DevOps Archives - Gigaom

From Here to GitOps and Back Again

Don MacVittie — Thu, 21 Mar 2024 14:58:37 +0000

The IT sector has been pursuing automated deployment for a very long time. Back in the day, application release automation mapped an application to defined environments, the first step to a fully automated code-to-production system for managing rollouts. It has been a long road, and there have been quite a few twists and turns, but we are progressing.

One step that, in hindsight, was natural and is highly likely to continue, is basing GitOps on a continuous delivery (CD) tool or a deployment automation tool. This allows the GitOps tool to be more tightly aligned with the actual rollout process and placed at the end of the DevOps toolchain.

Likewise, aligning with “worker” tools allows GitOps to focus on the coordination of a rollout rather than the work of the rollout, as underlying workers like FluxCD and ArgoCD handle a lot of the deployment and configuration and can be told what to do for things they don’t specifically know.

Security and Compliance in GitOps

The fact that GitOps handles all of the final steps to deployment, and even deployment to production, means that the tool will hold an increasingly critical place in the DevOps hierarchy. The best place for security policy enforcement is in the tool that will set up the final, complete solution. It’s also the best place to focus on compliance. Where better to build a software bill of materials (SBOM) than at the tag end, when you know what the software, support applications, environment, and even the OS are loading up?

We expect vendors to continue folding in security, and we expect that the tooling will do a better and better job of it. At the same time, we see this space increasingly involved in active—or runtime—security. GitOps can already watch for changes to config as they’re pushed, but we see vendors moving toward monitoring the running application to detect change, and running the processes to keep them in line with the system of record, eliminating drift caused by things like installations on the running system.

The Future of GitOps

This space will likely end up as a feature set in other products—not because it isn’t important enough to remain a separate space, but because the trend of bundling with CD tools or configuration management tools is already pretty set, and we expect similar consolidations to continue. This will keep the solution set stable, but we hope won’t completely lock in the feature set to a single CD tool.

Customers will rightly be concerned by the failures and ownership changes that this space has recently seen. However, we consider the risk to be minimal at this point. There are a lot of reasons that we don’t think customers should worry too much—primarily because, at this point, bundling with other tools is the norm for remaining products, and that will buffer revenue concerns while GitOps is taken up.

GitOps Methodology: Beyond the Technology

GitOps, like DevOps, is as much a methodology as technology. You absolutely need the tools to enable it, but without a culture that promotes end-to-end deployment automation, the best infrastructure as code (IaC) and GitOps tools won’t solve the problems.

This is why we recommend that prospective customers study the GitOps process separately from studying tools before making a large commitment. Understanding how and when all of the moving parts, like network configuration and app testing, fit into the overall GitOps architecture will help a lot when choosing a product that suits your organization’s needs, and training is available from a variety of places.

Is DIY GitOps Worth It?

Some organizations may want to use GitOps but do not wish to bring on another vendor. Like so many parts of IT, GitOps can be done in-house, it will just take more work—both up front and in long-term maintenance. GitOps tools are enablers and standardizers, so both the enablement and standardizations will have to be implemented and maintained independently if an organization wishes to run homebrew GitOps.

A large number of companies have tacked GitOps methodologies onto DevOps practices as changes in the GitOps space—like pull-based approaches, for example—force them to consider if they want this newer technology and how to get it implemented. While pull-based tools exist, a full GitOps solution would be less complex than integrating a separate tool into an internally developed GitOps toolchain. For this specific example, some organizations will be well positioned—via Argo, for example—but there is an array of improvements in the space that create similar issues for homebrew solutions.

The Final Case for GitOps

Simply put: the benefits of GitOps far outweigh the risks and implementation costs. The ability to easily check in a code or configuration, build all that needs building, apply policies (both corporate and security), build a deployment environment and deploy the application into it, kick off dynamic testing if required, and even promote to production if a specified set of conditions are met is powerful. GitOps solutions offer stable releases by ensuring each release meets standards defined both in the GitOps tooling and in tools like security scanners that are integrated into the GitOps process.

IT is a complex environment, and exceptions do and will exist, but as a rule, GitOps has grown to the point that it can handle more than 90% of IT needs and even more in a cloud-first environment.

Next Steps

To learn more, take a look at GigaOm’s GitOps Key Criteria and Radar reports. These reports provide a comprehensive overview of the market, outline the criteria you’ll want to consider in a purchase decision, and evaluate how a number of vendors perform against those decision criteria.

If you’re not yet a GigaOm subscriber, you can access the research using a free trial.

The post From Here to GitOps and Back Again appeared first on Gigaom.

Dr. Shane C. Archiquette

Dr. Shane C. Archiquette — Fri, 01 Mar 2024 21:32:03 +0000

Dr Shane C. Archiquette is dedicated to driving technological innovation and advanced AI to provide sustainable, outcome focused solutions for global markets.

The post Dr. Shane C. Archiquette appeared first on Gigaom.

