Our idea about DevOps is really starting from an automation-first culture. That underpins all the other things that we do because Infrastructure-as-code (IaC) unlocks the ability to automate, to make things repeatable and allow them to be auditable. Those values underpin the agility that we want to generate in customer environments. Additionally, IaC is also a core tenant when it comes to maintaining security, because you can respond rapidly to two emerging events, to apply patches that you need to apply.
If you take it down to core values, those would be automation and infrastructure-as-code.
In the IaC space, Terraform and AWS CloudFormation are the two most popular tools to date, and AWS Cloud Development Kit (CDK) is quickly gaining traction. But the way that we show up for customers isn't to bring our favorite tools. Sometimes we do make recommendations, but we're going to meet customers where they're at and align with their needs, regardless of if their preference is TerraForm or AWS CloudFormation. If they don't have any infrastructure automation in place, we'll help them make that decision as well. But usually most customers have an idea of what they want to use, and we align to that.
With DevOps people have different opinions and different approaches. At Caylent, how do we approach DevOps as a practice?
There's a core underpinning of making sure that we're starting from first principles, like infrastructure-as-code and automation, because we always want things to be repeatable. We don't want there to be manual steps in the process. So with that as a baseline, we also need to make sure that there's a team atmosphere so that we're understanding what the needs are and there aren’t any silos of organizations. We want to make sure that we're listening to both what the product and development organizations need, in addition to the security team's needs, and then bring that all together for a holistic solution.
This is important because you have different teams that have shared responsibility and overlap in being able to be a good partner. For example, security can sometimes bring tension with development that wants to go and build the latest, greatest thing. How do we balance that? AWS Config's Rules and Conformance Packs can help establish guardrails that keep the security confident that standards are being enforced.
How do we make sure we're communicating with all the right people and getting everybody on board for some of these DevOps culture changes?
Well, part of it is just realizing those conversations need to take place. Sometimes development teams will move ahead without thinking about security because it's not what they're being asked for on the product roadmap. Making sure that security is still in mind is the key to the conversation. We think about security as a continuous process, just like product development.
So making sure we have the right security guardrails in place from the beginning, ensures that we're staying within the lanes that security is defined. Having that ability to be agile within certain guardrails is something that lets product teams move more quickly, knowing that they're keeping up with what the security team is going to be concerned about.
What kind of infrastructure-as-code tools do we typically use for security guardrails?
TerraForm and AWS CloudFormation are by far the most mature in the market, and so we see a fairly equal distribution between the two. Some of it can also be personal preference. In some cases, the customers will prefer to use Terraform if they’re automating on-premises, as well as AWS. And they prefer that common vernacular and common syntax across the different properties that they're automating.
I'm a particular fan of AWS CDK and I've loved seeing the development of CDK over the last few years. There's definitely a trend towards CDK, and along the lines we're thinking in, CDK puts the infrastructure automation even closer to the hands of developers because it's the natural extension of languages that they're already writing in. And so it still fits with that idea of guardrails. As far as agility is concerned, it's potentially moving even faster since the developers are in control of their own destiny when utilizing it.
If you’d like to modernize your applications with a DevOps methodology and Infrastructure-as-code, Caylent’s Cloud Migration & Modernization team can help you take significant advantage of AWS services. Get in touch with our experts to learn how we can help!
Mark Olson
Randall Hunt
