May
11
2021
--

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronen Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

Apr
28
2021
--

Opsera raises $15M for its continuous DevOps orchestration platform

Opsera, a startup that’s building an orchestration platform for DevOps teams, today announced that it has raised a $15 million Series A funding round led by Felicis Ventures. New investor HMG Ventures, as well as existing investors Clear Ventures, Trinity Partners and Firebolt Ventures also participated in this round, which brings the company’s total funding to $19.3 million.

Founded in January 2020, Opsera lets developers provision their CI/CD tools through a single framework. Using this framework, they can then build and manage their pipelines for a variety of use cases, including their software delivery lifecycle, infrastructure as code and their SaaS application releases. With this, Opsera essentially aims to help teams set up and operate their various DevOps tools.

The company’s two co-founders, Chandra Ranganathan and Kumar Chivukula, originally met while working at Symantec a few years ago. Ranganathan then spent the last three years at Uber, where he ran that company’s global infrastructure. Meanwhile, Chivukula ran Symantec’s hybrid cloud services.

Image Credits: Opsera

“As part of the transformation [at Symantec], we delivered over 50+ acquisitions over time. That had led to the use of many cloud platforms, many data centers,” Ranganathan explained. “Ultimately we had to consolidate them into a single enterprise cloud. That journey is what led us to the pain points of what led to Opsera. There were many engineering teams. They all had diverse tools and stacks that were all needed for their own use cases.”

The challenge then was to still give developers the flexibility to choose the right tools for their use cases, while also providing a mechanism for automation, visibility and governance — and that’s ultimately the problem Opsera now aims to solve.

Image Credits: Opsera

“In the DevOps landscape, […] there is a plethora of tools, and a lot of people are writing the glue code,” Opsera co-founder Chivukula noted. “But then they’re not they don’t have visibility. At Opsera, our mission and goal is to bring order to the chaos. And the way we want to do this is by giving choice and flexibility to the users and provide no-code automation using a unified framework.”

Wesley Chan, a managing director for Felicis Ventures who will join the Opsera board, also noted that he believes that one of the next big areas for growth in DevOps is how orchestration and release management is handled.

“We spoke to a lot of startups who are all using black-box tools because they’ve built their engineering organization and their DevOps from scratch,” Chan said. “That’s fine, if you’re starting from scratch and you just hired a bunch of people outside of Google and they’re all very sophisticated. But then when you talk to some of the larger companies. […] You just have all these different teams and tools — and it gets unwieldy and complex.”

Unlike some other tools, Chan argues, Opsera allows its users the flexibility to interface with this wide variety of existing internal systems and tools for managing the software lifecycle and releases.

“This is why we got so interested in investing, because we just heard from all the folks that this is the right tool. There’s no way we’re throwing out a bunch of our internal stuff. This would just wreak havoc on our engineering team,” Chan explained. He believes that building with this wide existing ecosystem in mind — and integrating with it without forcing users onto a completely new platform — and its ability to reduce friction for these teams, is what will ultimately make Opsera successful.

Opsera plans to use the new funding to grow its engineering team and accelerate its go-to-market efforts.

Oct
21
2020
--

Contrast launches its security observability platform

Contrast, a developer-centric application security company with customers that include Liberty Mutual Insurance, NTT Data, AXA and Bandwidth, today announced the launch of its security observability platform. The idea here is to offer developers a single pane of glass to manage an application’s security across its lifecycle, combined with real-time analysis and reporting, as well as remediation tools.

“Every line of code that’s happening increases the risk to a business if it’s not secure,” said Contrast CEO and chairman Alan Naumann. “We’re focused on securing all that code that businesses are writing for both automation and digital transformation.”

Over the course of the last few years, the well-funded company, which raised a $65 million Series D round last year, launched numerous security tools that cover a wide range of use cases, from automated penetration testing to cloud application security and now DevOps — and this new platform is meant to tie them all together.

DevOps, the company argues, is really what necessitates a platform like this, given that developers now push more code into production than ever — and the onus of ensuring that this code is secure is now also often on that.

Image Credits: Contrast

Traditionally, Naumann argues, security services focused on the code itself and looking at traffic.