CxO Decision Brief: Mastering Continuous Testing with Automation

Howard Holton — Fri, 01 Mar 2024 18:47:48 +0000

Ideal application development should be a frictionless process designed to deliver products as quickly as possible. Of course, reality is far different, and testing is a discipline that can impose high costs on the development process. The average window for proper application testing is three to six weeks per release. For a twelve-week sprint, that is a 25% to 50% load on the application workflow, which slows the release process. Cutting back on testing invites significant risk, yet companies struggle with this decision every day. So, how much time do we allow for testing, and what is the tradeoff?

Recent changes in the capabilities of automated testing platforms help to ease this burden. A quality automated testing platform, like Perforce’s BlazeMeter, speeds up software delivery by empowering DevOps teams to conduct extensive performance tests on mobile apps, websites, or APIs at a massive scale, leveraging powerful tools for flexibility and efficiency. BlazeMeter stands out with its blend of open-source agility and robust, scalable testing capabilities, catering to a broad spectrum of developers, including top global brands.

Effective automated testing tools will support a broad range of environments (web, desktop, mobile), multiple region support, and accessibility testing. They will also support an extensive catalog of test data (including platforms that offer AI-driven test data) that can closely approximate your app requirements and use cases. In addition these tools should offer services to complement your needs for testing, as they vary from application to application and company to company. A one-size-fits-all approach is not a good idea.

The post CxO Decision Brief: Mastering Continuous Testing with Automation appeared first on Gigaom.

GigaOm Key Criteria for Evaluating GitOps Solutions

Don MacVittie — Wed, 28 Feb 2024 19:36:39 +0000

GitOps is an approach to supporting continuous software delivery that aims to simplify, accelerate, and improve the way organizations apply application code and infrastructure changes to deployment environments.

In the GitOps model, application code and declarative infrastructure artifacts are stored, managed, and applied to target environments using a common set of tools, workflows, and automations. Storing everything in codified form in common repositories and using automated delivery tools make an organization’s source code management system a reliable control plane for the desired application and infrastructure state. Simple code management commands, such as merge or tag, are translated through automation into corresponding actions against target environments.

Depending on their starting point, organizations seeking to adopt GitOps may follow different paths. A source code management system—most commonly Git—is the basic technical prerequisite. Although frequently associated with cloud-native infrastructure generally and Kubernetes specifically, GitOps is equally applicable to virtualized infrastructure as a service (IaaS) and hybrid environments. Beyond these scenarios, GitOps capabilities can be found as integrations with some continuous integration and continuous delivery/deployment (CI/CD) suites and container platforms. General-purpose infrastructure as code (IaC) automation tools are also useful building blocks for implementing GitOps. Increasingly, container repositories and cloud vendor marketplaces are core to GitOps, providing the base images that applications are built on.

Organizations already using some of these tools will find the effort to adopt GitOps to be more procedural or cultural than technical, and focused solutions are likely to meet their needs better than platform offerings can. Organizations with none of these tools can expect a non-trivial effort in technical, procedural, and cultural dimensions of adoption. These organizations may find that offerings with a broader scope than GitOps can give them the technical capability to help evolve their practices on several fronts simultaneously.

Business Imperative
The GitOps model makes the collaborative benefits of using code management tools, such as working together via pull or merge requests, available for infrastructure artifacts. In alignment with DevOps, this approach helps to bring the often disconnected domains of development and operations closer, improving overall efficiency, visibility, and reliability. Traceability is also improved, and changes to environments are easily audited and followed, from the originating code change, to the approved code, to deployed objects in the target environment.

Moreover, GitOps can reduce security risks by restricting the way changes may be applied to deployment environments and who may make them, while at the same time reducing cycle times through automation.

Sector Adoption Score
To help executives and decision-makers assess the potential impact and value of a GitOps solution deployment to the business, this GigaOm Key Criteria report provides a structured assessment of the sector across five factors: benefit, maturity, urgency, impact, and effort. By scoring each factor based on how strongly it compels or deters adoption of a GitOps solution, we provide an overall Sector Adoption Score (Figure 1) of 3.8 out of 5, with 5 indicating the strongest possible recommendation to adopt. This indicates that a GitOps solution is a credible candidate for deployment and worthy of thoughtful consideration.

The factors contributing to the Sector Adoption Score for GitOps are explained in more detail in the Sector Brief section that follows.

Key Criteria for Evaluating GitOps Solutions

Sector Adoption Score

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption

Figure 1. Sector Adoption Score for GitOps

This is the third year that GigaOm has reported on the GitOps space in the context of our Key Criteria and Radar reports. This report builds on our previous analysis and considers how the market has evolved over the last year.

This GigaOm Key Criteria report highlights the capabilities (table stakes, key features, and emerging features) and nonfunctional requirements (business criteria) for selecting an effective GitOps solution. The companion GigaOm Radar report identifies vendors and products that excel in those decision criteria. Together, these reports provide an overview of the market, identify leading GitOps offerings, and help decision-makers evaluate these solutions so they can make a more informed investment decision.

GIGAOM KEY CRITERIA AND RADAR REPORTS

The GigaOm Key Criteria report provides a detailed decision framework for IT and executive leadership assessing enterprise technologies. Each report defines relevant functional and nonfunctional aspects of solutions in a sector. The Key Criteria report informs the GigaOm Radar report, which provides a forward-looking assessment of vendor solutions in the sector.

