On this episode of the Six Five Webcast DevOps Dialogues, Paul Nashawaty and Mitch Ashley from The Futurum Group discuss the pivotal role of Kubernetes, WebAssembly, and the strategies for cloud-native modernization.
Their discussion covers:
- The foundational aspects of Kubernetes and its ecosystem
- An introduction to WebAssembly and its importance in modern application development
- Strategies for successful cloud-native modernization and the challenges associated
- Best practices for integrating Kubernetes and WebAssembly in development projects
- Future trends in cloud-native technologies and their impact on DevOps practices
Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: The Six Five Webcast DevOps Dialogues is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.
Transcript:
Paul Nashawaty: Hello and welcome to this episode of DevOps Dialogues. My name is Paul Nashawaty. I’m the Practice Lead for the AppDev practice at The Futurum Group, and I’m joined by Mitch today. Mitch, want to introduce yourself?
Mitch Ashley: Hey, happy to be here with you Paul on DevOps Dialogues. I’m Mitch Ashley. I’m a Chief Technology Advisor with Futurum Group working with Paul and the AppDev, DevOps and cybersecurity space and also come from the Techstrong world through that acquisition where I’m CTO as well. Good to be here, man.
Paul Nashawaty: Great to have you. This is a really exciting time and I love to have you as my partner in crime in this journey that we’re on with regards to DevOps and platform engineering and DevSecOps and all the fun stuff that goes along with it. We have this event coming up that’s focused around it is Kubecon a small event. I think you’ve heard of it once or twice.
Mitch Ashley: It’s been all the papers. I remember that as they say.
Paul Nashawaty: It’s really exciting to me because there’s a lot happening in the space. I know that there’s a lot of transition with the big vendors out there. Also, the smaller vendors are coming up, the emerging vendors are really taking bites out of the market. A couple of things that really excite me are like Wasm and Cloud Native, what’s happening in Cloud Native, talking about the Kubernetes platforms and how that’s helping with DevOps and platform engineering. And then of course DevSecOps is always a topic of interest, but let’s start with talking about it in the context of what we expect to see out of the show. It’s a few weeks away. It’s like it’s coming up, but I’m really getting excited about it, talking about a lot of pre-briefs around this. What are your thoughts on Wasm, WebAssembly?
Mitch Ashley: Let me just add one perspective too on it. It’s become a show that used to be just about primarily Kubernetes and now it’s really Cloud Native applications, AppDev, data, all parts of it, much more of a practitioner show. And to your point about asking about Wasm, it’s gotten a lot of interest, especially at the edge of the network. And that ties right in with yes, we think we’re going to be doing more AI at the edge. Yes, the edge is not just smartphones and computers, it’s kiosks and point-of-sell devices and apps that are running in grocery stores and doctor offices and hospitals and everything. Wasm is exciting as a delivery platform for operating or operational platform for running applications and it’s fun to see it evolving along with the edge and applications use cases for it. I know you and I have been talking to companies like Fermyon and others, I always say that wrong, and others that are in this space, I know. What do you think? What’s happening in Wasm? What are we going to see maybe?
Paul Nashawaty: I have of course my opinions, but I’m an analyst. I go back to data. I look at data and I look at it, a recent study I ran, we were asking about, I talk about the past, present, and future with the modernization strategy of applications and we were asking about Wasm and we were seeing how 39% of respondents indicated that they’re actively using WebAssembly today as part of the use case, which is surprising to me. And they said over the next two years we saw that number jump up to 42%. Now, I think it’s interesting because in 2022 I was having conversations with Fermyon, Matt Butcher over there and Liam at Cosmonic, Liam Randall and Scott Johnston at Docker, and do we have these conversations and having just, “Hey, this Wasm thing, is it cool?” It’s like, “Yeah, it’s exploratory. It’s happening.” 2023 in my opinion was really the pivot point for Wasm. It really helped drive the adoption and really why was because wasm added multi-threaded support as well, as .NET support.
Prior to that, the use cases was like Python and BI applications and it was really good for processing. But now with the adoption of .NET and using multi-threaded applications, it opens a whole bunch of different new use cases here. The other thing I like what you said on the edge, the reason why I like what you said on the edge is because when you look at the edge companies like ZEDEDA for example, working on orchestration of Kubernetes clusters at the edge, they’re looking at these different scenarios that are out there. The challenge that the edge has is you have Intel processors, you have AMD processors, you have ARM processors, you have all sorts of different technologies. Wasm harmonized itself, you don’t have to recompile the code. You can utilize only build that 10% of business logic and keep 90% of the code without recompiling. That’s brilliant. Using it at the edge, I think the orchestration piece comes in. From a Cloud Native in front a growth perspective, WebAssembly has legs, but also, it’s still in its infancy I think.
