25 April 2019
What is Cloud Native?
In this episode of Nasdaq TradeTalks, Peter Vaihansky, SVP at DataArt, speaks with Jill Malandrino about the concept of cloud-native development, explaining the guiding principles for building and running applications to take full advantage of cloud computing delivery model. Peter also explains the “three R’s” that help to ensure security in the cloud-native world.
“You have to do things that you don’t necessarily have to do in a non-cloud-native environment. You’re building certain things in from the word ‘go’- security, reliability, resilience, scalability. Those things have to be the considerations of development teams from the very first day of development. Typically, when you hear talk of cloud-native development, you hear words like microservices, containers, service meshes, agile, DevOps, immutable infrastructure, declarative APIs, so those exemplify and characterize cloud-native development.”
“Instead of a world where technology is static, we now live in a universe where technology is delivered as a set of loosely coupled components that are able to change dynamically and evolve at the speed of business. And that is what cloud native enables you to do. So we are talking about the things we couldn’t do before.”
“Microservices is an architectural style that enables you to deliver a collection of loosely coupled very small, narrow purpose applications called microservices, instead of delivering your big app one chunk of code. Because they are loosely coupled, they talk to each other via APIs, you can iterate on them very quickly independently. They are owned by very small teams, and you can make changes very quickly and you can do it safely, without impacting other components of your system. So that gives you the agility that you want.”
“You definitely have to address security differently in the cloud-native world. There are certain technical and architectural best practices… Remember three R’s if you can. Repair, Repave, Rotate. Repair means you patch everything immediately.”
“Repave is – instead of keeping your server up for a record period of time… you want to kill off and stand back up from a golden copy clones of your containers and VMs on a schedule. That means if there is a malware, that’s latched on to a particular instance of your service, for example, because of some vulnerability…if you kill that particular container and stand it back up from golden image, the malware is gone. That makes it that much more difficult for the attacker to execute the attack... Rotate credentials. Credentials leaking is one of the top three reasons for vulnerabilities and threats… therefore you revoke them on schedule.”
View the full interview here:https://youtu.be/6SDACcghnds