The post GigaOm Key Criteria for Evaluating GitOps Solutions appeared first on Gigaom.

Costs and Benefits of .NET Application Migration to the Cloud

William McKnight — Mon, 08 Jan 2024 20:16:20 +0000

Thousands of custom applications written using development frameworks such as ASP.NET are deployed by organizations, often running in on-premises environments. At the same time, organizations continue to move larger workloads to the cloud as part of their digital transformation strategies. While the COVID-19 pandemic accelerated these digital transformation initiatives, the competitive advantages realized by organizations have kept the momentum high as business models evolve in the era of AI. The cloud allows them to augment and transform their existing applications using modern developer platforms to increase customer engagement, streamline operations, lower costs, and enhance profitability.

Ripping and replacing large application estates is becoming increasingly difficult for organizations to justify when they are also coping with shrinking budgets. Technology decision-makers must decide on an optimal strategy for these legacy applications, which are often mission-critical to their core business. Companies are often faced with a choice to either retain legacy applications, migrate and modernize to a cloud-based environment, or completely re-architect or replace them. While the third option might appear to be an attractive solution at first glance, for many organizations the overhead in terms of the developer effort, longer time to value, and the cost required to rewrite thousands of applications is untenable.

To help technology decision-makers take a data-driven approach to understand some of these dynamics, we conducted a field test to assess the benefits and costs of application migration. Now in its third year, this benchmark report walks through a migration scenario and evaluates its costs, performance, and benefits. This year’s field test reinforced the following findings:

Traditional .NET applications can benefit from cloud migration without refactoring underlying code.
Significant cost savings can be achieved by migrating applications to the cloud from on-premises infrastructures.
The Microsoft Azure solution offers a potential total cost of ownership (TCO) savings of up to 56% over running on-premises and 39% over running on AWS.
Streamlined operations, simplified administration, and proximity to advanced cloud services are additional benefits.
Built-in tools for Visual Studio and MSSQL Manager provide ease of use for database and application migrations to Azure.
Applications compatible with the migration tools can be simple and straightforward to migrate from VMware to Microsoft Azure. For the application we tested, the Microsoft Azure migration tool successfully migrated the application to the cloud while the AWS migration tool did not.

The field study examines the process of migrating .NET applications and data from on-premises deployment to both Microsoft Azure and Amazon Web Service (AWS) PaaS offerings. Our testing showed that both cloud providers have a strong value proposition for migrating on-premises workloads. Companies can take advantage of Azure Hybrid Benefit, a licensing offer that helps you save up to 85% of the overall cost of SQL workloads in the cloud. This can fundamentally alter the economics behind a data- or transaction-based business model.

Figure 1. Three-Year Comparison of On-Premises, AWS, and Azure Operating Cost in USD

Figure 1 shows that there is a strong case for modernization by implementing auto-scaling and migrating your on-premises workloads to a PaaS solution. This chart depicts optimal minimum pricing, which shows the maximum potential savings on the platform. This may involve specific pricing agreements such as Azure Hybrid Benefit or non-standard architecture such as database translation layers (AWS). The on-premises minimum pricing represents the prorated cost of the application assuming the servers that host it are fully utilized.

In this report, we assess two other deployment scenarios in addition to minimum pricing:

Baseline is the simplest form of deploying the intended architecture without utilizing cloud-native capabilities such as auto-scaling. It does leverage long-term commitments such as reserved instances.
Auto-scaling pricing shows the potential savings of deprovisioning unused infrastructure; in this example we run a static workload of 1 node 20 hours per day, and scale up to 4 nodes during a simulated peak traffic of 4 hours per day.

We see a trend line showing Azure leading the pack in terms of environment cost, with the significant savings on SQL Server using Azure Hybrid Benefit delivering a $29,675 TCO over three years. This is a great option for organizations that will continue to operate their on-premises environment. A similarly sized AWS environment would be 20% more expensive than a standalone Azure environment and 67% more expensive than an Azure environment employing Azure Hybrid Benefit licensing, core-for-core.

We will go further into the environment configurations, costs, and price-performance analysis later in the report.

In addition to the licensing cost benefit, we also found that app migration to the cloud reduces the considerable time and resources previously spent on maintaining on-premises resources. There is a positive financial impact when developers and IT staff use that time to work on more strategic tasks that drive value to the business. As such, migration and modernization may be viewed as foundational elements of a forward-thinking enterprise application strategy. We encourage you to leverage application assessment and migration tools, which can evaluate your existing applications estate in bulk and provide recommendations to determine the best migration strategy based on factors such as application readiness and business priorities.

The post Costs and Benefits of .NET Application Migration to the Cloud appeared first on Gigaom.

