On Software Modernization Projects
Over the past 3 years I have interacted with many organizations engaged in ‘Software Modernization’ efforts. They typically are running monolithic legacy applications on hardware or virtual machines. The ones using virtual machines are proud to have made the leap to virtual machines and see that as being modern and edgy. They are heavily siloed and the sysadmins and developers in those organizations are busy keeping old systems alive and working under a heavy bureaucracy of processes that heavily punish coloring outside the lines.
These software modernization efforts are geared toward moving to Cloud Native architectures using DevSecOps practices. This is certainly a worthwhile effort and in keeping with where the industry has been going the past decade. The rub is that, predominantly, few involved in these efforts have any understanding of Cloud Native and DevSecOps (or even the practically synonymous DevOps). An IaaS based ‘lift and shift’ of existing systems does not constitute migrating to ‘Cloud Native’, nor does moving all your code to ‘lambdas’. In the same way throwing new tooling at existing waterfall and siloed development methods and renaming an existing role to ‘DevSecOps’ engineer is not implementing DevSecOps, nor is it another checklist or process within your Security team.
For these efforts to have a legitimate chance to succeed, those involved need to do some homework of their own accord as to what Cloud Native and DevSecOps really are, rather than fake it. This applies from the managers and leaders making decisions and assigning resources, to those having to implement the technical details where it is really happening. Failing to understand the principles and concepts means planning to fail.
Recommended by LinkedIn
These are long term projects that will take considerable time to do right. If an organization doesn’t have the time, money, and people to learn the concepts of ‘Cloud Native’ or ‘DevSecOps’, then they have no business taking on the project. They are good goals and may very well have a place in the organization for part of their technology solution. However, ‘Cloud Native’ and ‘DevSecOps’ are more about mindset, culture, workflow, practices, and methodology than they are about a piece of software or individual process. They change the way an organization does things. Often time, therein lies the rub.
