If you’re interested in this topic (agree or disagree), we’d love to have you join the community.
Enterprise IT Orgs & Modern On-prem
From the enterprise IT admin’s perspective, the goal of Modern On-prem is to leverage advances in software reliability, reproducibility, and portability to reduce dependence on SaaS applications while limiting the operational overhead of self-hosting those applications.
Reducing Dependence on SaaS Apps
For every organization (regardless of size), a dependence on SaaS applications increases the surface area of the data that they produce or hold. This data surface area is increased by every additional vendor that stores or processes data (GDPR does a good job of establishing the controller -> processor -> sub-processor relationship of data). From this perspective, just about every SaaS application that is used within an organization (which averages over 1,000) is “processing” some amount of data. While some of those vendors claim to not be storing the data, once the data has been exposed to their servers in an unencrypted format, it is basically impossible to be certain that they didn’t store it (bugs happen, new systems are implemented) or send it to another 3rd-party SaaS service (sub-processor) who did. The reality of the matter is that when you’re sending data out to 1,000 different vendors, it is the security posture of the weakest vendor that matters. For this reason, many SaaS-focused enterprises attempt to achieve assurance from as many vendors as possible, but the effort is largely futile.
Leveraging Reliability Primitives for Modern On-prem
Many of the largest enterprises and government organizations in the world already reduce their data surface area today by minimizing the number of SaaS applications they leverage and relying on traditional on-prem applications (see our case study on how Salesforce uses GitHub Enterprise on-prem as an example). The primary challenge with traditional on-prem software (beyond generally having antiquated end-user experiences) is that these applications require significant amounts of manual operations. Generally, this requires these organizations to staff sysadmins, DBAs and other IT operations professionals just to keep a handful of on-prem applications operating reliably at scale. The ratio of IT admins to on-prem applications is the key constraint that prevents more organizations from leveraging this risk-reducing IT strategy. In contrast, Modern On-prem applications are designed for reliability, scalability, and ease of operations. In an effort to simplify the process of differentiating Modern On-prem vendors from traditional on-prem vendors, we’ve published a sample Vendor Reliability Questionnaire that can be distributed to vendors as part of your evaluation and procurement process.
As software eats the world, all organizations will be forced to leverage software as a core part of their businesses, or they will be disrupted by a software-native company that does. In the industry, this is often sold as “digital transformation”–a fairly loaded term–but the implications are that these organizations will need to become proficient at building and securing software. Like all software-native companies today, this will mean a combination of internally developed and operated applications, as well as a litany of 3rd-party applications and components.
Modern On-prem outlines a comprehensive strategy for implementing a Kubernetes-native SDLC that can be used for both 1st-party and 3rd-party application management. As these operations are automated through the use of cloud-native applications and a unified cloud-native deployment pipeline, each new conforming application deployed becomes a marginal increase on existing foundations rather than the net-new process and system that comes with deploying a new traditional on-prem application. Consequently, organizations can start to deploy thousands of applications with roughly the same overhead of deploying dozens of applications. There is an upfront investment in establishing the cluster, deployment pipelines and security practices, but once this is accomplished, each organization can reap the benefits for years to come.
Once an organization has set up the required technical foundation described above, the challenge then moves to operationalizing Modern On-prem as a core IT strategy. Every organization has a different set of constraints and assets that need to be taken into consideration when deciding on the best path for success. To address these issues, we’ve started to compile a few resources to help circulate the operational best practices of Modern On-prem