On Microsoft’s Radius, and building bridges between infra, dev and ops

Jon Collins — Fri, 05 Jan 2024 13:54:38 +0000

First, a story. When I returned to being a software industry analyst in 2015 or thereabouts, I had a fair amount of imposter syndrome. I thought, everyone’s now doing this DevOps thing and all problems are solved! Netflix seemed to have come from nowhere and said, you just need to build these massively distributed systems, and it’s all going to work – you just need a few chaos monkeys.

As a consequence, I spent over a year writing a report about how to scale DevOps in the enterprise. That was the ultimate title, but at its heart was a lot of research into, what don’t I understand? What’s working; and what, if anything, isn’t? It turned out that, alongside the major successes of agile, distributed, cloud-based application delivery, we’d created a monster.

Whilst the report is quite extensive, the missing elements could be summarized as – we now have all the pieces we need to build whatever we want, but there’s no blueprint of how to get there, in process or architecture terms. As a result, best practices have been replaced by frontiership, with end-to-end expertise becoming the domain of specialists.

Since my minor epiphany we’ve seen the rise of microservices, which give us both the generalized principle of modularization and the specific tooling of Kubernetes to orchestrate the resulting, container-based structures. So much of this is great, but once again, there’s no overarching way of doing things. Developers have become like the Keymaster in The Matrix – there are so many options to choose from, but you need a brain the size of a planet to remember where they all are, and pick one.

It’s fair to bring in science fiction comparisons, which tend to be binary – either sleek lines of giant, beautifully constructed spaceships, or massively complex engine rooms, workshops with trailing wires, and half-built structures, never to be completed. We long for the former, but have created the latter, a dystopian dream of hyper-distributed DIY.

But we are, above all, problem solvers. So, we create principles and tools to address the mess we have made—site reliability engineers (SREs) to oversee concept to delivery, shepherding our silicon flocks towards success; and Observability tools to solve the whodunnit challenge that distributed debugging has become. Even DevOps itself, which sets its stall about breaking down the wall of confusion between the two most interested parties, the creators of innovation, and those shovelling up the mess that often results.

The clock is ticking, as the rest of the business is starting to blink. We’re three to four years into much-trumpeted ‘digital transformation’ initiatives, and companies are seeing they don’t quite work. “I thought we could just deploy a product, or lift and shift to the cloud, and we’d be digital,” said one CEO to us. Well, guess what, you’re not.

We see the occasional report that says an organization has gone back to monoliths (AWS among them) or moved applications out of the cloud (such as 37 Signals). Fair enough – for well-specced workloads, it’s more straightforward to define a cost-effective architecture and assess infrastructure costs. For the majority of new deployments, however, even building a picture of the application is hard enough, let alone understanding how much it costs to run, or the spend on a raft of development tools that need to be integrated, kept in sync and otherwise tinkered with.

I apologize in part for the long preamble, but this is where we are, coping with the flotsam of complexity even as we try to show value. Development shops are running into the sand, knowing that it won’t get any easier. But there isn’t a side door you can open, to step out of the complexity. Meanwhile, costs continue to spiral out of control – software-defined sticker shock, if you will. So, what can organizations do?

The playbook, to me, is the same one I have often used when auditing or fixing software projects – start figuratively at the beginning, look for what is missing, and put it back where it should be. Most projects are not all bad: if you’re driving north, you may be heading roughly in the right direction, but stopping off and buying a map might get you there just a little bit quicker. Or indeed, having tools to help you create one.

To whit, Microsoft’s recently announced Radius project. First, let me explain what it is – an architecture definition and orchestration layer that sits above, and works alongside, existing deployment tools. To get your application into production, you might use Terraform to define your infrastructure requirements, Helm charts to describe how your Kubernetes cluster needs to look, or Ansible to deploy and configure an application. Radius works with these tools, pulling together the pieces to enable a complete deployment.

You may well be asking, “But can’t I do that with XYZ deployment tool?” because, yes, there’s a plethora out there. So, what’s so different? First, Radius works at both an infrastructure and an application level; building on this, it brings in the notion of pre-defined, application-level patterns that consider infrastructure. Finally, it is being released as open source, making the tool, its integrations, and resulting patterns more broadly available.

As so often with software tooling, the impetus for Radius has come from within an organization – in this case, from software architect Ryan Nowak, in Microsoft’s incubations group. “I’m mostly interested in best practices, how people write code. What makes them successful? What kind of patterns they like to use and what kind of tools they like to use?” he says. This is important – whilst Radius’ mechanism may be orchestration, the goal is to help developers develop, without getting bogged down in infrastructure.

So, for example, Radius is Infrastructure as Code (IaC) language independent. The core language for its ‘recipes’ (I know, Chef uses the same term) is Microsoft’s Bicep, but it supports any orchestration language, naturally including the list above. As an orchestrator working at the architectural level, it enables a view of what makes up an application – not just the IaC elements, but also the API configurations, key-value store and other data.

Radius then also enables you to create an application architecture graph – you know what the application looks like because you (or your infrastructure experts) defined it that way in advance, rather than trying to work it out in hindsight from its individual atomic elements like observability tools try to do. The latter is laudable, but how about, you know, starting with a clear picture rather than having to build one? Crazy, right?

