September 9th, 2022 by Adam Sandman
Our CEO Adam Sandman is a member of the DeveloperWeek network's advisory board for DevOps. One of the benefits of this role is getting to review all the speaker proposals for the DeveloperWeek Cloud and DevOps Summit conference and also attending the conference to meet the speakers, attendees and other advisory board members. In this article, Adam shares some of the insights and trends that were presented at the conference, as well as information on some of the latest Cloud and DevOps tools for developers and DevOps engineers.
DeveloperWeek Cloud 2022
The annual DeveloperWeek Cloud Conference held at the Palmer Events Center, Austin, TX is the premiere international cloud computing conference, where over 3,500 cloud engineers & developers, IT managers, entrepreneurs, and innovators converge to discover the newest cloud computing innovations.
DevOps Summit
In addition, the DevOps Summit track covered the digital convergence of Cloud DevOps engineers, DevOps managers, and dev professionals with a landscape view of the innovation going on in DevOps. Since DevOps is at the intersection of software development with IT / Cloud management, the dedicated tracks covered new technologies and best practices in scalability, monitoring, continuous integration, dev security ops, API ops, and containers / Kubernetes.
There was also an Open Stage section of the conference, where speakers and exhibitors could give more focused talks on their specific technologies and innovations. This stage was located next to the Expo floor so that attendees could easily see what was being presented, and dart over to the stage when something interesting and relevant was being discussed.
.NET Enterprise Developer Days Hosted by AWS
Finally, Amazon Web Services (AWS) had their own set of dedicated tracks at the event, where they were focusing on Microsoft .NET Applications, and providing guidance and strategies for migrating existing .NET applications to the AWS cloud infrastructure.
Some of the most interesting talks in this area were around the ability to use AWS conversion tools to move .NET Framework applications (as well as .NET Core apps) to Windows EC2-backed Docker containers running in AWS Kubernetes.
Keynote - Cloudy Days Ahead
During the opening keynote talk, the speaker Ori Bendet from Checkmarx discussed the Clouds on the Horizon, What Lies Ahead for Security, Development and CloudSec teams.The talk focused on how there are competing demands on cloud native development, to balance the "Shift-Left" imperatives of increased speed, increased use of common open-source components, platforms and libraries, with the need for ever increasing security, quality and compliance of the systems in production.
For example, in an ideal world, developers want the simplest possible word, where code committed into a Git repository is automatically built, tested, and deployed into production with as few manual steps and stages as possible.
However when you speak to people involved in IT security, CIOs, CISOs and other infrastructure or IT service delivery roles, you get a vary different picture.
They want to be able to manage their organizational and technical risks as much as possible. For example, they want to ensure that all developer activities and workflows are monitored and traced back to user needs and documented features. They want to have a smaller set of comprehensive platforms with strong Service Level Agreements (SLAs) rather than using whatever latest tool an individual developer wants. Whereas a developer is happy to use the latest API or feature from a cloud provider to simplify their process, the CISO cares about re-usability, redundancy and avoiding vendor lock-in. Maybe using a standard method that is not cloud-specific is more important than using the latest feature.
So, to go back to the earlier theme, the talk demonstrated that there is a need for agility and speed to be balanced by quality and compliance. You need to be able to deliver features and great user experiences faster AND deliver then in a reliable, performant and secure way, each and every time.
Key Themes
There were many other talks at the conference, focusing on key ideas around how to architect reliability and availability into cloud applications, how to include debugging tools such as instrumentation and telemetry into cloud applications. There were also focused talks on cloud-based data management, integrating AI and chatbots into cloud applications, as well general talks on micro-services, containerization using Docker and Kubernetes, and approaches to setting up efficient DevOps pipelines for native cloud applications.
However a couple of interesting talks included one of the dangers of using passwords and password-like tokens in the development stack, and one on the role of your "digital double", identity and personality management in the new world of Web 3.0 applications.
Building a Passwordless Cloud Infrastructure
This talk by Kyle Kotowick of Invicton Labs discussed how vulnerable developer stacks and cloud infrastructure are to password credential attacks. In the course of developing, building and deploying systems, each step of the process involves multiple services, each talking to each other by means of password-like tokens such as passwords, API Keys, certificates and other long-lived security identifiers. In line with classic Risk Management approaches, the talk discussed how to reduce the impact and/or probability of a credential being compromised.
A key recommendation was to deploy a Single Sign On (SSO) identity provider that uses a technology such as OAuth 2.0 / OpenID Connect and allow bio-metric login as its primary factor. Then use this provider for accessing all other services in lieu of having passwords for each service. Finally, establish trust between all your other products and platforms using this SSO identity. A key takeaway was to only select services and providers that offer SSO as part of the tier your company can afford to use at scale.
Creating a Seamless Access Experience with the Digital Double
In this talk by Asanka Abeysinghe of WSO2, there was an interesting discussion of how current identity management systems (using OAuth, SAML or OpenID Connect) are limited to just storing a user's identity information (name, email address, bio-metric identifiers). In the future it is proposed that users will look to expand this to include their 'digital personality', essentially all of the behaviors and other aspects of their digital footprint.
For example, imagine you had a central digital profile that contained your browsing history, social media posts, shopping habits and even futuristic data elements such as your driving style (from your IoT car). Currently each provider (e.g. Amazon, Tesla, etc.) collects and stores this data for you, but you have no control over what is stored, and who it is shared with.
In this new Web 3.0 world, you will have a place where all this data is stored, and you will chose what elements to share with different applications and services. For example, just like the fact that you have multiple personalities in the real world, in the digital world, your profile might present different personalities to applications. You might have a professional personality that you share with LinkedIn and a family personality you share with Facebook.
What's New from The Expo
In between the various sessions, the Expo had many different interesting and innovative vendors, including companies providing tools to assist with instrumentation and telemetry of applications running in the cloud, different orchestration platforms, and many different products offering security and reliability services to assist with cloud deployments and infrastructure.
There were also developer tools aimed at improving productivity and reducing the time from code commit to deployment into production.
There was also a selection of companies offering workflow and business process orchestration engines that combine traditional event-based messaging with containerized applications to allow flexibility in handling business process management and technical infrastructure orchestration in the same platform.
Advisory Board VIP Summit
As a member of the advisory board for the Developer Week Cloud 2022, I was fortunate enough to review the various speaker proposals and assist in the section of the talks in the program. It also allowed me to take part in the Advisory Board VIP Summit the night before the conference. During this time, I met various other entrepreneurs and leaders in the technology industry. I would recommend volunteering your time to assist in an advisory board to a conference. It's a great way to broaden your skills, get exposure to new technologies and ideas. In addition, you get to meet amazing people who are part of the board and expand your network.
Thanks to the DeveloperWeek team for the great opportunity. I hope to see you at future events.