Let’s talk about cloud trends in 2022. Obviously, it’s very ambitious to make predictions in such a speculative market like ours, where the technology is changing rapidly. Still, we can all agree that many of the most innovative trends that were brought to light since 2017 will be in full bloom in 2022.

In 2022, we will see more of the same type of excitement. Open-source projects like Webassembly or Kubernetes have already made our lives easier in 2021. The next year to come will be the time of real product-market fit for technologies. Here are some of those for you to consider: cloud native security, hybrid cloud computing, and GitOps. But how will this look in a year’s time? What is the future of application development and operation?

To put it briefly — we are in a new era.

Cloud native security

There are billions of connected digital devices that can be exploited for malicious purposes. This means cybercriminals can use a single attack to compromise multiple devices and potentially create a mega-attack with devastating results. Cloud native security is designed to deal with today’s network security threats by making both faster security updates and greater visibility possible through decentralizing controls and integrating API layers for monitoring and response capabilities.

In 2022, Cloud will be more secure and breach-free than traditional deployments because ‘serverless’ environments like AWS Lambda and its equivalents in other clouds make it hard for hackers to find a system to penetrate, operate on, or steal from. 94% of SMBs appreciate the security upgrade that adopting the cloud brings. (Source: MicrosoftOffice365)

That’s where DevSecOps (a portmanteau of “Dev” and “Sec”) comes in, a focus on security considerations in development lifecycles by automating routine tasks.

Not only does this practice speed things up, but it also reduces costs incurred by addressing the aftermath of security breaches.

Perhaps better defined as “Software Defined Security” this methodology is similar to DevOps in that it seeks to integrate security concerns into all development processes throughout an organization. It differs from it mainly in that it focuses on automation of routine tasks like vulnerability scanning, penetration testing, etc., rather than empowering developers to make changes themselves.

The idea behind DevSecOps is to catch issues like cross-site scripting (XSS) bugs, SQL injection vulnerabilities, and other problems early on in the development cycle by using tools like static analysis scanners that can find potentially dangerous code flaws in your app before you even know there’s a problem.

Here are some ways DevSecOps can help:

• Static analysis tools scan for vulnerable code within apps

• Dynamic analysis tools monitor apps for common vulnerabilities with runtime monitoring during deployments

• Test coverage software finds places where tests aren’t being implemented properly

Developers are especially interested in how to automate processes like vulnerability scanning, penetration testing, threat management, network monitoring, and application performance tuning in order to easily prevent cyberattacks.

Acceleration of digital transformation

The way we design, deploy, run and operate applications is changing. The cloud gives developers more agility as they can scale their apps easily with minimum infrastructure on their own. For example, container platforms like AWS Fargate or Google Cloud Platform (GCP) Fission lets you spin up a containerized app in seconds at low costs.

As IT professionals as well as cloud practitioners, we observed a surge in public cloud providers, now going by the dozens of offerings. Gartner expects that by 2022, 90% of enterprises who purchase public cloud IaaS will do so from either an integrated IaaS or a platform-as-a-service (PaaS).

There are various factors driving this trend – increasing mobile & social media users, adoption of cloud-based products and services, evolution of new technologies like blockchain, internet of things (IoT), artificial intelligence (AI), machine learning (ML), etc. But after two years in an ongoing pandemic, the leveraging effect on public cloud made the ongoing rush to digital transformation even faster.

The way enterprises are approaching digital transformation has also changed. They are looking beyond just digitizing their products and services to leveraging transformative technologies to reinvent themselves, bringing new experiences to customers, and creating new revenue streams.

This means that it is not just about digitizing products but rethinking them from the core and reimagining the way they work for consumers by integrating newer technologies and innovating based on consumer insights. In other words, it is about ensuring an experience that is seamless.

As enterprises open to a more distributed and asynchronous work culture, the rise for tooling ubiquity and processes fuels budget spending. 70% of companies using the cloud plan to increase their budgets in the future. (Source: Flexera)

And global spending on cloud services is expected to reach over $482 billion in 2022 says Forbes.

DevOps + GitOps = <3

DevOps continues to evolve into more automation and orchestration with tools like Puppet and Ansible. However, there is a growing trend of adopting tools based on DevOps philosophies that use source control for configuration management (i.e., a distributed version control system). This lets you easily manage your configurations as code and also enables easy testing, verification, and rollback of changes. An example tool in this space is GitHub’s new GitHub Actions.

Enter GitOps – a term coined in 2017 by Weaveworks. It puts Git, the de-facto standard for source version management, at the heart of change management from infrastructure to network and more. According to a survey on Twitter by GitLab in June 2020, most respondents had not yet looked into adopting the practice. As more and more companies start using containers as their way of delivering applications, they will inevitably find themselves having to deal with container security issues. This could be anything from finding a way to harden their container images, to monitoring their running containers or updating them.

Trying to handle all this manually will soon become unmanageable, which is where GitOps comes into play. It’s a set of best practices that are meant to make container security more approachable and easier for developers to implement when developing their apps.