“We think at the application layer, the same principles of observability apply that have been used in the IT infrastructure space,” he said. “Specifically, we do instrumentation of the code and we weave security sensors into the code as it’s being developed and are looking for vulnerabilities and observing running code. […] Our view is: the world’s most complex systems are best when instrumented, whether it’s an airplane, a spacecraft, an IT infrastructure. We think the same is true for code. So our breakthrough is applying instrumentation to code and observing for security vulnerabilities.”

With this new platform, Contrast is aggregating information from its existing systems into a single dashboard. And while Contrast observes the code throughout its lifecycle, it also scans for vulnerabilities whenever a developers check code into the CI/CD pipeline, thanks to integrations with most of the standard tools like Jenkins. It’s worth noting that the service also scans for vulnerabilities in open-source libraries. Once deployed, Contrast’s new platform keeps an eye on the data that runs through the various APIs and systems the application connects to and scans for potential security issues there as well.

The platform currently supports all of the large cloud providers, like AWS, Azure and Google Cloud, and languages and frameworks, like Java, Python, .NET and Ruby.

Image Credits: Contrast

Jun
22
2020
--

4 enterprise developer trends that will shape 2021

Technology has dramatically changed over the last decade, and so has how we build and deliver enterprise software.

Ten years ago, “modern computing” was to rely on teams of network admins managing data centers, running one application per server, deploying monolithic services, through waterfall, manual releases managed by QA and release managers.

Today, we have multi and hybrid clouds, serverless services, in continuous integration, running infrastructure-as-code.

SaaS has grown from a nascent 2% of the $450B enterprise software market in 2009, to 23% in 2020 and crossed $100B in revenue. PaaS and IaaS revenue represent another $50B in revenue, expecting to double to $100B by 2022.

With 77% of the enterprise software market — over $350B in annual revenue — still on legacy and on-premise systems, modern SaaS, PaaS and IaaS eating at the legacy market alone can grow the market 3x-4x over the next decade.

As the shift to cloud accelerates across the platform and infrastructure layers, here are four trends starting to emerge that will change how we develop and deliver enterprise software for the next decade.

1. The move to “everything as code”

Companies are building more dynamic, multiplatform, complex infrastructures than ever. We see the “-aaS” of the application, data, runtime and virtualization layers. Modern architectures are forcing extensibility to work with any number of mixed and matched services.

Jun
02
2020
--

Atlassian launches new DevOps features

Atlassian today launched a slew of DevOps-centric updates to a variety of its services, ranging from Bitbucket Cloud and Pipelines to Jira and others. While it’s quite a grab-bag of announcements, the overall idea behind them is to make it easier for teams to collaborate across functions as companies adopt DevOps as their development practice of choice.

“I’ve seen a lot of these tech companies go through their agile and DevOps transformations over the years,” Tiffany To, the head of agile and DevOps solutions at Atlassian told me. “Everyone wants the benefits of DevOps, but — we know it — it gets complicated when we mix these teams together, we add all these tools. As we’ve talked with a lot of our users, for them to succeed in DevOps, they actually need a lot more than just the toolset. They have to enable the teams. And so that’s what a lot of these features are focused on.”

As To stressed, the company also worked with several ecosystem partners, for example, to extend the automation features in Jira Software Cloud, which can now also be triggered by commits and pull requests in GitHub, GitLab and other code repositories that are integrated into Jira Software Cloud. “Now you get these really nice integrations for DevOps where we are enabling these developers to not spend time updating the issues,” To noted.

Indeed, a lot of the announcements focus on integrations with third-party tools. This, To said, is meant to allow Atlassian to meet developers where they are. If your code editor of choice is VS Code, for example, you can now try Atlassian’s now VS Code extension, which brings your task like from Jira Software Cloud to the editor, as well as a code review experience and CI/CD tracking from Bitbucket Pipelines.

Also new is the “Your Work” dashboard in Bitbucket Cloud, which can now show you all of your assigned Jira issues, as well as Code Insights in Bitbucket Cloud. Code Insights features integrations with Mabl for test automation, Sentry for monitoring and Snyk for finding security vulnerabilities. These integrations were built on top of an open API, so teams can build their own integrations, too.

“There’s a really important trend to shift left. How do we remove the bugs and the security issues earlier in that dev cycle, because it costs more to fix it later,” said To. “You need to move that whole detection process much earlier in the software lifecycle.”

Jira Service Desk Cloud is getting a new Risk Management Engine that can score the risk of changes and auto-approve low-risk ones, as well as a new change management view to streamline the approval process.

