Archives

cloud services

Microsoft’s Dapr open-source project to help developers build cloud-native apps hits 1.0

Dapr, the Microsoft-incubated open-source project that aims to make it easier for developers to build event-driven, distributed cloud-native applications, hit its 1.0 milestone today, signifying the project’s readiness for production use cases. Microsoft launched the Distributed Application Runtime (that’s what “Dapr” stand for) back in October 2019. Since then, the project released 14 updates and the community launched integrations with virtually all major cloud providers, including Azure, AWS, Alibaba and Google Cloud.

The goal for Dapr, Microsoft Azure CTO Mark Russinovich told me, was to democratize cloud-native development for enterprise developers.

“When we go look at what enterprise developers are being asked to do — they’ve traditionally been doing client, server, web plus database-type applications,” he noted. “But now, we’re asking them to containerize and to create microservices that scale out and have no-downtime updates — and they’ve got to integrate with all these cloud services. And many enterprises are, on top of that, asking them to make apps that are portable across on-premises environments as well as cloud environments or even be able to move between clouds. So just tons of complexity has been thrown at them that’s not specific to or not relevant to the business problems they’re trying to solve.”

And a lot of the development involves re-inventing the wheel to make their applications reliably talk to various other services. The idea behind Dapr is to give developers a single runtime that, out of the box, provides the tools that developers need to build event-driven microservices. Among other things, Dapr provides various building blocks for things like service-to-service communications, state management, pub/sub and secrets management.

Image Credits: Dapr

“The goal with Dapr was: let’s take care of all of the mundane work of writing one of these cloud-native distributed, highly available, scalable, secure cloud services, away from the developers so they can focus on their code. And actually, we took lessons from serverless, from Functions-as-a-Service where with, for example Azure Functions, it’s event-driven, they focus on their business logic and then things like the bindings that come with Azure Functions take care of connecting with other services,” Russinovich said.

He also noted that another goal here was to do away with language-specific models and to create a programming model that can be leveraged from any language. Enterprises, after all, tend to use multiple languages in their existing code, and a lot of them are now looking at how to best modernize their existing applications — without throwing out all of their current code.

As Russinovich noted, the project now has more than 700 contributors outside of Microsoft (though the core commuters are largely from Microsoft) and a number of businesses started using it in production before the 1.0 release. One of the larger cloud providers that is already using it is Alibaba. “Alibaba Cloud has really fallen in love with Dapr and is leveraging it heavily,” he said. Other organizations that have contributed to Dapr include HashiCorp and early users like ZEISS, Ignition Group and New Relic.

And while it may seem a bit odd for a cloud provider to be happy that its competitors are using its innovations already, Russinovich noted that this was exactly the plan and that the team hopes to bring Dapr into a foundation soon.

“We’ve been on a path to open governance for several months and the goal is to get this into a foundation. […] The goal is opening this up. It’s not a Microsoft thing. It’s an industry thing,” he said — but he wasn’t quite ready to say to which foundation the team is talking.

 

Drata raises $3.2M for its compliance audit platform

Drata, a startup that helps businesses get their SOC 2 compliance, today announced that it has raised a $3.2 million seed round led by Cowboy Ventures and that it is coming out of stealth. Other investors include Leaders Fund, SV Angel and a group of angel investors.

Like similar services, Drata helps businesses automate a lot of the evidence collection as they prepare for a SOC 2 audit. The focus of the service is obviously on running tests against the SOC 2 framework to help businesses prepare for their audit (and to prepare the right materials for the auditor). To do so, it features integrations with a lot of standard online business tools and cloud services to regularly pull in data. One nifty feature is that it also lets you step through all of the various sections of the SOC 2 criteria to check your current readiness for an audit.

At the end of the day, tools like Drata are meant to get you through an audit, but at the same time, the idea here is also to give you a better idea of your own security posture. For that, Drata offers continuous control monitoring, as well as tools to track if your employees have turned on all the right controls on their work computers, for example. Since companies have to regularly renew their certification, too, Drata can help them to continuously collect all of the data for their renewal, something that previously often involved boring — and quickly forgotten — manual tasks like taking screenshots of various settings every month or so.