Mitch Ashley: It’s still early, but it’s the next generation of that promise that if you remember way back into the Java introduction of right once run anywhere, because the Java runtime environment, it’s not the same thing of course that we’re talking about, but Wasm is the current generation of delivering on that promise. And to your point, the variation in endpoint devices, even down to this revision of hardware that you’re running on with this chip for WiFi or whatever it might be, can be mind-numbingly or frustratingly aggravating to manage all those variances and differences. And it’s one of the things that really helps abstract that away.
Paul Nashawaty: Absolutely. But when we look at this and we pivot to other topics that are coming up at Kubecon, of course Cloud Native is going to be the topic of choice and the discussion of choice. Cloud Native is interesting to me, and I’ve been doing this trending study for past four years on distributed cloud, multi-cloud environments, and we were seeing a couple of years ago in 2022, we saw that 89% of organizations were using two or more clouds. That jumped up to 92% in 23, and now in 24, our research shows that that’s 94% of, I’m sorry, organizations using two or more clouds. 65% are using four or more clouds, and that’s for production applications, not SaaS-based applications, but production applications. SaaS-based, actually we have some data this year showing that 97% of organizations are using two or more. There’s a lot of cloud adoption.
Any NET new applications being built, I was just on a recording with Mike and we were talking about this, about the Cloud Native Now, and we’re talking about new applications being built and we were saying, “Is it all going to be on cloud-native?” And my response is, “Yeah, Cloud Native is really where NET new applications are being developed.” The question and I want to see out of this event is, according to our research, 88% of heritage applications are still running in that siloed environment and a heritage environment. Not all those applications need to be refactored into Cloud Native. They can be encapsulated into cloud-ready state and be a system of record and build new systems of engagement in the front end that access it. What are your thoughts on the evolution? If you look at these Kubecon and these other events, you think that there’s no other product out there except for Cloud Native products, but I don’t think that’s true.
Mitch Ashley: There’s flavors of Cloud Native. There’s microservices and containers and service mesh and things like that, which is where I came from on cloud-native, but there’s also the broader built for and operate in the cloud, leveraging cloud services, multi-cloud, can mean lots of things, and I think that’s part of that evolution of Kubecon. It’s not just about running Kubernetes, though we do have Kubernetes at the edge, K-3, K-0 and all kinds of variations of that happening. I think, backing it up for a second it’s about modern-day architectures. We did this survey question once, and I wish I had the results from it, but we asked the question of does Cloud Native require DevOps? And the answer was essentially yes. The ability to produce and mass produce that many number of microservices at some velocity.
Now you’re talking about more than things people can handle by their hands, by their computers in a personal one-to-one basis. It’s got to be automated. And matter of fact, that’s part of what enables Cloud Native is those DevOps processes where you truly follow DevOps or you’re applying some of the practices. It’s automation, it’s testing in unit and deploying into test environments. It’s CI/CD process, etc. I think it as a modern way of creating applications, whether it’s the DevOps part of it or strictly Cloud Native with microservices or larger definition of Cloud Native, that’s how people are doing things.
Paul Nashawaty: Look, I agree. I think that you’re spot on to a lot of this. I think that there’s interesting perspective is when you look at research around this. In our latest study we found that 24% of respondents indicate that they want to release code on an hourly basis, yet only 8% are able to do so. The companies that are able to do so, you hit the nail on the head, they’re running DevOps methodologies, they’re doing agile software development methodologies, they’re running infrastructure risk code, and they’re using Git repositories to get the code out the door quickly. It’s repeatable, faster delivery for faster cadence. Business KPIs are driving that, the expectation of results.
With that said, when we look at those business KPIs and how they’re driving these results, there’s this need or there has been a need for, we’ve seen over the years that this growth of K8s or Kubernetes platforms that are out there, we see that you were mentioning that building out your Kubernetes environments or building out your microservices environments. We see in our recent ability study that 43% of respondents indicate that 30 to 60% of their production applications are running in a microservices environment.
My question to you, Mitch, is I’ve been following a space for quite some time. You’ve been in this space for quite some time. The Kubernetes platform vendors that were out there, the companies like Rafay or D2iQ, for example, D2iQ being acquired by Nutanix, Rafay now expanding from just Kubernetes to more looking at holistic the environment. Why when you look at these different platforms, Nethopper has one, and Humanix has another one for DevOps and platform engineering, if you look at these different platforms that are out there, I felt that the Kubernetes platform was going to take off to help accelerate the adoption of Kubernetes. But in turn, it seems like there’s been a consolidation of that market where, like I said, Nutanix buying D2iQ and know Rafay expanding their portfolio for growth. Why do you think that they’re looking at expanding their portfolios from these just Kubernetes specific platforms to more holistically across virtualized environments?