The most successful GitOps implementations include variations of the following practices:

• Describe the entire system in a declarative form
• Storing the desired system state in a git repository
• Use change requests to approve evolutions (pull requests or merge requests)
• Automatically apply the system upon approval

Recent job profiles, like SREs, have the necessary coding skills to thrive in the GitOps paradigm. The ecosystem is still in its early days, but nearly a quarter of the surveyed respondents were using GitOps, and more than 10% were planning to implement adoption.

WebAssembly on all fronts

Enters WASM or WebAssembly, trying to accomplish what Java and then Docker promised: “code once, run anywhere”.  With the surge of cloud computing, it’s easy to understand why your business is becoming increasingly dependent on a cloud-based infrastructure.

Solomon Hykes, a co-founder of Docker, wrote in 2019, “If WASM+WASI existed in 2008, we wouldn’t have needed to create Docker. That’s how important it is. WebAssembly on the server is the future of computing.”

But as you migrate to the cloud, there are many intricacies involved: CPU diversity, multiple operating environments, security, distributed application architecture, and scalability, all of which transcend deployments into a single public cloud provider.

Now layer on the vast number of disparate devices connected to the internet—a number on a skyrocketing trajectory toward an estimated 50 billion connected devices by 2030. Finally, add enterprise integration tasks that are intensified by the dozen or more popular and incompatible CPU architectures—each with their own unique operational lifecycle from as many major manufacturers—and it’s easy to see how the complexity of the future of distributed computing appears untenable.

Questions about how to manage this complexity arise daily for enterprises that want to get the most out of their investments in IT infrastructure. New solutions are required to maximize the performance and potential of distributed computing – and one in particular has risen above the rest: WebAssembly (Wasm).

WASI, and projects like Wasmer, out in version 2.1, provide software containerization, to create universal binaries that work anywhere without modification, including operating systems like Linux, macOS, Windows, and web browsers. Wasm automatically sandboxes applications by default for secure execution.

Wasm excels because its near-native performance makes it ideal for standalone, embedded, and other types of integrations. Its portability and “write once, run everywhere”-approach gives developers new capabilities.

Ironically, the biggest challenge for WebAssembly is that its performance is not native, meaning the performance comes from WebAssembly bringing the code from a language compiled into binary format rather than from executing those instructions directly on a CPU. Another challenge arises when we consider that multiple operating environments exist, including various CPUs architectures, like the all-purpose ARM and the more traditional x64. As often with new tech revolutions, security is another challenge, with multiple devices connecting to the internet and each having their own operating environment. WebAssembly is meant to run on multiple environments, making it impossible to create a secure application.

To solve this problem, WebAssembly needs to take into account the CPU architecture of the device it’s running on, which would be difficult because there are a lot, and more being created every year. That’s not a task for end-users, i.e the developers, but for the runtime providers to provide the safest platform possible. Surely an exciting movement to watch for the next few years!

Hybrid cloud computing

The last trend to watch closely is the wider hybrid cloud computing adoption.

Data is moving back to private data centers, but that doesn’t mean public cloud usage is going away. In fact, many organizations moving workloads back to private cloud are not discontinuing public cloud usage altogether, but rather being more thoughtful about the applications and projects they choose to run in the public cloud.

The rise of edge computing is another prediction that’s already coming true. When we think about where data and applications live, they will be in many places. For example, if you’re a retail company with a network of traditional brick-and-mortar stores but also sell your products over the web, then it makes sense for your inventory management system to be located at your retailer headquarters but also at each store’s point-of-sale system.

The move back on-premises is typically fueled by cost, security and performance concerns, but it’s also an opportunity to rethink infrastructure and data strategy.

The most innovative companies are planning their cloud strategies around these core considerations:

• What applications need to be run in a private cloud?

• What applications can be moved back to a private cloud after being run in a public one?

• Which applications should be run in an edge location because they require low latency or high bandwidth?

• How can we make sure that the apps we choose to run in the public cloud are secure and compliant with regulations?

The plan for your organization’s cloud strategy should include essentials like resource utilization and cost optimization, application modernization roadmaps based on what’s best for the organization (rather than abstract benefits), tighter data governance, stronger security postures, and more.

The move back to private cloud is more about selectivity: choosing applications based on what’s best for the organization and not simply buying into the marketing hype of an abstract benefit, like cost savings.

In addition, with most organizations using multiple cloud providers, they are also working harder to ensure that they can move workloads seamlessly between providers without interrupting services or causing data loss. 95% of enterprises think security is important to hybrid cloud decisions. (Source: 451 Research)

Conclusion

In this blog post, we looked at our take on the current state of some of the most exciting cloud trends. We strongly believe the future of applications will be dynamic, event-based, and no longer stateless, which means there is an absolute necessity of redefining security implications at every technical layer of relevance — because threat actors are already exploiting these in practice.

That is why we will keep an eye on the development of innovative cloud trends in 2022 as we expect them to thrive. After all, if the cloud was not able to evolve it would be a boring space, and innovation is the fuel of progress. Hopefully, this year brings something new, which we will surely talk about in an upcoming blog post!