Blog

How PaaS Enables Secure and Agile Enterprise Innovation

By Atos Apprenda Support

locks

During the past week, I’ve been involved in two very different customer conversations around the role of Platform as a Service (PaaS) and its ability to empower developers. These conversations encouraged me to think more critically about security and compliance, two things we care deeply about at Apprenda.

I would like to share some of these conversations with you and elaborate on how we see the issues addressed by our customers. These two specific customers have opposing views on the security and compliance ramifications of PaaS, but I’ll attempt to reconcile the two (valid) opinions based on the history and current state of the PaaS market.

Conversation #1

“We’re not just going to let developers deploy whatever they want. It creates a huge security and compliance vulnerability. We’ve been burned before, and we’re not interested in revisiting that any time soon.”

The above quote is from a C-Level executive Apprenda customer in a Fortune 500 company that has read all about the developer benefits of PaaS, but is afraid at what might result down the road. You can call this FUD or shortsighted, but the concern cannot be dismissed.

After all, if you look at Public PaaS, which has largely disappointed as a category, it is about encouraging developers to deploy more types of applications because that’s how they make money (or don’t, as is largely the case in that market). Public PaaS has been all about empowering developers and effectively encourages shadow IT. To this customer, a trade-off of agility for security and compliance is a deal that he cannot make. Most Fortune 1000 customers are in the same boat.

Conversation #2

“We want to use Apprenda in more use cases because it strengthens the security and compliance capability of our entire application portfolio.”

The above quote is from another Apprenda customer who sees our Enterprise PaaS as improving his ability to drive security and compliance. By having applications share a platform, he can uniformly and consistently apply the appropriate controls and audit them. He doesn’t need to invest in expensive and flaky application discovery and configuration management tools, which are constantly trying to reconcile what Anders Vinberg, a former Microsoft colleague of mine, used to call “is-ness” and “ought-ness.” This is taking the way something “is” and making it the way that it “ought” to be.

The delta between this reconciliation can be hours or days and this creates vulnerability exposure. Obviously, this customer doesn’t want to accomplish this goal at the expense of developer agility because that’s the world he lived in prior to Apprenda.

My Thoughts

The two perspectives above highlight why it’s important to differentiate Apprenda’s Enterprise PaaS software from Public PaaS or PaaS software solutions that are simply repackaged versions of a pre-existing Public PaaS. I like to refer to this as “reverse cloud washing.” It’s fashionable and reasonable for pundits to cry foul when legacy vendors repackage their existing offerings and claim cloud leadership and revenue. However, you can’t just take public cloud platforms and repackage them for direct enterprise operations either.

Apprenda is built by developers for developers. However, Apprenda is also designed to be operated. That means that we built the product from day one with the assumption that enterprise IT organizations would be able to run it themselves. This helps ensure a more secure and compliant environment while also enabling developers to be more productive than ever before.

Here are three examples of how we do this:

  1. Enterprise Authentication and Authorization Integration – Most enterprise PaaS solutions integrate with corporate identity systems but Apprenda takes this one critical step further. Not only does Apprenda use your corporate SSO solution to protect itself but it also offers this capability to guest applications running on the platform (voluntarily or in a compulsory nature depending on how you configure Apprenda). Aside from saving developers time onboarding apps through your corporate security team, you also ensure consistency in the security integration. Agility and compliance are joined at the hip.
  2. Automated Application Deployment Policies – It’s great that PaaS abstracts infrastructure from developers and they never need to touch or see servers, load balancers, storage, etc. However, IT organizations almost always have performance, SLA, security, and compliance reasons to direct certain apps to specific pools of infrastructure. You might want dev/test app instances deployed to different infrastructure from production. You might want apps that have personally identifiable information associated with them to get special deployment treatment, etc. Application deployment policies enable an operator to evaluate extensible metadata associated with an app to filter the eligible size of the infrastructure pool capable of hosting it. Once again, developers don’t sit in hours of meetings or open-change requests, this happens consistently, quickly, and automatically behind the scenes.
  3. Application Bootstrap Policies – Aside from selecting infrastructure, enterprise environments also need the ability to inspect and take action on the actual application deployment payload. Sometimes you want to reject a deployment because it contains a known vulnerability. Perhaps the app is using a version of a library that it shouldn’t be and you want to reject the deployment or swap it out for a safe one. After the fact, you also want to quickly figure out which apps are affected and remediate simply by restarting the app. In other use cases, you may want to automatically reconfigure an existing app by redirecting a local log file output in the app’s configuration file, automatically bootstrap APM tools, or swap out hard-coded connection strings to make onboarding friction-less. Apprenda’s application bootstrap policies give you this level of control and compliance, all while helping developers get a faster and better outcome.

Clearly, there are many benefits to running Apprenda’s enterprise PaaS but one of the most important is this ability to get security and governance in addition to, not instead of, developer agility. In fact, one of the most powerful things about Apprenda is that it ensures agility only through compliance. The fastest way for a developer to get their app built and into production is to run it on the PaaS. The PaaS, in turn, is pre-integrated with enterprise security sub-systems, libraries, and policies to ensure that hosted applications automatically and consistently inherit these capabilities.

Atos Apprenda Support