Finally, there is new Opsgenie and Bitbucket Cloud integration that centralizes alerts and promises to filter out the noise, as well as a nice incident investigation dashboard to help teams take a look at the last deployment that happened before the incident occurred.

“The reason why you need all these little features is that as you stitch together a very large number of tools […], there is just lots of these friction points,” said To. “And so there is this balance of, if you bought a single toolchain, all from one vendor, you would have fewer of these friction points, but then you don’t get to choose best of breed. Our mission is to enable you to pick the best tools because it’s not one-size-fits-all.”

Apr
29
2020
--

Puppet names former Cloud Foundry Foundation executive director Abby Kearns as CTO

Puppet, the Portland-based infrastructure automation company, today announced that it has named former Cloud Foundry Foundation executive director Abby Kearns as its new CTO.

Current Puppet CTO Deepak Giridharagopal will remain in his role and focus on R&D and leading new projects, while Kearns will focus on expanding the company’s product portfolio and communicating with enterprise audiences.

Kearns stepped down from her role at the Cloud Foundry Foundation earlier this month after holding that position since 2016. At the time, she wasn’t quite ready to reveal her next move, though, and her taking the CTO job at Puppet comes as a bit of a surprise. Despite a lot of usage and hype in its early days, Puppet isn’t often seen as an up-and-coming company anymore, after all. But Kearns argues that a lot of this is due to perception.

“Puppet had great technology and really drove the early DevOps movement, but they kind of fell off the face of the map,” she said. “Nobody thought of them as anything other than config management, and so I was like, well, you know, problem number one: fix that perception problem if that’s no longer the reality or otherwise, everyone thinks you’re dead.”

Since Kearns had already started talking to Puppet CEO Yvonne Wassenaar, who took the job in January 2019, she joined the product advisory board about a year ago and the discussion about Kearns joining the company became serious a few months later.

“We started talking earlier this year,” said Kearns. “She said: ‘You know, wouldn’t it be great if you could come help us? I’m building out a brand new executive team. We’re really trying to reshape the company.’ And I got really excited about the team that she built. She’s got a really fantastic new leadership team, all of them are there for less than a year. they have a new CRO, new CMO. She’s really assembled a fantastic team of people that are super smart, but also really thoughtful people.”

Kearns argues that Puppet’s product has really changed, but that the company didn’t really talk about it enough, despite the fact that 80% of the Global 5,000 are customers.

Given the COVID-19 pandemic, Kearns has obviously not been able to meet the Puppet team yet, but she told me that she’s starting to dig deeper into the company’s product portfolio and put together a strategy. “There’s just such an immensely talented team here. And I realize every startup tells you that, but really, there’s actually a lot of talented people here that are really nice. And I guess maybe it’s the Portland in them, but everyone’s nice,” she said.

“Abby is keenly aware of Puppet’s mission, having served on our Product Advisory Board for the last year, and is a technologist at heart,” said Wassenaar. “She brings a great balance to this position for us – she has deep experience in the enterprise and understands how to solve problems at massive scale.”

In addition to Kearns, former Cloud Foundry Foundation VP of marketing Devin Davis also joined Puppet as the company’s VP of corporate marketing and communications.

Update: we updated the post to clarify that Deepak Giridharagopal will remain in his role.

Apr
28
2020
--

Checkly raises $2.25M seed round for its monitoring and testing platform

Checkly, a Berlin-based startup that is developing a monitoring and testing platform for DevOps teams, today announced that it has raised a $2.25 million seed round led by Accel. A number of angel investors, including Instana CEO Mirko Novakovic, Zeit CEO Guillermo Rauch and former Twilio CTO Ott Kaukver, also participated in this round.

The company’s SaaS platform allows developers to monitor their API endpoints and web apps — and it obviously alerts you when something goes awry. The transaction monitoring tool makes it easy to regularly test interactions with front-end websites without having to actually write any code. The test software is based on Google’s open-source Puppeteer framework and to build its commercial platform, Checkly also developed Puppeteer Recorder for creating these end-to-end testing scripts in a low-code tool that developers access through a Chrome extension.

The team believes that it’s the combination of end-to-end testing and active monitoring, as well as its focus on modern DevOps teams, that makes Checkly stand out in what is already a pretty crowded market for monitoring tools.

