Articles Cloud

Adopting modern application architectures critical for business growth — Highlights from CA Technologies report

Embracing modern application architectures and modern development practices has become significant for organizations to drive business growth, finds a recent Frost & Sullivan survey commissioned by CA Technologies.

The modern application architectures include APIs, microservices and containers, whereas the modern development practices include DevOps, DevSecOps. The companies that adopt these practices can quickly adapt and adjust software applications according to market trends and customer demands.

CA Technologies surveyed 1087 IT and business executives around the world to better understand the state of software applications and the related development principles and practices.

“In conducting this study, what we found most intriguing was the focus amongst line of business leaders on software development and their willingness to engage budgets and detailed efforts in order to drive results,” said Alexander Michael, director of Consulting at Frost & Sullivan.

Key findings of the CA Technologies report:

  • Business executives now play a key role in software decisions

As per the report, titled “What Business Executives are Learning about Software Development and How it is Helping Achieve KPIs”, 85% of business executives (beyond the IT department) are involving in decisions about software development and acquisition.

This is because the digital transformation is now impacting more lines of business. Alexander Michael said that software sits at the heart of most digital transformation projects.

The survey finds that out of the four challenges for an organization, three are associated to digital initiatives. Around 84% of respondents said that modernizing the development and delivery of software and applications is very critical for a successful business.

“In order to compete in today’s rapidly evolving market, organizations must center their thinking around how every line of business and IT contribute to achieving the company’s digital objectives,” said Ayman Sayed, president and chief product officer at CA Technologies.

“A modern application architecture is the foundation that, once in place, provides a platform for more flexible and agile software development, giving organizations the ability to plan and pivot to address customers’ changing business needs.”

  • Software is critical to achieve KPIs

The goal of every department in an organization is to achieve key performance integrators (KPIs). Over eight in ten business execs said that software is the key to achieve KPIs.

In the era of digital transformation, the department leaders have started to think like modern CIOs. They reported that applications developed using modern architectures can help them more effectively achieve business goals.

Departments that adopt modern development practices are eight times more likely to say that their apps are good at supporting their KPIs. Further, they are six times more likely to say that their apps are better at delivering business insights as compared to their competitors.

  • Over a quarter of apps are developed by in-house software engineers

An interesting finding of the research was that over a quarter of applications (28%) were developed by in-house software engineers. Although most software is developed by in-house IT departments, a large share is still bought from external vendors.

  • Modern application architecture development significant for a successful business

Modern application architectures are capable of improving the levels of connectivity, scalability, and security. This can enable digital businesses to access billions of users across different networks and devices, and provide a better experience to partners, customers, suppliers, and employees.

Business executives responded that modern application architectures help them easily develop software, at the same time generate powerful insights and accelerate time to market.

  • Modern application architectures improve ability to integrate applications and data

Business executives and central IT departments generally have different digital projects, but their aim is to improve the integration. The integration is important across business functions for comprehensive insights.

Modern application architectures support the integration of digital projects across the organization. According to report, a majority of mature organizations use APIs and enterprise platforms for seamless integration of applications and data.

  • Software Development Issues Put KPIs and Security at Risk

While there are numerous advantages of modern application architecture, they also come with new challenges. A majority of high-development organizations said that management and monitoring the APIs, microservices and containers are challenging for them. APIs and microservices are new risks to the organizations.

Around 56% of business executives reported that software issues have negative effect on their KPIs. Further, 67% said that their organizations sometimes overlook security to expedite development.

Also read: Top 4 development trends in cloud of which every developer should be aware of

In the digital economy today, the ancient saying “there is nothing permanent except change” carries more weight than ever. Organizations need to adopt modern application architectures to keep up with the change, and to lay foundation for more flexible and agile software.

Read full report here.

Images source: CA Technologies

Articles Cloud News

Top trends in app development, DevOps maturity, and low-code adoption

OutSystems, a low-code software provider, recently released The State of Application Development, 2018 report to identify how IT is responding to digital disruption and innovation.

The survey of over 3,500 IT pros reveals the major trends in application development, challenges faced by application developers, and the strategies used by IT teams to accelerate delivery of applications.

Top findings of The State of Application Development, 2018 report:

  • Demand for app development is increasing

According to the report, the demand for application development in 2018 is at all-time high. Around 42% of IT pros had plans to deliver 10 or more apps this year, 21% to deliver 25 or more, while 10% to deliver 100 or more.

