“Software is eating the world,” Marc Andreessen wrote in 2011. Five years later, the venture firm adjusted its thesis to “software programs the world,” a new vision it attributed to the trajectory of past and current technology shifts.
Andreessen was right. Today, the KPI for a successful business is producing scalable, highly available global software with a competitive time to market. It has translated in most of the successful examples to a micro-service oriented architecture, and cloud native development (as opposed to traditional waterfall which worked great for boxed products). It has resulted in higher expectations for strategic-level decisions by CEOs. And it has fundamentally shifted the way cybersecurity protection is provided.
A Nod to the Pioneers
Take, for example, Netflix, the company that not only transformed into a streaming company, it also created its own IT environment to support streaming in large scale. Netflix isn’t the only example – we see incredibly successful companies today who have differentiated themselves by developing scalable, software-creating machines.
The archetype of this model, Amazon, tried to build an infinitely scalable retail store but realized the software problem that came with it. In 2003, the company decided to pivot and focus on creating a completely standardized and automated software backend, which ultimately became its biggest differentiator: AWS.
Another prime example is Google’s famous “Borg” – Borg was Google’s “secret sauce” that revolutionized how compute is used to support online services. Google was able to create a large scale microservice environment that essentially scaled to infinity, or in the company’s own words “stores the whole internet.”
Or, take more recent market entrants, such as Uber. Its decision to focus on being a software company required building software that enabled the service to scale beyond a single city. And Spotify, who initially focused on creating a strong streaming service, differentiated itself to the legacy record labels in their industry. Once Spotify had its technology in place, it began to fight the record labels and strengthen its grip in the music industry.
All Industries are Impacted
Today, the “winds of change” can be felt throughout nearly any traditional industry. When you search “bottom up” on technology initiatives, you’ll quickly see various industries investing in technologies that will create scalable, global and highly available services with low time to market. From ING transforming its digital capabilities, and focusing on delivering value to customers faster while saving 50% in operational costs to US Government, GSA, a federal agency that changed the software focus to cloud and open-source first and focused on shorter development and delivery cycles — the list goes on and on.
The CEO Plays a Strategic Role
Some may view the production of software as a CIO imperative. To be clear, this fundamental shift has to do with a company’s strategy – and that’s why it sits on the shoulders of the CEO.
As companies all become software companies, more is expected out of CEOs in 2018 than ever before. They are not only required to maintain or improve company revenue, but also to look into new platforms that deliver the company’s services, maintain leadership and brainstorm new ways to reach customers.
In Walmart’s 2017 annual report, a graph shows capital allocation on digital, technology and customer initiatives, comparing present day to 2015. It points to the fact that now, 60 percent of the overall capital allocation consists of these initiatives, as opposed to 30 percent in 2015. This is clearly a CEO decision, reactive to how well Amazon is growing.
Cyber Security Sees a Fundamental Shift
Shifting the way you deliver software requires a similar shift in the way you provide cyber security protection to these services. Companies such as Netflix, Google, and others mentioned earlier, had to build their own security capabilities, given a gap between the traditional security software industry and their requirements.
To fill this gap, organizations need to properly protect cloud native cybersecurity workloads (i.e. Kubernetes, Containers, Docker, Serverless, etc.), and to do this effectively the security needs to be cloud native. It’s a speedier, transformative way to reduce risk in the enterprise.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
What Service Meshes Mean for Enterprise Security
Service meshes: Heard of them? By now, you may have. Service meshes ar...
How To Operationalize DevSecOps Practices
DevSecOps is not as much about the tools as it is about the people and...
Enhanced Visibility: Container Vulnerability Management from Build to Runtime
Earlier this year, I was at a large industry event and ended up speaki...
How Serverless Changes the Security Paradigm
Serverless architectures are quickly becoming a major technology withi...
Security: What Enterprise Architects Need to Know Today
Enterprise architects walk the tightrope between tradition and innovat...