Why cloud governance should be an open source business
Comment: Cloud governance tools written for a cloud are useful … for that cloud. Cloud Custodian’s open source approach may offer a better solution.
Stacklet probably shouldn’t exist. The company just launched Stacklet Platform around the open source Cloud Custodian project, but one of the cloud providers probably should have created something similar first. Stacklet simplifies the adoption of policy / governance as a code model to provide real-time policy enforcement across all clouds through detection, notification and remediation, using simple declarative language.
SEE: Cheat Sheet: The Most Important Cloud Advances of the Decade (Free PDF) (TechRepublic)
Every cloud has this need – a way to define rules as code at scale – but it was the developers of Stacklet (along with a growing community) who created Cloud Custodian. Perhaps the reason why, said Kapil Thangavelu, co-founder of Stacklet and creator of Cloud Custodian, is that individual vendors are focusing on a relatively narrow view of the world. Open source, on the other hand, “has allowed us to find many different ideas and use cases from many different organizations and in many different contexts.”
Here’s that quote from Thangavelu in context:
Many vendors take a very narrow view of a given problem area because that is the goal of a given team. Open source has allowed us to come up with many different ideas and use cases from many different organizations and in many different contexts … The challenge of looking at only one part of the problem is that you fragment it. end user with 20 different tools do 20 different things. And it ends up being problematic when you actually drive holistic transformation from being well managed.
Keep in mind that Cloud Custodian grew out of the work Thangavelu was doing at Capital One, a large company with over 50,000 employees and tens of billions of dollars in revenue. It was a laboratory designed to help Thangavelu “meet the different needs of different groups within the company: audit, risk, security, application teams, business sectors,” he said. declared. This has helped make Cloud Custodian incredibly useful within his business. But just a business.
Open source has broadened the reach and usefulness of Cloud Custodian beyond the needs of a business.
“As we got to open source, that pool of use cases just got bigger,” he noted. No matter how creative your product managers are, they are always necessarily constrained by the needs of the business they run. In contrast, Thangavelu continued: “Open source is the most efficient way to achieve [expanded scope] because your usage and your users meet a wider range of needs than a particular business. They represent the needs of a wide range of interests. And they all shoot in different directions. ”
This push and pull of a growing Cloud Custodian community has made it a useful tool for organizations that may have thousands, if not tens of thousands of diverse policies to manage. These different organizations can iterate on their own policies while also collaborating on the underlying base code to make it better for everyone.
Not that this open source approach is easy.
A question of balance
For the Stacklet team, one of the most difficult challenges, noted Thangavelu, is balancing the needs of the project with the needs of the product. “The difficulty of maintaining a community while building and going at the rate I want to go in open source, while building a product at the same time, has been an interesting conundrum,” he pointed out. Why? It turns out that the business and the community sometimes need to build at different rates.
Take, for example, backward compatibility and operational simplicity, two hallmarks of Cloud Custodian development. These sometimes conflict with the community’s desire to build functionality in a number of new directions. Now add the complexity (and power) of enabling those Cloud Custodian users to become contributors of the features they want, while keeping the project cohesive. “Because if you have a growing community that feels empowered to contribute [it’s very different from] the one where you just run a product backlog in a more traditional closed-source way, ”he said, which some open-source companies are doing.
Does this sound complicated to you? It does, and it is even more true by also trying to juggle a revenue model that allows Stacklet to earn enough money to support the ongoing development of Cloud Custodian without becoming a dependent proprietary software company. of itself for any innovation. Fortunately, he concluded, the industry increasingly feels it is important “to understand the open source software adopted by businesses and also to have some responsibility for what they build on.” As I wrote before, Stacklet has done a fantastic job of encouraging this exact type of customer-driven innovation. May this continue for a long time.
Disclosure: I work for AWS, but the opinions expressed here are my own.