As an ex-unified modeling language (UML) consultant, the notion of starting with a graph-like picture inevitably makes me smile. While I’m not wed to model-driven design, the key was that models bring their own guardrails. You can set out what can communicate with what, for example. You can look at a picture and see any imbalances more easily than a bunch of text, such as monolithic containers, versus ones that are too granular or have significant levels of interdependency.

Back in the day, we also used to separate analysis, design, and deployment. Analysis would look at the problem space and create a loose set of constructs; design would map these onto workable technical capabilities; and deployment would shift the results into a live environment. In these software-defined days, we’ve done away with such barriers – everything is code, and everyone is responsible for it. All is well and good, but this has created new challenges that Radius looks to address.

Not least, by bringing in the principle of a catalog of deployment patterns, Radius creates a separation of concerns between development and operations. This is a contentious area (see above about walls of confusion), but the key is in the word ‘catalog’ – developers gain self-service access to a library of infrastructure options. They are still deploying to the infrastructure they specify, but it is pre-tested and secure, with all the bells and whistles (firewall configuration, diagnostics, management tooling and so on), plus best practice guidance for how to use it.

The other separation of concerns is between what end-user organizations need to do and what the market needs to provide. The idea of a library of pre-built architectural constructs is not new, but if it happens today, it will be an internal project maintained by engineers or contractors. Software-based innovation is hard, as is understanding cloud-based deployment options. I would argue that organizations should focus on these two areas, and not on maintaining the tools to support them.

Nonetheless, and let’s get the standard phrase out of the way – Radius is not a magic bullet. It won’t ‘solve’ cloud complexity or prevent poor decisions from leading to over-expensive deployments, under-utilized applications, or disappointing user experiences. What it does, however, is get responsibility and repeatability into the mix at the right level. It shifts infrastructure governance to the level of application architecture, and that is to be welcomed.

Used in the right way (that is, without attempting to architect every possibility ad absurdum), Radius should reduce costs and make for more efficient delivery. New doors open, for example, to making more multi-cloud resources with a consistent set of tools, and increasing flexibility around where applications are deployed. Costs can become more visible and predictable up front, based on prior experience of using the same recipes (it would be good to see a FinOps element in there).

As a result, developers can indeed get on with being developers, and infrastructure engineers can get on with being that. Platform engineers and SREs become the curators of a library of infrastructure resources, creating wheels rather than reinventing them and bundling policy-driven guidance their teams need to deliver innovative new software.

Radius may still be nascent – first announced in October, it is planned for submission to the cloud native computing foundation (CNCF); it is currently Kubernetes-only, though given its architecture-level approach, this does not need to be a limitation. There may be other, similar tools in the making; Terramate stacks deserve a look-see, for example. But with its focus on architecture-level challenges, Radius sets a direction and creates a welcome piece of kit in the bag for organizations looking to get on top of the software-defined maelstrom we have managed to create.

The post On Microsoft’s Radius, and building bridges between infra, dev and ops appeared first on Gigaom.

GigaOm Research Bulletin #006

Jon Collins — Fri, 22 Dec 2023 16:27:31 +0000

Welcome to GigaOm’s research bulletin for December 2023

Hi, and welcome to the last bulletin of 2023! As we near the end of the year, we would like to express our huge gratitude to all who have engaged with us in our research processes, given us feedback, welcomed us at events, and otherwise worked with us proactively this year.

As part of our ongoing process of improvement, we are excited to announce the release of our Online Research Calendar, covering the scheduling of GigaOm Radar reports over the next two quarters. This is being updated regularly as part of our PMO process, so the information is coming straight from the source. We are juggling 120 topics across (many) hundreds of vendors, legions of analysts, and numerous external events – so bear with us if schedule conflicts arise, we will endeavour to accommodate! Please do let us know any feedback you may have.

And what about GigaOm in 2024? For us, this year was a time of change, of creating a sustainable and efficient research platform that we can build upon. This work is never done of course, but increasingly we are turning our attention to services across end-user businesses, vendors, and channel organizations. Engage, enable, and empower with research; that’s the name of our game!

On which note, in one of the latest instalments of our podcast, The Good, The Bad & The Techy, some of our analysts and leadership team got together to discuss the realities of finance and technology investment in today’s market – Do give it a listen.

Research Highlights

See below for our most recent reports, blogs and articles, and where to meet our analysts in the next few months. Any questions? Let us know.

Trending: Autonomous Security Operations Center (SOC) released in November is one of our top Radar reads right now. “There’s no way around automation to cope with today’s demands, and most security providers share a vision for how a security operations center will work in the future,” says author Andrew Green.

We are currently taking briefings on:Enterprise Firewalls, Kubernetes for Edge, Disaster Recovery and Business Continuity, Alternatives to Amazon S3, Cloud Observability, GitOps, Deception Technologies, Unstructured Data Management (Business and Infrastructure focused), Time/Series Database, Cloud Performance and Cloud Networking.

Warming up are: SaaS Security Posture Management, Network Operating Systems for Cloud, MSP/NSP, Enterprise, and SMB, Cloud FinOps, Streaming Data Platforms, Data Pipeline, Microsegmentation, XDR, DSPM, Object Storage for Enterprise and High Performance Workloads.