Image Credits: Drata

Drata co-founder and CEO Adam Markowitz worked on the space shuttle engines after graduating from college and then launched his own startup, Portfolium, after that program ended. Portfolium, which helped students showcase their work in the form of — you guessed it — a portfolio, eventually sold to Infrastructure in 2019, where Markowitz stayed on until he launched Drata last June, together with a group of former Portfolium founders and engineers. Besides Markowitz, the co-founders include CTO Daniel Marashlian and CRO Troy Markowitz. It was the team’s experience seeing companies go through the audit process, which has traditionally been a drawn-out and manual process, that led them to look at building their own solution.

The company already managed to sign up a number of customers ahead of its official launch. These include Spot by NetAppAccel RoboticsAbnormal SecurityChameleon and Vareto. As Markowitz told me, even though Drata already had customers who were using the service to prepare for their audits, the team wanted to remain in stealth mode until it had used its own tool to go through its own audit. With that out of the way, and Drata receiving its SOC 2 certification, it’s now ready to come out of stealth.

As the number of companies that need to go through these kinds of audits increases, it’s maybe no surprise that we’re also seeing a growing number of companies that aim to automate much of this process. With that, unsurprisingly, the number of VC investments in this space also continues to increase. In recent months, Secureframe and Strike Graph announced their own funding rounds, for example.

Image Credits: Drata

The cloud can’t solve all your problems

The way a team functions and communicates dictates the operational efficiency of a startup and sets the scene for its culture. It’s way more important than what social events and perks are offered, so it’s the responsibility of a founder and/or CEO to provide their team with a technology approach that will empower them to achieve and succeed — now and in the future.

With that in mind, moving to the cloud might seem like a no-brainer because of its huge benefits around flexibility, accessibility and the potential to rapidly scale, while keeping budgets in check.

But there’s an important consideration here: Cloud providers won’t magically give you efficient teams.

Designing a startup for scale means investing in the right technology today to underpin growth for tomorrow and beyond.

It will get you going in the right direction, but you need to think even farther ahead. Designing a startup for scale means investing in the right technology today to underpin growth for tomorrow and beyond. Let’s look at how you approach and manage your cloud infrastructure will impact the effectiveness of your teams and your ability to scale.

Hindsight is 20/20

Adopting cloud is easy, but adopting it properly with best practices and in a secure way? Not so much. You might think that when you move to cloud, the cloud providers will give you everything you need to succeed. But even though they’re there to provide a wide breadth of services, these services won’t necessarily have the depth that you will need to run efficiently and effectively.

Yes, your cloud infrastructure is working now, but think beyond the first prototype or alpha and toward production. Considering where you want to get to, and not just where you are, will help you avoid costly mistakes. You definitely don’t want to struggle through redefining processes and ways of working when you’re also managing time sensitivities and multiple teams.

If you don’t think ahead, you’ll have to put all new processes in. It will take a whole lot longer, cost more money and cause a lot more disruption to teams than if you do it earlier.

For any founder, making strategic technology decisions right now should be a primary concern. It feels more natural to put off those decisions until you come face to face with the problem, but you’ll just end up needing to redo everything as you scale and cause your teams a world of hurt. If you don’t give this problem attention at the beginning, you’re just scaling the problems with the team. Flaws are then embedded within your infrastructure, and they’ll continue to scale with the teams. When these things are rushed, corners are cut and you will end up spending even more time and money on your infrastructure.

Build effective teams and reduce bottlenecks

When you’re making strategic decisions on how to approach your technology stack and cloud infrastructure, the biggest consideration should be what makes an effective team. Given that, keep these things top of mind:

  • Speed of delivery: Having developers able to self-serve cloud infrastructure with best practices built-in will enable speed. Development tools that factor in visibility and communication integrations for teams will give transparency on how they are iterating, problems, bugs or integration failures.
  • Speed of testing: This is all about ensuring fast feedback loops as your team works on critical new iterations and features. Developers should be able to test as much as possible locally and through continuous integration systems before they are ready for code review.
  • Troubleshooting problems: Good logging, monitoring and observability services, gives teams awareness of issues and the ability to resolve problems quickly or reproduce customer complaints in order to develop fixes.