“As a customer in the monitoring market, I thought it had long been stuck in the 90s and I needed a tool that could support teams in JavaScript and work for all the different roles within a DevOps team. I set out to build it, quickly realizing that testing was equally important to address,” said Tim Nolet, who founded the company in 2018. “At Checkly, we’ve created a market-defining tool that our customers have been demanding, and we’ve already seen strong traction through word of mouth. We’re delighted to partner with Accel on building out our vision to become the active reliability platform for DevOps teams.”

Nolet’s co-founders are Hannes Lenke, who founded TestObject (which was later acquired by Sauce Labs), and Timo Euteneuer, who was previously Director Sales EMEA at Sauce Labs.

Tthe company says that it currently has about 125 paying customers who run about 1 million checks per day on its platform. Pricing for its services starts at $7 per month for individual developers, with plans for small teams starting at $29 per month.

Apr
07
2020
--

Continuous delivery pioneer CircleCI scores $100M Series E

CircleCI, an early adherent to the notion of continuous delivery when it launched in 2011, announced a $100 million Series E investment today. It comes on top of a $56 million round last July.

The round was led by IVP and Sapphire Ventures . Under the terms of the deal, Cack Wilhelm will be joining the CircleCI board. Jai Das from Sapphire will also be joining the board as an observer.

Today’s investment brings the total raised to $215 million, according to the company, with $156 million coming over the last 8 months. The company did not want to discuss its current valuation.

Circle CI CEO Jim Rose says with so much uncertainty because of COVID-19 he welcomes not only the money, but the quality of the firms and people involved in the investment.

“We’re really excited to get both IVP and Sapphire because they’ve seen all of it all the way through public and beyond. Given all of the nuttiness over the last few months obviously having cash on the balance sheet is extremely helpful, but the other part, too is that this a time when you want to have more brains around the table, not fewer. And so being able to get people to help out and just think about the problems that we’re encountering right now is really helpful,” Rose told TechCrunch .

Rose recognizes the huge challenge everyone is facing, but he sees this switch to remote workforces really driving the need for more automation, something his company is in a position to help DevOps teams with.

“What we’ve seen from a DevOps perspective is that this forced migration to remote-only for so many organizations has really driven the urgency for more automation in the DevOps pipeline,” he said.

He said this has led to a huge surge in usage on the platform in recent weeks, and today’s investment will at least partly go towards making sure there are enough resources in place to keep the platform stable whatever comes.

“When we think about money and we think about where we’re investing in the near term, we’re investing a lot in making sure that the platform is stable and available and supporting all of our customers as they go through this. You know this is a difficult time, a difficult transition and we’re trying to make sure that we’re doing everything we can to support our customers through that process,” Rose said.

Many companies at this stage of startup maturity begin to look ahead to an IPO, but Rose isn’t ready to discuss that, especially in the current economic climate. “We’re going to have to get folks to some kind of liquidity at some point, but I think right now our focus is on really investing in the platform and investing in our customers and then we’ll let the market clear out and figure out what the new normal looks like,” he said.

The company would consider making some acquisitions with its base of capital if the right opportunity came along. “We’re always evaluating and always looking around. One of the interesting things about our space is that it’s flooded with new and innovative approaches to point problems. There are a lot of companies that are interesting, so we’re definitely always looking around,” he said.

Dec
02
2019
--

CircleCI launches improved AWS support

For about a year now, continuous integration and delivery service CircleCI has offered Orbs, a way to easily reuse commands and integrations with third-party services. Unsurprisingly, some of the most popular Orbs focus on AWS, as that’s where most of the company’s developers are either testing their code or deploying it. Today, right in time for AWS’s annual re:Invent developer conference in Las Vegas, the company announced that it has now added Orb support for the AWS Serverless Application Model (SAM), which makes setting up automated CI/CD platforms for testing and deploying to AWS Lambda significantly easier.

In total, the company says, more than 11,000 organizations started using Orbs since it launched a year ago. Among the AWS-centric Orbs are those for building and updating images for the Amazon Elastic Container Services and the Elastic Container Service for Kubernetes (EKS), for example, as well as AWS CodeDeploy support, an Orb for installing and configuring the AWS command line interface, an Orb for working with the S3 storage service and more.