Recent Reports

We’ve released 18 reports in the period since the last bulletin.

In Analytics and AI, we have released a report on Data Warehouses.

For Cloud Infrastructure and Operations, we have Data Processing Units (DPUs), Incident Response Platforms and API Functional Automated Testing and in Storage, we have covered Distributed Cloud File Storage, High Performance Cloud File Storage and Scale-Out File Storage.

In the Security domain, we have released reports on Ransomware Prevention, Autonomous Security Operations Center (SOC), Penetration Testing as a Service (PTaaS), Cloud Network Security, Container Security, Threat Intelligent Platforms (TIPs), Data Security Platforms (DSP), and User and Entity Behavior Analytics (UEBA).

In Networking (or is that security as well), we have covered Software-Defined Wide Area Networks (SD-WAN).

And in Software and Applications, we have a report on Regulated Software Lifecycle Management (RSLM) and Digital Asset Management.

Blogs and Articles

Predictions for 2024! – Our analysts give their predictions in Tech for 2024 in our series of blogs, Seven reasons why generative AI will fall short in 2024, Five Security, Networking and Management Predictions for 2024 and 2024 Predictions Redux: Data, Storage, Infrastructure, and Services Platforms revisited.

Other blogs include:

Dana Hernandez discusses Intelligent Automation vs Hyberautomation.
Jon asks Five questions of Simon Pilar of Clario on Observability and AIOps, and Five questions of Koby Avital, Strategic Advisor, X-EVP, on business-first transformation and strategic vendor partnerships.

Quoted in the Press

GigaOm analysts are quoted in a variety of publications. Recently,

Where To Meet GigaOm Analysts

In the next few months you can expect to see our analysts at Mobile World Congress Barcelona, Tech Show London, and KubeCon & CloudNativeCon Paris . Do let us know if you want to fix a meet.

For news and updates, add analystconnect@gigaom.com to your lists, and please get in touch with any questions. Thanks, and wishing you a very Happy Festive Season and a prosperous New Year!

The post GigaOm Research Bulletin #006 appeared first on Gigaom.

Eric Phenix

Eric Phenix — Thu, 14 Dec 2023 17:04:56 +0000

Eric Phenix is Engineering Manager at GigaOm and responsible for our cloud platforms and guiding the engineering behind our research. He has worked as a senior consultant for Amazon Web Services, where he consulted for and designed both systems and teams for over 20 Fortune 1000 enterprises; and as cloud architect for BP, where he helped BPX Energy migrate their process control network from on-premises to AWS, creating the first 100% public cloud control network, operating over $10 billion in energy assets in the Permian Basin.

The post Eric Phenix appeared first on Gigaom.

GigaOm Research Bulletin #005

Jon Collins — Fri, 03 Nov 2023 15:27:28 +0000

Welcome to GigaOm’s research bulletin for November 2023

Hi, and welcome back!

GigaOm’s partnership with Ingram Micro clearly shows how we bring something new and unique to the industry. Read more here from Karl Connolly, Field CTO at Ingram Micro, about how our practitioner-led research and advisory approach enables partner, product and sales teams at Ingram and beyond.

Plus, we’ve listened to your feedback on our research process, report formats and radar scoring and have implemented a raft of changes as a result. You can find specifics of scoring changes here, and you will already start to see differences in research and briefing requests. As always, we welcome any comments you may have!

Finally, our latest podcast discusses the importance and role of observability in today’s market landscape from both an enterprise and an end-user standpoint. Give it a listen!

Research Highlights

See below for our most recent reports, blogs and articles, and where to meet our analysts in the next few months. Any questions, reply directly to this email and we will respond.

Trending: Patch Management, released in September, is one of our top Radar reads right now. “Monitoring and observability are crucial IT functions that help organizations keep systems up and running and performance levels high. Knowing that a problem is likely to occur means that it can be rectified before it impacts systems.”, says author Ron Williams.

We are currently taking briefings on: Primary Storage, K8 Data Protection and SOAP.

Warming up are: Vector Database, CCaaS, DNS Security, App & API Security, K8 Resource Management, Data Governance, Data Lake, Data Center Switching, eSignature, Threat Hunting Solutions, SASE, ASM, ITAM and CIEM.

Recent Reports

We’ve released 24 reports in the period since the last bulletin.

In Analytics and AI, we have released a report on Data Observability and Data Catalogs.

For Cloud Infrastructure and Operations, we have Application Performance Management (APM), Cloud Management Platforms (CMPs) and Patch Management, and in Storage, we have covered Cloud Based Data Protection.

In the Security domain, we have released reports on Cloud Security Posture Management (CSPM), Continuous Vulnerability Management, API Security, Data Loss Prevention, Application Security Testing, Security Orchestration, Automation & Response (SOAR), Endpoint Detection & Response (EDR), Multifactor Authentication (MFA) and Ransomware Detection.

And in Networking, we have covered Network Detection & Response (NDR), DDI, Service Mesh, Network Validation and Network as a Service (NaaS).

