enterprisesecuritymag

Automating the Engineering Journey with the Cloud

Wouter Meijs, Global Head of Cloud, ING

Wouter Meijs, Global Head of Cloud, ING

There is no denying that nowadays infrastructure is a hot topic. Who would have thought 15 years ago that in 2021 bill boards would be inviting you to join the cloud, or that CEO’s of major companies would talk to each other about how far they are with their cloud journey.

But as visible as the cloud is to the average person, for me one of the most important promises of the cloud is to make infrastructure less visible to software developers. Gone are the days when developers have to raise tickets to get a certain port opened or would need to be able to forecast the required amount of storage for their new application six months in advance. These items are now fully automated and instantly available.

And the possibilities go even further than that. By combining your deployment pipeline with your cloud infrastructure, the underlying infrastructure can become completely invisible.  Developers should only have to worry about committing their code, test cases and configuration settings and the central platform can then provision the required infrastructure, deploy the code and run the appropriate tests or monitoring. By taking away the consuming, error-prone (“there is no backup because you forgot to click the backup option”) and, most importantly, mind numbing exercise of manually managing your infrastructure, developers can win back valuable hours to do what they enjoy most – build new features for their customers.

“While public cloud offers a large number of different options and configurations, it is restrictive in the services offered and some of the more traditional applications will require quite some effort to make them ready to run on public cloud”

Note that I talk about cloud, not public cloud – and this is on purpose as this benefit can be realized both on private and public cloud.

In fact, when we started at ING with cloud, we started with building a private cloud. Part of the reason for this was to make sure we trained our organization sufficiently in the less risky confines of a private cloud. But of course our aim was also to bring actual benefits to the organization. At that moment, it took hundreds of hours of manual work to set up a production server fully ready to use with a lead time of more than 200 days. With our private cloud, we have worked on automating many of these steps and these days it takes less than 30 minutes to provision a VM with access management, monitoring, and charging already set up.

Building such a platform doesn’t come easy. Especially larger enterprises will have literally dozens of different stacks and an equal number of supporting services (schedulers, file sharing, etc). Each of these must be fully automated and available as code. This is a long journey and at ING we surely still have some way to go before an engineer’s software development journey ends with a merge request.

No doubt, public cloud can offer solutions here. In general, services in public cloud are set up as code and can therefore be easily consumed from a pipeline (which itself can be taken as a service from the public cloud). Moreover, public cloud is continuously moving up the stack, bringing more and more complete building blocks to the engineers. And no matter how big the company, a private cloud will never be able to match the scalability, stability and ease of useof Azure, GCP and AWS.

But all of this comes at a cost. For the standard 24x7x365 workloads, we found that a private cloud is much more economical than the public cloud. But more importantly, while public cloud offers a large number of different options and configurations, it is restrictive in the services offered and some of the more traditional applications will require quite some effort to make them ready to run on public cloud. Here, a private cloud can help as the flexibility to offer specialized services (although potentially at a lower level of automation) is much higher.

But public or private cloud, automating the developer’s journey will release a massive amount of time to be spent on building better features for the customer. And that by itself certainly justifies the attention of both IT and business leaders

Weekly Brief

Read Also

Simple Identity Steps Can Have Remarkable Outcomes

Simple Identity Steps Can Have Remarkable Outcomes

Willie Clemons, Director Identity and Access Management, EBSCO Industries
In-Depth Network Visibility and Security Intelligence

In-Depth Network Visibility and Security Intelligence

Mike Potts, President and CEO, Lancope, Inc.
Threat Intelligence: The New Frontier

Threat Intelligence: The New Frontier

Wes Spencer, CIO, FNB Bank Inc.
Getting In Front: Thinking Differently about Threat Intelligence

Getting In Front: Thinking Differently about Threat Intelligence

Tim Callahan, SVP, Global Security, & Global CSO, Aflac [NYSE:AFL]
The Great Threat Intelligence Debate

The Great Threat Intelligence Debate

Dan Holden, Director-Security Research, Arbor Networks
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

Chuck Fishman, Media Entertainment and publishing Director, Acquia