Mitch Ashley: First of all, I feel like you’re inviting me to play. I got to throw out a few statistics of my own too, to validate what you’re saying because we’re just completed a study, a DevOps study, and where we asked, “Are you using Cloud Native? Are you using Kubernetes and microservices?”. And our results were 57% we’re doing that, another 22 were considering. It’s real, looking at data that’s validating each other. To your question though, I think what’s experiencing, and this also has backed up some of the results of the widespread adoption of DevOps process of how we create software, is that we’re evolving from lots of siloed solutions, “I need a this and a that and this that, and then I’ll assemble that together and create my application. I get this from Rafay and I get this from somebody else,” and whatever it might be, and now we’re seeing consolidation and I don’t want to call it homogenization, but I don’t want to deal with 25 people to create a platform.
I want people to help create a platform for me, thinking about platform engineering, whether that’s my DevOps tool thing, and I’m going to go to a Git lab that’s more of a DevOps platform or JFrog or somebody like that, or you were talking about the deployment of an environment, even saw it with Broadcom had some announcements around VMware and Tanzu about doing things on premise similar to what you would do in the cloud. I think people are looking for ways to try to simplify some of that complexity because the more… We’re not going to stop adding things to their environment. It’s just a natural of our industry, but you have to have ways of, “Let me start to take out some corrects so it can handle the new things that are coming in,” and I think that’s part of this trend. Also, just the competitive nature of the environment, the market. I can’t be just a single thing there. I’ve got to be able to provide more value and help my customers meet the velocity and acceleration that they’re being asked to meet.
Paul Nashawaty: And Mitch, absolutely, I want to comment on the data points because I think it’s also very important. Five years ago I transitioned from the vendor world to being an analyst and 25 years in the vendor world, I would work with the analyst community and absolutely not just get one data point from one analyst, say, “That’s what I’m going to go with.” I go to all the different analysts. I love the fact that in the analyst community that we can share each other’s views and frankly, even though our data matched and it lines up, I also like when that doesn’t match because it’s like, “What happened? How is that different?” It’s good to validate that, but look, speaking of data to angle in your complexity comment, in our recent observability research, we found that 75% of respondents use six to 15 different tools to gather insights for their information around their environment.
That’s hugely complex. Not surprising, the very next question was, “Are you looking to change your observability tool in 2024?” And 53% said yes because they want to move towards more of, like you were talking about a full-stack observability solution. It’s really interesting, but when we look at that, I want to pivot a little bit over to from observability to reach into the DevSecOps space. I think DevSecOps out of Kubecon is going to be very, very interesting. I think that there has been some consolidation of the market, but there’s also new approaches that are coming in, coming out of RSA and coming out of different Black Hat. You’d see that there’s a number of different things that are happening in the security space that I believe that Kubecon might be able to unpack some of that. What are your thoughts?
Mitch Ashley: Like all of this is going through its evolution and maturity cycles, and here’s my just high level view of DevSecOps is we’ve been through the shift left period. Let’s make it the developer’s problem. We’ve been through the, let’s move it left so we design security into the process. We’ve moved into the code scanning and doing things like vulnerability scanning, things like that to help create more secure code. But I think supply chain security has pointed out to us, software supply chain security, a couple of things as in the security world where I also come from, if you don’t secure at all and the three walls of the house are secured, but the back is wide open is not secure, and that’s what DevSecOps is evolving to is think it on two planes, the first plane is how we create software that we created in a way that it’s secure.
We’re designing good API, have good API management and lifecycle management and security built into how we do that, how we design our applications, et cetera, all the way through delivering it into production environments. I just pick out AppSec, if you want to think of it that way. And then the stack of course that it’s running on, whether it’s the software infrastructure, the Kubernetes, et cetera, all the way down to the cloud infrastructure stack. The second plane is because this is also where supply chain security comes in, is what about the underlying tool chain and all the processes that are used to create that? It might be one thing to have secure cars on the highway, but the highways suck. Guess what? You don’t have security. Same thing with our underlying tool chain that we use all the way through the entire DevOps process.
There’s a lot more focus on, for example, how do I use some of the principles from security? Things like isolation segmentation, if something happens upstream, my CI/CD doesn’t get compromised because same thing happens there is get in here and then move laterally and get to the goods where you can insert your code or do whatever damage that you’re doing. I think that’s what we’re evolving to and that’s why you see people repositioning themselves as DevSecOps companies, not because they have a little bit of security, but they’re addressing it more from a lifecycle standpoint. Not that it’s all solved, but I think customers don’t have to solve that all on their own either. It’s a hard enough problem stitching together a set of tools, and now we can do it with platforms. How do we do that with security? That’s my view of it.