“We’re just seeing a momentum of more and more companies being ready to adopt [managed services like Lambda, ECS and EKS], so this became really the ideal time to do most of the work with the product team at AWS that manages their serverless ecosystem and to add in this capability to leverage that serverless application model and really have this out of the box CI/CD flow ready for users who wanted to start adding these into to Lambda,” CircleCI VP of business development Tom Trahan told me. “I think when Lambda was in its earlier days, a lot of people would use it and they would use it and not necessarily follow the same software patterns and delivery flow that they might have with their traditional software. As they put more and more into Lambda and are really putting a lot more what I would call ‘production quality code’ out there to leverage. They realize they do want to have that same software delivery capability and discipline for Lambda as well.”

Trahan stressed that he’s still talking about early adopters and companies that started out as cloud-native companies, but these days, this group includes a lot of traditional companies, as well, that are now rapidly going through their own digital transformations.

Aug
22
2019
--

Enterprise software is hot — who would have thought?

Once considered the most boring of topics, enterprise software is now getting infused with such energy that it is arguably the hottest space in tech.

It’s been a long time coming. And it is the developers, software engineers and veteran technologists with deep experience building at-scale technologies who are energizing enterprise software. They have learned to build resilient and secure applications with open-source components through continuous delivery practices that align technical requirements with customer needs. And now they are developing application architectures and tools for at-scale development and management for enterprises to make the same transformation.

“Enterprise had become a dirty word, but there’s a resurgence going on and Enterprise doesn’t just mean big and slow anymore,” said JD Trask, co-founder of Raygun enterprise monitoring software. “I view the modern enterprise as one that expects their software to be as good as consumer software. Fast. Easy to use. Delivers value.”

The shift to scale out computing and the rise of the container ecosystem, driven largely by startups, is disrupting the entire stack, notes Andrew Randall, vice president of business development at Kinvolk.

In advance of TechCrunch’s first enterprise-focused event, TC Sessions: Enterprise, The New Stack examined the commonalities between the numerous enterprise-focused companies who sponsor us. Their experiences help illustrate the forces at play behind the creation of the modern enterprise tech stack. In every case, the founders and CTOs recognize the need for speed and agility, with the ultimate goal of producing software that’s uniquely in line with customer needs.

We’ll explore these topics in more depth at The New Stack pancake breakfast and podcast recording at TC Sessions: Enterprise. Starting at 7:45 a.m. on Sept. 5, we’ll be serving breakfast and hosting a panel discussion on “The People and Technology You Need to Build a Modern Enterprise,” with Sid Sijbrandij, founder and CEO, GitLab, and Frederic Lardinois, enterprise writer and editor, TechCrunch, among others. Questions from the audience are encouraged and rewarded, with a raffle prize awarded at the end.

Traditional virtual machine infrastructure was originally designed to help manage server sprawl for systems-of-record software — not to scale out across a fabric of distributed nodes. The disruptors transforming the historical technology stack view the application, not the hardware, as the main focus of attention. Companies in The New Stack’s sponsor network provide examples of the shift toward software that they aim to inspire in their enterprise customers. Portworx provides persistent state for containers; NS1 offers a DNS platform that orchestrates the delivery internet and enterprise applications; Lightbend combines the scalability and resilience of microservices architecture with the real-time value of streaming data.

“Application development and delivery have changed. Organizations across all industry verticals are looking to leverage new technologies, vendors and topologies in search of better performance, reliability and time to market,” said Kris Beevers, CEO of NS1. “For many, this means embracing the benefits of agile development in multicloud environments or building edge networks to drive maximum velocity.”

Enterprise software startups are delivering that value, while they embody the practices that help them deliver it.

The secrets to speed, agility and customer focus

Speed matters, but only if the end result aligns with customer needs. Faster time to market is often cited as the main driver behind digital transformation in the enterprise. But speed must also be matched by agility and the ability to adapt to customer needs. That means embracing continuous delivery, which Martin Fowler describes as the process that allows for the ability to put software into production at any time, with the workflows and the pipeline to support it.

Continuous delivery (CD) makes it possible to develop software that can adapt quickly, meet customer demands and provide a level of satisfaction with benefits that enhance the value of the business and the overall brand. CD has become a major category in cloud-native technologies, with companies such as CircleCI, CloudBees, Harness and Semaphore all finding their own ways to approach the problems enterprises face as they often struggle with the shift.

“The best-equipped enterprises are those [that] realize that the speed and quality of their software output are integral to their bottom line,” Rob Zuber, CTO of CircleCI, said.

