of our ebook sponsors:

Copyright © 2019 The New Stack, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list