Paul Nashawaty: And I love it. I love the perspective. When I think about what you were talking about, I was thinking about introducing another injection point into the CI/CD pipeline, which I have the security injection point. You already have your CI/CD pipeline, and you have your telemetry pipeline. I have security pipeline, you have all these different things you have to match, and I agree with your assessment that there’s a lot of companies out there that are trying to address and pivot themselves to be more focused on this. But I’m going to take a different spin, a little bit of a different spin and say that a lot of these companies also, the organizations that are delivering it, they are accountable and they are accountable for their actions. And frankly, with the executive orders that are put in place right now, with the fines and the reputation that organizations have to deal with, and also just the impact of the overall business security is a very strong area.
I think that there’s a lot here to unpack and a lot to talk about, and I’m definitely looking forward to connecting with the vendors that we have a nice strategic relationship with. Slim.AI, for example, Slim.AI, they do a great job at slimming down the containerization. I love that approach from an application perspective. That’s very interesting to me. I’m looking forward to meeting with Sleek and Harness and all the companies in the DevSecOps space as well. Lots happening at Kubecon? I also want to make, I don’t know, a shameless plug to the fact that we’re doing application development field day right before Kubecon, on the Tuesday and Wednesday of that week. If you’re coming to Kubecon anyways, AppDev Field Day is right there. It’s an event that really helps streamline and gets your message out there, but also gets the delegates in the room to help talk about what their perspectives are for what the solution is. Any thoughts on AppDev Field Day?
Mitch Ashley: It is relatively new to me. I’ve experienced a couple, matter of fact, I’m doing the AI one that’s right upon us here. It’s an experience with imagine yourself where if you were having a vendor, a technology supplier you’re considering you want to have the conversation that you’d like to have with them, but you wish you had more perspective, depth, other things to it. That’s what the delegates bring to this. It’s you’re listening in on a group of people who are asking the questions you wish you had thought to ask, and that’s what this online event is, where you can watch it in real time. And it’s not to make the vendor squirm. We’re not trying to do that. That’s not the case.
It’s really just thinking through, “If we’re AppDev, let’s talk about it. If we’re talking about AI, applying AI into the IDE and into the development process, what are some of the issues that come out? How do we think about that? What are good ways to solve that? Is there something that you do with that?” Those kinds of things. I think as a practitioner, consumer of the technologies for the vendors that are going to be at AppDev Field Day, it’s a great way to watch the professional tennis match and you don’t have to play in front of an audience. You can play it on your own at whatever level you are. Don’t worry about it.
Paul Nashawaty: Absolutely, Mitch. I’m looking forward to it. It’s going to be another great event. I know the last one was fantastic. We had a lot of viewers on the live stream. We had the follow-up was fantastic, I’m really looking forward to it. Mitch, it’s been a pleasure. Looking forward to seeing you at Kubecon. Looking forward to seeing you, working with you on a couple of different events here. Also, the audience here, hit us up. Mitch and I are both going to be at Kubecon, I believe, and I know I am. Hit us up and we’re going to be more than happy to talk to you about any of these data points that we threw out there, but also anything you want to talk about in our insights. But thank you and thank you for watching and enjoy your day. Have a good day.
Mitch Ashley: Thanks everybody. We’ll see you at Kubecon if not before.
Author Information
At The Futurum Group, Paul Nashawaty, Practice Leader and Lead Principal Analyst, specializes in application modernization across build, release and operations. With a wealth of expertise in digital transformation initiatives spanning front-end and back-end systems, he also possesses comprehensive knowledge of the underlying infrastructure ecosystem crucial for supporting modernization endeavors. With over 25 years of experience, Paul has a proven track record in implementing effective go-to-market strategies, including the identification of new market channels, the growth and cultivation of partner ecosystems, and the successful execution of strategic plans resulting in positive business outcomes for his clients.
Mitch Ashley is a technology executive and entrepreneur who is an advisor, analyst, product creator and IT leader, bringing 30+ years in cybersecurity, cloud, AI, product development and software engineering. As a CTO, CIO, go-to-market advisor and practitioner, Mitch currently leads Techstrong Research's analyst business and Techstrong Group's tech media platforms across video, written content, podcasts, and virtual and in-person events (500k subscribers) for DevOps, cybersecurity, AI, cloud native, platforms and digital leadership. Previously, Mitch led the creation of cybersecurity products utilized in private and public sectors, including the U.S. Department of Defense and all branches of the military. Mitch has also led businesses and technology in managed PKI services to broadband, Wi-Fi, IoT, energy management and 5G industries, product certification test labs, SaaS broadband service locator (93m transactions annually), first market deployments of video-on-demand and Internet cable services, national broadband network deployment and multiple banking and telecom applications.
Mitch frequently hosts award-winning video series, including DevOps Unbound, CISO Talk and Techstrong Gang available on Techstrong.tv. He is also a frequent speaker, roundtable and panel moderator and podcast host (techstrongpodcasts.com). He publishes his research content on TechstrongResearch.com and FuturumGroup.com.