And in Software and Applications, we have a report on Digital Experience Platforms (DXPs), E-Discovery and Intelligent Document Processing (IDP).

Quoted in the Press

GigaOm analysts are quoted in a variety of publications.

Generative AI | CIO.com – Jon Collins
Management in the modern workplace | TechFinitive – Ben Stanford
Is AI the solution to acquiring accounting talent? – Elizabeth Kittner
Zero Trust Security | TechRepublic – Howard Holton
Renewable Energy | upsite – Ben Stanford

…and Jon was recently interviewed for an episode of ‘The State of Startups with Industry Analysts‘.

Blogs and Articles

We’ve published several additional blogs over the past couple of months, including:

Let’s introduce GigaOm’s new Field CTO, Darrel Kent, whose first blog for GigaOm covers the Business Value of AI. With his systems engineering background, Darrel examines how to translate IT solutions into business value for acquisition and implementation.

Other blogs include:
- Andrew Green explains why a Standalone SOAR is Alive and Kicking, NaaS – enterprise networking as an innovation platform, tells us why Enterprise MFA is actually really cool, and asks, SIEM or SOAR, will they or won’t they?.
- Paul Stringfellow asks, Is there a case for Microsoft as your only enterprise Security Partner?, and as Microsoft joins the party, is it time to try MDR?.
- Ivan McPhee talks about NDR: a simple acronym describing a complex and dynamic area.
- Jon questions, What’s the future for WebAssembly?, plus why he thinks DevOps efficiency needs to put business goals first and the Cloud-only Era is Done.

Where To Meet GigaOm Analysts

In the next few months you can expect to see our analysts at VMWare Explore Europe, Black Hat Europe and Mobile World Congress Barcelona. Do let us know if you want to fix a meet.

Jon recently interviewed our VP of Sales, Adrian Escarcega about his role at GigaOm. Take a listen here!

For news and updates, add analystconnect@gigaom.com to your lists, and please get in touch with any questions. Thanks and speak soon!

Jon Collins, VP of Engagement

Claire Hale, Engagement Manager

P.S. Here is last month’s bulletin if you missed it.

The post GigaOm Research Bulletin #005 appeared first on Gigaom.

DevOps efficiency needs to put business goals first

Jon Collins — Thu, 14 Sep 2023 11:14:43 +0000

Here’s a quick story. As a business analyst, I worked at a publisher in Oxford. We were interviewing, process diagramming, and so on – that’s not the interesting bit. Meanwhile, in parallel, they brought in consultants from a small company in Birmingham, UK. Two or three folks.

The building we were working in was long and thin, and had an empty upper floor. These guys came in with a massive roll of brown paper, 7 feet high. They shot this roll all the way down the empty floor. They then went and spoke to people and asked them what systems they used, what forms they filled and so on.

Then they stuck literally everything along that sheet of paper. They took printouts of their screens or the forms they’d fill in, stuck them on and joined them up with black tape so you could see the linkages.

When they’d finished, after a few weeks, they got everyone in the company upstairs and said, “There you go!” Everyone was just wowed, “Oh my goodness, I fill that in, then it goes over there, and then nothing happens to it?” or, “That bit is exactly the same as that bit, but done by two different people?” and so on.

It was the best gift the consultants could have given the firm. Was it worth $20,000 (or whatever it cost), just to stick some bits of paper on a big sheet of brown paper? Yes, absolutely. 100%.

The power of visualization is fantastic, and I’ve seen it many times over the years. I recently spoke to a start-up that enables DevOps process mapping and dashboards. They asked me what I thought of what they were doing, particularly given (so they told me) that I was a bit of a skeptic.

So, I told them the story above. In my experience, software development processes are notoriously hard to lock down despite all the efforts to define methodologies and structures. We can go into the reasons over a beverage, but the result is a continued lack of visibility. As the adage goes, if you can’t measure, you can’t manage. And software development is notoriously difficult to measure.

So, what to say to solutions vendors attempting to crack the code of process visibility in the DevOps space? The question is less about the need, nor the epiphanies that can be achieved with a software package (or post-its on a whiteboard, or a roll of brown paper), and more to do with how to succeed when, historically, many have tried and become, with the best will in the world, a point in time fix.

The challenge is twofold. First, nobody in the (non-technical) organization cares enough about software processes to allocate a budget to such tools. For some reason, the business still thinks that software runs itself – it can’t be that hard to write if you have good people in, correct? Everyone just assumes that it’s just smart people creating things.

However, anyone who has built software at any scale knows what a knotty mess we can get into without the right controls. As a strange kind of good news, we’re in a period of belt-tightening, where CIOs are being asked to justify how much IT is costing – the adage extends to, “If you can’t measure, you can’t have any more money,” which certainly focuses the mind.

So, yes, the demand for efficiency can be met with spend-to-save initiatives, which in turn fuels interest in software process tooling, categorized as value stream management, software development analytics or similar. When looking at multiple providers looking to solve a complex problem in similar ways, I often analogise multiple paths up the same mountain – and this space is no different.