Of all the apps planned to be developed in 2018, 37% will be innovation, while 63% will either be replacement or update to the existing applications.

  • Developers taking excessive time to develop applications

47% respondents said that developers take an average time of five months or more to deliver a web or mobile application. Respondents indicated that mobile apps take more time in development as compared to web apps.

28% of the organizations were either unhappy or somewhat unhappy about the time taken to deliver applications.

Only 19% organizations were happy with the speed of application delivery.

  • Majority of organizations investing in cloud to accelerate application delivery

To increase the speed of application delivery, 77% of organizations invested in cloud over the past year, followed by 31% in low-code, 26% in mobile app development platforms.

Of the 77% organizations who invested in cloud, 29% preferred AWS, followed by 21% and 13% which invested in Azure and Google Cloud, respectively.

  • Failing to gain maturity despite investment in agile tools

60% of organizations invested in agile tools and services in the past year, but the average agile maturity score remained at just 2.6 out of 5.

40% of organizations described their DevOps maturity level between ‘Just Starting’ and ‘Fundamental’.

  • Over half of organizations had a backlog of 1-10 apps

Mid-sized enterprises had worse backlog of web and mobile apps compared to large enterprises. 53% SMEs had a backlog of 1 to 10 apps, while 17% indicated more than 10 app backlogs. Only 30% organizations had no backlogs.

Further, 59% respondents said that their backlogs remained the same over the past year, while 32% indicated improvement in their backlogs.

  • Hiring of development skills taking longer and costing more

65% of the organizations hired web or mobile developers in the past year. 80% of the respondents said that there’s a lack of developer skills, and hiring takes longer and costs more.

43% respondents believed that hiring of both web and mobile development skills are were hard to hire, while 20% said that it was difficult particularly for mobile app development.

Suggested reading: Why IT leaders aren’t committed to DevSecOps?

  • Low-code development becoming mainstream

The low-code development is becoming the new norm for organizations. 34% of organizations were already using a low-code platform, and 9% were expecting to start using one.

According to OutSystems report, the organizations using low-code are more likely to accelerate application delivery, gain more agile and DevOps maturity, and reduce app backlogs.

To download a copy of the full report, click here.


Why IT leaders aren’t committed to DevSecOps?

DevOps is one of the emerging trends among the organizations who are looking to tear down silos in integration and delivery of development approaches. The organizations are building DevOps teams and executing continuous integration (CI) and continuous delivery (CD) workflows to improve their time to market.

However, the approach of implementing application security and security testing tools in the development environments is not so well understood. A recent report by 451 Research and Synopsys, DevSecOps Realities and Opportunities, revealed that only 50% of the CI/CD workflows included application security testing tools, even when the organizations were aware about importance and advantages of doing so.

Synopsys surveyed 350 IT decision makers at large enterprises and found that most of the organizations aren’t integrating security at code commit and in pre-implementation process.

“While some DevOps teams are starting to incorporate application security into their CI/CD workflows, driven by factors such as improved software quality, compliance, and risk avoidance, there is ample room for improvement,” said Jay Lyman, principal analyst at 451 Research. “In many cases, security testing is not being integrated often or early enough in the process for organizations to fully benefit from reduced risk and rework headaches.”

4 key takeaways from DevSecOps Realities and Opportunities report:

  • Frequency in code changes increasing

The speed of enterprise software releases is on the rise. DevOps teams are releasing software faster, working with large-scale infrastructures and making significant code changes in each release.

49% of the organizations said that they deployed code changes or releases in a matter of days, while 22% deployed in weeks, followed by another 22% organizations who deployed within hours.

The more frequent changes in the coding require more testing. 67% of the organizations said that they pushed significant amount of code changes in CI/CD workflows. Whereas, 17% pushed large and complex changes, closely followed by 16% who mentioned small and simple changes.

  • Deployment without strategy causes complexities and difficulties in implementing DevSecOps

63% of organizations expected at least four times faster deployment from their CI/CD implementations. However, such deployments without a clear and informed strategy can make the scalability of application security testing within processes more complex and difficult.

Furthermore, the organizations who support on-premises and hosted deployments together increase their complexities. 41% of respondents preferred a mix of on-premises and hosted software for integrating security in CI/CD workflows, whereas, 37% indicated preference for licensed software.

