Facilitating the Spread of Knowledge and Innovation in Professional Software Development



Choose your language

InfoQ Homepage Cloud Computing Content on InfoQ

  • Evolving DevSecOps to Include Policy Management

    A thorough implementation of policy management tools is required for effective compliance and security management in a DevOps environment. Companies that accept policy management in DevSecOps as a way of development and have adopted some level of policy management best practices tend to operate more efficiently.

  • A Recipe to Migrate and Scale Monoliths in the Cloud

    In this article, I want to present a simple cloud architecture that can allow an organization to take monolithic applications to the cloud incrementally without a dramatic change in the architecture. We will discuss the minimal requirements and basic components to take advantage of the scalability of the cloud.

  • Article Series: Native Compilations Boosts Java

    Java dominates enterprise applications. But in the cloud, Java is more expensive than some competitors. Native compilation makes Java in the cloud cheaper. It raises many questions for all Java users: How does native Java change development? When should we switch to native Java? When should we not? And what framework should we use for native Java? This series provides answers to these questions.

  • The Role of DevOps in Cloud Security Management

    Different areas of cloud security must be examined to strengthen security in the cloud versus security of the cloud. This includes identifying requirements, defining the architecture, analyzing controls, and identifying gaps. Security must be both proactive and reactive, so it needs to be considered in every step of development.

  • Designing Secure Tenant Isolation in Python for Serverless Apps

    Software as a Service (SaaS) has become a very common way to deliver software today. While providing the benefits of easy access to users without the overhead of having to manage the operations themselves, this flips the paradigm and places the responsibility on software providers for maintaining ironclad SLAs, as well as all of the security and data privacy requirements.

  • Sustaining Fast Flow with Socio-Technical Thinking

    To sustain a fast flow of changes over long periods of time, organizations address both the social and technical, socio-technical, aspects of reducing complexity. Examples are incentivising good technical practices to keep code maintainable, architecting systems to minimize dependencies and maximize team motivation, and leveraging platforms to preclude whole categories of infrastructure blockers.

  • Kubernetes Native Java with Quarkus

    Quarkus is an industry leader in startup time and memory utilization for native and JVM-based Java applications. This reduces cloud costs. Kubernetes is a first-class deployment platform in Quarkus with support for its primitives and features. Developers can use their Java knowledge of APIs like Jakarta EE, MicroProfile, Spring, etc. Applications can be imperative or reactive - or both!

  • Kubernetes Crosses the Chasm, and Other Lessons from the 2021 CNCF Survey

    You know I love a good survey, so let’s take a look at the Cloud Native Computing Foundation’s 2021 annual survey. They asked 2,302 respondents how they use Kubernetes and the more general category of cloud-native tools. The major conclusion of the report is that Kubernetes usage is mainstream, as the sub-title of the report labeled 2021: “The year Kubernetes crossed the chasm.”

  • Strategies for Assessing and Prioritizing Security Risks Such as Log4j

    The evolving threat landscape requires a comprehensive approach to mitigation. An effective strategy is built on visibility, assessing vulnerabilities in context, effective use of filtering technologies, and monitoring for evidence of intrusion.

  • Insights into the Emerging Prevalence of Software Vulnerabilities

    The software exploit landscape is constantly evolving and organizations need to be structured to stay ahead of these risks. A solid platform built on software best practices, education, and a good understanding of the threat landscape is critical to a strong defensive posture.

  • How to Best Use MTT* Metrics to Optimize Your Incident Response

    Selecting the correct MTT* metric to improve your incident response is important. If the wrong metric is chosen, the improvements may get lost in the noise of a multivariable equation. This article reviews the various MTT* metrics available and discusses the best scenarios for selecting each one.

  • Continuous Portfolio Management as a Contributor for Achieving Highly-Aligned, Loosely-Coupled Teams

    There is a business need for fast software delivery in order to frequently test business hypotheses and drive development based on the resulting feedback. Organizations need to rapidly decide on what to build next, using a short feedback loop that greatly reduces the risk of running on untested assumptions for too long. This article explores a journey towards continuous portfolio management.