IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Exclusive: Why open source is critical to software development
Mon, 23rd Jul 2018
FYI, this story is more than a year old

Recently I had the opportunity to sit down with Pivotal APJ head of platform architecture Lawrence Crowther and discuss the importance of Open source and cloud.

Firstly, can you tell me a bit more about Pivotal and its cloud platform?

Pivotal's original mission was to transform the way the world builds software. Now our mission is to transform the way the world runs software, too, through a combination of methodology and technology. Whether we are helping clients change their culture towards product development or managing platforms, we use the same agile principles in both cases, such as Extreme Programming and the Lean Startup approach. This is often a radical shift for companies to embrace so we partner with them for a “learn by doing” approach.

We believe that in order to support a fast development team who are iterating quickly and updating constantly, you need a different kind of platform. One that removes all barriers and lets you go from “concept to cash” quickly in a reliable, secure and safe way. You can build software as fast as you want but if it is not ending up in the hands of users it doesn't matter. Once Pivotal Cloud Foundry is up and running the cost of deploying applications and iterating on them becomes almost zero. This is because it takes away the details of infrastructure, middleware, dependencies, integrations, monitoring and more from the development team so they can focus on delivering value to the business over and over again.

What are some of the benefits of open source?

Open source is critical to doing any kind of modern software development in the enterprise today to avoid lock-in as standards are emerging where a lot of investment is happening. Such as Cloud Foundry as the defacto way to deploy applications in the cloud and Kubernetes as the defacto way to run containers in the cloud. Enterprise architects within large companies should not ignore these open source projects and other similar projects to build new systems because of the community behind them and the innovation that's going on. Companies themselves can contribute to open source projects and influence the roadmap to help them fit their requirements.

Other benefits of open source are that the documentation and resources available online are more comprehensive compared to closed source systems. These communities are thriving and are willing to help out 24/7. The frequency of updates and feature development within these projects can't be matched by any one company and goes back to the power of the community. Having more eyes on the code translates into more reliable, secure and robust products.

What do you think are some of the biggest issues that make companies hesitant to move to the cloud?

This may differ between industries. With banks, for example, there was a lot of heavy regulation around storing customers' personal information in the cloud. Given most applications need to store user-related information, it was hard for these companies to move workloads to the cloud. Regulations have since been relaxed and technology has improved and become more secure, thereby allowing more types of applications to run in the cloud. This could have slowed some companies down initially.

Another factor could be due to the complexity of untangling legacy applications in their data center. The modern approach to this is to provide an API layer on top of the legacy to abstract the complexity and allow new digital experiences to be developed in the cloud.

Skillsets, or lack thereof, could be another reason why companies are hesitant about moving to the cloud. There are a lot of opportunities in the market where companies are doing very innovative and interesting things in the cloud, so to remain competitive and attract talent, companies need to adopt cloud computing.

In regards to [cloud] security concerns, what are some of the biggest fears and how are they best addressed?

There is a perception that if an application or server doesn't get updated for a long period of time then it is secure. False. Hackers love environments that are static and don't get updated because they have time to monitor traffic and activity and to launch malicious attacks. Instead, the new approach is to rebuild environments and applications constantly so that hackers do not have a chance. A radical new approach to security in the cloud,  pioneered by Justin Smith, refers to the “three Rs of security”: Rotate, Repave and Repair. 'Rotate' refers to constantly changing the passwords and security keys of platform components so that they cannot be compromised. ‘Repave' refers to the ability to rebuild the platform frequently from scratch to a known state so that it avoids any vulnerabilities and configuration drift. Lastly, ‘Repair' refers to the ability to automatically patch the environment with CVEs (Common Vulnerabilities and Exposures) with zero downtime and no effect to end users.

How can Aussie businesses effectively modernise while avoiding some risk?

The bimodal approach of layering an abstraction on top of the legacy with an API gateway so that the digital teams can go fast seems to work and reduce risk while still enjoying the benefits of the cloud.

Aussie businesses should also embrace open source technologies from Silicon Valley because they have been proven at scale and will be easy to implement versus trying to build their own platforms. It's very expensive to hire top talent in Australia, so it's better to focus talent on building amazing user experiences that add tremendous value to the business rather than DIY platforms.

What would you say to businesses that are still hesitant to embrace digital transformation?

Start with something small, prove out the value in the new way of working and iterate from there. Don't try and transform core banking applications as a starting point. Look for applications that have good business value but don't have a lot of technical complexity otherwise it may fail.

Rather than trying to build your own platform, embrace what's already been done by others in setting standards in open source projects and in cloud computing platforms, like Cloud Foundry and Kubernetes.

Always focus on the customer, and try to orient the company to be a learning organisation. This means learning from customer feedback and having the courage to always experiment and iterate.

If companies don't constantly transform themselves they are in danger of being left behind by more nimble startups that can respond to changes in the market quicker. Companies need to future proof themselves by behaving more like software companies, regardless of industry. The reality is that software is everywhere and is being used as a key differentiator across all industries.