  • Only 49% organizations committed to secure DevOps

The report highlights that there is an ample room for improvement for integrating security testing elements in CI/CD workflows, as only 49% of organizations indicated that their CI/CD workflows included those elements.

Software composition analysis (SCA) and CVE scanning were cited as the most critical security testing elements.

  • Lack of automation and consistency: Top DevSecOps challenges

According to the report, the lack of automation and consistency, reduced speed and noise of false positives are the primary challenges of DevSecOps. The respondents believed that integration of automation tools early in software development cycle can positively impact the speed and overall quality and security of software.

When asked when application security should be integrated with CI/CD workflows, 67% indicated at the time of committing code, while 44% indicated on the fly while coding.

“DevSecOps presents an opportunity to make application security part of the cultural and technological fabric of modern, high-velocity development and deployment models,” said Andreas Kuehlmann, general manager of the Synopsys Software Integrity Group. “This study highlights many of the opportunities and challenges DevOps team face in adapting and applying application security tools and best practices. It also validates that automation, speed, accuracy, and CI/CD integration—attributes Synopsys has built into its application security solutions—are critical to making DevSecOps successful.”

Also read: Biggest cloud security challenges in 2018 and their solutions

Event News

Rootconf 2018 calling out all DevOps, DevSecOps and IT managers for meeting and learning at one place

The current workflows in technology infrastructure management is becoming complicated and messy. With the recent reports of security breaches due to leaky infrastructure across the industry and government, the need for a secure IT architecture is increasing.

HasGeek’s flagship annual conference – Rootconf 2018, is India’s leading conference on DevOps, IT infrastructure and SRE (Site Reliability Engineering) that calls in systems and operations engineers to meet and share knowledge about building reliable systems.

Rootconf will appeal to security professionals, technologists and decision-makers in the startups and enterprises about:

1. Thorough evaluation of the various open source solutions and the standards available for ensuring better infrastructure security and to negotiate better data security with the telcos.

2. Designing and configuring reliable systems through modern SRE practices including load balancing,  monitoring, error management, microservices and, log aggregation.

Event Schedule:

Dates:: 10 and 11 May, 2018
Time:: 9:30am – 6:00 pm
Venue:: NIMHANS Convention Centre, Bangalore

Who will attend?

The conference will bring together the SRE and security experts from across India and Asia comprising DevOps, DevSecOps, Systems Engineers, Architects and IT managers.

A look at the speakers

The conference will feature security experts like:

  • Alisha Gurung – network engineer at Bhutan Telecom
  • Colin Charles – chief evangelist from Percona Foundation
  • Pukhraj Singh – f former national cybersecurity manager for Aadhaar project
  • Derick Thomas – former network engineer at VSNL and Bharti Airtel
  • A. S. M. Shamim Reza – information security expert.
  • Rachna Khaira – reporter at Tribune

The event will also have some Birds of Feather (BOF) sessions on microservices, container strategies, future of DevOps, DevSecOps and other key technologies that can help in securing your infrastructure.

The event is sponsored by Intuit, MySQL, E2E Networks, Walmart Labs, DigitalOcean, FreeBSD Foundation, and many leading names. This year, the conference will have more than 400 attendees.

The event is being presented and curated by HasGeek – that helps people in technology come together to meet and collaborate on new opportunities, and come up with new strategies and tools to advance technology.

DHN readers get a special discount

Being the media partner of Rootconf 2018, DHN provides its readers a 10% discount on registration.

Stay tuned to get the latest updates about the event.

Cloud Cloud News News

25% of businesses had their data stolen from public cloud: McAfee Study

One-in-four businesses experienced data theft from a public cloud, and one-in-five businesses experienced an advanced attack against their public cloud infrastructure, as per a report released by the cybersecurity firm – McAfee.

The report, “Navigating a Cloudy Sky”, is based on the sampling of 1400 IT personnel, and was released at the RSA Conference in San Francisco.

The report outlined the current cloud adoption state, concerns with the public and private cloud services, security implications in the cloud and the impact of unmanaged cloud usage.

It was found that inadequate visibility and control were the greatest challenges to cloud adoption in any organization. However, the business benefits of cloud and availability of modern cloud security tools outweighed any security concerns, helping it move ahead.