Speed is also in large part why monitoring and observability have held their value and continue to be part of the larger dimension of at-scale application development, delivery and management. Better data collection and analysis, assisted by machine learning and artificial intelligence, allow companies to quickly troubleshoot and respond to customer needs with reduced downtime and tight DevOps feedback loops. Companies in our sponsor network that fit in this space include Raygun for error detection; Humio, which provides observability capabilities; InfluxData with its time-series data platform for monitoring; Epsagon, the monitoring platform for serverless architectures and Tricentis for software testing.

“Customer focus has always been a priority, but the ability to deliver an exceptional experience will now make or break a “modern enterprise,” said Wolfgang Platz, founder of Tricentis, which makes automated software testing tools. “It’s absolutely essential that you’re highly responsive to the user base, constantly engaging with them to add greater value. This close and constant collaboration has always been central to longevity, but now it’s a matter of survival.”

DevOps is a bit overplayed, but it still is the mainstay workflow for cloud-native technologies and critical to achieving engineering speed and agility in a decoupled, cloud-native architecture. However, DevOps is also undergoing its own transformation, buoyed by the increasing automation and transparency allowed through the rise of declarative infrastructure, microservices and serverless technologies. This is cloud-native DevOps. Not a tool or a new methodology, but an evolution of the longstanding practices that further align developers and operations teams — but now also expanding to include security teams (DevSecOps), business teams (BizDevOps) and networking (NetDevOps).

“We are in this constant feedback loop with our customers where, while helping them in their digital transformation journey, we learn a lot and we apply these learnings for our own digital transformation journey,” Francois Dechery, chief strategy officer and co-founder of CloudBees, said. “It includes finding the right balance between developer freedom and risk management. It requires the creation of what we call a continuous everything culture.”

Leveraging open-source components is also core in achieving speed for engineering. Open-source use allows engineering teams to focus on building code that creates or supports the core business value. Startups in this space include Tidelift and open-source security companies such as Capsule8. Organizations in our sponsor portfolio that play roles in the development of at-scale technologies include The Linux Foundation, the Cloud Native Computing Foundation and the Cloud Foundry Foundation.

“Modern enterprises … think critically about what they should be building themselves and what they should be sourcing from somewhere else,” said Chip Childers, CTO of Cloud Foundry Foundation . “Talented engineers are one of the most valuable assets a company can apply to being competitive, and ensuring they have the freedom to focus on differentiation is super important.”

You need great engineering talent, giving them the ability to build secure and reliable systems at scale while also the trust in providing direct access to hardware as a differentiator.

Is the enterprise really ready?

The bleeding edge can bleed too much for the likings of enterprise customers, said James Ford, an analyst and consultant.

“It’s tempting to live by mantras like ‘wow the customer,’ ‘never do what customers want (instead build innovative solutions that solve their need),’ ‘reduce to the max,’ … and many more,” said Bernd Greifeneder, CTO and co-founder of Dynatrace . “But at the end of the day, the point is that technology is here to help with smart answers … so it’s important to marry technical expertise with enterprise customer need, and vice versa.”

How the enterprise adopts new ways of working will affect how startups ultimately fare. The container hype has cooled a bit and technologists have more solid viewpoints about how to build out architecture.

One notable trend to watch: The role of cloud services through projects such as Firecracker. AWS Lambda is built on Firecracker, the open-source virtualization technology, built originally at Amazon Web Services . Firecracker serves as a way to get the speed and density that comes with containers and the hardware isolation and security capabilities that virtualization offers. Startups such as Weaveworks have developed a platform on Firecracker. OpenStack’s Kata containers also use Firecracker.

“Firecracker makes it easier for the enterprise to have secure code,” Ford said. It reduces the surface security issues. “With its minimal footprint, the user has control. It means less features that are misconfigured, which is a major security vulnerability.”

Enterprise startups are hot. How they succeed will determine how well they may provide a uniqueness in the face of the ever-consuming cloud services and at-scale startups that inevitably launch their own services. The answer may be in the middle with purpose-built architectures that use open-source components such as Firecracker to provide the capabilities of containers and the hardware isolation that comes with virtualization.

Hope to see you at TC Sessions: Enterprise. Get there early. We’ll be serving pancakes to start the day. As we like to say, “Come have a short stack with The New Stack!”

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com