Secure Cloud Architecture: Avoiding Technical Debt

Holiday shopping season has certainly kicked off with Black Friday and Cyber Monday. This got me thinking: what’s the point? Certainly savings, but most retailers hold sales throughout the year. Maybe some people just enjoy lines and camping on the sidewalk. Or maybe these events are designed to lure you in with the promise of savings but also the intention of increasing impulse buys. How many times have you intended to only buy one thing, but when you get to the store or begin searching on the site, you see a deal so great, you can’t pass it up? Well, what does this have to do with cloud?

Consider what happens in the IT world. You often hear companies make grand pronouncements about their intention to move to the cloud. But the reality is that move likely started long before the announcement, and it wasn’t necessarily intentional. Cloud migrations usually start with a couple teams taking it upon themselves to start testing a new application. Naturally, they want to move fast and, once in production, they want to scale, so the cloud becomes the obvious choice. They get speed and scale, and avoid getting mired in “legacy” rules.

Guess what? Success gets noticed. Once the value of moving at speed becomes clear, other teams quickly adopt the approach for the next application, and the next one, and the one after that. Eventually the business, seeing these wins (either for themselves or via the bottom line), decides to make this a mandate moving forward. And then you get your big corporate announcement that we’re “All In on Cloud.”

Look, this isn’t the way it goes in every case, but it’s a common path, and path that can lead to long-term challenges. Using the cloud for testing in rapid fashion is not the issue, it’s what happens after the test is successful and you move to production. As I said, success breeds success and soon these environments have multiplied. And these rapidly multiplying environments need to be supported, operationalized and secured to corporate standards, all while driving the value you hoped to accomplish with the deployment in the first place. This creates a new form of technical debt.

What is technical debt? Well, according to Wikipedia it is defined as: “a concept in software development that reflects the implied cost of additional rework caused by choosing an easy (limited) solution now instead of using a better approach that would take longer.” Sounds a lot like the impulse buys Black Friday and Cyber Monday are seemingly designed to drive. The more impulse buys you make today, the less reserve you have for strategic acquisitions in the future; it’s simple math. When it comes to cloud, this equation becomes about risk, operations, visibility and people skills to name a few. Just take risk as an example: according to research from F5 Labs, most cloud breaches happen because of gaps created by companies taking the approach above and not from vulnerabilities in the cloud platform.

So, what can companies do? F5 takes advantage of creating patterns—patterns that every app in any environment can utilize, regardless of where that app lives or which vendors are used. This approach, informed by work with and feedback from our customers, who represent 48 of the Fortune 50 and leaders in every industry, is documented in what we call the Secure Cloud Architecture.

In fact, this was a driving force in the Strategic Collaboration Agreement we signed in October with AWS to work together to create better outcomes through joint customer engagement, technical integration and solutions. And we’ve now released our first cloud-based application-centric visibility and insights tool, F5 Beacon, which takes advantage of the robust SaaS platform we built on AWS, and features integrations with AWS services like CloudWatch (via Telegraf).

Over a series of blog posts in the coming months, I intend to dive deeper on the outcomes and principles of Secure Cloud Architecture and how organizations can benefit. Ultimately, speed and innovation are requirements of business today, but speed and innovation can’t trump sound patterns, visibility, and risk reduction—or we just create new types of technical debt.

Our goal is to help you develop, deploy, and manage your applications from a developer’s code to a customer’s device, securely and at scale. All without getting distracted by those impulse buys that end up on the shelf or as a white elephant gift at the next office party. Happy shopping!