“Despite the clear prevalence of security incidents occurring in the cloud, enterprise cloud adoption is pressing on,” said Rajiv Gupta, senior vice president of the cloud security business unit at McAfee. “By implementing security measures that allow organizations to regain visibility and control of their data in the cloud, businesses can leverage the cloud to accelerate their business and improve the security of their data.”

Other findings of the report have been summarized here:

  • Rise in cloud adoption

McAfee found that the number of businesses who used public, private and hybrid cloud had increased from 93% to 97% in the last one year. The rise in cloud adoption was significant at the hybrid cloud front.

Of the businesses who used any kind of cloud services, 88% of them stored sensitive data in the public cloud. 69% of the businesses trusted public cloud to keep their data safe. Whereas, 16% stated that they stored no sensitive data in the cloud.

61% of the businesses said that the most common sensitive data stored on the cloud was the personal information of their customers. 40% stored internal documentation, payment card details, personal staff information, and government identification data. Whereas, around 30% stored intellectual property, healthcare records, competitive intelligence and network pass cards in the cloud.

  • Malware attacks have increased

The highlight of the survey report was that one in every four businesses who used IaaS, PaaS, or SaaS cloud service had their data stolen, and one in five had experienced an advanced attack against the public cloud infrastructure.

Furthermore, the malware attacks against the cloud applications rose from 52% to 56% over the course of one year. 25% of the businesses said that the malware was injected to the cloud by phishing.

  • Decline in ‘shortage of cybersecurity skills’

The positives from the survey were that the ‘shortage of cybersecurity skills’ and its impact on the cloud adoption in the organizations had decreased.

The number of organizations who reported ‘no skills shortage’ increased from 15% to 24% in one year.

Of the organizations who reported ‘skills shortage’, only 40% reduced the rate of cloud adoption, compared to 49% last year.

  • GDPR to fuel cloud adoption

With General Data Protection Regulation (GDPR) coming in action next month, the service providers will have to ramp up their compliance efforts. With the better compliance and security in the cloud, the businesses will be more confident about cloud adoption.

Only less than 10% businesses said that they might decrease their cloud investment because of GDPR.

Key takeaways – recommended security practices

  • Integration of development DevOps and DevSecOps within the business environments can improve the quality of coding and reduce the vulnerabilities.
  • Automation that brings together the human advantages and machine advantages are critical for modern IT operations. The use of tools like Chef and Puppet can be useful on this front.
  • The use of a unified management platform across multiple clouds, rather than multiple management tools for multiple cloud, can reduce the costs and increase the security.

Also read: McAfee Cloud Workload Security with container support to aid enterprises accelerate cloud business with compliance and security

Cloud Cloud News Datacenter

Chef unveils InSpec 2.0 to automate compliance and security   

Chef, the leading Continuous Automation technology provider, announced InSpec 2.0, which will enable DevOps to automate all the tests for compliance, security, and other policy requirements.

The InSpec 1.0 was about setting up the applications properly for machines. With the version 2.0, users can test cloud resources as well for compliance, by directly connecting to APIs of cloud providers.

It will now address the cloud security issues like the one happened last year when many popular apps and websites went down with AWS experiencing issues with its S3 cloud storage services.

InSpec 2.0 currently supports Microsoft Azure and Amazon Web Services, and comes with more than 30 configurations including Docker, IIS, NGINX and PostgreSQL, for testing of common system and application configurations. Developers can use InSpec to detect common security problems like checking for insecure AWS S3 buckets.

InSpec 2.0 builds on our commitment to build the essential tools and services needed for modern application teams to truly deliver on the promise of DevSecOps, fully integrating security with development and deployment for traditional and cloud-native software delivery,” said Marc Holmes, VP of marketing at Chef. InSpec provides an easy-to-learn, open-source path to incorporating security and compliance requirements as code directly with the delivery process, ensuring that applications and infrastructure are compliant every step of the way — not just at the end of the process.”

The latest version of Chef’s open source project builds continuous compliance throughout the entire software delivery lifecycle, from the workstation of developer to production. The process includes exchange of spreadsheets, doc files, PDFs, and making them easy-to-read and easy-to-use code.

It will help software engineers, operation teams, and security engineers to achieve continuous compliance with no impact on performance.

Also read: Top 12 open source tools for sysadmins in 2018

Chef InSpec 2.0 is also the first step towards “Detect, Correct, Automate” approach for detection and correction of security and compliance issues in production.