To run with this analogy a little, I see multiple vendors, at various stages of development, going up different routes on that mountain. This brings us to the second challenge – that no organization has yet found a repeatable path to the top.

Everyone gets exhausted after a while and starts slowing down. In the VSM report, we have leaders and challengers, incumbents and new entrants all addressing the problem in their own way. Start-ups arrive in the space often through some personal epiphany, their “brown paper roll” moment, if you will.

They arrive, and up the mountain they head, they’re running and running, and they start to slow down… and eventually, over time, they just become a feature in someone else’s platform. I’m reminded of Spanish world champion mountain runner Killian Jornet’s exploits – while we may all aspire to be like such an athlete, he is an exception, not the norm.

What to do about this? One answer, of course, is not to mind too much. A vendor can acknowledge that it will always be a tactical tool, to be brought in when things aren’t going so well. For the vendor, that results in a certain route to market – to switch analogies, a tool for mechanics servicing the plane, rather than the cockpit centerpiece.

A second option is to scope according to what is feasible, vertically rather than horizontally – if you’re going to be in the cockpit, then do one thing well rather than looking to control the whole aircraft. That way, the audience can be defined more precisely and, by extension, the value brought to stakeholders.

Which brings us to the third option. To consider the use cases in which the tool can deliver value. It’s all very well that a smaller group recognises the scale of a problem, in this case; software development is complex and tends to chaos without the right checks and balances. But it’s a big assumption that others – budget holders up to board level – will reach the same conclusion without a giant roll of brown paper to guide their thinking.

So, if the challenge is that the majority don’t want to solve the problem, however clear it is to the minority, then what are the scenarios in which the majority see it as important? Is there another need that the majority are willing to put their wallets behind? And start from there, rather than the development process and cost efficiency?

Right back at DevOps’ manifesto, the Phoenix Project, itself based on Eli Goldratt’s novelisations of project management best practice, the point was always about business challenges – getting customers onto the website, increasing sales, improving supply chains and the like. However, too many tools and approaches are introspective and focused on improving the means, not the end.

We all know just how hard it is to build software, but see Point One: nobody outside of IT cares that much. If we can’t get the money to make necessary improvements, that’s one thing. And it’s absolutely true that the problem exists. But to assume that people will magically ‘get’ that it needs to be solved is quite another.

So, if people can’t be bothered to solve it, what scenario would cause them to want to solve it? Too often in this trade, we’re forced to wait for situations where the problem becomes a crisis – just after a security breach, when a compliance audit is approaching, or when a software package is reaching the end of life.

Alternatively, I would take a design thinking-driven approach, which maps out and prioritizes business results – this is as applicable to end-user businesses as solution providers. For companies, which specific business needles can be shifted through software process improvements, and by how much? And for vendors, what does the composite picture look like across the customer base?

Note, however, that whilst these scenarios might be events worth putting money behind, they are not the end game – which can be described by a company’s vision, mission and strategy. The business itself is the mountain – your own, or that of organizations you serve as a provider. If you are heading up, ask yourself first, what does the top look like? What will you have achieved when you get there?

If the answer can’t be described in business terms, it becomes far less likely that you will arrive. Bluntly, only hold the software process improvement kick-off meeting with a clear picture of your company’s top three targets for the coming period, and how process improvement, tools or anything else will directly make them happen.

And, as a vendor, if you’re only looking to raise investor capital and for a quick exit, I’d argue that’s a false summit. In these digitally transforming times, misalignment between technology delivery and business goals is possibly the biggest cause of bottom-line inefficiency. Be prepared to kick off the journey with a map to get to the top, if you want to get anywhere at all.

The post DevOps efficiency needs to put business goals first appeared first on Gigaom.

DevOps Archives - Gigaom

From Here to GitOps and Back Again

Security and Compliance in GitOps

The Future of GitOps

GitOps Methodology: Beyond the Technology

Is DIY GitOps Worth It?

The Final Case for GitOps

Next Steps

Dr. Shane C. Archiquette

CxO Decision Brief: Mastering Continuous Testing with Automation

GigaOm Key Criteria for Evaluating GitOps Solutions

Key Criteria for Evaluating GitOps Solutions

Sector Adoption Score

DetersAdoption

DiscouragesAdoption

MeritsConsideration

EncouragesAdoption

CompelsAdoption

GIGAOM KEY CRITERIA AND RADAR REPORTS

Costs and Benefits of .NET Application Migration to the Cloud

On Microsoft’s Radius, and building bridges between infra, dev and ops

GigaOm Research Bulletin #006

Welcome to GigaOm’s research bulletin for December 2023

Research Highlights

Recent Reports

Blogs and Articles

Quoted in the Press

Where To Meet GigaOm Analysts

Eric Phenix

GigaOm Research Bulletin #005

Welcome to GigaOm’s research bulletin for November 2023

Research Highlights

Recent Reports

Quoted in the Press

Blogs and Articles

Where To Meet GigaOm Analysts

DevOps efficiency needs to put business goals first

Deters
Adoption

Discourages
Adoption

Merits
Consideration

Encourages
Adoption

Compels
Adoption